Privacy Policy

Download Data Retention Policy
Download Client Privacy Notice

---

DATA RETENTION POLICY

1. Overview
• The purpose of this policy is to provide a framework which will govern decisions over whether particular data or documents should be retained or disposed of. Furthermore, where documents are retained it provides a framework for the appropriate retention period and format.
• Personal data is important throughout the different areas of our organisation. It is used by us amongst other things, to meet our strategic objectives, comply with our legal obligations and meet our contractual obligations towards our employees, clients and others.
• As such, all personal data should be safeguarded and held securely in accordance with our IT and Communications Policy.
• Personal information shall be kept accurate and retained for no longer than is necessary to meet the purpose for which it is held.
• Personal data is stored in a number of ways including through our personnel system, marketing lists and client databases. It is kept in electronic and/or hard copy form.
• Employees should be aware that whenever they access our systems, they may be accessing personal data and should therefore comply with our IT and Communications Policy at all times.
2. Retention Principles
• Personal data will only be kept for as long as necessary or until there is no longer a good reason to do so.
• The attached Document Retention Schedule details the length of time particular personal data will be retained for and at what points it will be destroyed.
3. Security Arrangements
• Please see our Data Protection Policy for details of the security arrangements in place.
4. Individual Rights
• Should an individual ask for their personal information to be removed or corrected, requests will be dealt with promptly and in accordance with data protection laws.
• All individuals will be informed, via a privacy notice, of the retention period of their data and/or the criteria used to determine that period.
5. What will happen to your information
• When the retention period for your personal information reaches an end then we will take the following actions:
• Paper records will be securely shredded.
• Electronic records will be deleted.

---

Data Protection - Privacy Notice - Clients and Business Contacts

How we use your personal data

Under UK data protection law we are required to provide you with specific information about how we will use and process any personal data we hold on you.

We have set out that information in this document. If you have any queries please contact us on the details provided below.

The purpose(s) for which we use your personal data and the lawful basis for such processing

Netbox Digital Limited may use your personal data for the following purposes:

• In order to meet our contractual obligations towards you if you contracting with us on your own behalf; and/or
• Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.

Our processing is based primarily on the lawful processing conditions of Necessity and our Legitimate Interests (or those of a third party).

Please note that at Netbox Digital Limited we use CCTV which capture personal data about visitors to our site. We use such surveillance to help monitor the health, safety and security of our visitors, guests and staff and of our premises.

Our use of your data for these purposes is undertaken on the basis of Necessity and Legitimate Interests (defined below).

The legal basis for the processing we carry out

Necessity: means that the processing we carry out is necessary for the performance of a contract we have with you or in order to take steps at your request prior to entering into a contract with you.

Legitimate Interests: means that the processing of your personal data is necessary for the purposes of our legitimate interests or by a third party and those interests are considered to be sufficient to override your interests or fundamental rights and freedoms which require protection of your personal data.

Where we rely on Necessity or Legal Compliance

If you fail to provide certain personal information when requested or otherwise object or seek to restrict our ability to process your personal data under these lawful processing conditions, we may not be able to perform the contract we have entered into with you or your employer.

Where we rely on Legitimate Interests

As a responsible data controller, we rely on our legitimate interests in the area of our CCTV usage to assist in managing and monitoring the health, safety and security of our visitors, guests and staff and our premises.

A full copy of our Impact Assessment for the usage of CCTV at Netbox Digital Limited is available on request.

We may also rely on this lawful processing condition to process your personal data where we believe that on balance it is in the legitimate interests of Netbox Digital Limited to do so and where the risk to your fundamental rights and freedoms do not outweigh those interests. This will include in particular, our legitimate business interests arising from or related to our business relationship with you including, for example, maintaining or developing a business relationship with you and/or corresponding with you on matters arising from any form or contractual arrangement between us and your employer.

What categories of personal data do we have about you?

We will process information about you that may include your name, employer, job title and business contact details (email, telephone number, place of work).

Who do we pass/share your personal data with?

Netbox Digital Limited does not share your information with any third party company or organisation other than those listed below and for the purposes stipulated.

Other categories of recipient of the personal data you provide to us are:

• We may pass your personal data to our third party service providers, agents subcontractors and other associated organisations for the purposes of completing tasks and providing services to you that we have agreed to provide e.g. our IT service provider and cloud-based storage provider.
• When we use third party service providers, we disclose only the personal information that is necessary to deliver the service and we have a contract in place that requires them to keep your information secure and in to keep in accordance with the requirements of UK Data Protection Law and not to use it for their own direct marketing purposes.
• We may transfer your personal information to a third party as otherwise permitted by UK Data Protection Law, for example to our legal advisors in the event of any relevant dispute.
• We may transfer CCTV to a third party security organisation (e.g. Police) in respect of any request made in writing in connection with a crime or security issue.

Do we transfer your personal data to other countries?

No. We do not transfer your personal data outside of the European Union.

How long will you keep my personal data for?

For a copy of our Client Privacy Policy and Retention Policy please go to: www.netboxdigital.com

The accuracy of your information is important to us.

We're working on ways to make it easier for you to review and correct the information that we hold about you. In the meantime, if you change email address, or any of the other information we hold is inaccurate or out of date, please email Jackie Tonkin [email protected] to provide updated details.

Your Individual Rights

Under the Data Protection Act 2018 and the related European General Data Protection Regulation you have the following individual rights

• To make a subject access request;
• To request the rectification of your personal data;
• To request that we erase your personal data (the "right to be forgotten")
• To request that we restrict the processing of your personal data;
• To request data portability;
• To object to our processing of your personal data.

Further details on these rights, when they apply, how to exercise them and the exemptions and wider rules and requirements that apply to such rights. Please visit the Information Commissioner's website at www.ico.org.uk

Raising Concerns with the Information Commissioner

If you are unhappy with how Netbox Digital Limited is using your personal data we would encourage you to raise this concern with Jackie Tonkin.

You have the right to lodge a complaint with the Information Commissioner if you are unhappy with how we are handling our data protection obligations, please visit the Information Commissioner's website at www.ico.org.uk

Automated decision making and profiling

We do not currently use automated decision making systems or profiling.

Who we are/Contacting Us

Under UK Data Protection Law, we are required to tell you the identity of the legal person who controls your personal data.

We are Netbox Digital Limited. We are registered in England and Wales under company number 5966946. Our registered office and correspondence address is: 107 Rochester Airport Industrial Estate, Lake Road, Rochester, Kent ME1 3QX and our telephone number is 0344 257 2070.

Please address any queries to Jackie Tonkin.