At Lourdes IT we understand that you have trusted us to look after your systems, and your data.
This document will explain the data that we collect from you, how we use it and why, reason why we might need to share your data with others and how we store it.
Who are we
Lourdes IT are part of Our Lady of Lourdes Catholic MAC, and this Privacy Notice is in addition the Multi-Academies policies available on their website at www.lourdesmac.org.uk
Our address is: Lourdes IT, 12 The Oaks, Clews Road, Redditch, B98 7ST
What’s this for?
As you may or may not be aware the Data Protection Law will change on 25th May 2018 and become the General Data Protection Regulation (GDPR).
This Privacy Notice outlines your rights under the new laws and how we meet them.
What does this mean to you?
It means that under the GDPR laws we can only process personal data if we have a valid reason to. The reasons we can process your data include but are not limited to; Performance of a contract, Consent, Billing and to contact you about the services and support that we provide to you.
Depending on the circumstances under GDPR, Lourdes IT may be considered as both Data Controller and Data Processor of your personal information.
What information is being collected?
To properly support you we may collect personal data from you, this will include; your Name, School or Business Name, position, works postal address, works email address, and any phone numbers you may provide us with. If you have any orders with us, we will also keep payment information.
In the event that you contact us we retain any correspondence, queries and support requests that you may make.
We may also keep details of your visit to our websites, such as traffic and location data.
If we support your IT network and infrastructure, any data that you put on your network is your own and not subject to our Privacy Notice or other policies. We must inform you that although we do have access to any data on a network that we support, we will never access it without your prior permission and consent.
For further clarification for schools, we collect nor hold any data other than outlined above on your staff and absolutely no data on your pupils, students and parents unless this is provided via our Help Desk platform.
What’s your data used for?
We need the data about you for a few things. We’ve listed how we use your data below, so you have a clear idea of what we do with it and why we ask for it.
- So we can adequately support you, as outlined in your SLA;
- To comply with any contractual obligations, we have with you;
- To allow us to identify our services users;
- So we can provide a high level of customer support to you, including dealing with any support requests or queries you may pose to us;
- To allow us to develop and review our web services;
- To process any orders you have with us, and to keep track of billing and payments;
- To identify fraud and to keep our records accurate;
- To review any job applications sent to us;
- Notify you about changes to our services;
- To provide you with any information about our products and services that you may request from us or which we feel may interest you, only in a situation where you have consented to be contacted for such purposes;
- To keep you informed of any changes we may make to your subscribed to services, such as but not limited to, pricing or terms and conditions.
Who has access to your data?
We know that wondering who has access to your data and how it will be used is always a worry. Rest assured, Lourdes IT will never share your data with anyone else, without explicit permission and stating who and where it will go, and we never sell it on for marketing or advertising purposes.
For your peace of mind, we have created this list below, and broken it down into our services, so you can see who and where your personal data will be used:
IT Support Services
We process any information you submit to us in a support request via any of our modes of Helpdesk communication. This will include names, email addresses, business or school names, telephone numbers and may include user names, passwords and postal addresses, as well as any other information you submit, intentionally or not.
Part of this processing calls upon automated procedures. We perform regular and extensive testing of our automated procedures to make sure they perform exceptionally all the time, however in rare circumstances this may result in unexpected results, at no point should these threaten the privacy of your data.
Internet Provision Service
Our Internet Provision Services are outsourced to a select few trusted Internet Service Providers (ISP) that we have hand picked and checked. We will always tell you who your provision is with. We have to share certain information with your ISP for you to be able to receive the services you have signed up for. This usually consists of Name, Address, and Internet Protocol (IP) Addresses.
With our MIS support we do not access any personal data held on your system, we are here to make sure your MIS works for you and that’s all we intend to achieve. Should the need arise for a 3rd Party support we may have to discuss some personal information with them, however it will only ever be a contact at your business and nothing more. If we need to share anything more, we will always seek your permission first. We will never willingly discuss, transfer or share your personal information held within your MIS with anyone without the consent of your business.
We do not record telephone calls at this time. Should this change, we will update this notice and ensure users are informed. We will never sell or pass on your contacts details to a third party.
In the event that Lourdes IT performs an installation at your site, depending on the type of install, it will specify what is done. If you are having an equipment install for Audio Visual equipment, infrastructure or a client computer, then no personal data outside of your contact details and payment information is handled.
