Dunedin IT Limited (“Dunedin IT”) collects business data in order to provide our services to our business customers. During the relationship there may be times when an individual’s data is shared with Dunedin IT, for instance the name of an employee of the business for contact purposes. This policy covers how we deal with personal data – which is all data relating to an identified or identifiable individual. We take data protection and complying with data protection legislation very seriously, please find below how we do this.
Dunedin IT will be the Controller of the information you provide to us, and that we collect about you, when you visit our website (www.dunedinit.co.uk) or our online helpdesk (helpdesk.dunedinit.co.uk) where we provide you with, or answer questions about, our products and services (i.e. Hardware or Software Applications, Dunedin IT Managed Services and Security Products, Business Continuity, Broadband and Telephony Systems (Fixed & Mobiles).
What kind of information we will collect, when and how?
We collect information about you when you:
- Order our products or services (whether via this website, over the telephone or with one of members of staff);
- Create and log in to your “Dunedin IT Helpdesk Portal” or your “Dunedin IT Website” account;
- Use our products or services;
- Contact us by telephone, e-mail or post, to discuss our products or services or to make a complaint;
- Visit our website
- Or occasionally, we may also collect information about you from third parties (e.g. from credit rating agencies).
The type of information collected depends on the purpose and we will never hold more information from you than is necessary. The following details the types of information collected:
- Each time you purchase, license or subscribe to any content, material, products and/or services from our website or online helpdesk, we will send you an email verifying the order and confirming that the material will be delivered/sent/provided. We also reserve the right to send you email, SMS or other communications from time to time regarding updates and changes to our content, material, products or services; or about new links, partners, providers or suppliers to our website. You can choose not to receive by unsubscribing. If we require to email you any technical support, administrative or legal notices important to our website, our content, material, products or services that we consider essential that you know, including any breach of security relating to your personal information; you will not be able to unsubscribe from these notices as they may contain, for example, new privacy terms, conditions or situations, important instructions on use of or updates to our content, material, products and /or services which you have purchased, licensed or subscribed to from us, or recall notices for faulty products.
- When you use Dunedin IT products an or services (such as our Hardware or Software Applications, Dunedin IT Managed Services and Security Products, Business Continuity, Broadband and Telephony Systems (Fixed & Mobiles), we collect the following information about your use of those services:
- Call data (i.e. your telephone number, inbound / outbound caller number, time and duration of the call, geo-location data, your device details);
- Usage data (i.e. frequency, time and duration of service usage, data traffic (internet / minutes / SMS) used per month);
- Billing data (your financial details, bills and it’s components);
- Interactive data (apps usage data, websites usage / visits data). From time to time, to help us provide you with improved products and services, we might ask you to fill in a questionnaire, just so you can let us know how we’re doing. When sending you a questionnaire we will ask you to provide us with the following information: name, account number, email address, telephone number.
- From time to time we acquire personal data from marketing agencies (such as name, surname, phone number) in order to get in touch with you for special offers and promotions if you’ve agreed so.
- Other ways we obtain information about you would include:
- Credit Reference Agencies
- Fraud Prevention Agencies
- Market Researchers
- Public Information sources
How will we use the information that we collect?
This section explains how we use the information we hold about you (i.e. What we do with it).
We use the information we hold about you in several ways:
Where it is necessary to perform our contract with your company
- To determine your company’s eligibility for our products and services / whether services are available in the companies area;
- To process your company orders for our products and services and to bill for the same;
- To provide your company with the products and services you have ordered from us;
- To provide your company access to privileged areas of our online services (i.e. Online Helpdesk).
Where you have given us your consent
- To send you details of products, services, special offers and rewards that we think will be of interest to you. However, we hate junk mail as much as you do so it’s up to you to decide whether or not you want to receive this information;
- To occasionally carry out market research;
- To administer our customer care and quality control and personalise your visits to our online services.
Please note: Where we process your information on the basis of your consent, you have the right to withdraw your consent at any time. You can do this by:
- Writing a letter (see How do I contact you section of this Privacy Notice);
- Sending an email (see How do I contact you section of this Privacy Notice);
- Calling our Customer Care (see How do I contact you section of this Privacy Notice).
Where we have a legitimate interest where your rights will be negatively impacted
- To provide you with service information and updates in relation to the products and services your company has ordered from us;
- To respond to any questions or complaints you may have regarding our products and services;
- To enable us to gain customer insights and to review, develop and improve our products, services and special offers to ensure we are giving customers what they want;
- To check your company’s credit information with credit rating agencies to guarantee payment of our services;
- To analyse your companies telephony and mobile internet data to prevent fraud.
