Nephos Privacy Policy

This privacy policy aims to give you information on how we collect and process data through the use of this website, including any data you may provide through this website.

This website is not intended for children and we do not knowingly collect data relating to children

Nephos Solutions Limited(“we”) operates the nephos.co.uk website and is incorporated and registered in England and Wales with the company number 09414740 with registered office at White Rose House 8 Otley Road, Headingley, Leeds, England, LS6 2AD. We remain fully committed to the protection of your privacy at all times and we are registered with the Information Commissioner’s Office (ICO) with registration number ZA277369.

The information contained in this policy has been published to inform you of the way in which any personally identifiable information (Personal Information) you may provide us with or that we collect from you will be used. We recommend that you read our Privacy Policy carefully in order to fully understand how we treat your personal information.

For the purpose of the Data Protection Act 1998 and from 25th May 2018 unless and until the GDPR is no longer directly applicable in the UK, the General Data Protection Regulation ((EU)2016/679)(“GDPR”) and any national implementing laws, regulations and secondary legislation, as amended or updated from time to time, in the UK and then any successor legislation to the GDPR or the Data Protection Act 1998 (the “Data Protection Laws”), we are the data processor and our customers are the Data controller.

Personal Information we may obtain from you

We may collect, obtain and use the following Personal Information about you:

  • Information you supply directly to us – This includes but not limited to the information that you provided when filling in forms on our site, registering to use our services, or corresponding with us through out site or by phone, email or otherwise.
  • Information we collect about you – This includes but is not limited to the information provided through your visits to our site, which includes location, traffic data, weblogs, resources you access and other communication data.
  • Information received from other sources – This includes but is not limited to the information we receive about you from third parties, including business partners, sub-contractors, advertising networks and search information providers. We will notify you when we receive information about you from them and the purpose for which we intend to use that Information.

We may obtain information about your computer, which includes your IP Address, browser type, version number and operating system where available. This accumulation of data is used to assist system administration.

To the extent that any of this information constitutes Personal Information for the purpose of the Data Protection Laws, it will be processed by us in accordance with our responsibilities under the Data Protection Laws.

We may also collect information regarding your browsing activity and interests through use of a cookie file. This cookie file is stored on the hard drive of your computer and contains information that is transferred to your computers hard drive. We use the collection of this Personal Information to help us improve the experience of users on our sites to deliver a more personalised service with more relevant content.

You remain entitled to refuse cookies by adjusting your browser settings accordingly. However, doing so may restrict your access to certain areas within our site. Unless you adjust your browser settings to refuse cookies, our site will issue cookies when you log on to our site.

How we use your Data

We use information in furtherance of our legitimate interests in operating out Services, Websites and business. More specifically:

  • To provide, update, maintain and protect our Services, Websites and business
    • This includes the use of other Information to support delivery of the Services under a Customer Agreement, prevent or address services errors, security or technical issues, analyse and monitor usage or at an Authorized User’s request
  • As requited by applicable law, legal process or regulation
  • To communicate with you by responding to your requests, comments and questions.
    • If you contact us, we may use your Personal Information to respond.
  • To develop and provide additional features to the systems.
  • To send emails and other communications.
    • We may send you service, technical and other administrative emails, messages and other types of communications. We may also contact you to inform you about changes in our Services, our Services offerings and any important Services-related notices such as security and release notices. These communications are considered part of the Services and you may not opt out of these. In addition, we may send out emails about new products, features or promotional communications. These are marketing messages and you can control whether you receive them or not.
  • For billing, account management and support matters.
    • We may need to contact you for invoicing, account management and other similar reasons and we use account data to administer accounts and keep track of billing and payments.
  • To investigate and help prevent security issues.

How long data is kept

We will keep your personal data only as long as is necessary for the purpose(s) for which it was collected, and in accordance with our Information Security Policy. Data will be securely destroyed when no longer required.

Where you exercise your right to erasure, we will continue to maintain a core set of personal data (name, date start using software) to ensure we do not contact you inadvertently in future, and to maintain your record for archive purposes. We may also need to retain some financial records about you for statutory purposes (e.g. accounting matters).

