Privacy Policy

Macnamara ICT Ltd

Privacy Policy & Notices

Effective Date: March 01, 2018

Macnamara ICT Ltd has conducted an audit to identify all personally identifiable information (PII) that the company stores and/or processes. We have reviewed what information is stored, why we retain this information, on what legal basis and, where applicable, as a result of the audit, we have deleted information that we do not need. We have established that we do not store or process this data in either sufficient quantity or in such a way as to require a GDPR compliant Data Protection Impact Assessment (DPIA). Nonetheless, we have included a rudimentary Privacy Impact Assessment (PIA) in this register as a matter of good practice and to inform our Privacy Notices. We do not hold PII in other than electronic form and we do not hold PII on servers or other storage devices in our office. In summary, the only information we store or process that is in any sense sensitive is that relating to employees and job applicants. All information assets are owned by Geoff Courts, the Operations Director.

Macnamara ICT Ltd gathers, stores and processes information about individuals (Data Subjects) who work for companies to whom we provide IT support services (Client Users), individuals who work for companies who supply goods and/or services to us (Vendor Staff), employees of the company, candidates for employment by the company and individuals to whom we market our services (Marketing Contacts).
For all five categories of data subject Macnamara ICT Ltd acts, in respect of the General Data Protection Regulation 2018 (GDPR) as the Data Controller, with several service providers, as specified in the relevant Privacy Notices, acting as Data Processors.
We store and process only the minimum information required by our Legitimate Interest in fulfilling our contracts with clients and/or vendors as well as our obligations to employees and our statutory and/or legal obligations. Data relating to Marketing Contacts and Candidates for Employment is only stored and processed with the consent of the individuals concerned.
We have conducted a Privacy Impact Assessment regarding the personal information we store and process and/or which is stored and processed on our behalf by service providers, and concluded that, apart from employee-related information, the risk posed to the privacy and security of data subjects through the loss, corruption or unauthorized exposure of such information is minimal. Notwithstanding the minimal level of risk, we have taken extensive precautions, as outlined in the relevant Privacy Notices, to ensure the Confidentiality, Integrity and Availability of all the personally identifiable information we store and process or which is stored and processed on our behalf.
In respect of the clients to whom we provide IT services we act as a Data Processor with regard to the information for which they are Data Controllers. We act in respect of the information that they store and process under their instructions and in compliance with the GDPR and this Privacy Policy.
All individuals about whom we store or process information or where this information is stored or processed on our behalf or where we process such information on behalf another Data Controller (our clients) have the following rights:

  • The right to be informed: individuals have the right to be informed about the collection and use of their personal data. We fulfil our obligations in this respect via a Privacy Notice made available at the time the information is collected.
  • The right of access: individuals have the right to access the data we hold about them and to confirmation as to what data we hold. This information is available on request.
  • The right to rectification: individuals have the right to require that we rectify any inaccuracies in the data we store about them within one month of a request to do so.
  • The right to erasure: individuals have the right to require us to delete their data unless we are required to retain it for regulatory, legal, contractual or other specific reason.
  • The right to restrict processing: individuals have the right to require us to restrict processing their personal data, allowing us to store but not process the data.
  • The right to data portability: individuals have a right to their data in a format that can be transferred between systems and we will supply data in standard portable formats such as MS Word, Excel, PST and CSV files.
  • The right to object: individuals have the right to object to our processing their data and we must comply unless we have compelling legitimate grounds for not doing so, such as our responsibilities to HMRC
  • Rights in relation to automated decision making and profiling: we do not engage in automated decision making or profiling.

All these rights can be exercised by contacting our Office Administrator verbally or in writing. Where any such right is exercised in respect of an individual whose data is controlled by one of our clients we shall act on the instructions of the client insofar as any such instructions comply with the GDPR and with this policy.

Privacy Notices
For Client Users

Who are we?
Macnamara ICT Ltd has been contracted by your company or organisation to provide IT support, technical consultancy, planning and implementation, telephony and/or Internet connectivity services. We act as a Data Controller and have a legitimate interest in storing and processing the personally identifiable information necessary to fulfil our contractual obligations to your company or organisation: this includes providing user support and communicating with you, your management and finance departments.

What information do we have?
As your IT support company, we store the minimum amount of your personal information necessary, such as your name, job title, email address or company and mobile phone number. This is provided to us by you or your employer and is necessary in order for us to provide you with our service and fulfil our contract with the company or organisation you work for.

What risks do you face?
We have conducted a privacy impact assessment and concluded that the unauthorised disclosure, corruption or loss of the minimal personally identifiable information we hold about you presents you with a close to zero risk of breach of your privacy, identity fraud or other dangers.

Can anyone else access your information?
We do not share your information with any third parties without your explicit permission unless we are required to do so by law. From time to time a third party, such as a hardware, software or other service provider with whom we are working on your behalf, may ask us to provide your contact details. In this instance we will only provide these details with your consent and we will keep a record of your consent.We contract several third-party service providers to store and process your information. In all cases we ensure that such service providers do not have direct access to your information are contractually bound by the provisions of the GDPR in respect of their role as Data Processors of your information.

