How we use your information
This privacy notice tells you what to expect when Sonitech Systems Ltd collects and uses personal information. We collect personal information in a variety of ways through our normal business activities, both online and offline. This includes, for example, client surveys, emails and letters or when you place orders or purchase products or services, enter into agreements or communicate with us, or visit and use our website. We also receive personal information from our customers in order to perform services on their behalf
Data controller identity
Sonitech Systems Ltd Company Data Protection Officer is responsible for the processing of your personal information. If you have any questions about our privacy police please contact us by writing to The Counting House, Sandy Lane, Ettiley Heath, Sandbach, CW11 3NG.
Types of Personal Information
- Contact information – information allowing us to contact you; name, address, email etc.
- Transactional information – i.e. purchases, enquiries, customer account transactions and history, delivery details, billing and financial data.
- Security and compliance information that helps us secure our interests, including information for conflict checks, fraud prevention and internal verification, as well as information necessary for the security of our premises, such as visual recordings.
Visitors to our website
When someone visits www.sonitech.co.uk we use Google Analytics to analyse the use of this website. Google Analytics generates statistical and other information about website use by means of cookies, which are stored on users’ computers. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those people visiting our website. If we do want to collect personally identifiable information through our website, we will be up front about this. We will make it clear when we collect personal information and will explain what we intend to do with it.
A cookie consists of a piece of text sent by a web server to a web browser, and stored by the browser. The information is then sent back to the server each time the browser requests a page from the server. This enables the web server to identify and track the web browser.
We may collect information about your computer, including were available your IP address, operating system and browser type, for system administration and to report aggregate information to our advertisers. This is statistical data about out users’ browsing actions and patterns and does not identify any individual. We may obtain information about your general internet usage by using a cookie file which is stored on the hard drive of your computer. Cookies contain information that is transferred to your computer’s hard drive. They help us to improve our site and to deliver a better and more personalised service. You may refuse to accept cookies by activating the setting on your browser which allows you to refuse the setting of cookies. However, if you select this setting you may be unable to access certain parts of our site.
Security and performance
Sonitech uses a third-party service to help maintain the security and performance of the Sonitech website. To deliver this service it process the IP addresses of visitors to the Sonitech website.
We use a third-party service to publish our website. We use a standard service to collect anonymous information about users’ activity on the site, for example the number of users viewing pages on the site, to monitor and report on the effectiveness of the site and help us improve it.
People who call the office
When you call Sonitech Systems Ltd we collect basic identification information. We use this information to record the call and to attach it to a relevant customer if applicable. Any new information received may be passed on to any employee, agent or supplier as is reasonably necessary as is set out by this policy.
People who email us
We monitor any emails sent to us, including file attachments, for viruses or malicious software. Please be aware that you have a responsibility to ensure that any email you send is within the bounds of the law.
People who use out ‘Contact Us’ Service
If you use the ‘Contact Us’ service we will receive an email which contains your name, email address, company name, phone number and the contents within the additional details field. This information will not be shared with any other organisations.
People who use Sonitech Systems Ltd services
We have to hold the details for the people who have requested our services in order to provide them. However, we only use these details to provide the service to the person or organisation has requested and for other closely related purposes. When people do use our services, they can cancel their subscription at any time.
Where the personal information is not processed on behalf of a client the data controller of your person information shall be Sonitech Systems Ltd which is registered with the Information Commissioner’s Office with registration number Z7696765.
Under data protection legislation, you have rights as an individual which you can exercise in relation to the information we hold about you.
You can read more about these rights here – https://ico.org.uk/for-the-public/is-my-information-being-handled-correctly/
Complaints or concerns
Sonitech tries to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously.
Any personal data breaches should be reported to the Company’s Data protection Officer. If a personal data breach occurs and that breach is likely to result in a risk to the rights and freedom of the data subjects (e.g. financial loss, breach of confidentiality, discrimination, reputational damage, or other significant social or economic damage), the data protection office must ensure that the Information Commissioner’s Office is informed of the breach without delay, and in any even, within 72 hours after having become aware of it.
Disclosure of Personal Data
Customer information is held on our internal database. Some of this information may need to be shared with a third party. We may use a third party to provide or perform services or functions on our behalf. Personal information may be made available to these third parties in order that they can fulfil their services and functions. Any processing of that personal information will be on our instructions and compatible with the original purposes.
As required by law; we may also make personal information concerning individuals available to public or judicial authorities, law enforcement personnel and agencies as required by law.
