PRIVACY POLICY
WHAT IS THIS POLICY ABOUT?
This privacy policy sets out how illumit Ltd (referred to from now on as illumit) use and protect any personal information that you provide when you use our services or access us through our websites. At illumit we take privacy seriously and we are committed to protecting it.
This policy explains when and why we collect personal information about individuals, how this information is used, the conditions under which it may be disclosed to others and how it is kept secure.
This policy may change from time to time so please check this page occasionally to ensure that you’re happy with any changes.
This policy was last updated on 30th August 2019.
WHO WE ARE
illumit (registered company number 04545372) is an IT company providing services to a client base that include NHS providers and commissioners. Specifically, illumit is a specialised provider of business-focused end to end IT services, based in the West Midlands and East Sussex, UK.
OUR LEGAL ROLE UNDER DATA PROTECTION LEGISLATION
When we are working with the public, our staff and our clients under contract, we collect information about them such as names, addresses, emails and in this case we act as a “data controller” in relation to the processing activities described below. A “data controller” is an organisation that decides why and how someone’s personal information is processed.
However, in our work with clients we are often called upon to work with patient and other client-held information which is usually held on our clients’ IT systems. During these projects, our staff have secure access to the client’s systems and where necessary, to the data they store. In this respect we act as a data processor in relation to the processing activities described below. A “data processor” is an individual or organisation that processes personal data on behalf of the controller. ‘Processing’ means any operation or set of operations which is performed on personal data (or on sets of personal data), whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Where this policy refers to “we”, “our” or “us” below, unless it mentions otherwise, it’s referring to the particular company that is the controller or processor of someone’s personal information.
HOW WE COLLECT YOUR PERSONAL INFORMATION
The personal information we collect and the way in which we collect it are as follows:
Personal information you give to us:
This is information about you that you give to us entirely voluntarily when you enter information via:
• our website: http://illumit.co.uk
• a ‘Customer Portal’
• our Facebook accounts
• Linkedin accounts
• corresponding with us by phone, email or otherwise,
• information given by you for events and conferences we may attend.
This includes information provided at the time of contacting us or using our sites, subscribing to the services we provide, posting material or requesting further services.
If we request that you complete a survey for research purposes and you do this, we will collect information in such circumstances as well. The information you give us includes your name, address, email address and phone number, enquiry details and may include records of any correspondence and responses to any surveys.
We may also ask you for information when you report a problem or make a complaint.
PERSONAL INFORMATION WE COLLECT ABOUT YOU
We may automatically collect the following information:
device IMEI, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, details of transactions you carry out through the websites, and your visits to our websites, including, but not limited to, traffic data, location data, weblogs and other communication data, the resources you access, URL, clickstream to, through and from the websites including date and time, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page and any phone number used to call our customer service number. We may also automatically collect technical information, including anonymous data collected by the hosting server for statistical purposes, the Internet protocol (IP) address used to connect your computer or device to the Internet.
Please also see our Cookie Policy for further information.
We may also collect any personal information which you allow to be shared that is part of your public profile or third party social network, type and version, time zone setting, browser plug-in types and versions, operating system and platform.
TYPE OF PERSONAL INFORMATION WE PROCESS ABOUT YOU
We may process a range of personal information about you, including the following types of information:
contact (such as your name, address and email address), sales (information relating to the sale of products or services to you), correspondence (information contained in our correspondence or other communications with you about our products, services or business) ), legal (information relating to legal claims made by you), behavioural (your activities, actions and behaviours), monitoring (information relating to the surveillance or monitoring of your activities).
HOW WE USE YOUR PERSONAL INFORMATION
The purposes for which we use your information and the legal basis under data protection laws on which we rely to do this are explained below.
Where there is a LEGITIMATE INTEREST
We may use and process your personal information where it is necessary for us to pursue our legitimate interests as a business, or that of a third party, for the following purposes:
• for marketing activities;
• for analysis to inform our marketing strategy, and to enhance and personalise your customer experience (including to improve the recommendations we make to you on our website);
• to correspond or communicate with you;
• to verify the accuracy of data that we hold about you and create a better understanding of you as a customer;
• for network and information security in order for us to take steps to protect your information against loss or damage, theft or unauthorised access;
• for prevention of fraud and other criminal activities;
• to comply with a request from you in connection with the exercise of your rights (for example where you have asked us not to contact you for marketing purposes, we will keep a record of this on our suppression lists in order to be able to comply with your request);
• to assess and improve our service to customers
• for the management of queries, complaints, or claims; and
• for the establishment and defence of our legal rights.
