1.2 E-ZU Solutions Ltd is committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified, then you can be assured that it will only be used in accordance with this privacy statement.
2. Who are we?
2.2 E-ZU Solutions Ltd does not have a formally designated Data Protection Officer because our data processes do not fall within the three criteria stated within the GDPR: we are not a public authority, we don’t systematically monitor individuals on a large scale, nor do we carry out any processing of special categories of data such as medical records or criminal convictions etc. However, you can of course contact E-ZU Solutions regarding any personal data that we may hold at any time using the contact details found below (section 2.3).
2.3 You (the data subject) can contact E-ZU Solutions Ltd with regard to any personal data that we may have on record using the following methods:
– Telephone: 01260 715 021
– Email: [email protected]
– Website: https://www.e-zu.co.uk
– Address: Matrix House, 16 Mill Green, Congleton, Cheshire, CW12 1JG.
E-ZU Solutions Ltd. is a company registered in England and Wales with the company number 4478226. VAT No. GB 784 5073 06 Registered Office: Matrix House, The Mill Buildings, Mill Green, Congleton, Cheshire, CW12 1JG.
3. What Information We May Collect/Hold
We collect and hold information in relation to business contacts only, as defined by the GDPR/PECR. Any personally identifiable data collected/held on a data subject is restricted to First Name, Last Name, Job Title, and Business Email Address (a data subject’s name may be identifiable within their business email address). We do not collect or hold any other personal data (such as date of birth, home address, or personal contact information) from outside of a data subject’s working life. We also do not collect any personally sensitive information from “special categories” such as medical, biometric, or racial data.
3.1 We may collect/hold the following information:
– Contact Name – Made up of your First Name and Last Name – This is one of three personally identifiable pieces of information that we may collect/hold. We may use this to service your enquiries and ensure we are speaking to the correct person when making contact.
– Business Email Address – The second of three personally identifiable pieces of information we may collect/hold, specifically if the email address contains a data subjects first or last name, in part or in full, by which they could be identified. We may use this to service your enquiries and to email details relating to your enquiry, as well as for direct marketing purposes where appropriate (please see section 5.1 for more information).
– Job Title/Department – The final of three personally identifiable pieces of information we may collect/hold, specifically as a Job Title may provide some information about a data subject as a person. We may use this to ensure we are contacting you with information that is relevant to your department/role within an organisation.
– Business Contact Telephone Number – We may use this to service your enquiries and so we can call you to discuss your IT needs and expectations in more detail.
– Business Address – Registered business address for the organisation that you work for. We may use this to service your enquiries, for invoicing purposes where relevant, and to ship out any physical purchases you make with us.
– Organisational Preferences and Interests – In relation to your organisation’s IT needs and expectations. These include preferred deployment methods, existing technology and solutions that you wish to replace, and the issues you are trying to overcome. This information is usually discovered on a one-to-one basis when a data subject is speaking directly to our sales team to help progress enquiries and provide the most relevant information possible. We may use these to help us understand how to effectively progress your enquiries and provide you with the most relevant information for your needs.
– IP Address – Our website uses Google analytics to help us improve our site and services which identifies the IP addresses, devices, and the country the visitor is accessing our site from. There is no personal information accessed or processed by this service.
3.2 We do not collect, hold, or process any special categories of data, but we have included a list of these categories (for your records) as defined by the GDPR:
– Ethnic origin
– Political opinions
– Religious beliefs
– Philosophical beliefs
– Trade union membership
– Genetic data
– Biometric data
– Health or medical data
– Sexual history or sexual orientation
Note: To clarify once again, we do not collect any of these special category data types.
3.3 To summarise sections 3.1 and 3.2, any personal data we hold on a data subject is restricted to First Name, Last Name, Job Title and Business Email Address.
4. What We Do with the Information We Collect/Hold
4.1 We use the information we collect/hold to service your enquiries with us, to help us understand your needs in more detail, for internal record keeping to help us provide you with a better service, and to help us provide the most relevant information to you. We also may use some information for direct marketing where appropriate with promotional emails about new products, services, special offers or other information we think you would find interesting – please see section 5.1 for more information on the legal basis of this processing. A more detailed breakdown of how we use and process the data we hold can be found in section 3.1 which details how we use each individual piece of information we hold.
5. Legal Basis for Processing Data
5.1 Under the GDPR, there are six lawful bases for processing personal data. E-ZU Solutions Ltd uses the basis of Legitimate Interests when processing data for direct marketing to business contacts by email. Where clear and explicit consent is given to process personal data for a specific purpose, we shall use the lawful basis of Consent.
