The GDPR legislation will replace the current data privacy laws, giving more rights to you as an individual and more obligations to organisations holding your personal data.
What is Personal Data
Personal data is defined as data relating to a living individual who can be identified from:
That data and other information which is in the possession of, or is likely to come into the possession of the data controller and includes an expression of opinion about the individual and any indication of the intentions of the data controller, or any other person in respect of the individual. GDPR’s definition is more detailed and makes it clear that information such as an online identifier – e.g. an IP address, email address – can be personal data. The more expansive definition provides for a wide range of personal identifiers to constitute personal data, reflecting changes in technology and the way organisations collect information about people.
The GDPR applies to both automated personal data and to manual filing systems where personal data are accessible according to specific criteria. This is wider than the DPA’s definition and could include chronologically ordered sets of manual records containing personal data.
Collection of Personal Information
We collect and store information from you when you:
- Contract with Three Cherries to fulfil various IT and associated technology support services
- Open a support ticket to fulfil the IT support services between the companies
- Place an order for goods or services with Three Cherries
- Communication via email, post or telephone, in course of our operational business
What type of information is collected from you
The personal information we collect might include your name, company, job title, email address, IP address, and information regarding what web pages are accessed and when.
We only collect the relevant amount of information necessary for the purpose in which the data is being collected. Therefore, if you are contacting us regarding the purchase of our products and services, we need to know certain details to allow us to contact you and progress with your enquiry.
Use of Personal Information
Three Cherries treats personal information as confidential. Your information, whether public or private, will not be sold, exchanged, transferred outside of our company, or given to any other company for any reason without your consent.
Processing of Data and Consent
We will process your data for the purpose of fulfilling our contract or service to you or for the legitimate interest of our businesses.
We may share information with the following third parties for the purposes listed above:
Other organisations and businesses who provide services to you either via Three Cherries or directly, such as: internet services, back up services, server hosting services, IT software and maintenance, hardware maintenance services, document storage services, email services, security services, Telephony services, suppliers of other back office functions, debt recovery agencies, government agencies required by law.
Your refusal to provide personal data to us for certain products and services may hinder us from fulfilling your order for those products or services.
Also, if you deny or withdraw your consent to use personal data or opt out of receiving information about Three Cherries products and services this may result in you not being made aware of sales promotions, renewal notices, periodic company newsletters, new service updates, security updates, related product or service information, and status updates on maintenance windows or service availability.
Where Three Cherries have access to third party or client’s systems, we will ensure that only the specific systems and applications are accessed to fulfil the needs of the client’s request or support ticket. Any data accessed will remain under the control of the customer and their Data Controller, which is generally the data subjects’ employer.
People who email us
We use Transport Layer Security (TLS) to encrypt and protect email traffic. If your email service does not support TLS, you should be aware that any emails we send or receive may not be protected in transit.
We will also monitor any emails sent to us, including file attachments, for viruses or malicious software. Please be aware that you have a responsibility to ensure that any email you send is within the bounds of the law.
We’ll hold your personal information based on the following criteria: • For as long as we have reasonable business needs, such as managing our relationship with you and managing our operations • For as long as we provide goods and/or services to you • Retention periods in line with legal and regulatory requirements or guidance
How we protect your information We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect. Any data we process will be hosted securely within the EU.
Access to your personal information
Three Cherries are committed to being as open as it can be in terms of giving people access to their personal information. Individuals (not companies) can find out if we hold any personal information by making a ‘subject access request’. If we do hold information about you, we will:
- give you a description of it
- tell you why we are holding it
- tell you who it could be disclosed to
- let you have a copy of the information in an intelligible form.
To make a request to Three Cherries for any personal information we may hold you need to put the request in writing.
If you agree, we will try to deal with your request informally, for example by providing you with the specific information you need over the telephone.
If we do hold information about you, you can ask us to correct any mistakes by, once again, contacting Three Cherries in writing.
We will require you to provide identification in order to verify the authenticity as the data subject.
We will make reasonable effort to respond to and process your request in a timely manner.
Opting out; withdrawing consent
If at any time you would like to unsubscribe from receiving any future marketing emails, we include unsubscribe instructions at the bottom of each email.
If Three Cherries is processing your personal data based on your consent, you may withdraw your consent at any time by contacting Three Cherries in writing.
Links to other websites and services
This privacy notice does not cover any links within this site linking to other websites. We encourage you to read the privacy statements on any other websites you visit.
Where we send information, or resell services which relates to 3rd party systems, whether this is sold via Three Cherries or you contract directly with the 3rd party.
We encourage you to read the privacy statements on the other parties. Relevant subject requests will need to be made directly to each 3rd party.
People who make a complaint to us
When we receive a complaint from a person we make up a file containing the details of the complaint. This normally contains the identity of the complainant and any other individuals involved in the complaint.
We will only use the personal information we collect to process the complaint and to check on the level of service we provide.
We usually have to disclose the complainant’s identity to whoever the complaint is about. This is inevitable where, for example, the accuracy of a person’s record is in dispute. If a complainant doesn’t want information identifying him or her to be disclosed, we will try to respect that. However, it may not be possible to handle a complaint on an anonymous basis.
We will keep personal information contained in complaint files in line with our retention policy. This means that information relating to a complaint will be retained for two years from closure. It will be retained in a secure environment and access to it will be restricted according to the ‘need to know’ principle.
Similarly, where enquiries are submitted to us we will only use the information supplied to us to deal with the enquiry and any subsequent issues and to check on the level of service we provide.
In compliance with the European Union rules on privacy, you have the following rights established by law:
- You have the right to review your personal data that Three Cherries holds and check it for accuracy.
- You have the right to correct data in the case that errors may be found in our records.
- You have the right to request that any of your personal data be erased. i.e. right to be forgotten.
- You have the right to obtain and reuse use your personal data for your own purposes
- You have the right to request that Three Cherries restrict the processing of your personal data under certain circumstances.
- You have the right to object to our processing of your personal data.
We keep our privacy notice under regular review. This privacy notice was last updated on 3rd May 2018.