Where there is a LEGAL REQUIREMENT
We will use your personal information to comply with our legal obligations: (i) to identify you when you contact us; (ii) to verify the accuracy of data we hold about you; (iii) where we reasonably believe that you are or may be in breach of any applicable laws, we may disclose your personal information to relevant third parties, including to law enforcement agencies.
OTHERS WHO MAY RECEIVE OR HAVE ACCESS TO YOUR PERSONAL INFORMATION
Our suppliers and service providers
We may disclose your information to our third party service providers, agents, subcontractors and other organisations for the purposes of providing services to us or directly to you on our behalf. Such third parties may include cloud service providers (such as hosting and email management), advertising agencies and administrative services. For more details please see table.
When we use third party service providers, we only disclose to them any personal information that is necessary for them to provide their service and we have a contract in place that requires them to keep your information secure and not to use it other than in accordance with our specific instructions.
Customer satisfaction surveys, audits and research
As customer satisfaction is important to us, we may ask a third party research company to contact you for the sole purpose of gathering general information and specific information relating to us and our products and services. We may also be involved in supporting our clients with their audit programmes where personal data is extracted and used to provide data for audit purposes.
Other ways we may share your personal information
We may transfer your personal information to a third party as part of a sale of some or all of our business and assets to any third party or as part of any business restructuring or reorganisation. We may also transfer your personal information if we’re under a duty to disclose or share it in order to comply with any legal obligation, to detect or report a crime, to enforce or apply the terms of our contracts or to protect the rights, property or safety of our visitors and customers. We will always take steps with the aim of ensuring that your privacy rights continue to be protected.
WHERE WE STORE YOUR PERSONAL INFORMATION
Information you provide to us may be transferred to countries outside the European Economic Area (EEA). By way of example, this may happen if any of our servers or those of our third party service providers are from time to time located in a country outside of the EEA. These countries may not have similar data protection laws to the UK.
If we transfer your information outside of the EEA in this way, we will take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this policy. These steps include imposing contractual obligations on the recipient of your personal information or ensuring that the recipients are subscribed to ‘international frameworks’ that aim to ensure adequate protection.
If you use our services whilst you are outside the EEA, your information may be transferred outside the EEA in order to provide you with those services.
HOW LONG DO WE KEEP YOUR PERSONAL INFORMATION
If we collect your personal information, the length of time we retain it is determined by a number of factors including the purpose for which we use that information and our obligations under other laws. We do not retain personal information in an identifiable format for longer than is necessary.
We may need your personal information to establish, bring or defend legal claims. For this purpose, we will always retain your personal information for 7 years after the date it is no longer needed by us for any of the purposes listed under “How we use your personal information” above. The only exceptions to this are where:
• the law requires us to hold your personal information for a longer period, or delete it sooner;
• you exercise your right to have the information erased (where it applies) and we do not need to hold it in connection with any of the reasons permitted or required under the law (see further Erasing your personal information or restricting its processing below); or
• in limited cases, the law permits us to keep your personal information indefinitely provided we put certain protections in place.
SECURITY AND LINKS TO OTHER SITES
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal information, we cannot guarantee security of your information transmitted to our website and any transmission is at your own risk. Once we have received your personal information, we put in place reasonable and appropriate controls to ensure that it remains secure against accidental or unlawful destruction, loss, alteration, or unauthorised access.
Where we have given (or where you have chosen) a password which enables you to access an account, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
Our website may contain links to other websites run by other organisations. This policy does not apply to those other websites‚ so we encourage you to read their privacy statements. We cannot be responsible for the privacy policies and practices of other websites even if you access them using links that we provide. In addition, if you linked to our website from a third party website, we cannot be responsible for the privacy policies and practices of the owners and operators of that third party website and recommend that you check the policy of that third party website.