Mergers & Acquisitions; personal information may be transferred to a party acquiring all or part of the equity or assets of Sonitech Systems Ltd or its business operations in the event of a sale, merger, liquidation, dissolution, or other.
Legal Basis for processing personal information
We will normally collect personal information from you only where we have your consent to do so, where we need the personal information to perform a contract with/involving you, or where the processing is in out legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms.
We may use your personal information to tell you about relevant products and offers. This is what we mean when we talk about ‘marketing’.
The personal information we have for you is made up of what you tell us, and data we collect when you use our services. We study this to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you.
We can only use your personal information to send you marketing messages if we have either your consent or a ‘legitimate interest’. That is when we have a business or commercial reason to use your information. It must not unfairly go against what is right and best for you.
You can ask us to stop sending you marketing messages by contacting us firstname.lastname@example.org. Whatever you choose, you will still receive statements and other important information such as charges to your existing products and services.
We may ask you to confirm or update your choices, if you take out any new products or services with us in the future. We will also ask you to do this if there are changes in the law, regulation, or the structure of our business.
We will retain your personal information as long as necessary to achieve the purpose for which it was collected, usually for the duration of any contractual relationship and for any period thereafter as legally, regulatory or for technical reasons. Kept in a form which permits identification of data subject for no longer than is necessary for the purposes for which the personal data is processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the Regulation in order to safeguard the rights and freedoms of the data subject.
Protection of Personal Information
Security measures for protecting personal information:
We apply appropriate technical, physical and organizational measures that are reasonably designed to protect personal information against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access, and against other unlawful forms of processing. Access to personal information is restricted to authorized recipients on a need-to-know basis.
Data Protection Measures:
The Company shall ensure that all its employees, agents, contractors, or other parties working on its behalf comply with the following when working with personal data:
All emails containing personal data must be encrypted and password protected.
Where any personal data is to be erased or otherwise disposed of for any reason (including where copies have been made and are no longer needed), it should be securely deleted and disposed of. Hardcopies should be incinerated or shredded, and electronic copies should be deleted.
Personal data may not be transmitted over a wireless network if there is a wired alternative that is reasonably practicable.
Personal data contained in the body of an email, whether sent or received, should be copied from the body of that email and stored securely. The email itself should be deleted. All temporary files associated therewith should also be deleted.
Where personal data is to be transferred in hardcopy form it should be passed directly to the recipient or sent using Royal Mail or a reputable tracker courier service.
No personal data may be shared informally and if an employee, agent, sub-contractor, or other party working on behalf of the Company requires access to any personal data that they do not already have access to, such access should be formally requested from a Company Director.
All hardcopies of personal data, along with any electronic copies stored on physical, removable media should be stored securely in a locked box, drawer, cabinet or similar.
No personal data may be transferred to any employees, agents, contractors, or other parties, whether such parties are working on behalf of the Company or not, without the authorisation of a Company Director.
Personal data must be handled with care at all times and should not be left unattended or on view to unauthorised employees, agents, sub-contractors or other parties at any time.
If personal data is being viewed on a computer screen and the computer in question is to be left unattended for any period of time, the user must lock the computer and screen before leaving it.
No personal data should be stored on any mobile device (including, but not limited to, laptops, tablets and smartphones), whether such device belongs to the Company or otherwise without the approval of a Company Director and, in the event of such approval, strictly in accordance with all instructions and limitations described a the time the approval is given, and for no longer than is absolutely necessary.
No personal data should be transferred to any device personally belonging to an employee and personal data may only be transferred to devices belonging to agents, contractors, or other parties working on behalf of the Company where the party in question has agreed to comply fully with the letter and spirit of this Policy and of the Regulation (which may include demonstrating to the Company that all suitable technical and organisational measures have been taken).
All personal data stored electronically should be backed up daily with backup’s stored offsite. All backups should be encrypted.
All electronic copies of personal data should be stored securely using passwords and data encryption.
All passwords used to protect personal data should be changed regularly and should not use words or phrases that can be easily guessed or otherwise compromised. All software used by the Company is designed to require such passwords.
Under no circumstances should any passwords be written down or shared between any employees, agents, contractors or other parties working on behalf of the Company, irrespective of seniority or department. If a password is forgotten, it must be reset using the applicable method.
Modifications to our Privacy Notice:
We reserve the right to change, modify, and update this Privacy Notice at any time. Please check periodically to ensure that you have reviewed the most current notice.
Issue date: 17th May 2018