Privacy Policy

At Total Group International, we understand that we have a responsibility to protect and respect your privacy and look after your personal data.

This Privacy Statements accords with our Privacy Notice and explains what personal data we collect, how we use your personal data, reasons we may need to disclose your personal data to others and how we store your personal data securely.

For clarity, Total Group International may be both data controller and data processor for your personal data under certain circumstances.

We must advise that our Privacy Policy is subject to change so please check our website on a regular basis for any further changes.

 

DATA PROTECTION LAW WILL CHANGE ON 25TH MAY 2018

 

This Privacy Statement sets out your rights under the new laws.

 

 

Who are we?

Total Group International Ltd provide IT management software to secure, maintain, patch, manage, monitor, access and report on IT networks. We additionally provide IT management services and user help desk services under service level agreements.

 

Our software suites automate critical operational tasks and each component accords and in many instances, goes well beyond statutory compliance standards and “reasonable” standards of data system management.

 

Registered Address: Total Group International, 2 Adelaide Street, St. Albans, Hertfordshire, England AL3 5BH

 

Data Protection Officer: Nathan Stewart

Data Officer: Charlotte Khalil

Our Data Protection Officer  can be contacted directly here:

  • dpo@totalgroup.co.uk
  • 08456 88 50 60

 

Why does Total Group International Ltd need to collect and store personal data?

In order for us to provide you with a service we need to collect personal data for correspondence purposes and/or certain service provisions. In any event, we are committed to ensuring that the information we collect and use is appropriate for this purpose, and does not constitute an invasion of your privacy.

In terms of being contacted for marketing purposes Total Group International Ltd would contact you for additional consent.

How we use your information

We use information about you in the following ways:

  • To process orders that you have submitted to us
  • To provide you with products and services
  • To comply with our contractual obligations, we have with you
  • To help us identify you and any accounts you hold with us
  • To enable us to review, develop and improve our services
  • To provide customer care, including responding to your requests if you contact us with a query
  • To administer accounts, process payments and keep track of billing and payments
  • To detect fraud and to make sure what you have told us is correct
  • To carry out marking and statistical analysis
  • To review job applications
  • To notify you about changes to our services
  • To provide you with information about products or services that you request from us or which we feel may interest you, where you have consented to be contacted for such purposed and
  • To inform you of service and price changes

How will Total Group International Ltd share and use the personal data it collects about me?

 

Below is a list of all the ways Total Group International uses your personal data and how we share the information with third parties. For clarity, we have grouped them into the specific products and services that we offer. Total Group International provide GDPR compliant services, we also process data for our clients with services of their choosing. The client is responsible for understanding which services they use that may include personal data and ensuring their own legislative compliance.

Domains and Hosting

We process your data for administration, billing, support and provision of services. Your data may be exchanged with your registrar, domain or hosting provider. Total Group International only provide hosting with EEA but we may act as a processor for domains and hosting that you control. These may include providers outside of the EEA. You should ensure that data assets which include personal data are stored and processed compliantly by the providers and hosts you use.


Applications and Software as a Service

We process your data for administration, billing, support and the provision of services. Your data may be exchanged with your application vendor or software providers. Total Group International only directly host applications with personal data inside the EAA but we may act as a processor for applications and software services that you control. These may include providers outside of the EEA. You should ensure that data assets which include personal data are stored and processed compliantly by the applications and providers you use.

 

Websites, intranet, Electronic pages, Certificates

WE process your data for administration, billing, support and the provision of services. Total Group International only directly host sites and pages with known personal data inside the EEA but we may act as a processor for sires and hosted pages that you control. These may include providers outside of the EEA. Please ensure that where sites and pages could contain personal data that they are compliantly stored and processed.

 

Email Hosting

We process your data for administration, billing, support and the provision or services and additionally, to provide customer domain and connection details and use email addresses to provide the service.
Total Group International only provide Email plans with Microsoft in an EEA region. Microsoft state Office 365 is in an EEA region and have Privacy Shield. Total Group International however may act as a processor for other Email hosting that you choose to maintain or use. These may include providers outside of the EEA. You should ensure that data assets which include personal data are stored and processed compliantly by the providers you use.

 

Backup, Disaster Recovery and Archive.

We process your data for administration, billing, support and the provision or services.

Total Group International only use backup providers providing EEA Region storage or with Privacy Shield. Total Group however, may act as a processor for other backup and storage hosting that you choose to maintain or use. These may include providers outside of the EEA. You should ensure that data assets which include personal data are stored and processed compliantly by the providers you use.

Example: We leverage storage and software from IBM, Microsoft and Server Choice in the UK and archive with Amazon under Privacy Shield.

 

Anti-Virus and Security

We process your data for administration, billing, support and the provision of services.

Total Group International only use security platforms in EEA region or with Privacy Shield. Where no access risk to personal data exists non-EEA, providers may contribute to security processing.

Total Group however, we may act as a processor for other security systems that you choose to maintain or use. These may include providers outside of the EEA. You should ensure that data assets which include personal data are stored and processed compliantly by the providers you use.

Example: You choose to use Kaspersky Anti-Virus that we license and install for you and their support centre may be outside of the EEA?

 

Management, Monitoring and Reporting

We process your data for administration, billing, support and the provision of services.

