With the introduction of the GDPR into UK legislation on 25th May 2018, in keeping with good business practice and ethics and in order to comply with the GDPR, we are revising our terms relating to the provision by you to us of your personal data (as defined in the GDPR).
This notice supplements and amends our agreement with you in relation to its contents. You are asked to please read and indicate your acceptance of these terms for our records by clicking at the bottom of this page, but failure to do so shall not affect their validity. Where there is any conflict between the terms of this notice and the terms of our agreement with you, the terms of this notice will override the conflicting term in our agreement.
As part of this notice it is agreed that nothing within the existing contracts relieves either the Customer or SysGroup PLC and its subsidiaries, of our own direct responsibilities and liability under the GDPR.
This notice does not override any agreed indemnity in the contract between the Customer and SysGroup PLC and its subsidiaries, and any agreed indemnity as part of the original contract remains unchanged
In dealing with you as a customer, we have access to certain personal information of individuals within your business and within the businesses that you trade with, either as customer or supplier. This information will include (but is not limited to) names and personal data of individual persons such as:
As Data Processor we will process personal data controlled by you across our data networks
Duration of processing will be as set out in the original contract covering the provision of our services to you
The nature of our data processing is in providing IT infrastructure and network capability to enable your business operations to function
Data will be transferred across our networks and/or held in backup and storage devices in electronic format
As Data Processor we follow best practice in security over your data. This best practice was outlined in the original contract covering the provision of our services to you. In addition, we confirm that we adopt ‘Privacy by Design’ principles in all our service and infrastructure provision and that all relevant staff have received appropriate data protection training
As part of our contractual obligations or other legitimate processing reason, we may share PII with the following suppliers which consists of but is not limited to decision maker's or end users name, email address and IP address. Details of those sub-processors are within this document:
In agreeing to allow us to process personal data, whether within your business or to other persons whose details you provide, you confirm in each instance (as Data Controller) that:
Where we are dealing with a specific office holder (such as account manager), the provisions of this notice will apply to the appointment of any new person to that office.
We confirm that, when we are dealing with your personal data:
We may, in accordance with our audit process, require you from time to time, to provide evidence of your compliance with the terms of this notice.
Information relating to the GDPR can be found at:
https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/