This Privacy Notice (“Notice”) – together with any other privacy information we may provide on specific occasions – applies to the processing of personal data by us while carrying out our business operations. The Notice sets out the types of personal data we collect, explains how we collect and process that data, who it shares it with and certain rights and options that you have in this respect.
We recognise that information privacy is an ongoing responsibility, and so we will from time to time update this Privacy Notice as we undertake new personal data practices or adopt new privacy policies.
When we refer to “Vermont” or “We” in this Notice we mean Vermont Systems Limited, a company incorporated in England & Wales with registered number 03466232 and registered address at Fleming Court Leigh Road, Eastleigh, Southampton, Hampshire, United Kingdom, SO50 9PD. We are registered with the Information Commissioner's Office under registration number ZA930970.
How we collect and use (process) personal information
We collect and process personal data for the following categories of data subjects:
• Job applicants
• Business contacts which include suppliers, consultants, advisors
• Visitors to our website
• Recipients of our marketing activities
We collect personal information about our clients to fulfil our contract to provide them with our services. We hold the following information about customers:
• Contact details- name, business address, business email address, business phone numbers including mobile numbers
• Identity data- date of birth, username, and password to our online client portals
• Transactional data including details about services you have purchased from us, or support tickets raised on our customer portal, logging and monitoring information on IT services managed by us, device information
• Financial data- bank details when setting up direct debit through our payment gateway
• Video, call, and chat recordings taken in order to provide you with our service, monitor the quality of our service and for training purposes.
We may receive personal information from our clients about other individuals, e.g., their employees or customers while providing our services. Any such information provided to us is used solely for providing our services and is handled strictly as per client instructions.
We may also receive personal information from third parties including other customers, partners, agencies, or 3rd parties that we have run partnerships, competitions, and events with. Any such information provided to us is used solely for providing our services and is handled strictly as per our data protection procedures.
1.2 Business Contacts
If you are a supplier, service provider, advisor, or consultant, we may process the following data about you:
• Contact details - name, work email address, contact numbers
• Professional details- the name of employer, job role, educational or professional background
• If you have access to any of our internal platforms- username and password
We use this information to enter and fulfil a contract with you, to administer and manage our relationship with you including accounting, payment processing activities.
When you visit our website, we use third-party services to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to various parts of the website. The information is only processed in a way which does not identify any individual.
When you complete a contact form on our website or use the email for enquiries, we will use the information provided by you only for the purpose of providing you with an appropriate response. Our lawful basis for collecting this data is article 6(1)(f) of the UK GDPR, which allows us to process personal data when its necessary for the purposes of our legitimate interests
1.3.2 Visitors to office
We will retain information about your visit, for example, time of visit and exit, purpose of visit, vehicle registration numbers, Name. This may be collected by reception staff whether employed by us or otherwise. Our landlords may record CCTV images as well as physical access logs. These details may be shared with us from time to time. Our lawful basis for collecting this data is article 6(1)(f) of the UK GDPR, which allows us to process personal data when its necessary for the purposes of our legitimate interests
1.4 Marketing Data
We hold name and contact details of individuals who have expressed interest in hearing from us about our services or have engaged with us for supply of our services in the past. All direct marketing activities to such individuals shall comply with relevant privacy and regulatory requirements. Our lawful basis for collecting this data is article 6(1)(f) of the UK GDPR, which allows us to process personal data when its necessary for the purposes of our legitimate interests
1.4.1 How is your personal data collected?
You may give us your personal data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:
• engage us to provide services
• subscribe to our publications
• request marketing material to be sent to you
• complete any surveys that we send to you for research purposes
• complete one of our enquiry forms
• participate in our events or provide us with feedback
When you complete an enquiry form on our website or send an email to email@example.com we will use the information provided by you only for the purpose of providing you with an appropriate response.
Apart from receiving personal data directly from you when you engage us to provide services, we may receive personal data from other customers, partners, agencies or 3rd parties that we have run partnerships, competitions and events with. We do not share your data with any third parties. We only collect the information that’s necessary to carry out our business, provide the particular service you’ve requested and keep you up to date about our news.
1.5 When and how do we share your personal data
We may share your personal data with:
• internally with staff members who require your information to provide our services and who have received training in data protection
• with our professional advisors, including our legal advisors, financial advisors, insurers, accountants, auditors or other consultants to the extent they require this information to provide their services to us
• with sub-contractors, consultants or associates who are asked by Vermont to deliver all or some of the services
• with courts, law enforcement authorities, regulators or government officials where it is legally required
• with third parties providing IT support and maintenance services, marketing and client support services, data storage services, and checks for credit risk reduction and other fraud and crime prevention purposes; and other financial institutions and credit reference agencies providing services to us
• any third parties with whom you require or permit us to correspond.
We do not sell personal information to anyone and only share it with third parties who are facilitating the delivery of our services and communications.
1.6 Transfers of personal data outside the EEA
There may be occasions where we will need to share your data with entities in third countries, such as when we are using cloud software providers or outsourced contractors which enable us to provide you with the services. We verify that any data transfer outside of EEA is subject to EU adequacy requirements, Standard Contractual Clauses or other transfer tools which comply with data protection legislation.
1.7 Automated decision-making
We do not use automated decision-making in relation to your personal data.
1.8 Security of your personal information
To help protect the privacy of data and personally identifiable information you provide to us, we maintain physical, technical and administrative safeguards. We update and test our security technology and controls on an ongoing basis. We restrict access to your personal data to those employees who need to know that information to provide benefits or services to you. In addition, we train our employees about the importance of confidentiality and maintaining the privacy and security of your information. We commit to taking appropriate disciplinary measures to enforce our employees' privacy responsibilities.
We are certified to Cyber Essentials Plus standards which demonstrates our commitment to security and privacy of your personal information.
1.9 Data storage and retention
Your personal data is stored by Vermont on its servers, and on the servers of the cloud-based services and IT service providers we engage, as well as in physical forms in our office and at backup and archival facilities. We retain data as per our data retention policy and regulatory data retention requirements.
For more information on where and how long your personal data is stored, and for more information on your rights of erasure and portability, please contact us at firstname.lastname@example.org.
1.10 Data Subject Rights
Under data protection law, you have certain rights including:
Your right of access - You have the right to ask us for copies of your personal information. If you wish to confirm that we are processing your personal data, or to have access to the personal data we may have about you, please contact us at email@example.com.
Your right to rectification - You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.
Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal information in certain circumstances.
Your right to object to processing - You have the the right to object to the processing of your personal information in certain circumstances.
Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.
You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.
This Privacy Notice is intended to provide you with information about what personal data we collect about you and how it is used. If you have any questions or are unhappy about how we process your personal data, please contact us at firstname.lastname@example.org.
You also have a right to complain to the Information Commissioner’s Office (ICO) if you are unhappy with how we have handled your data.
The ICO’s address:
Information Commissioner’s Office
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk