A.3 How we manage the personal information used in direct marketing (displayed on the website, and via a link on all marketing emails)
The EU General Data Protection Regulation (GDPR), enforceable as of May 25, 2018, imposes additional requirements upon companies to strengthen the security around and enhance the protection of personal data of EU residents. Galtec Solutions has a dedicated, cross-functional team overseeing Galtec’s GDPR readiness. We discuss Galtec’s efforts and commitment to GDPR below.
Galtec is committed to protecting the privacy of those involved in its business. This Privacy Notice is meant to help you understand, among other things, what personal data we collect, why we collect it, and what we do with it.
The identity and contact details of the controller
The Information Controller is Galtec Solutions Ltd, Bridge End House, Low Lane, Horsforth, Leeds, West Yorkshire, LS18 4DF
To contact the Information Controller, please email firstname.lastname@example.org or call 01132 282 208.
We are not required to have a designated information protection officer under the GDPR.
Galtec Solutions provides its Products and Services – which include IT management and monitoring solutions such as Server, Storage, Networking, Client, Wireless, Systems and Database Management, Security Solutions, Applications and Infrastructure Monitoring, and IT Helpdesk Tools – to business customers, directly, and through distributors, resellers, and managed service providers (MSPs).
Purpose of the processing and the lawful basis for the processing
We are using your personal information to carry out our direct marketing activities for those individuals or organisations that are not already customers.
Our basis for processing is Legitimate Interests as a legal basis for processing based on your role and interests evidenced through information provided to public forums such as LinkedIn, or where the information has been acquired through GDPR compliant means via 3rd parties.
In either case, if you no longer wish to receive communications, you may contact us, and we will desist.
If you are still unhappy, you may object to us or to the ICO as described below.
Categories of personal information
The categories of personal information we hold are:
Name and Business contact details.
Details of transfers to third country and safeguards
The servers which host our internal systems and applications are located in the UK.
Our information processors who process personal information on our behalf do so within the UK.
We may use SurveyMonkey to contact client representatives.
SurveyMonkey Europe UC has entered into contractual terms to include standard contractual clauses with SurveyMonkey Inc. for the transfer of data to SurveyMonkey Inc. as part of delivery of service. SurveyMonkey Inc. is located in the United States and accordingly, data (to include Respondent data) will be transferred to the United States.
SurveyMonkey Inc. participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield. SurveyMonkey is committed to subjecting all personal information and data received from European Union (EU) member countries and Switzerland, in reliance on the Privacy Shield Framework, to the Framework’s applicable Principles. To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield List. https://www.privacyshield.gov/.
SurveyMonkey also complies with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions.
When SurveyMonkey receives personal information under the Privacy Shield and then transfers it to a third-party service provider acting as agent on SurveyMonkey’s behalf, SurveyMonkey has certain liability under the Privacy Shield if both (i) the agent processes the information in a manner inconsistent with the Privacy Shield and (ii) SurveyMonkey is responsible for the event giving rise to the damage. With respect to personal data received or transferred pursuant to the Privacy Shield Framework, SurveyMonkey is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission. In certain situations, SurveyMonkey may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Retention period or criteria used to determine the retention period
We will retain your personal information whilst we have your consent to do so (where Consent is the legal basis for processing), or until you tell us that you do not accept our legitimate interest basis for processing.
The existence of each of the information subject’s rights
You have the following rights about the use of your personal information:
- Where the basis for processing is your consent, you may withdraw that consent at any time by contacting us.
- Where the basis for processing is legitimate interest, you object to the processing on these grounds at any time by contacting us.
- If your personal information is incorrect, you may request that errors or incomplete entries be rectified
- In certain circumstances, you may have the right to be forgotten and your information erased. Please contact us if you wish to exercise this right.
- Whilst any request is being investigated, you have the right to restrict processing, so that your information will simply be stored.
- You can request the return of transfer of any personal information you have given to us in a portable electronic format
We do not use automated decision making and profiling of your personal information without human intervention.
To exercise any of these rights, please contact us in writing at GDPR Lead, Galtec Solutions Ltd, Bridge End House, Low Lane, Horsforth, Leeds, West Yorkshire, LS18 4DF.
The source the personal information originates from and whether it came from publicly accessible sources
Your personal information is collected either directly from you or acquired through GDPR compliant means via 3rd parties.
Whether the provision of personal information part of a statutory or contractual requirement or obligation and possible consequences of failing to provide the personal information
Your personal information is not part of any statutory requirements.
The existence of automated decision making, including profiling and information about how decisions are made, the significance and the consequences.
We do not use automated decision making or profiling of any kind.
The right to lodge a complaint with a supervisory authority
You have the right to complain to the Information Commissioners Office using the following interfaces:
- Telephone: 0303 123 1113, Monday to Friday between 9am and 5pm.
- Live chat: https://ico.org.uk/global/contact-us/live-chat/
- Email: Use the form at https://ico.org.uk/global/contact-us/email/
You also have the right to seek legal redress in the event of suffering harm which you do not feel has been sufficiently addressed by us or by the ICO.