This privacy notice was last updated on the 25th of May 2018.
We will update this Notice from time to time and you should review it whenever you visit our website or before providing us with any personal data about yourself.
Who we are
We are Blue Diamond I.T. Limited referred to here as Blue Diamond IT.
Blue Diamond IT is an IT service and support company offering a wide range of services including 24/7 Support Services, Remote Monitoring Services, Cloud Services, IT Sales and Disaster Recovery.
For the purpose of the General Data Protection Regulation (Regulation (EU) 2016/679) (“the GDPR”), Blue Diamond IT is a data controller in respect of any personal data we collect and a data processor in respect of client data we store.
How we collect your personal data
We will only collect and use your personal data where we have legitimate business reasons to do so. We may obtain personal data from you to provide you a service or when we provide a service to one of our institutional clients, when you contact us or visit our offices, including when you call us, get in touch with us via our website, or when you or your organisation correspond with us using any means of communication. This includes personal data provided to us:
in regard to services we provide;
when you contact us with a question or enquiry via our website, email or by calling our office;
when you provide our staff with business cards or contact details;
if you deal with us when we are providing services to one of our clients;
when we receive referrals from other employees, clients or suppliers;
when you make a complaint;
when you deal with us in order to provide us with goods or services;
We may also collect your data when we search websites where you have posted your data to be found in relation to business opportunities. We will of course let you know at the earliest opportunity when we have gathered your data in this manner.
We also collect service data from our clients via our remote monitoring systems, cloud backup and disaster recovery services which may include personal information about its employees, customers, partners or suppliers.
The personal data we collect
We collect personal data in order to provide the best possible service we can, to maintain good relationships or on behalf of our clients in the service of a contract. We only collect the data we need or are contracted to hold and we will ensure we have appropriate physical and technological security measures to protect your personal data.
For clients using our services or suppliers whose services we use, depending on the relevant circumstances and applicable local laws and requirements, we may collect some or all of the following information: name, title, email address, postal address, telephone numbers and other contact numbers. We may also hold extra information that someone in your organisation has chosen to tell us, where we have a good reason to hold it.
What we use your information for
Blue Diamond IT collects and processes your personal data for legitimate Business Management purposes including:
conducting ‘Know Your Customer’ activities, including anti-money laundering checks;
managing the financial relationships with our clients;
administering our clients’ products and services;
processing instructions from clients;
in connection with legal and dispute management;
for compliance with legal, regulatory and tax reporting obligations;
releasing your personal information to regulatory or law enforcement agencies, if they require us to do so by law for the prevention, detection and investigation of crimes;
to market our related products and services directly to you and advise you of any updates to our services. Where we do so you will be able to unsubscribe at any time from receiving any further communications from us;
we may use the information to improve our services to you; or
to fulfil contractual obligations with our clients.
We may use your personal data for these purposes if it is necessary for the formation or performance of a contract, for the fulfilment of statutory or other legal obligations, or where we deem it to be necessary for our legitimate interests or for mutually beneficial legitimate interests. Our legitimate interests are explained a little further down this notice.
Services data may be accessed and used to perform the services we are contracted to provide and under a specific order for support from our clients. We may also access the data to confirm our client’s compliance with the terms of our agreement.
Sharing your personal data
Where appropriate and in accordance with local laws and requirements, we may share your personal data with:
· tax, audit, or other authorities, when we consider in good faith that the law or other regulation requires us to share this data (for example, because of a request by a tax authority or in connection with any anticipated litigation);
· third party service providers who perform functions on our or your behalf;
· third party outsourced IT and data storage providers where we have an appropriate processing agreement (or similar protections) in place;
Blue Diamond IT uses sub-processors to assist in providing some of its services. Blue Diamond IT requires its sub-processors to satisfy equivalent obligations as those required from Blue Diamond IT as detailed in contract with our clients including:
· process Personal Data in accordance with data controller’s documented instructions;
· implement and maintain appropriate technical and organizational measures to prevent unauthorised access or disclosure;
· promptly inform Blue Diamond IT of any actual or potential security/data breach; and
· cooperate with Blue Diamond IT when requests are received from data controllers, data subjects or supervisory authorities.
