Privacy policy

LAST UPDATED 19/07/24 BY SHROPSHIRE COMPUTERS LIMITED

Introduction
The intention of this policy is to clearly define to any individual how Shropshire Computers processes ‘personal data’ for which it has responsibility.

The definition of ‘personal data’ is that as defined by the Data Protection Act 2018 (GDPR). This is primarily pieces of data that may identify any living individual.

In circumstances where any individual supplies ‘personal data’ about themselves to Shropshire Computers, we will become responsible for it legally as the ‘Data Controller’ and will process your data in accordance with the principles and legal requirements of the Data Protection Act 2018 (GDPR).

In circumstances where data is supplied to Shropshire Computers about individuals by another party who is legally the ‘Data Controller’, we will legally have responsibility as the ‘Data Processor’ and conduct processing of that data under a legal contract with the ‘Data Controller’.

The definition of a ‘Data Controller’ or ‘Data Processor‘ is that as defined by the Data Protection Act 2018 (GDPR).

Company Contact Details
Shropshire Computers
1 Ashbrook Crescent, Church Stretton, United Kingdom, SY6 6ER
01952 453173

The appointed person responsible for data protection is:

Robert French, Technical Director, robert@shropshirecomputers.com

Why do we need your data?
We require personal data from you to be able to supply any products or services which you have requested from us or provide information about them.

We will only ask for and keep the data needed to ensure we provide you with an efficient level of service, support and any legal commitments we have as a business.

We may also use personal data we have gathered to contact and inform you of products and services which we believe will be of genuine interest to you and/or your organisation.

The Privacy Notice Matrix at the end of this policy gives details of what types of data we may store about you and the lawful basis for this.

What do we do with your data?
We have a responsibility to protect data we hold about you and ensure it is not accessed by anyone who is not authorised to use it for the reasons we legitimately hold it. We also have a responsibility to ensure that your data is accurate, retrievable and is not kept any longer than is necessary or legally required.

We have assessed the risks to the security of your data and implemented appropriate levels of technical and organisational measures to protect it.

We will not store your data in countries outside of the UK / EU to ensure that there are appropriate legal protections for your personal data.

Access to your data will be limited to only those who need it to provide you with the services you have requested or consented to receiving or have legal authority to request access to it. We will ensure that we have in place a confidentiality agreement with anyone having access to your data.

We will sometimes need to pass your data to other parties or businesses, who we use for specific parts of supplying products & services to you or provide us with related services. These third parties will only receive your data from us when we have assessed the risks in giving them access to it, are assured they have an adequate level of data security and have agreed a legal contract detailing how they should protect your data.

We will not pass your data to third parties to use for marketing of their own services.

The Privacy Notice Matrix at the end of this policy gives details of how long we may need to keep your data.

What happens if we lose your data or it is accessed by unauthorised persons?
If we detect that ‘personal data’ we are holding as a Data Controller has been lost or accessed by unauthorised persons and that this will potentially infringe your rights or cause you harm, we will inform you immediately of the data breach.

We will also be required legally to inform the Information Commissioner’s Office (the Government’s data protection regulator) within 72 hrs of detecting the breach, who may then investigate our compliance with data protection legislation and effectiveness of our controls.

What rights do you have?
Data protection regulations give you a legal right to:
1. request information on what data is held about you
2. have your data changed or deleted from our records
3. withdraw any consent given
4. have your data transferred
5. restrict processing of your data and/or objection to its processing

To make a request under these rights please email: info@shropshirecomputers.com.

Under normal circumstances we will not charge you for processing these requests and will respond to you within 30 working days. If we believe your request is complex or unreasonable, we will contact you and explain our reasons for extending our response time or declining to respond. If we believe there is reasonable grounds to charge you, we will first inform you before proceeding.

To lodge a complaint with the Information Commissioner’s Office

You have the right to make a complaint to the Information Commissioners Office if you are unhappy about our use of your personal data.

They can be contacted at https://ico.org.uk/make-a-complaint/ or call their hotline on 0303 123 1113.

General Enquiries
If you would like to make any general enquiries about our data protection policies, please email
info@shropshirecomputers.com or call 01952 453173.

Links to other websites
Our website may contain links to other websites of interest. You should note that we do not have any control over those websites, and so cannot be responsible for the protection and privacy of any information which you provide while visiting them.

Use of cookies on our website
A cookie is a small file sent to the device you are using to view our website. Cookies are needed in some cases to allow website functionality (Essential or Functional Cookies) and will only remain on your device for the time you remain on our website.

We also use analytical or tracking cookies, which capture information such as IP address, general location, preferences, number of visits to our website and pages viewed. These are non-essential cookies but do help us improve our website and your browsing experience.

We only use this type of information for statistical purposes, but the information captured maybe shared with third parties such as Google.

Our website allows you to choose to accept or decline non-essential cookies.
You can usually modify your browser settings to decline or block cookies if you prefer.

Acceptance of these terms
By using our website and/or our services, which require the use of your personal data; you signify your acceptance of the terms of our privacy policy.

Please do not proceed if you do not agree to the terms of our privacy policy and/or wish to enquire further about them.

We reserve the right to make changes to this privacy notice at any time. 

Privacy Notice Matrix

Processing activity

Personal data required or held  

Retention time  

Lawful basis for processing   

Supply of products & 
services     

Name, phone number(s), work or home address,

email address(es) 

Order details

Seven years  

Contractual – in order to provide the products or services we have agreed. 

Marketing

Name, email address(es), work or home address, profile of contact history

Until notified to stop marketing by you / withdrawal of consent

Legitimate Interest – we will provide information which we believe is of genuine interest to you and based on previous transactions.  

Consent – you have provided your consent to receive this information.

Website browsing  

Internet Protocol Address

(IP address)     

General Location

Seven years  

Consent – you have read & accepted our website policies which explain the use of cookies on the website you visited.