COOKIES
Like many other websites, our website uses cookies to obtain an overall view of visitor habits and visitor volumes to our website). 'Cookies' are small pieces of information sent to your computer or device and stored on its hard drive to allow our websites to recognise you when you visit.
It is possible to switch off cookies by setting your browser preferences. For more information on how we use cookies and how to switch them off on your device, please visit our Cookies Policy.
MARKETING
We may collect your preferences to receive marketing information directly from us by email, and/or telephone calls, for example, in the following ways:
• if you register with us online; or
• if you make a sales enquiry or place an order we may contact you with marketing information in the ways mentioned in the notices presented to you, except where you indicate you would prefer otherwise.
• if you sign up for an event or conference.
We may in future contact you with marketing information by post or by telephone or with targeted advertising or use your personal information to tailor marketing to improve its relevance to you, unless you object.
YOUR RIGHTS
You have a number of rights in relation to your personal information under data protection law. In relation to certain rights, we may ask you for information to confirm your identity and, where applicable, to help us to search for your personal information. Except in rare cases, we will respond to you within one month from either (i) the date that we have confirmed your identity or (ii) where we do not need to do this because we already have this information, from the date we received your request.
• Accessing your personal information
You have the right to ask for a copy of the information that we hold about you by emailing or writing to us at the address at the end of this policy. We may not provide you with a copy of your personal information if this concerns other individuals or we have another lawful reason to withhold that information.
• Correcting and updating your personal information
The accuracy of your information is important to us and we will work with you to review and correct the information that we hold about you if it is factually inaccurate.
In the meantime, if you change your name or address/email address, or you discover that any of the other information we hold is inaccurate or out of date, please let us know by contacting us in any of the details described at the end of this policy.
• Objecting to our use of your personal information
Where we rely on your legitimate business interests as the legal basis for processing your personal information for any purpose(s), as set out under “How we use your personal information”, you may object by emailing or writing to us at the address at the end of this policy. Except for the purposes for which we are sure we can continue to process your personal information, we will temporarily stop processing your personal information in line with your objection until we have investigated the matter. If we agree that your objection is justified in accordance with your rights under data protection laws, we will permanently stop using your data for those purposes. Otherwise we will provide you with our justification as to why we need to continue using your data.
You may object to us using your personal information for direct marketing purposes and we will automatically comply with your request. If you would like to do so, please use our unsubscribe option or you can contact us via our contact details at the bottom of this page.
You may also contest a decision made about you by writing to us at the address at the end of this policy.
• Erasing your personal information or restricting its processing
In certain circumstances, you may ask for your personal information to be removed from our systems by emailing or writing to us at the address at the end of this policy. Unless there is a reason that the law allows us to use your personal information for longer, we will make reasonable efforts to comply with your request.
You may also ask us to restrict processing your personal information where you believe it is unlawful for us to do so, you have objected to its use and our investigation is pending or you require us to keep it in connection with legal proceedings. In these situations we may only process your personal information whilst its processing is restricted if we have your consent or are legally permitted to do so, for example for storage purposes, to protect the rights of another individual or company or in connection with legal proceedings.
CHANGES TO THIS POLICY
We may review this policy from time to time and any changes will be notified to you by posting an updated version on our website. Any changes will take effect 7 days after the date on which we post the modified terms on our website, whichever is the earlier. If you do not agree with any aspect of the updated policy you must immediately notify us and cease using our services.
CONTACT US
Our Data Protection Officer is John Murray. Please direct any queries about this policy or about the way we process your personal information to him using our contact details below.
If you wish to write to us, please write to the address below:
illumit Ltd
PO Box 10898
Birmingham B13 9ZS
Our email address for data protection queries is john.murray@illumit.co.uk.
If you would prefer to speak to us by phone, please call 0870 609 4012 and ask for John Murray
ICO Registration Number: illumit Ltd - ZA532744
COMPLAINING TO THE UK DATA PROTECTION REGULATOR
You have the right to complain to the Information Commissioners Office (ICO) if you are concerned about the way we have processed your personal information. Please visit the ICO’s website for further details. www.ico.org.uk