GENERAL DATA PROTECTION REGULATION (GDPR) STATEMENT
We provide this information so that you are informed about the data held by Gillett Limited and how we treat it.
Within the statement:
'contact data'  means the data that the Organisation’s provides for us to communicate with them.
'service data'  means the data that the Organisation’s provides to us for configuring our services, which may contain end user details.
'data'  means the combined contact and service data.
'organisation' and 'you' means the Organisation using our services, or any representative acting on behalf of the organisation.
'clients'  means the Organisations that purchase services from us.
'we'  and 'us'  means Gillett Limited (reg no 11259154), PO Box 4544, Sheffield, S17 9BP. We are the Data Controller.
'employee'  means anyone authorised by us to interact with you.
'end user'   means an employee of your Organisation not directly interacting with us, but possibly using our services.
End users and representatives should read this statement in conjunction with the Organisation’s own policies, to understand our practices regarding the information we store.
INTRODUCTION
We respect data privacy and are committed to protecting the data through our compliance with this statement.
All parties within our team are fully aware of the importance of data protection, privacy and consent, and the changes within the GDPR (General Data Protection Regulation).
The latest revision of this statement is available to all at any time. This statement may change from time to time. Please check the statement periodically for updates.
PRIVACY INFORMATION
Data is collected and stored by us, for the sole purpose of providing our software, services and support.
We do not share this data with any other organisations.
We do not use any data for tracking, profiling, or unsolicited mass email marketing.
We do not manage mailing lists or send periodic marketing other than for subscription renewals or informing of pending updates.
We only process the data to provide the services required by the Organisation.
We never sell any data that we hold.
We do not access or interact with the contact data provided, other than for communication.
We do not access or interact with the service data provided for any purpose other than configuration or support.
We are the developers and service provider of software systems.
We may store your data on our own MicroSoft based infrastructure, and on select cloud services that we use for administering our business, including:
Microsoft - Office 365 / Sharepoint online services for email, contact information and document storage
Central Technology (The Bridge Business Park, Beresford Way, Chesterfield, S41 9FG) - provides cloud servers for our websites and cloud services
Cloud based accounting, backup, telephone services and password managers
Neither we, nor are we aware that any of our suppliers above, have any commercial interest in the data, nor will it be shared with any third parties.
DATA PROTECTION BY DESIGN
The suppliers we use to manage data have been selected for their commitment to privacy.
Access to our data is provided to our employees through the use of user accounts and passwords.
Access to all data relating to our clients requires a user account and password.
Local password policy requires random complex passwords and the use of Password Managers.
INFORMATION HELD BY US
We hold contact data to enable us to provide our services and the day to day running of our business.
In the usual course of communicating and conducting our business with the Organisation we will receive and send information including email, text, telephone calls, files, screenshots and other electronic messages.
Contact data that we store includes:
name/email address/telephone number for key administrative users within business, IT, procurement and accounts, records of service/support requests
Service data that we store includes:
files containing setup/configuration data used to initially configure our services for you, records of service/support requests, which may contain end user details
Other information that we store includes:
organisation name, invoices, purchase orders, remittance advice
HOW THE DATA IS COLLECTED
As a result of an initial email or telephone conversation, we may ask for contact data which is stored so that we can continue to communicate with you.
During procurement we may collect further contact data for anyone involved in the project.
For the purpose of providing information, quotations etc. we may store ongoing communication with the above contact(s).
At the point of purchase, or during a trial, or potentially when major changes are requested, you may provide us with service data that may contain names of your end users. We need this information to create end user accounts within our services. This information is usually embedded within other, non user identifiable, data when supplied to us. We may retain this information, during the life of your subscription, purely to configure your service, provide a reference point, or rollback.
Where possible we will ensure that the contact data we hold is correct and updated where necessary.
The Organisation is solely responsible for their service data, its’ accuracy and for correcting inaccuracies.
We have no control over the quality or accuracy of the service data we hold, or the information it contains, but will assist to correct on notification.
CONSENT
The legal basis which allows us to hold the data is that the Organisation has chosen to use our services.
When data is supplied by the Organisation, it is on the understanding that the employee a) has authority to provide the data on the organisations behalf, and b) is consenting to it being stored by us.
There may be instances where we have access to the service data for any of the following reasons a) the organisation requests it, for example, for implementation and support services or b) to provide improvements/extra functionality to the service, or c) to maintain, bug fix and update the service, or d) where we are required by law.
By using our services, the organisation provides ongoing consent, and accepts it has a legal basis to any data provide to us.
The data stored by us is only viewable or accessible by our employees.
Any queries over consent or privacy should be raised via email to privacy@gillett.co.uk.
In the event of any unresolved issues, we will, if legally required, liaise with the Organisation and the employee.
CHILDREN
Our services are not provided for children and hence we do not store any data relating to a child under the age of 16 years.
DATA BREACH
On notification, or discovery of a data breach, we will investigate and liaise with the Organisation to minimise risk.
Depending upon the level of risk the Organisation may inform individuals directly, and/or notify the Information Commissioner’s Office.
RETENTION OF DATA
Data will be held in an accessible form while you continue to subscribe to our services.
On request data held by us will be destroyed as soon as practically possible.
Data may be retained, in a generally inaccessible form, for a period as part of our backups, or our service providers backups.
SERVICE SPECIFIC PRIVACY POLICIES
For the iRota service please see the iRota GDPR, Privacy and Consent Statement.
Gillett Limited
Sales:+44 (0) 800 368 8488 option 1/2 Address:PO BOX 4544, Sheffield, S17 9BP, United Kingdom
sales@gillett.co.uk
Support:+44 (0) 800 368 8488 option 3Privacy statement
support@gillett.co.ukThis website does not use Cookies
Copyright 2018 Gillett Limited
Registered in England - Company No: 11259154
Registered Office: c/o UHY Hacker Young, 6 Broadfield Ct. Broadfield Way, Sheffield S8 0XF