DATA PRIVACY POLICY

Storm IT Technology Ltd.
Data Protection Policy & GDPR Compliance Information

 

Information That We Collect

Storm IT processes your personal information to meet our legal and contractual obligations and to provide you with our products and services. We will never collect any unnecessary personal data from you and do not process your information in any way, other than as specified in this notice.

The personal data that we may collect is: -

  • Name

  • Personal e-mail address

  • Business e-mail address

  • Home Telephone Number

  • Mobile Telephone Number

 

How Long We Keep Your Data

Storm IT only ever retain personal information for as long as is necessary and have retention policies in place to meet these obligations.

If we have collected personal data (name, address, contact details) in relation to an order/ transaction, then we will store the relevant data as part of our business records for the required period of time prescribed by law, for example VAT records.

 

We retain email archives for up to 5 years, this data is retained as an audit trail of authorisations for system security changes such as file/folder permission changes, creation of users, deletion or disabling of user accounts.

 

Sharing Information with 3rd Parties

Minimal personal data may be passed to third parties for accountancy purposes, direct deliveries, warranties and for service provisions such as broadband or telephony. We will never disclose, share or sell your data without your consent.

 

Your rights regarding the data we hold

You have the right to request and see what information we have stored about you.  You also have the right to request that we delete any personal data we hold that is not related to a business transaction or we are required to hold for legal reasons.

Should you wish to do either of the above then please call us – 0121 693 3353  

 

Remote Access

As part of our support procedures we often connect remotely to your PC’s and servers. We have no interest in viewing files or folders except on request by the user due to an IT issue.  We do not download customers data to our systems.  Connections with our remote support tool are encrypted and access is restricted to our employees with multi-factor authentication.

 

Non-Disclosure Agreement

As a Contracted/Non-Contracted client we may be privy to private, sensitive or secure information. We are happy to complete non-disclosure agreements if required.

Storm IT Offsite Backup & Disaster Recovery Solution

Our solution encrypts your data at source using AES 256 bit encrypted.  The backup jobs are then uploaded to our Solihull servers using secure VPN technologies.  Data remains encrypted at rest on our securely located servers.

 

Password Policy

We do not retain any client’s user passwords.  To allow us to provide our service we do however keep a record of passwords for hardware devices, internet connections and DNS registrations. These passwords are stored in an encrypted application and restricted to our network IP addresses.

 

Cloud Applications

To allow us to continually monitor your systems and log faults we utilise cloud applications that may retain personal information such as names and IP addresses.  We insist that applications we utilise store data securely and that access is restricted by multi-factor authentication or IP address restrictions.

Data Security

Due to the very essence of our business, we practice what we preach. We utilise the latest Firewalls, cloud security, encryption, security software, restricted access and strict password policies to ensure our systems and data are secure. In addition, servers containing personal data are kept in a secure location with restricted access. Data is regularly backed up in line with our backup policy

Our review of this Privacy Notice

We keep this Privacy Notice and related privacy policies under regular review.

Last updated: 23rd May 2018