VC-techs Ltd GDPR Policy & Privacy Notice
The European Union has taken a monumental step in protecting the fundamental right to privacy for every EU resident with the General Data Protection Regulation (GDPR) which will be effective from May 25, 2018. Simply put, EU residents will now have greater say over what, how, why, where, and when their personal data is used, processed, or disposed. This rule clarifies how the EU personal data laws apply even beyond the borders of the EU. Any organization that works with EU residents' personal data in any manner, irrespective of location, has obligations to protect the data.
At vc-techs Ltd, we are committed to meet these GDPR mandates and maintaining the trust and confidence and in the hosting and management of the personal data of our clients, suppliers and partners. This also to the personal privacy of our visitors to our web and social media sites.
This policy statement explains the types of data we collect, how we manage it and what we do with it.
How did vc-techs ltd prepare for GDPR?
With on-premise and cloud applications used by our staff and vetted partners across many countries, vc-techs Ltd is gearing up to be GDPR compliant across all of its business tool applications, by the time the regulation comes into effect. As part of our service requires us being a data processor, vc-techs Ltd understands its obligation to help customers get ready for the big day. We have thoroughly analysed GDPR requirements and have put in place dedicated staff members to drive our organization to meet them. Some of our ongoing initiatives are:
- Identifying personal data - Each of our CRM and business applications undertakes a different level of personal data collection, usage, storage and disposal. Defining the preview of personal data for each of these applications and documenting the various sources of data will go a long way in providing a roadmap for compliance in the days leading up to implementation and beyond.
- Providing visibility and transparency - The most important aspect of GDPR is how the collected data is used. As a Service company, part of vc-tech’s key role is to provide our customers with the facility to effectively manage and protect their user data that we are given to allow service projects to take place globally. Vc-techs is exploring was of providing better transparency to our customers and partners.
- Enhancing data integrity and security - Data privacy and data security are key as our customers tighten their data security measures, vc-techs would like to extend a helping hand where possible. We're streamlining the processes for our cloud applications by implementing IT policies and procedures that provide end-to-end security.
- Portability and transferability of data - GDPR gives end users the right to either receive all the data provided and processed by vc-techs group or single user or transfer it to another group or user depending on technical feasibility. With this new right in mind, vc-techs Ltd is working on further enhancing its data exporting capabilities to enable export more securely even at the individual level.
What does this mean for our Clients & Partners?
We understand that meeting the GDPR requirements will take a lot of time and effort. And as your supplier, partner, customer and peer we want to make sure you know we are committed to adhering to the current GDPR mandates and policy.
Some of our service processing enhancements are as follows:
- Improved access controls to you and our data
- Better Encryption, anonymize or delete of unused and non-essential user data
- Perform data audits or assessments on a regular basis
- Create provisions for data subjects rights
- Enhancing our security for user and company data
Defining the vc-techs Ltd GDPR Policy
In order to define the GDPR company policy we had to first take a few preliminary steps.
We have identified which data is considered confidential and is regulated by this policy and are as follows:
- POs from customers and to techs, salaries, installation and support instructions, schematics of site’s offices, signoffs, Invoices, engineer’s ID cards, CV’s and Resume’s.
- We have identified a list of all devices that will store/process protected data: PCs, Laptops, Tablets, Phones, Printers, USB keys, CDs/DVDs, printed paper
We have also identify and listed all persons that have access to protected data: Us, engineers, accountants, partners and clients.
And finally we have identified and listed all software used to process protected data: Operating systems (Iphone IOS, MS Windows), Dropbox, Zoho, MS Office, & Adobe Acrobat.
Examples of procedures
These are being implemented by vc-techs Ltd to handle security risks and protect our staff’s, partners' and clients' data:
Social Engineering risks
- Users are trained on regular bases about social engineering and how to avoid it.
- NDA agreements are in place for all vc-staff staff and partners involved in our business process.
- Data management on “Need to know” basis
- Controlled access to data based on user access level.
- Physical security of all devices containing protected data including PCs, Tablets, Phones, Printers, Printed documents – Locked offices, safe boxes, etc.;
- Network security for all networks considered “safe” – Firewalls, Anti-virus software up to date, encrypted connectivity with ISP, secured active network devices (Routers, switches, APs, etc.);
- All devices containing protected data will be connected to known/secure networks only
- Accepted software list needs to be up to date with latest security updates;
- All devices containing protected data are protected by strong passwords changed on a regular bases;
- Controlled Access to all software containing protected data (Defining user access, password policy, etc);
- Mobile devices used for field work that need to be connected to customer’s network will not contain protective data;
- Devices containing protected data are not to be removed from the office if not necessary.
Accidental data exposure
- Theft/Loss of devices containing protected data are to be reported immediately and actions need to be taken to prevent data exposure;
Ipads/IPhones can use the remote data erase feature in the Track My Iphone app in case they are lost/stolen;
Laptops can be configured to use full HDD encryption password protected before system boot;
USB keys storing protected data can use full drive encryption.
