Introduction

This Privacy Notice describes Create IT Ltd’s policies and practices regarding its collection and use of personal data and sets forth the privacy rights of data subjects. We recognise that information privacy is an ongoing responsibility, and so we will from time to time update this Privacy Statement as we undertake new personal data practices or adopt new privacy policies.

At Create IT we understand the need to take data privacy and protection seriously.  In this day and age where information systems are under constant attack, and the complexity and interconnectivity of systems is constantly growing and evolving; the need to maintain adequate system security, and protection of data stored within, is of paramount importance.

As such, we welcome the EU General Data Protection Regulation (“GDPR”) requirements; the most significant changes to data protection law in two decades, and well suited to meet the requirements of this digital age by stipulating privacy by design.  

Data that we collect and process

  • Data we store about our customers
  • Data we handle on behalf of our customers
  • Visitors to our website
  • Marketing data

Data we store about our Customers

We collect personal information about our customers in order to provide them IT support, software development, strategic IT consulting and associated services.

We will hold the following information about customers:

  • Name and contact information.
  • Personal information contained in business communications.
  • Transaction data including details about services you have purchased from us.
  • Usage data including information about how you use our product and services.
  • Marketing and Communications data including your preferences in receiving marketing material from us and your communication preferences.

How is your personal data collected? 

You may give us your Identity, Contact and Financial Data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:

  • engage us to provide services;
  • subscribe to our publications;
  • request marketing material to be sent to you;
  • enter a competition, promotion or survey; 
  • complete one of our enquiry forms; or
  • provide us with feedback.

When and how do we share it with others

Your information may be shared with:

  • Cloud service providers, data storage, processing, back-up and retrieval services.
  • Sub-contractors or associates who are asked by Create IT to deliver all or some of the services.

We do not sell personal information to anyone and only share it with third parties who are facilitating the delivery of our services and communications.

Data we handle on behalf of our Customers

During the provision of our services we may process data for which our customer is the Data Controller. We process this data strictly on instruction of the Data Controller, who provide us with access to such data, and abide by the privacy and security requirements as per the contractual arrangements of the service provided to the Data Controller.

Create IT do not keep a copy of any data being processed except where that is part of the service being provided. We follow, and are fully committed to fulfil, our obligations as a Data Processor for data privacy, data security, and breach notifications.

Any sub-processor that may use in the provision of our service, that requires access to this data, will be vetted and contractually bound to abide by our policies on data protection, confidentiality and security.

Visitors to our Website

When you visit our website, we use third-party services to collect standard internet log information and details of visitor behaviour patterns.  We do this to find out things such as the number of visitors to various parts of the website.  The information is only processed in a way which does not identify anyone.

When you complete a contact form on our website or use the email for enquiries, we will use the information provided by you only for providing you with an appropriate response.

If you submit your CV, name and email, through our website for consideration of a job role, we may store this for up to 2 years.  If an appropriate role is available within this time, we may contact you for an interview.  Your information will never be shared outside the organisation, and internal access to your information is limited only to staff that are authorised for recruitment.

Marketing Data

We hold name and contact details of individuals who have expressed interest in hearing from us about our services or have engaged with us for supply of our services in the past. For all direct marketing activities to such individuals we will always ensure that we comply with relevant privacy and regulatory requirements.

We may contact existing customers with information about services like those we already supply.

Data subject rights

This Privacy Statement is intended to provide you with information about what personal data Create IT collects about you and how it is used. If you have any questions, please contact us at data.manager@createit.co.uk.

If you wish to confirm that Create IT is processing your personal data, or to have access to the personal data we may have about you, please contact us at data.manager@createit.co.uk.

You have a right to request correction of inaccurate information, deletion of information, and to instruct us to stop processing your information. We are obliged to honour such requests as per the regulatory requirements. If you’d like more information or would like to make such a request, please contact us at data.manager@createit.co.uk.

Security of your information

To help protect the privacy of data and personally identifiable information you provide to us, we maintain physical, technical and administrative safeguards. We update and test our security technology on an ongoing basis.

As part of our commitment to information security and data protection we are proud to adhere to the IASME Governance standards, and the Cyber Essentials certification program; which outline requirements for technical controls and policies for maintaining a high level of security for information systems and services. 

Furthermore, we restrict access to your personal data to those employees who need to know that information in order to provide benefits or services to you. In addition, we train our employees about the importance of confidentiality and maintaining the privacy and security of your information. We commit to taking appropriate disciplinary measures to enforce our employees’ privacy responsibilities.

Data storage and retention

Personal data is stored by Create IT on its servers, and on the servers of the cloud-services providers we engage, as well as in physical forms in our office and at backup and archival facilities. All data is stored within the European Economic Area.

We retain data for the duration of the customer’s business relationship with us and as per the regulatory, legal, or reporting requirements. Further to that we have reviewed all the types of information that we store and determined an appropriate retention policy.

For more information on where or for how long personal data is stored, and for more information on your rights of erasure and portability, please contact data.manager@createit.co.uk.

Data Protection Compliance Officer

Create IT Limited is a company registered in Newbury, England.  Registered as follows:

Companies House                                              07272014

Information Commissioner’s Office            A8321532

We are not statutorily required to appoint a Data Protection Officer. To facilitate any data privacy related queries, we have appointed an internal Data Protection Compliance Manager for you to contact if you have any questions or concerns about our personal data policies or practices. Our Data Protection Compliance Manager’s name and contact information are as follows:

Ben Cope

Create IT Limited

5 West Mills

Newbury, Berkshire, RG14 5HG

Tel: +44(0)1635 277500                 

Email: data.manager@createit.co.uk     

If you are concerned about an alleged breach of privacy law or any other regulation by us, please contact our Data Protection Compliance Manager who will ensure that your complaint is investigated.

If you are not satisfied with our handling of your queries or complaints on data protection, you can call the Information Commissioner’s Office on 0303 123 1113.