What information we will disclose to third parties?
This section explains who we share your information with.
We may provide information about you as follows:
- To employees of Dunedin IT to administer, and deal with any questions or complaints you have about any accounts, products and services provided to your company by Dunedin IT now or in the future.
- We may use aggregate information and statistics for the purposes of monitoring website usage in order to help us develop the website and our service and may provide such aggregate information to third parties, for example, content partners and advertisers. These statistics will not include information that can be used to identify any individual.
- To search the files of a credit reference agency, where we will keep a record of that search, when your company applies for service. This is so that we can confirm your company’s eligibility for our products and services and guarantee a regular payment for those. The identities of the Credit Reference Agencies and the way they operate are explained in more detail at https://www.equifax.co.uk/crain
- Additionally, details of how you conduct your account with us may also be disclosed to the credit reference agency or other companies you wish to obtain credit from, but only with your written agreement
- To the marketing agencies we work with when creating marketing campaigns, special offers and promotions targeted for your company.
- We may share your information with our partner companies who provide your company with customer service on our behalf.
How we will protect your data?
This section explains how we protect your information
Any information sent to us is protected using robust security methods. The methods we use are industry-standard, ensuring data is safeguarded whilst being sent over unprotected communications paths such as the internet. When it reaches us, we store it securely and only provide access to those authorised. Although we safeguard your personal information once received, Dunedin IT cannot guarantee the safety of any personal information you transmit to us using online methods.
Our security measures include:
- Encryption of data where appropriate
- Regular penetration testing of systems
- Security controls which protect the entire Dunedin IT Information Technology infrastructure from external attack and unauthorised access
- Regular cyber security assessments of all service providers who may handle your personal data
- Regular scenario planning, business continuity planning, crisis management exercises to ensure we are ready to respond to cyber security attacks and data security incidents
- Internal policies setting out our data security approach
- Training for employees on security and privacy
We will never ask you for your Dunedin IT identification, authentication passwords or PIN numbers directly associated with your Dunedin IT account in any unsolicited phone calls or unsolicited emails. In accordance with our Terms and Conditions, you are responsible for keeping your password and secondary security solutions such as two way authentication pins secure and we very strongly recommend you do not disclose them to anyone (unless you wish to authorise them to access your account and potentially incur charges on your account).
Keeping your information
This section explains how long we will keep your information.
We will retain your personal information for as long as necessary to fulfil the purposes we collected it for; such as any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the following:
- amount, nature, and sensitivity of the personal data
- the potential risk of harm from unauthorised use or disclosure of your personal data
- the purposes for which we process your personal data
- whether we can achieve those purposes through other means; and
- the applicable legal requirements
Typically we will not keep contract related details for longer than 6 years following the termination of a contract; unless there are compelling reasons to retain for a longer period. We keep your billing data for 7 years for tax purposes.
Afterwards the data will either be destroyed or anonymised.
Your rights on the information we hold on you?
This section explains the rights you have over the information we hold about you.
You have the following rights regarding your information:
- The right to rectification – you’re entitled to have your information corrected if it’s inaccurate or incomplete.
- The right to erasure – this is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your information where there’s no compelling reason for us to keep using it. This is not a general right to erasure; there are exceptions.
- The right to restrict processing – you have rights to ‘block’ or suppress further use of your information. When processing is restricted, we can still store your information, but may not use it further. We keep lists of people who have asked for further use of their information to be ‘blocked’ to make sure the restriction is respected in future.
- The right to data portability – you have rights to obtain and reuse your personal data for your own purposes across different services. E.g. if you decide to switch to a new provider, this enables you to move, copy or transfer your information easily between our IT systems and theirs safely and securely, without affecting its usability.
- The right to object – you have the right to object to certain types of processing, including processing for direct marketing (which we do only with your consent).
How you can contact Dunedin IT?
To exercise any of these rights at, any time, or If you have any questions or concerns about our use of your personal information you can:
- Call our Administration Team on : 0330 058 1701, Option 4
- Write to us at the following address:
22 Young Street Lane Edinburgh.
- Email us at : firstname.lastname@example.org
- Contact us on our customer helpdesk at email@example.com using heading “Data Controller”
What if I use a link from this site to another site?
Please be aware that our site may provide access to other web sites by linking to them. We are not responsible for the data policies, content or security of these linked websites.
If you’re not satisfied with our response to your question or concern, or believe our processing of your information does not comply with data protection law, you can make a complaint to the Information Commissioner’s Office (ICO).