Galtec IT Services Data Protection Policy
Introduction
Galtec is committed to protecting the privacy of those involved in its business. This section is meant to help you understand, among other things, what personal data we collect, why we collect it, and what we do with it.
For more detailed information on how Galtec processes Personal Data, please visit www.galtec.com/privacy.
Customer Owned Data and Categories of Personal Information
As a provider of Services, we may receive, process or store certain information, including Personal Information, on behalf of our Customers. All such information (“Customer Data”) is owned and controlled by our Customers, who are the Data Controllers for such information with respect to EU data protection law.
We collect and maintain information about our Customers, which may include company name, business contact name and title, phone number, email and other contact details. We may also collect billing address, order details, subscription and license information, and usage details.
Customer Data may also include information from the end points and other systems, tools or devices that Galtec manage or monitor through our Managed Services and end user data related to individual’s activities on Customer’s network and systems. It may also include event logs, end user information (such as IP address, email address and computer name), and other data where relevant to a support or service request.
In addition, we collect user credential and profile data (name, contact, authorised users) of Customer’s authorised users and account administrators. Where this information is collected, the customer is the Data Controller. Galtec will only process this data when specifically requested and authorised by the Data Controller (Customer). Only authorised representatives from the Customer, defined during the onboarding stage, will be authorised to provide Galtec with other Data Subjects, solely for the purposes of carrying out our legal obligations of this contract.
When Customers contact us for support or other customer service requests, we maintain support tickets and other records related to the requests, including any information provided by Customers related to such support or service requests.
Galtec Solutions is a Data Processor for Customer Data, controlled by the Customer. If you wish to make any changes to the above policy, please contact us on the details in this section below.
Purpose of the Processing and Lawful Basis for Processing
We are collecting your personal information to provide you with products and services. Our legal basis for processing is:
Processing this information is necessary for us to fulfil our contract with you; and
Processing this information is necessary for us to comply with a legal obligation;
If you do not accept this basis, then you may object to us as described below.
Children
The Technical Support Sites and Portal are not for use by children under the age of 16 years and Galtec Solutions does not knowingly collect, store, share or use the personal data of children under 16 years. If you are under the age of 16 years, please do not provide any personal data, even if prompted by the Sites to do so. If you are under the age of 16 years and you have provided personal data, please ask your parent(s) or guardian(s) to notify Galtec Solutions using the contact details below and Galtec Solutions will delete all such personal data.
Support Service Data Protection Impact Assessment
Person with lead responsibility
Jamie Bowes – Galtec Solutions
Name of Process
Technical support for users of our Products and Services purchased by our clients
Brief description of process
In order to provide support for our products and services, we need use basic personal information about the users of those services. We do so in an Information Processor capacity under instructions from our clients
Information types to be processed
Contact name
Contact email address
Contact telephone number
System login details
IP address and other device details which may be linked to an individual user
Application specific information
Category of Information to be processes
Personal
Legal Basis for Processing
As an Information Processor, the information processed is that necessary to fulfil our contract to provide a support role, and processing is only carried out according to the instructions of the information controller
Where does the information come from?
The Information Controller or direct remote access to end user systems
Where is the information processed?
On our own systems and in a 3rd party hosted Service Desk platform hosted within the EEA
Do you transfer the information to a third party?
Only to the Data Controller.
Emails may be processed by Mimecast who operate as an information Processor on our behalf
Do you transfer the information to a country outside the EU?
No
Who is impacted by the processing?
The information subjects themselves
How do you manage retention and disposal?
We retain personal information for the duration of the contract, and for a period of 12 months after the contract or as long as is necessary to meet our contractual obligations
What are the risks to the information subjects?
Security breaches; inappropriate disclosure to a third party
How do you rate the risk without mitigation measures?
Moderate
What measures are already in place to protect the rights of information subjects and minimise risk?
Physical security measures; Information Security Measures; Verification of users requesting personal information by phone or email.
What additional measures will you put in place to protect the rights of information subjects and minimise risk?
Formalisation of the responsibilities of Galtec Solutions as an information processor. Periodic reviews of security measures
How do you rate the risk after mitigation measures?
Low
Additional information
None
Galtec GDPR Queries Contact
If you have any questions around the Galtec GDPR Policy, please contact us on:
Telephone: 01132 282 208 (ask for the GDPR lead)
Email: privacy@galtec.com
