The General Data Protection Regulation (GDPR) comes into force on 25th May 2018 and provides much greater transparency and security for how businesses and other organisations handle the personal data of individuals.
This policy sets out what data NRG IT Limited collects from our customers, the purposes for which we require that data and how long we will retain the data on our systems. All customers purchasing from our website https://www.nrgit.biz via the online checkout will be asked to confirm that they have read and understood this policy.
WHAT DATA IS COLLECTED?
NRG IT Limited will collect the following information during the online checkout process. All data needs to be voluntarily provided by the customer in order to complete the checkout and none of the information is obtained automatically (for example, through use of tracking cookies):
The customer’s name
The business name (if the purchase is on behalf of a company)
The full delivery address, including postcode
The full billing address, including postcode (if different)
The customer’s email address
(OPTIONAL) the customer’s preferred contact telephone number
WHY IS THE DATA NEEDED?
The primary purpose for which NRG IT Limited requires a customer’s data is to arrange the delivery of the item or items that the customer has ordered.
The secondary purpose for which NRG IT Limited requires a customer’s data is in order to administer the NRG IT warranty supplied with the product. All products sold by NRG IT Limited come with a warranty lasting between 30 days and 3 years.
NRG IT Limited may also use a customer’s data for marketing purposes, provided that the customer has selected the option to allow for marketing during the checkout process. However, any data usage for marketing will be specifically for NRG IT Limited and data will not be shared with any third parties.
Finally, NRG IT Limited are required to retain customer information for up to six years in order to comply with HMRC record-keeping and audit requirements.
HOW LONG WILL THE DATA BE HELD?
All customer data will be held for a period of six years from the date of the order, after which it will be securely deleted.
WHERE AND HOW IS THE DATA STORED?
All customer data is held on a dedicated secure server owned and operated by NRG IT Limited. The server is physically located within NRG IT Limited’s premises and access to the server is password-protected.
WHO HAS ACCESS TO THE DATA?
Access to customer data is only available to employees of NRG IT Limited and requires a password.
In addition, customer data can only be accessed from computers that have the relevant access portal installed. This is generally limited to computers within NRG IT Limited’s premises, although some senior employees (e.g. Managing Director, General Manager, Database Administrator) may have the relevant access portal installed on their home computers (but not on laptops or other portable devices) to allow for work outside of normal office hours.
Should any person with access to customer data terminate their employment with NRG IT Limited for any reason, their login details and passwords will be deleted from the database and the access portal will be deleted from any off-site computers.
CAN I WITHDRAW MY CONSENT?
In general a customer will always have a right to withdraw their consent to NRG IT Limited retaining their data, although this may be subject to any legal requirements on the part of NRG IT Limited.
To withdraw consent, please contact NRG IT Limited via email to [email protected], using the word “DATA” in the subject header. Requests can also be sent via post to:
NRG IT Ltd
194 Stanley Green Road
WHO CAN I CONTACT IF I HAVE FURTHER QUESTIONS?
Any further queries regarding NRG IT Limited’s data policy, or general data matters, should be directed to the Data Protection Officer using the contact information in point 6 above.