The GPDR states, “the processing of personal data for direct marketing purposes may be regarded as carried out for a legitimate interest” and we use this basis to undertake direct marketing to business contacts by email. When applying Legitimate Interest, we consider the three-part test to ensure that our interests are not overriding your interests, whilst considering the potential impacts it may have on you as a data subject. We have completed a Legitimate Interest Assessment (LIA) which we shall reassess from time to time to ensure it still applies to the way we process any personal data for direct marketing purposes.
The GDPR, in combination with the PECR, states that it is likely that Legitimate Interests can be applied for emails to business to business contacts. The GDPR also specifically mentions “IT security” as a potential legitimate interest. We send our direct marketing emails to business contacts only, and they all relate to an organisation’s IT security and infrastructure. We send these emails to IT Decision makers or influencers in an effort to ensure that our emails are relevant to the people who should be receiving them.
It is within our legitimate business interests to enable us to offer you the best services and products that we think will be relevant to your needs, and we believe it is within your interests too, to receive relevant information and to discover more about the latest technology available to help secure and protect your organisation’s critical business applications and overall IT environment.
Our legitimate interests do not automatically override your interests and therefore we offer the right to instantly opt-out of receiving any more emails from us in every piece of correspondence we send and we process these opt outs within 24 hours, ensuring that a data subject never receives another piece of direct marketing from us again.
No emails are intended to cause any harm, none are sent to children, and there is no “special category” personal sensitive information collected, held, or processed whatsoever by E-ZU Solutions Ltd.
We use traffic log cookies to identify which pages are being used. This helps us analyse data about webpage traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.
Overall, cookies help us provide you with a better website by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
You can choose to accept or disable cookies in your browser. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.
7. Data Retention
7.1 Personal data is stored for varying lengths depending on the nature and purpose for which it was collected. We store personal data in line with any applicable statutory minimum periods, and then review it periodically, at least once every 12 months, to ensure it is still necessary to be retained for the purpose for which it was collected. Where there is a statutory maximum for which data can be retained, we will delete accordingly on expiration.
7.2 In relation to our direct marketing contacts, we perform a data audit at least once every 12 months to ensure the accuracy of our database. Any bounced or invalid email addresses will be removed to ensure we are not retaining any expired information. Any data sourced from reputable data providers is checked at the end of its licence period and any contacts that haven’t shown any interest (by clicking on an email or by submitting an enquiry with us) are then removed at the end of that licence period, as per the agreement with the data provider.
7.3 We have to retain email opt-out information for as long as we continue to send direct marketing emails to ensure that we don’t send another email to any contact that has opted out. These are stored securely, with strict user permissions and privileges, and act as a safety net for us to ensure that we honour any opt-outs 100% accurately.
8. Data Security and Privacy
8.1 E-ZU Solutions takes privacy and security very seriously and has put various safeguards in place to ensure any personal data we hold is protected against breaches. We have not completed a Data Protection Impact Assessments for our data because we do undertake the three primary conditions as identified in the GDPR: we do not undertake systematic and extensive evaluation of personal aspects related to natural persons, nor do we process “special categories” on a large scale, nor of personal data relating to criminal convictions and offenses, nor do we systematically monitor any publicly accessible areas on a large scale.
8.2 E-ZU Solutions Ltd is committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect.
We develop, maintain and control our own systems, as opposed to utilising 3rd party hosting, support or ‘cloud’ based infrastructure, and we utilise industry standard techniques to ensure all our customer data is secured and stored in line with data protection laws. Our network is physically segregated and secured using several layers of commercial grade intrusion prevention systems and we also maintain daily backups for disaster recovery, which are stored utilising 256-AES encryption, replicated to an ISO27001, ISO9001 and PCI DSS accredited UK-based datacentre.
Access to our network and core business applications is defined by individual user privileges to ensure only the information relevant to that particular E-ZU Solutions employee is available to them when needed. Physical security measures are also in place, including (but not limited to) connectivity, redundant power, intrusion alarms, secure keycode access and CCTV recording.
8.3 Data Breaches – We understand it is our duty to report any personal data breaches to the relevant supervisory authority, and that we should do this within 72 hours of breach where feasible. If the breach results in a risk of affecting a data subject’s rights or freedoms we will also inform the affected individuals without undue delay. The personal data items we hold on a data subject are restricted to first name, last name, job title, and business email address. Our direct marketing email system helps us to ensure that only the email address of the person receiving that copy of the email can see their email address. In the event of an email address being shared incorrectly, we will inform the affected data subject immediately. We perform regular checks of our internal systems to ensure they are working correctly. Upon any accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data, we will assess the affected parties, and the extent to which they have been affected, and make contact with the data subject, and the supervisory authority, where appropriate.
