Privacy Policy

Privacy Policy

Who are we

We are Clarity Office Solutions (Pennine) Limited and can be contacted on the below contact details:

  • Telephone: 01423 795420
  • Address: Clarity Office Solutions (Pennine) Limited, unit 6, St James Business Park, Grimbald Crag Court, Knaresborough, HG5 8QB

Why do we collect and use your personal information

We collect and use your personal information in order for us to process your purchase order for one of our products (including installations) and/or to provide you with maintenance services.

 

Who will we share your personal information with

We will share your personal information with the Clarity Copier head office for audit trail and record back up purposes.

We may share your personal information with your nearest Clarity Copier franchise to fulfil a maintenance service agreement and/or a product installation.

 

How long will we store your personal information

We will store your personal information for up to six years. This is to enable us to refer to our records in the unlikely event that you want to lodge a complaint against us within six years.

We will store your personal information for a longer period of time for the sole purposes of sending you marketing communications about products and/or services that may be of interest to you. Each marketing communication will give you an easy way to opt-out of receiving any further marketing communications. Where we store your personal information beyond the six year period for marketing purposes we will only store your contact details.

 

What are your rights in relation to your personal information

Right to access

You have the right to request copies of the person information we hold about you at any time.

Right to rectification

You have the right to request we correct any inaccurate personal information we hold about you.

Right to erasure

You have the right to request that we delete your personal information from our records.

Please note that we will not be able to delete your personal information whilst we are still providing our services to you. We will be able to delete your personal information once you cancel the service or once the service is completed.

Right to restrict processing

You have the right to request that we restrict how we use your personal information.

Right to object

You have the right to object to the collection and use of your personal information at any time.

Right to data portability

You have the right to obtain a copy of your personal information in a legible and compatible form such as Excel or Word.

 

How can I exercise my rights in relation to my personal information

You can exercise all of your rights by contacting us on any of the above contact details.

 

How do I lodge a complaint about the use of my personal information

You can lodge a complaint with us directly by contacting us on one of the above vontact details.

You also have the right to lodge a complaint directly with the Information Commissioners Office (ICO). The ICO are the regulator who makes sure that we use your personal information in a lawful way.

You can lodge a complaint with the ICO by following this link https://ico.org.uk/concerns/ or calling the ICO on 0303 123 1113.

 

 

Consent Policy

Where the firm relies on consent as a legal basis to process personal data the Firm will ensure that the consent it obtains from the data subject meets the following definition:

Freely given, specific, informed and unambiguous indication of the data subjects wishes by a statement or by a clear affirmative action signifying consent.

 

Freely Given

The firm will give the data subject a genuine choice to consent to the processing of their personal data. The firm will not make the provision of consent for the processing of personal data a condition for the services it provides. The firm will not cause the withdrawal of consent to result in the data subject suffering detriment.

 

Specific

If the firm intends to use personal data in several ways the Firm will obtain separate consent for each processing purpose.

If the Firm intends to use the personal data for different processing activities (e.g collection, storage, and transfer of personal data) it will obtain separate consent for each processing activity.

 

Informed

The Firm will provide or signpost its privacy policy to inform the data subject about how their personal data will be used, who it will be shared with and their right to withdraw consent (and ho they can exercise their right) in order to put the data subject in a position to provide informed consent.

The Firm’s consent statements/opt-in statements will be concise, in plain language and easy to understand for data subjects.

The Firm will name any third parties that will rely on the consent to process the personal data.

 

Unambiguous, statement or clear affirmative action

The data subject must provide a verbal or written statement to confirm that the consent to the processing of their personal data for each purpose and/or to each processing activity or the data subject must opt-in to accept the consent statement.

 

Evidence

The firm keeps a record of when and how consent was obtained from data subjects. The Firm maintains this record in its Consent Register.

 

 

 

Data Security Policy

Organisational

The Firm carries out a data protection risk assessment to assess the risk posed by its processing activities and implements mitigation strategies to control the risk(s). The Firm’s data protection risk assessment enables it to identify vulnerabilities and ensure that it implements adequate organisational and technical measures to ensure the security of the personal data it processes.

 

People

The firm carries out pre-recruitment vetting on all staff that will handle personal data as part of their role. The Firms pre-recruitment checks will confirm the identity of the candidate and ascertain whether the prospective staff is of good character in order to entrust them with the processing activity.

