Privacy Policy

GoodChoice IT Ltd. Data and Privacy Policy

Last updated 25-05-18

Your privacy and data security is very important to us – we have listed the key types of data we may hold and are happy to clarify any questions you have on how we use your data.

Key data we hold on our service desk

In order to contact you and staff at your organisation and provide our services we generally keep:

Name
Mobile
Email Address
DDI and office phone

We also link your data to your device, company and site location and keep various non personal information relating to your devices

We track correspondence between us and you

We audit each time we connect to a device or make any changes

Generally we only delete these records when they are no longer relevant

We keep secure records of login credentials and limit the access to these as far as is practical

This system is secured by two factor authentication

Our backups

We use encryption to keep our backups secure

Information requests

If possible email [email protected]. We can only respond if we know you have made a data access request under GDPR and can verify your identity

If you are requesting a customers data then we will not be able to supply this without their written consent – you should contact them directly

Marketing data

If you are not an existing customer we will only send marketing automated messaged if you have opted into our mailing lists. You can opt out at any time

We keep some limited data to help us target those who may be interested in our services. Please let us know if you would prefer we did not contact you via email to [email protected] or click the unsubscribe link

Data retention

Data retention policies vary depending on use of data some common scenarios are:

Hard disks of customer data

Data is destroyed beyond recovery after 90 days retention

Backups. Depending on customer policy. Usually, we keep the last 3 versions of any data

Emails

Some emails are destroyed after 30 days retention. Our policy is to keep emails unless they are no longer relevant

Data location

As far as practical we keep data at rest secured in the UK – we make extensive use of encryption and 2-factor authentication to keep your data secure

Financial records

All transaction records are destroyed after 7 years, unless required for any legal reason to be retained for longer.

Previous customers

We aim to delete records after 90 days retention unless they are needed for legal reasons

Shared Data

In order to provide our service we may share your data with 3rd parties (such as vendors and contractors) – we will always limit this access to the minimum required in order to provide our services. As far as possible we look to keep the data on our systems and not share your data. We have an agreement with our vendors and contractors which is subject to the same clauses as our customer contract in order to keep your data secure

Data breach

Should we detect a data breach impacting your data, we will inform you as soon as practically possible and report to the ICO if required. Should we detect a breach in our customers network we will inform them as soon as practically possible. If needed we will follow up with more information as it becomes available