Privacy

Privacy Notice – Privacy of Data Subjects

Summary

Jigowatt’s business activities are classified under the European Union’s General Data Protection Regulation (‘GDPR’ – link to the GDPR law) as a ‘Data Processor’. This status means we only process personal data on the instructions of our clients. On that basis, we use your personal data to assist our clients in providing the goods or services that you have ordered, answering your enquiries and providing information about other products/services.

  • We respect your personal data and take its security very seriously.
  • We only hold personal data on behalf of clients, and only for the purpose for which it was obtained, as stipulated by our clients’ instructions
  • We delete your data when it has reached the end of its retention period.
  • You have privacy rights.
  • We are happy to answer your questions. Our contact details can be found at the end of this notice.

What data we hold

On the instructions of our clients, we hold fully encrypted personal data records on our UK based web servers that typically include names and linked email addresses (sometimes work email address, sometimes personal). Other personal data records variously include Telephone number, postal address and job title.

We also generate log files from various servers. This will include an IP address assigned to you or to your internet service provider. These are retained for (security reasons) or (on the instructions of our clients)…
In the storage and processing of any personal data, our IT systems are encrypted (see ‘Technical Security’ below).
How we use your personal data

References to the ‘legal basis’ for processing of your personal data relate to Article 6 of the above-linked General Data Protection Regulation. Each piece of personal data that we process (organise, store, move or otherwise action) must have a legal basis. Any given legal basis is decided upon by the Data Controller, which means our client in each case.

We only process personal data on our clients’ instructions.

To deal with enquiries or for a quote that you do not accept

If you call us or email us, we will follow up on your enquiry and see if there is a way in which we can help you. We delete all data after answering an enquiry if you do not choose to become a client/customer.

If you provide us with information for a quote and then do not accept the quotation, we delete all data after answering that enquiry.

If you purchase from us or one of our clients

In order to process your order, we will need to process your data in order that your supplier (our client) can send you the goods that you have ordered, or to get the goods delivered to you. At no time do we have access to, or store, sensitive payment information; this is handled and held by third parties and does not pass through our system.

Technical data

We use the logs from our servers to help with the server’s security, as well as to look at visitor behaviour (e.g. which website pages get the most traffic or are the most popular). None of this is traceable to individuals.
Your data and transfers outside of the EEA

We do not transfer or process these data outside the European Economic Area.

Your rights

You have rights in respect of our processing of your personal data, which are:

  • To access your personal data and information about our processing of it. You also have the right to request a copy of your personal data (but we will need to remove information about other people).
  • To rectify incorrect personal data that we are processing.
  • To request that we erase your personal data if:
    • we no longer need it;
    • if we are processing your personal data by consent and you wish to withdraw that consent;
    • if we no longer have a legitimate ground to process your personal data; or
    • we are processing your personal data unlawfully
  • To object to our processing if it is by legitimate interest.
  • To restrict our processing e.g. if ‘legitimate interest’ is the legal basis upon which your data is being processed

If you want to exercise any of these rights, please contact our Privacy Manager, using the details at the end of this notice.

You also have the right to lodge a complaint about our processing to the UK’s Information Commissioner’s Office.

Third parties

As a prospective customer, we do not transfer your personal data to third parties at this stage except the following:

  • Companies that provide services to us. Our telephone service providers will get to see your phone number if we call you and our broadband supplier who could see your email address (but not the content of what you send us, if you encrypt it).
  • In response to a court order. It is possible, though unlikely, that we might be forced to disclose your information in response to a court order.

As a customer, we transfer your data to the following third parties:

  • Companies that provide services to us. Our telephone service providers will get to see your phone number if we call you and our broadband supplier who could see your email address (but not the content of what you send us, if you encrypt it).
  • Cloud service providers. We use a number of cloud service providers, such as email management services, our accountancy software, email providers, Google and Office 365.
  • Accountants. We use an external accountancy service but they do not see any of our clients’ personal data, except potentially where they are sole traders or a partnerships.
  • In response to a court order. It is possible, though unlikely, that we might be forced to disclose your information in response to a court order.

Technical security

We insure that all our computers (desktops and/or mobile), IT systems/ infrastructure are password-protected with very strong alpha numeric passwords of at least 10 characters. We insure that Apple system Firewalls and Norton Security are installed and kept up to date on each device.

Retention periods

This refers to the length of time that we will continue to process or store your personal data.

Data about prospective clients who do not choose to use our service is deleted immediately.

Data about clients is held for 7 years for HMRC and accounting purposes.

For marketing purposes, as a Data Processor, we do not retain our clients’ personal data records for our own marketing purposes. Our marketing uses the ‘work emails’ of clients, whereby we may from time to time send marketing material or other information e.g. Newsletter. Beyond that, we only retain personal data on our clients’ instructions, and it is retained only for as long as those instructions stipulate is required for the purpose(s) stated.

Server logs (IP addresses): We only retain IP addresses for as long as required by the instructions of our clients.

For website tracking, please check our Cookie Policy

ICO registration

Jigowatt is registered with the Information Commissioner’s Office ZA297127
https://ico.org.uk/ESDWebPages/Entry/ZA297127

Contact us

4 Office Village
Forder Way, Cygnet Park,
Peterborough
Cambridgeshire PE7 8GX
01733 267775

Jigowatt Privacy Manager: John Conmy: john.conmy@jigowatt.co.uk