Data Security

We will take appropriate security measures against unlawful or unauthorised processing of personal data, and against the accidental or unlawful destruction, damage, loss, alteration, unauthorised disclosure of or access to personal data transmitted, stored or otherwise processed.

We have put in place procedures and technologies to maintain the security of all personal data from the point of the determination of the means for processing and point of data collection to the point of destruction. These steps take into account the sensitivity of the Personal Information we collect, process and store. We have received internationally recognized security certification for ISO27001 (Information security management system)

We will maintain data security by protecting the confidentiality, integrity and availability of the personal data, defined as follows:

  • Confidentiality means that only people who are authorised to use the data can access it.
  • Integrity means that personal data should be accurate and suitable for the purpose for which it is processed.
  • Availability means that authorised users should be able to access the data if they need it for authorised purposes. Personal data should therefore be stored on PeopleHR instead of individual PCs.

Security Procedures Include

  • Entry controls – Any stranger seen in entry-controlled areas should be reported.
  • Secure lockable desks and cupboards – Desks and cupboards should be kept locked if they hold confidential information of any kind. (Personal information is always considered confidential.)
  • Data minimisation
  • Pseudonymisation and encryption of data.
  • Methods of disposal – Paper documents should be shredded. Digital storage devices should be physically destroyed when they are no longer required.
  • Equipment – Staff must ensure that individual monitors do not show confidential information to passers-by and that they log off from their PC when it is left unattended.

Age Limitations

To the extent prohibited by applicable law, we do not allow users of our Services and Websites by anyone younger than 16 years old. If you learn that anyone younger than 16 has unlawfully provided us with personal data, please contact us immediately and we take the steps to delete such information.

Your Rights

You have the following rights:

To Be Informed:

This privacy notice provides the information you are entitled to receive:

Access

Please contact us if you would like confirmation that your data is being processed and access to your personal data.

 

There is no charge for us providing you with this data and it will be provided within a month of the request (unless the request is unfounded or excessive).

Rectification

Please inform us of any data which you would like rectified and we will usually respond within a month of the request. We will pass on the changes to any third parties who need to change their records and let you know this has been done.

Erasure

You may exercise your right to have your personal data erased in a number of circumstances (e.g. if the data is no longer necessary in relation to the purpose for which it was created, or you withdraw your consent). Where possible we will comply with all such requests, though some details are part of the Nephos Solutions permanent which cannot reasonably be deleted.

Restrict Processing

You can tell us that we can keep your data but must stop processing it, including preventing future mailings and communications. If possible, we will inform any third parties to whom your data has been disclosed of your requirement.

Data Portability

Your data is across manual records and a bespoke Access database. We will do our best to provide information in a portable format, but it is unlikely that we can create systems to do so.

To Object

If we can, we will stop processing your data if you object to processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling). We will stop processing your data for direct marketing if you tell us to. We will stop processing your data if you object to processing for purposes of research and statistics.

Not to be subject

to automated

decision-making

including

profiling

We do not use any automated decision-making

You have the right to lodge a complaint with the Information Commissioner’s Office at https://ico.org.uk/concerns

Further Information

The controller for your personal data and our Data Protection Officer is the Information Security Manager of Nephos Solutions who can be contacted via sb@nephos-solutions.co.uk or Suite 2B, 2nd Floor White Rose House, Otley Road, Headingley, LS6 2AD.

Our Data Protection Officer is responsible for monitoring compliance with relevant legislation in relation to the protection of personal data. Please contact us at sb@nephos-solutions.co.uk if you have any concerns or questions about the above information or you wish to ask us not to process your personal data for particular purposes or to erase your data. Where you have specific requests relating to how we manage your data, we will endeavour to resolve these, but please note that there may be circumstances where we cannot comply with specific requests.

We will publish on our company notice board regarding any changes we make to this data protection statement and notify you by other communication channels where appropriate. If you have any concerns about your personal data held by Nephos Solutions you will need to contact by emailing sb@nephos-solutions.co.uk.

© 2016 All rights reserved | Company No. 09414740 | VAT Registered: 230729620

White Rose House, Suite 2A, 8 Otley Road, Headingley. Leeds, LS6 2AD