You have individual rights under the GDPR. You can exercise any of these rights by contacting us using our contact details at the end of this notice or by any other means. Your rights are listed and explained below. You have:
The right to be informed - you have the right to be informed of what we do with your data. The detail of what we do is in this privacy notice.
The right of access - you have the right to ask us to confirm what information we hold about you. You can exercise this right by submitting a Data Subject Access Request. We may ask you to verify your identity and for more information about your request. We will respond to any request to access your data within one month.
The right to rectification - you have the right to update your data if you think it’s incorrect. We may ask you to verify your identity and for more information about your request.
The right to erasure - You have the right to have your personal data deleted (right to be forgotten). We will make every reasonable effort to remove your personal data, however, this may not always be possible if we need to retain your data for purposes of billing or if there are legal requirements for us to keep your data. We may ask you to verify your identity and for more information about your request. We will respond to any request to delete your data within one month and let you know the outcome of your request.
The right to restrict processing - you have the right to ask us to stop processing your data. Where consent has been given to process your data, you can withdraw that consent at any time by contacting us using the details at the bottom of this notice. You can raise any concerns to the processing or use of your personal data by us either to us or to the appropriate data protection authority.
The right to data portability - you have the right to have the personal data you have given us transferred to another company and we will make every reasonable effort to comply with your request.
The right to object - you have the right to object to us processing your personal data where we do so under legitimate interests or to enable us to perform a task in the public interest or exercise official authority or to send you direct marketing materials or for scientific, historical, research or statistical purposes. If your objection relates to us processing your personal data because we deem it necessary for your legitimate interests, we must act on your objection by ceasing the activity in question unless we can show that we have compelling legitimate grounds for processing which overrides your interests or we are processing your data for the establishment, exercise or defence of a legal claim.
Rights in relation to automated decision making and profiling - Automated individual decision-making is a decision made by automated means without any human involvement, Blue Diamond IT do not use any automated decision-making tools. Profiling is where we use the information we have on you to classify you into different groups or sectors, using algorithms and machine-learning. This analysis identifies links between different behaviours and characteristics to create profiles for individuals. Blue Diamond IT do not use any profiling techniques.
Transfer of data outside the EU
Normally your data will not be transferred to a country or territory outside the EU unless that country or territory ensures an adequate level of protection or the appropriate safeguards are in place to guard your rights and freedoms.
It is our policy only to keep records of your personal data for as long as required under the legal obligations of delivering a service to you, or as required by relevant authorities or other legislation, whichever requirement is longer.
Our retention policies are currently as follows:
If you have contacted us via our website or sent us an email and we do not engage in a professional relationship with you, we will destroy your data after two years or sooner.
If we have engaged in a professional relationship with you, we will destroy your data after five years or sooner.
The GDPR states (in Article 6(1)(f)) that we can process your data where it is necessary for the purposes of the legitimate interests pursued by us except where such interests are overridden by your interests or fundamental rights or freedoms.
Our legitimate interests explained - Blue Diamond IT think it's reasonable to expect that if we have had a professional relationship with you or you have posted your professional information to a professional networking site, you are happy for us to use your personal data to contact you for a relevant reason. If you don’t want any further contact with us you can ask us to stop by contacting us using the details at the end of this Privacy Notice.
When someone visits our website, we use a third-party service to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. We do not make, and do not allow any third party to make, any attempt to find out the identities of those visiting our website.
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect.
To exercise any relevant rights, queries or complaints please contact us as follows:
By Phone: +44 (0)20 7426 9900
Blue Diamond IT Ltd
12-14 Devonshire Row
Contact your local supervisory authority
If you wish to make a complaint then you can contact your local supervisory authority. If you are in the UK your local Supervisory Authority is the Information Commissioners Office (ICO) who can be contact in the following ways:
By Phone: +44 (0)303 123 1113
Information Commissioners Office
Other contact options can be found on the ICO website at https://ico.org.uk/global/contact-us/.
Supervisory Authorities for other countries can be found on the European Commissioners website at https://ec.europa.eu/info/index_en