A.2 How we manage the personal information of customers and suppliers (displayed on the website, and available on request)
The EU General Data Protection Regulation (GDPR), enforceable as of May 25, 2018, imposes additional requirements upon companies to strengthen the security around and enhance the protection of personal data of EU residents. Galtec Solutions has a dedicated team overseeing Galtec’s GDPR readiness. We discuss Galtec’s efforts and commitment to GDPR below.
Galtec is committed to protecting the privacy of those involved in its business. This Privacy Notice is meant to help you understand, among other things, what personal data we collect, why we collect it, and what we do with it.
The identity and contact details of the controller
The Information Controller is Galtec Solutions Ltd, Bridge End House, Low Lane, Horsforth, Leeds, West Yorkshire, LS18 4DF
To contact the Information Controller, please email firstname.lastname@example.org or call 01132 282 208.
We are not required to have a designated information protection officer under the GDPR.
Galtec Solutions provides its Products and Services – which include IT management and monitoring solutions such as Server, Storage, Networking, Client, Wireless, Systems and Database Management, Security Solutions, Applications and Infrastructure Monitoring, and IT Helpdesk Tools – to business customers, directly, and through distributors, resellers, and managed service providers (MSPs).
Customer Owned Data
As a provider of Services, we may receive, process or store certain information, including personal information, on behalf of our Customers. All such information (“Customer Data”) is owned and controlled by our Customers, who are the Data Controllers for such information with respect to EU data protection law.
Purpose of the processing and the lawful basis for the processing
We are collecting your personal information to either provide you with products and services, or to purchase products and services from you.
Our basis for processing is:
- Processing this information is necessary for us to fulfil our contract with you; and
- Processing this information is necessary for us to comply with a legal obligation;
If you do not accept this basis, then you may object to us or to the ICO as described below.
Categories of personal information
The categories of personal information we hold are:
We collect and maintain information about our Customers, which may include company name, business contact name and title, phone number, email and other contact details. We may also collect billing address, financial account, order details, subscription and license information, and usage details.
Customer Data may also include information from the end points and other systems, tools or devices that Customers manage or monitor using our Services, and end user data related to individual’s activities on Customer’s network and systems. It may also include event logs, end user information (such as IP address, email address and computer name), and other data where relevant to a support or service request. Galtec Solutions is a Data Processor for Customer Data. In addition, we collect user credential and profile data (name, contact, authorised users) of Customer’s authorised users and account administrators. Where this information is collected, the customer is the Data Controller.
Personal demographic information e.g. name email addresses of representatives of suppliers, or those who have actively expressed a wish to become so. We also store billing address, financial account order details.
Customer Support and Service
When Customers contact us for support or other customer service requests, we maintain support tickets and other records related to the requests, including any information provided by Customers related to such support or service requests.
Any recipient or categories of recipients of the personal information.
We do not routinely share this information with anyone else. If we did we would do so because we had a legal duty to do so, or because you have provided explicit consent as an alternative legal basis for processing.
The Technical Support Sites and Portal are not for use by children under the age of 16 years and Galtec Solutions does not knowingly collect, store, share or use the personal data of children under 16 years. If you are under the age of 16 years, please do not provide any personal data, even if prompted by the Sites to do so. If you are under the age of 16 years and you have provided personal data, please ask your parent(s) or guardian(s) to notify Galtec Solutions using the contact details below and Galtec Solutions will delete all such personal data.
As an organisation which states it handles the Personal Data to appropriate GDPR standards there is a clear expectation that you will be aware of your legal requirements and will have established a statement to support the statutory needs of your customers. GDPR requires Galtec Solutions, as a Data Controller, to ensure that all organisations who process personal data on our behalf (Data Processors) are fully aware of their legal responsibilities and processing in line with the law and our requirements.
Any contracts carried out between Galtec Solutions and its suppliers establish that Processors comply with GDPR legislation with each processed order. We take this opportunity to set out the main areas of law which impact you as a Data Processor acting on our behalf and request that these areas are upheld at all time.