The Firms staff is under a duty of confidentiality which forms part of their employment contract with the Firm.

The Firm provides relevant staff with data protection training to ensure adequate awareness of data protection. Data protection staff training is provided upon induction and on a refresher basis. The data protection training covers:

  • The Firm’s obligation under GDPR;
  • The responsibilities of individual staff members for the protection of personal data;
  • The proper procedures to use to identify an individual before disclosing any personal information;
  • The restrictions on the use of the Firms devices to access unauthorised websites which carry a greater IT security risk;
  • The use of strong passwords; and
  • To not open spam (not even to unsubscribe or ask for more mailings)

The firm only gives its staff access to personal data that they require to carry out their job.

 

Physical security

Personal data that is kept in a physical form is securely stored away out of plain sight when not in use. Only authorised personnel have access to the personal data. Physical devices such as computers which are used to process personal data are located in secure parts of the Firm’s premises.  Accesses to the physical devices are only permitted to authorised persons.

The Firm endeavours to position computer devices that are used to process personal date with its screens facing away from any windows so that they cannot be viewed by passers-by.

 

Premises

The Firm’s premises is kept secure by only allowing authorised personnel to access the Firm’s office space(s) where personal data is stored. When any third parties such as cleaners access the Firm’s office space the Firm ensures that all physical records containing personal data are securely stored away from sight.

The Firm’s office is locked out of hours and is secure.

 

IT security

Security software

The Firm installs a firewall to protect its network and systems from unauthorised access.

Where possible the Firm will install anti-malware software to protect its network from malware, ransomware and rootkit.

Where possible, the Firm will operate an internet gateway that restricts the websites and online services that staff can access whilst at work.

The Firm’s operating systems are set up to receive automatic updates which include the latest patches and security updates to cover vulnerabilities.

The Firm will remove any unused software and services from the devices it uses to process  personal data. This is to reduce the number of potential vulnerabilities.

Access Protection

The Firm secures any personal data which carries the risk of causing harm to the data subject if they were compromised (e.g financial data, health data). The firm considers the following security measures:

  • Encryption;
  • Password protection; or
  • Pseudonymisation (i.e replace fields in the data record with artificial information).

The Firm will consider using a secure server which guarantees secure online transactions (i.e access) to the Firm’s network.

Emails

The firm will consider, based on the content of emails, whether certain emails containing sensitive personal data should be encrypted or password protected.

Passwords

Access into the Firm’s network and systems is password protected. The Firm encourages staf to use strong passwords which contain a combination of upper and lower case, numbers and special characters. Where possible, the Firm will enforce regular password changes.

Passwords are cancelled immediately if staff members leave the Firm or are absent for long periods (e.g maternity or paternity leave).

Staff are prohibited from sharing passwords which control their personal access into the Firms network and/or systems.

Where possible the Firm will make provision for a visitor/guest WiFi to prohibit visitors from using the Firm’s network.

The Firm will limit the number of failed login attempts into its network and systems.

 

Third party processors

Where the Firm uses third party processors it will ensure adequate protection of personal data it is responsible for by entering into a written agreement with the processor which includes data protection clauses.

 

Data disposal

The Firm ensures that it deletes the personal data or destroys the hard drive on any of its computer devices that is used to process personal data before disposing of the device.

Physical records containing personal data are disposed of in the confidential waste bin or shredded.

 

Business Continuity

The firm regularly backs-up the personal data on its computer system(s) and keeps them in a separate place. Where possible, the Firm’s back-ups will be stored so that it is not visible to the rest of the network.

Where possible, the Firm’s servers will be located in a separate room with controlled access. Where possible, at least one of the Firms back-up servers will be located offsite.

Back-up devices such as CD’s and USB’s will be locked away when not in use. 

Contact Details

Clarity Office Solutions (Pennine) Limited
Unit 6

St James Business Park  

Grimbald Crag Court

Knaresborough

HG5 8QB

Tel: 01423 795420

Or use our contact form.

Areas we supply to...

Specialist suppliers of photocopiers to:

 

Leeds

Wakefield

Bradford

Harrogate

Knaresborough

Hull 

York

Our opening times

Monday - Friday

8:30 - 17:00

Print Print | Sitemap
© Clarity Office Solutions (Pennine) Limited (referred to as Clarity Pennine throughout this website)