Data Protection and Information Security Summary
Getech’s Data Protection and Information Security policies provide maximum protection to all customers, partners and the company in which personal data is concerned. We value the importance of protecting your rights and take the receipt, storage and handling of data incredibly seriously.
Our policies, processes and practices are fully compliant with the legal requirements of the Data Protection Act (DPA) 2018 and the General Data Protection Regulations (GDPR) 2018, with total adherence to all data protection principles and every effort made to communicate an individual’s full rights to them as a data subject.
In strictly observing our obligations to provide practical data protection, we ensure that all personal data is processed fairly, lawfully and transparently, collecting it only for the specified purposes and never processing it for any other reasons without explicit consent. We ensure that all data is accurate, adequate and relevant by keeping records up to date, ensuring that all information is current and storing it securely to prevent corruption or tampering. Personal data is only held for as long as needed for processing. It is always responsibly handled with accountability and transparency.
We do not record special categories of personal data about our customers and partners. We only request the essential minimum of information to provide consistent, effective, high-quality services. Any information recorded is used to provide goods or services to our customers and partners, meet our legal obligations and ensure that we can fulfil the legitimate duties and interests of the business.
Owners of personal data, or data subjects, may make a Subject Access Request (SAR) to access or understand what information Getech holds about them. This request should be submitted to Getech’s Data Protection Officer (DPO) and should be made in writing (to DPO@getech.co.uk). When a member of the Getech staff receives a SAR, they will immediately inform the DPO or our board of directors, who will coordinate a response. Data Subjects have the right to understand what data Getech holds about them, how it is processed, to make corrections to inaccurate data, to request the erasure or anonymisation of data, to access their data or object to its processing and to be notified of any breach which may compromise the security of their data. Getech will make every effort to comply fully with such requests and will only ever contest such a directive where there is a legal and legitimate need to retain the information in question. Adhering to the guidance outlined in the UK GDPR, Getech will respond to any SAR received within one month; however, this may extend to two months for more complex or labour-intensive requests.
All members of Getech’s staff share the responsibility of ensuring that your data is collected, stored and overseen correctly. We will only ever share personal data with our contractors or agents to conduct our obligations under an agreed contract or where it would be impossible to deliver results otherwise. Our staff will only ever access personal data when there is a justified need to process it and will never share it with any unauthorised third party under any circumstances.
Our DPO is responsible for overseeing the cohesive application of procedures to prevent any possible data breach and manages our process for identifying and managing breaches where they may occur, as well as liaising with the Information Commissioner’s Office (ICO) where required. Any concerns about data integrity or its safekeeping should be raised with the DPO for further investigation, with all activities thoroughly recorded in our dedicated GDPR Record.
For further information and detailed insight into our measures for safely processing and storing personal data, please refer to our published Data Protection Policy below.