The supplier will:
- Act only on the instructions from Galtec Solutions (unless otherwise required by law)
- Ensure any processing of personal information is only that set out in the contract / written instruction that describes the subject matter and duration of the processing, the nature and purposes of the processing, types of personal information and categories of individuals
- At the choice of Galtec Solutions delete or return all personal information when the contract ends, or transfer to a new supplier if requested
- Employ persons who are committed to confidentiality or are under a statutory obligation of confidentiality
- Ensure that they take appropriate security measures to protect Personal Data
- Only subcontract with the permissions of Galtec Solutions
- Will assist Galtec Solutions to meet our obligations under GDPR
In the event of any breaches to the above statutory requirements, please contact Galtec Solutions on the details below immediately.
Details of transfers to third country and safeguards
The servers which host our internal systems and applications are located in the UK or the EEA.
Our information Processors who process personal information on our behalf do so within the UK.
We may use SurveyMonkey to contact client representatives.
SurveyMonkey Europe UC has entered into contractual terms to include standard contractual clauses with SurveyMonkey Inc. for the transfer of data to SurveyMonkey Inc. as part of delivery of service. SurveyMonkey Inc. is located in the United States and accordingly, data (to include Respondent data) will be transferred to the United States.
SurveyMonkey Inc. participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield. SurveyMonkey is committed to subjecting all personal information and data received from European Union (EU) member countries and Switzerland, in reliance on the Privacy Shield Framework, to the Framework’s applicable Principles. To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield List. https://www.privacyshield.gov/.
SurveyMonkey also complies with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions.
When SurveyMonkey receives personal information under the Privacy Shield and then transfers it to a third-party service provider acting as agent on SurveyMonkey’s behalf, SurveyMonkey has certain liability under the Privacy Shield if both (i) the agent processes the information in a manner inconsistent with the Privacy Shield and (ii) SurveyMonkey is responsible for the event giving rise to the damage. With respect to personal data received or transferred pursuant to the Privacy Shield Framework, SurveyMonkey is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission. In certain situations, SurveyMonkey may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Retention period or criteria used to determine the retention period
We will retain your personal information for the duration of your contract with us, and for a period of 12 months after your contract has ended, or as long as is necessary to meet our legal duties, whichever is the greater.
However, in some circumstances, we may retain personal data for other periods of time, for instance where we are required to do so in accordance with legal, tax and accounting requirements, or if required to do so by a legal process, legal authority, or other governmental entity having authority to make the request, for so long as required.
The existence of each of the information subject’s rights
You have the following rights about the use of your personal information:
- Where the basis for processing is your consent, you may withdraw that consent at any time by contacting us.
- If your personal information is incorrect, you may request that errors or incomplete entries be rectified
- In certain circumstances, you may have the right to be forgotten and your information erased. Please contact if you wish to exercise this right.
- Whilst any request is being investigated, you have the right to restrict processing, so that your information will simply be stored.
- You can request the return of transfer of any personal information you have given to us in a portable electronic format
We do not use automated decision making and profiling of your personal information without human intervention.
To exercise any of these rights, please contact us in writing at Data Protection Lead, Galtec Solutions Ltd, Bridge End House, Low Lane, Horsforth, Leeds, West Yorkshire, LS18 4DF.
The source the personal information originates from and whether it came from publicly accessible sources
Your personal information is collected either directly from you, or from your employer if they have a contract with us to provide, or we are provided with your, product and services.
Whether the provision of personal information is part of a statutory or contractual requirement or obligation and possible consequences of failing to provide the personal information
Your personal information is processed as part of our contract to provide products and services.
The existence of automated decision making, including profiling and information about how decisions are made, the significance and the consequences.
We do not use automated decision making or profiling of any kind.
The right to lodge a complaint with a supervisory authority
You have the right to complain to the Information Commissioners Office using the following interfaces:
- Telephone: 0303 123 1113, Monday to Friday between 9am and 5pm.
- Live chat: https://ico.org.uk/global/contact-us/live-chat/
- Email: Use the form at https://ico.org.uk/global/contact-us/email/
You also have the right to seek legal redress in the event of suffering harm that you do not feel has been sufficiently addressed by us or by the ICO.