- All devices using protected data are clearly labelled (Red labels for example) so users don’t confuse them;
- All communication containing protected data is clearly labelled;
- All documents containing protected data are clearly labelled;
- Emails containing protected data sent to wrong recipients need to be immediately reported and measures taken to limit data exposure damage;
- Access passwords need to be individual (not shared between users);
- Users need to be trained on password management and security (Avoid simple passwords used in password dictionaries, avoid writing passwords in open spaces, etc.).
Vc-techs business tools
Vc-techs use the following cloud based business tools:
Zoho, MS Office, Drop Box & Web email Hosting and are all fully compliant with the new GDPR policy.
Links to our business tools GDPR Policy statements
People who email us & receive emails from us
We use Transport Layer Security (TLS) to encrypt and protect email traffic in line with government. If your email service does not support TLS, you should be aware that any emails we send or receive may not be protected in transit. Our Email & Web servers are currently going through a GDPR compliance process.
We will also monitor any emails sent to us, including file attachments, for viruses or malicious software. Please be aware that you have a responsibility to ensure that any email you send is within the bounds of the law.
Visitors to our Website
When someone visits www.vc-techs.com we use a third party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website. You can find more information on how cookies are used on this website in the Cookies Policy below.
If we do want to collect personally identifiable information through our website, we will be up front about this. We will make it clear when we collect personal information and will explain what we intend to do with it.
Links to Other Web Sites
Access to Your Personal Information
You are entitled to access the personal information that we hold. Email your request to firstname.lastname@example.org.
Changes to this Privacy Notice
We keep our privacy notice under regular review. This privacy notice was last updated on 1st May 2018 and will be reviewed again in 6 months.
We use a system of classifying the different types of cookies which we use on the Website, or which may be used by third parties through our websites. The classification was developed by the International Chamber of Commerce UK and explains more about which cookies we use, why we use them, and the functionality you will lose if you decide you don't want to have them on your device.
What is a cookie?
Cookies are text files containing small amounts of information which are downloaded to your personal computer, mobile or other device when you visit a website. Cookies are then sent back to the originating website on each subsequent visit, or to another website that recognises that cookie. Cookies are useful because they allow a website to recognise a user's device.
How long are cookies stored for?
Persistent cookies - these cookies remain on a user's device for the period of time specified in the cookie. They are activated each time that the user visits the website that created that particular cookie.
Session cookies - these cookies allow website operators to link the actions of a user during a browser session. A browser session starts when a user opens the browser window and finishes when they close the browser window. Session cookies are created temporarily. Once you close the browser, all session cookies are deleted.
Cookies do lots of different jobs, like letting you navigate between pages efficiently, remembering your preferences, and generally improve the user experience.
You can find more information about cookies at www.allaboutcookies.org and www.youronlinechoices.eu.
Cookies used on the Website
A list of all the cookies used on the Website by category is set out below.
Strictly necessary cookies
These cookies enable services you have specifically asked for. These cookies are essential in order to enable you to move around the Website and use its features, such as accessing secure areas of the Website.
These cookies collect anonymous information on the pages visited. By using the Website, you agree that we can place these types of cookies on your device.
These cookies collect information about how visitors use the Website, for instance which pages visitors go to most often, and if they get error messages from web pages. These cookies don't collect information that identifies a visitor. All information these cookies collect is aggregated and therefore anonymous. It is only used to improve how the Website works.
These cookies remember choices you make to improve your experience. By using the Website, you agree that we can place these types of cookies on your device.
These cookies allow the Website to remember choices you make (such as your user name, language or the region you are in) and provide enhanced, more personal features. These cookies can also be used to remember changes you have made to text size, fonts and other parts of web pages that you can customise. They may also be used to provide services you have asked for such as watching a video or commenting on a blog. The information these cookies collect may be anonymised and they cannot track your browsing activity on other websites.
Third party cookies
These cookies allow third parties to track the success of their application or customise the application for you. Because of how cookies work we cannot access these cookies, nor can the third parties access the data in cookies used on our site.
For example, if you choose to ‘share’ content through Twitter or other social networks you might be sent cookies from these websites. We don't control the setting of these cookies, so please check those websites for more information about their cookies and how to manage them.
Security and performance
We use a third party service to help maintain the security and performance of the website. To deliver this service it processes the IP addresses of visitors to the website.
People who contact us via social media
If you send us a private or direct message via social media the message will be stored by Facebook or Twitter for two weeks then deleted. It will not be shared with any other organisations.
People who call our switch board, new helpline & our staff’s mobile phones
When you call the vc-techs switch board and helpline we collect Calling Line Identification (CLI) information. We use this information only to help improve its efficiency and effectiveness.
Accessing your information
The GDPR Regulation 2018 gives you the right to check that your personal data is being processed lawfully. Your subject access right can be exercised in accordance with the regulation. Any subject access request must be made in writing to email@example.com.
If you would like amendments made to your data e.g. change of name or contact details, please contact us at any time via firstname.lastname@example.org.
Vc-techs Ltd respects your data and will assist you in putting you in control.
Thanks for your support.
Colin N Clark CEO vc-techs Ltd