Total Group International only use management platforms in EEA region or with Privacy Shield. Where no access risk to personal data exists non-EEA, providers may contribute to our management, monitoring and the provision of reporting tools we use.

Total Group however, we may act as a processor for other management systems that you choose to maintain or use. These may include providers outside of the EEA. You should ensure that data assets which include personal data are stored and processed compliantly by the providers you use.

Example: We use software from non EEA vendors but no data is stored outside of the EEA and all processing is done by our engineers in the EEA.

 

 

Connectivity

We process your data for administration, billing, support and the provision of services.

Total Group International only use connectivity providers and platforms in EEA region or with Privacy Shield. Total Group however may act as a processor for other connectivity systems that you choose to maintain or use. These may include providers outside of the EEA.

Your data may transit outside EEA. You should ensure that data assets which include personal data, transits, is stored, and is processed compliantly by the providers you use.

Example: We may support VPN’s that you request we maintain to overseas suppliers. We setup the link but are not privy to what you share and whether or not it leaves EEA.

 

Hardware

We process your data for administration, billing, support and the provision of hardware.

Total Group International recommend that all hardware be secured, maintained and monitored in real-time. It should be securely configured at the outset with compliant access controls. However, may act as a processor for hardware that you choose to maintain or use. This may include hardware that is not secured or maintained to reasonable standards of compliance. You should ensure that all data assets which include personal data transits, is stored and is processed compliantly by the hardware you choose to use.

Example: Business hardware assets may be deemed as reasonably secured and maintained but the business may choose for users to access data via home or personal (BYOD) mobile devices that are not.

 

Engineering and Consultancy

We process your data for administration, billing, support and the provision of services.

Total Group International routinely use EEA located engineers and consultants where personal data assets are identified. Data handling outside of the EEA is governed under GDPR compliant Data Management Agreements or Privacy Shield.

We may act as a processor for support services that you choose to use. These may include providers outside of the EEA. Your data may transit outside EEA. You should ensure that data assets which include personal data transits, is stored and is processed compliantly by the providers you use. The customer is responsible for making sure that engineering instructions and processing requests they make are lawful.

Example: We may escalate a support call to your software vendor at your request and on your behalf. That vendor may reside outside of EEA and may not lawfully process your data.

 

Third Parties

For the avoidance of doubt, we do not and never shall sell your personal data to third parties for marketing or advertising purposes.

We work closely with a number of third parties (including business parties, service providers and fraud protection services) and we may receive information from them about you. These third parties may collect information about you including, but not limited to, your IP address, device-specific information, server logs, device event information, location information, and unique application numbers. We use their features within our website, however in some instances, they may be acting as data controller and they will have their own privacy policies, which we advise you to read.

We may pass your personal data to third parties for the provision of services on your behalf (for example processing your payment) however, we will only ever share information about you that is necessary to provide the service. We have specific contracts in place, which ensure your personal data is secure and will not be used for any marketing purposes.

We may share your information if we are acquired by a third party and therefore your data will be deemed an asset of the business. In these circumstances, we may disclose your personal data to the prospective buyer of our business, subject to both parties entering appropriate confidentiality undertakings. Similarly, we may share your personal data if we are under a duty to disclose data to comply with any legal obligation or to protect the rights, property, or safety of Total Group International, our customers, or others. This includes but is not limited to exchanging information with other companies and organisations for the purposes of fraud protection, credit risk reduction and dispute policies. However, we will take steps with the aim of ensuring that your privacy rights continue to be protected.

  • Right of access – you have the right to request a copy of the information that we hold about you.
  • Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
  • Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records.
  • Right to restriction of processing – where certain conditions apply you have a right to restrict the processing.
  • Right of portability – you have the right to have the data we hold about you transferred to another organisation.
  • Right to object – you have the right to object to certain types of processing such as direct marketing.
  • Right to object to automated processing, including profiling – you also have the right to be subject to the legal effects of automated processing or profiling.
  • Right to judicial review - if in the event that Total Group International Ltd refuses your request under rights of access, we will provide you with a reason as to why. You have the right to complain as outlined below.

All the above requests will be forwarded on should there be a third party involved in the processing of your personal data.

Accessing and updating your data

We must maintain the accuracy of the information we hold on you and ensure all your details, including but not limited to, name, address, title, phone number, email address and payment details are kept up to date at all times. Please do notify us of any changes.

You have the right to access the information we hold about you. Please email your requests to dpo@totalgroup.co.uk so that we are able to obtain the information for you.

 

Use of Cookies

Our cookies policy is available to view online

 

Links to other sites

Total Group International may provide links to third party sites. Since we do not control those websites, we encourage you to review the privacy policies of these third-party sites. Any information that is supplied on these sites will not be within our control and we cannot be responsible for the privacy policies and practices of these.

 

Document Owner and Approval

 

The Data Protection Officer / GDPR Owner is the owner of this document and is responsible for ensuring that this record is reviewed in line with the review requirements of the GDPR.

 

A current version of this document is available to all members of staff on the Company intranet and is published on our website.

Signature:                          Date:08.05.2018

 

Change History Record

Issue

Description of Change

Approval

Date of Issue

1

Initial issue

N.Stewart

08.05.2018

 

 You can download a copy of our Privacy Notice HERE

 

 

© 2016 - Total Group