If Lourdes IT perform a network upgrade or a Server recovery or upgrade, our engineers will have to handle all the data on your network in some fashion. This is typically a physical move of your data between equipment, and we will only ever access the data you hold should an issue arise, such as corruption, or if the nature of the issue stemmed from that data e.g. Virus infection in a user account.
During an install none of your data is taken off site, without prior consent, and is only ever copied to your own equipment. We will never share or transfer any of your data to a third party, unless we need to use a third party to help provide our service to you, in which event we will only ever share your contact details and nothing else.
Curriculum Advice and Support Services
In order for us to properly provide our Curriculum services to you, our Head of Learning Technologies may share your contact information with third parties for product introductions.
For our accredited training we do use third party suppliers to enable us to give you the very best in training and certification. For this we do have to send some personal information and any coursework completed by our customers to our training suppliers for accreditation, who will then issue certificates.
Our third-party training associates are not covered under our Privacy Notice and will have their own policies, of which we do advise you to read. As our training courses do vary from time to time so do the third parties we work with, if you would like to know which companies we are currently using for our training please feel free to contact us on the details at the top of this document.
So that we can provide you with the best equipment and competitive prices, our procurement team do have to share some of your personal data with our approved suppliers. This is usually contact and billing information, so we can properly quote and order on your behalf.
We have to work closely with a number of third party organisations in order to run as a business and to provide you with a wider range of services. They may provide information that they collect about you, to us.
These third parties may provide such information as Names, Addresses, IP Addresses, Payment information, Server and Diagnostic logs, Communication data, Device-Specific information, or Location Data. We use their services within our websites and support packages. However, under some circumstances they may be acting as the Data Controller and they will have their own Privacy Notices we advise you to read.
We may pass your personal details onto third parties for the provision of services on our part, for example processing your payments. In these instances, we will only share the information specific to the task at hand, and we have Data Sharing agreements in place to ensure that your data remains secure and will only be used for the purpose it is shared for.
Where do we keep your data?
Your data is a prime concern to us and we strive to use services that are as stringent as ourselves. We use several servers based in the UK, EEA and USA depending on the services, all of which are held in, either Tier IV or Tier III+, PCI DSS or ISO 27001 compliant facilities. Any and all data transferred to the US, is done so in a secure fashion using the EU-US or Swiss-US Privacy Shield Frameworks.
The laws in countries out side of the EEA may not be able to provide your data with the same protection as within the EEA. However, any third party outside the EEA dealing with EEA data they too, are bound by GDPR and have agreed to abide by EEA levels of data protection in regard to transfer, processing and storage of any personal data.
By providing your data to us, you agree to this transfer and storage. We will however, ensure that reasonable steps are taken to protect your data in accordance with Our Lady of Lourdes or Lourdes IT Privacy Notice.
All data stored by Lourdes IT is kept and transported in an encrypted format.
Accessing and updating your data
Under data protection law, your data must be up to date and accurate. We ask that you must maintain your data on our systems, including but not limited to name, address, email address and telephone details.
Your rights and the right to be forgotten
Under data protection law, you have the right to object to us using your data or to delete it. This is known as your Right to be Forgotten, or the Right to be Deleted. Should you wish to enact this right Lourdes IT will endeavour to enact this for you. However please be aware we do have legal obligations where we may have to keep your details on file and they will not be subject to the Right to be Forgotten.
In preventing the use or processing of your personal data, it may delay or prevent us from fulfilling our contractual obligations to you. It may also mean that we will no longer be able to provide our services to you.
You have the right to ask us to not process your information for marketing purposes. If you have not opted in to our marketing process, we will not contact you with any marketing material. We would like to remind you that we will inform you of our latest events and services via marketing and would hate for you to miss out.
If you would like to enact any of your rights under the GDPR please visit the Our Lady of Lourdes Catholic MAC website and complete a Subject Access Request Form.
Please be aware that we hold the right to charge a reasonable administration fee for certain requests should we deem them unfounded or excessive. We may also charge for additional copies.
We also hold the right to extend the response time for requests to longer than the allotted 28 days if we deem the request to be complex or if we have received multiple requests from an individual.
In the unfortunate event of a data breach we shall ensure that our obligations under GDPR will be followed where necessary.
Not happy how we do things?
If you find yourself in the unfortunate situation where you are not happy with how we have handled and processed your personal information, please let us know so we can improve. We would like to remind you that you have the right to make a complaint to the Information Commissioners Office.
Information Commissioner’s Office
Tel: 0303 123 1113