1. Introduction

Tech wise Support Limited (“the Company”) is committed to protecting the privacy and security of personal data. This policy outlines how we collect, use, store, and protect personal data in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

 

2. Scope

This policy applies to all personal data processed by Techwise Support, including data relating to clients, employees, suppliers, and other third parties. It covers all forms of data processing, including electronic, paper-based, and verbal communications.

 

3. Data Protection Principles

Techwise Support adheres to the following principles when processing personal data:

  1. Lawfulness, Fairness, and Transparency: Personal data shall be processed lawfully, fairly, and in a transparent manner.
  2. Purpose Limitation: Data shall be collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
  3. Data Minimization: Data collected shall be adequate, relevant, and limited to what is necessary for the purposes for which it is processed.
  4. Accuracy: Personal data shall be accurate and, where necessary, kept up to date. Inaccurate data shall be corrected or deleted without delay.
  5. Storage Limitation: Personal data shall be kept in a form that permits identification of data subjects for no longer than is necessary for the purposes for which the data is processed.
  6. Integrity and Confidentiality: Personal data shall be processed in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing, accidental loss, destruction, or damage.

 

4. Data Collection

Techwise Support collects personal data only for specific, legitimate business purposes, including:

  • Providing IT services and support to clients.
  • Managing employee records and payroll.
  • Complying with legal obligations.
  • Communicating with clients, suppliers, and partners.

 

5. Legal Basis for Processing

The Company processes personal data based on one or more of the following legal grounds:

  • Consent: Where the data subject has given clear consent for the processing of their personal data for specific purposes.
  • Contract: Processing is necessary for the performance of a contract to which the data subject is a party or to take steps at the request of the data subject prior to entering into a contract.
  • Legal Obligation: Processing is necessary for compliance with a legal obligation to which the Company is subject.
  • Legitimate Interests: Processing is necessary for the purposes of the legitimate interests pursued by the Company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject.

 

6. Data Subject Rights

Data subjects have the following rights regarding their personal data:

  • Right to Access: Individuals can request access to their personal data held by the Company.
  • Right to Rectification: Individuals can request correction of inaccurate or incomplete data.
  • Right to Erasure: Individuals can request deletion of their personal data where there is no compelling reason for its continued processing.
  • Right to Restrict Processing: Individuals can request that the processing of their personal data is restricted in certain circumstances.
  • Right to Data Portability: Individuals can request a copy of their personal data in a structured, commonly used, and machine-readable format.
  • Right to Object: Individuals can object to the processing of their personal data in certain circumstances, including direct marketing.
  • Rights Related to Automated Decision-Making: Individuals have the right not to be subject to a decision based solely on automated processing, including profiling, that produces legal effects concerning them or similarly significantly affects them.

 

7. Data Security

Techwise Support implements appropriate technical and organisational measures to protect personal data against unauthorised access, loss, or destruction. These measures include:

  • Encryption of data where appropriate.
  • Regular security assessments and audits.
  • Access controls to limit access to personal data to authorized personnel only.
  • Secure storage and disposal of physical and electronic records.

 

8. Data Breach Notification

In the event of a data breach that poses a risk to the rights and freedoms of data subjects, Techwise Support will:

  • Notify the Information Commissioner’s Office (ICO) within 72 hours of becoming aware of the breach.
  • Inform affected data subjects without undue delay if the breach is likely to result in a high risk to their rights and freedoms.
  • Document all data breaches, including the facts relating to the breach, its effects, and the remedial actions taken.

 

9. Data Retention

Personal data will be retained only for as long as necessary to fulfil the purposes for which it was collected or as required by law. The Company will regularly review its data retention practices and securely delete or anonymise data that is no longer needed.

 

10. Records Keeping

Techwise Support will maintain accurate and up-to-date records of all data processing activities. This includes data protection impact assessments (DPIAs) and other key internal compliance documents.

 

11. Data Sharing

The Company will only share personal data with third parties when it is necessary and lawful to do so. When transferring data outside the UK or EEA, adequate protection measures, such as standard contractual clauses or equivalent, will be in place.

 

12. Staff Responsibilities

All staff are responsible for complying with this Data Protection Policy. They must ensure that they complete relevant data protection training and understand their role in maintaining data security and privacy.

 

13. Third-Party Processing

Where Techwise Support engages third-party processors to process personal data on its behalf, the Company will ensure that these processors provide sufficient guarantees to implement appropriate technical and organisational measures to comply with data protection laws.

 

14. International Data Transfers

Techwise Support will not transfer personal data outside the UK unless adequate protection measures are in place, such as:

  • Transfers to countries that have been deemed to provide an adequate level of protection by the UK government.
  • Use of legally binding contracts approved by the ICO.
  • Transfers under an approved certification mechanism.

 

15. Training and Awareness

The Company will provide regular training to employees on data protection principles and practices. All employees are required to comply with this Data Protection Policy and will be subject to disciplinary action for any breaches.

 

16. Policy Review

This Data Protection Policy will be reviewed annually or more frequently if required by changes in legislation or business practices. The latest version of this policy will always be available to employees and clients.

 

17. Contact Information

For questions about this Data Protection Policy or to exercise any data subject rights, please contact:

Data Protection Officer

  • Techwise Support
  • Oliver Hill
  • 32 London Road, Guildford, Gu1 2AB
  • Email: oliver@techwisesupport.com