9. Sharing Your Data
9.1 E-ZU Solutions will never sell, distribute, or lease your personal information to third parties unless we have your permission or are required to do so by law. We will never pass your information to any third parties for their own marketing purposes.
9.2 As an IT reseller working with IT manufacturer partners, we may have to share relevant information with the manufacturers of the solution you are enquiring about in order to effectively service those enquiries. We will let you know when this needs to happen, and it will always be solely for the purposes of facilitating your enquiries. For example, if you were talking to us (E-ZU Solutions Ltd) about implementing Barracuda Backup, we may need to share some of your information with Barracuda Networks (the manufacturer of Barracuda Backup) in order to progress this implementation.
10. Where We Collect Data
10.1 This section details where and how we collect data:
– TawkTo Live Chat Service – We use a live chat service through all of our websites to deal with customer enquiries in real time. This service again looks at your IP address, however we will be clear if and when we need any personally identifiable information from you to take your enquiry further.
– Data Providers – We purchase and process GDPR-compliant business-to-business contact data from reputable data providers Corpdata and Data HQ to send relevant direct marketing emails to an organisation’s IT decision maker/influencers under the legal basis of legitimate interest. Please see section 5.1 for more information on how we are applying legitimate interest for this type of data processing. The personally identifiable data contained within this processing is restricted to First Name, Last Name, Job Title, and Business Email Address. We always honour opt-outs completely and will not email anybody who had objected in any way. We always remove any data subject who asks to be removed, and we will remove any contacts that we need to at the end of the agreed licence period as per the terms given to us by the data providers.
– Inbound Calls to E-ZU Solutions Ltd – The E-ZU employee who takes the call may create a file for you on our CRM system which may contain personally identifiable information. You will be made fully aware that this will happen and it will only go ahead with your consent. This information will only be used to help with your enquiry, unless explicitly stated and consented to.
– Social Media – If contacted on one of our social media accounts, we will contact you back using that same platform, and will ask for permission to take your details to contact you in any other method such as phone or email.
11. Your Rights as a Data Subject
11.1 At any point while we are in possession of, or processing, your personal data, the GDPR provides the following rights for you as a data subject/individual:
– The right to access your personal data, commonly referred to as subject access. You can make a subject access request verbally or in writing (please see section 2.3 for E-ZU Solutions Ltd.’s contact details) and we will respond as soon as we can, but within no longer than one month of the request.
– The right to rectification, to have any inaccurate personal data rectified, or completed if incomplete. You can request this verbally or in writing (please see section 2.3 for E-ZU Solutions Ltd.’s contact details) and we will respond as soon as we can, but within no longer than one month of the request.
– The right to erasure, also known as ‘the right to be forgotten’ means you can request to have any personal data erased. Individuals can request this verbally or in writing (please see section 2.3 for E-ZU Solutions Ltd.’s contact details) and we will respond as soon as we can, but within no longer than one month of the request.
– The right to the restriction or the suppression of personal data in certain circumstances. When processing is restricted, we retain the right to store personal data, but not use it. You can request this verbally or in writing (please see section 2.3 for E-ZU Solutions Ltd.’s contact details) and we will respond as soon as we can, but within no longer than one month of the request.
– The right to data portability allows individuals to obtain and reuse their personal data for their own purposes across different services. This right only applies to information an individual has provided to a controller.
– The right to object to the processing of personal data in certain circumstances. You have an absolute right to stop your data being used for direct marketing. An individual can make an objection verbally or in writing (please see section 2.3 for E-ZU Solutions Ltd.’s contact details). We have up to one month to respond to an objection, however we include an instant opt-out link on any piece of digital direct marketing we send out, meaning those particular objections are processed and adhered to within 1 hour of receiving them.
– The right to withdraw consent at any time. Where we have obtained explicit consent to process your personal data, that consent can be withdrawn any time by you, the data subject (please see section 2.3 for E-ZU Solutions Ltd.’s contact details). Where this applies to direct marketing and promotional contact, we will always offer an easy method for you to withdraw consent.
– The right to lodge a complaint with a supervisory authority about the use of your personal data. You have the right to complain to E-ZU Solutions Ltd (contact information can be found in section 2.3), and directly with the supervisory authority, the Information Commissioners Office (for more information please visit https://ico.org.uk).
– Rights in relation to automated decision making and profiling. The GDPR has additional rules on automated individual decision making (without any human involvement) and profiling (automated processing of personal data to evaluate certain things about an individual). These rules relate to automated decision making that has legal or similarly significant effects on a data subject. We do not undertake anything that would fall under this categorisation without human involvement.