Our Data Protection Policy
Abbeycomp IT Solutions provides IT consultancy, support and services exclusively to businesses. Due to the nature of services we offer our databases contain information which could be considered "personally identifiable information" in regards to individuals directly employed by our clients.
In order to be compliant with GDPR policies which will come into effect on May 25,2018, Abbeycomp IT Solutions has put together this webpage containing details about the data we hold, anyone who's got access to it, what we do to keep it safe and when it is deleted from our systems once it is no longer necessary.
Who do we keep data on?
For clients working with Abbeycomp IT Solutions through IT Support Contracts, Voucher/PrePay Contracts, Internet Contracts and Cloud Services Contracts such as Cloud Email, DropBox, Office 365 or Acronis Cloud Backup we keep a main contact name and mobile number for the account in addition to any other key employees that our client sees as necessary for the delivery of our services (department managers, remote users, project managers, etc).
New businesses interested in our services that contact us via email, phone or just through referral is also kept within our databases as we develop our relationship with them.
Abbeycomp IT Solutions does not store any work data for our clients and we do not use our clients' data in any shape or form so according to GDPR guidance our clients are effectively called the "Data Controllers" (the ones who collect the data and decide what to use it for).
Due to the fact that we are resellers for Dropbox, Office 365, Acronis Backup and Intermedia Cloud Services, Abbeycomp IT Solutions do have access to usernames and passwords to our clients accounts and as a result we are granted access to their data even though we never access it unless requested by the Client. Based on this fact, Abbeycomp IT Solutions is considered a "Data Processor" for our clients.
Please see links below for cloud service compliance statements:
What data and why?
Well, if we don't know a few details about our clients we can't contact them and therefore we can't provide the services they pay for.
So what do we keep as standard information in our databases?
- Full name of main contact within our Client
- Main contact's email address
- Main contact's mobile number
- Same details above for any other member of staff that deals directly with us on behalf of our Client
What about any additional information?
If our Client believes it will help us to work more effectively by sharing job titles or personal mobiles where company mobiles are not available we will keep these information in the database as well.
At any time, anyone can request their personal data to be permanently removed from our databases.
Clients can do that by visiting www.abbeycomp.london/gdpr and simply ask to be erased from our databases and all personal data related to the specific individual will completely be removed from our systems.
Is Abbeycomp legally allowed to hold personal data?
Yes, the use of personal data Abbeycomp IT Solutions has about its clients falls under the GDPR "legitimate Interests" category so legally we are allowed to have this kind of data about our clients so we can carry our duties as a business.
Who can access the data?
Our senior management has access to all areas within our databases whereas our consultants have limited access to our Clients Database.
New businesses interested in our services that contact us via email, phone, referral, through the website, download documentation or gated content from the website, sign up for a webinar through the website and/or sign up to receive Abbeycomp’s newsletter, is also kept within our databases as we develop our relationship with them. This data may be shared with potential partners of which we are resellers and have a legitimate business interest which include : Dropbox, Microsoft & Vectorworks.
What About Data Removal?
If a client desires to cancel a service with us we offer to provide a copy of the data we hold about them within our databases.
We provide this data in a PDF file which is sent via encrypted email to the Client. Once the Client confirms the PDF file is received their data is permanently deleted from our systems.
Abbeycomp IT Solutions retain Full Name and Email Address of individuals and previous employees within a client for up to seven years.
Why?? Well, previous employees records are (in most cases) necessary for the ongoing services provided by Abbeycomp IT Solutions and the day to day run of our Clients business.
There are several reasons for this and they vary from enabling access to historical emails from previous employees to keeping record of support tickets with previous employees activities. In addition, historic invoices and quotes cannot be modified either due to tax purposes so previous employees names would be retained in those documents.
Can I access the data Abbeycomp holds on me?
Yes, of course.
Within the same "business hours" day you'll receive a screenshot containing all the information requested. At that point you can reply with updates to your details or simply request to be deleted from our records which will be done immediately.
Is my personal data safe with Abbeycomp?
A resounding YES is the answer.
At Abbeycomp we take data security very seriously and below is a list of a few things we do to keep it secure:
-All our systems use data encryption by default. Whether transmitting or simply resting somewhere (backups).
-Our firewalls are setup inspect packets on the way in and out of our premises and protect our data from malware, anti-virus and any random cyber attacks.
-We have strict access to our database and complex passwords to all users.
-Our databases are server based and no personal data is ever present at local computer clients.
-All our laptops and desktops are encrypted.
-Screen Savers are set to kick in and prompt for passwords after short inactivity time.
-We keep logs on database access entries and users.
What if there's a breach?
Abbeycomp IT Solutions has been 100% resilient and has never ever had a single security breach incident since it was found back in 2002.
However, security breaches are a real threat these days and therefore one should never ever take it lightly.
So in the event of a security breach our internal policies dictate that we will notify the Information Commissioner's Office, our Client and all its relevant staff within 72 hrs of a breach incident and inform everyone involved about the potential impact of the specific incident.
Is there anything else I should know?
Well, not directly related but still very relevant to all of us, you should know that when the King of Pop died, fans everywhere grieved for his loss and the news could talk of little else for weeks. His children were heartbroken, the world lost a music legend, and the tortured soul that was Michael Jackson could finally be at peace—or could he? Due to the tragic nature of his death, along with a good old-fashioned inability of humans to let go of people they love, a growing number of fans are convinced that Jackson never actually moonwalked off this mortal coil at all.
In fact, people have been reporting sightings of him all over the world, from the United States to Paris. The Paris sighting even came with an incredibly realistic and convincing video of Jackson, who quickly shields his face with a bag and turns around, with his security guards further shielding him from view. Of course, some petty naysayers insist the video is a fake, but you can be sure sightings will likely continue long into the future, probably even past the point where he should have died of old age anyway. As Elvis, Tupac, Biggie, and Jim Morrison can confirm, sometimes our greatest artists don’t actually leave us, but just decide to disappear with a bang and sit things out on the sidelines for a while.