How long do we retain your information?
We will only retain your information for as long as you are one of our supported users. Once we stop providing IT support for you (for example because our contract with your employer ends, or because your employer notifies us that you no longer work for them), your personally identifiable information will be deleted immediately.

How do we keep your information safe?
We store and process your information in ISO 27001 data centres within the European Economic Area (EEA). Your information is encrypted and backed up at least daily.

What rights do you have in relation to the information we hold?
Insofar as the exercise of these rights does not conflict with our statutory or legal obligations or our contractual obligations to your employer you have the right:

  • To know that we hold information about you and what information we hold
  • To receive a copy of the information we hold in a standard format (Word, Excel, PDF, CSV, PST)
  • To require us to rectify any inaccuracies in the information we hold about you
  • To require us to delete your information
  • To restrict our ability to use your information
  • To object to our processing your data
  • We do not use your information for automated decision making or profiling.
  • To exercise your rights, please contact our Office Administrator, Marta Zawieja on 020 3102 2140 or marta@macnamara-ict.co.uk.

For Marketing Contacts

Who are we?
Macnamara ICT Ltd is an IT support and consultancy company based in Nalla Studios, 29 Charlotte Road, London EC2A 3PB, UK. We are Data Controllers in respect of the personally identifiable information we store and process in relation to individuals who have given us their consent to maintain their information as part of our sales and marketing effort.

What information do we have?
So that we can keep you informed of the services we offer, we store the minimum amount of your personal information necessary, which may include your name, office address, email address or company and mobile phone number. We also maintain a record of each contact we have had with you and brief notes about the contact. We will only store and process this information if we have obtained and recorded your explicit consent to keep in contact with you.

What risks do you face?
We have conducted a privacy impact assessment and concluded that the unauthorised disclosure, corruption or loss of the minimal personally identifiable information we hold about you presents you with a close to zero risk of breach of your privacy, identity fraud or other dangers.

Can anyone else access your information?
We do not share your information with any third parties without your explicit permission unless we are required to do so by law.
We contract several third-party service providers to store and process your information. In all cases we ensure that such service providers do not have direct access to your information are contractually bound by the provisions of the GDPR in respect of their role as Data Processors of your information.

How long do we retain your information?
We will retain your information in our marketing database until you’ve withdrawn your consent or become our client. In the latter case your information will be removed from the marketing database and transferred to our client system and you will be issued with the appropriate Privacy Notice.

How do we keep your information safe?
We store and process your information in ISO 27001 data centres within the European Economic Area (EEA). Your information is encrypted and backed up at least daily.

What rights do you have in relation to the information we hold?
Insofar as the exercise of these rights does not conflict with our statutory or legal obligations or our contractual obligations to your employer you have the right:

  • To know that we hold information about you and what information we hold
  • To receive a copy of the information we hold in a standard format (Word, Excel, PDF, CSV, PST)
  • To require us to rectify any inaccuracies in the information we hold about you
  • To require us to delete your information
  • To restrict our ability to use your information
  • To object to our processing your data
  • We do not use your information for automated decision making or profiling.
  • To exercise your rights, please contact our Office Administrator, Marta Zawieja on 020 3102 2140 or marta@macnamara-ict.co.uk.

For Employees

Who are we?
As your employer, Macnamara ICT Ltd is a Data Controller in respect of the personally identifiable and sensitive information we hold about you in order to fulfil our obligations to you as well as our statutory and legal obligations.

What information do we have?
We acquire, process and store your personally identifiable sensitive information, including your name, home address, home and/or mobile phone number, email address, national insurance number, gender, bank details, payroll, employment and disciplinary records, identification information (such as a scan of your passport) your CV and contract of employment. All information is either provided by you or generated in the course of your employment with your knowledge.

What risks do you face?
We have conducted a privacy impact assessment and concluded that unauthorised disclosure of your information would be a significant breach of your privacy and may expose you to risk of identity fraud, embarrassment or other dangers. Corruption or loss of the information we hold about you presents you with a close to zero risk.
In light of the potentially serious risks involved, we will advise you within 24 hours of our becoming aware of any unauthorised disclosure of your information. We also report any such breach to the Information Commissioners Office.

Can anyone else access your information?
With the exception of HMRC, the DWP and other government agencies with the right to access employee information, we do not share your information with any third parties without your explicit permission unless we are required to do so by law. We contract several third-party service providers to store and process your information. In all cases we ensure that such service providers do not have direct access to your information are contractually bound by the provisions of the GDPR in respect of their role as Data Processors of your information.

How long do we retain your information?
We retain your information for as long as it is necessary to fulfil our legal obligations as your employer. Unless otherwise required for statutory or legal reasons we maintain your information for the duration of your employment with the company and for seven years afterwards.

How do we keep your information safe?
We store and process most of your information in ISO 27001 data centres within the European Economic Area (EEA). Your information is encrypted and backed up at least daily. The only exception is some payroll-related information, which is kept in a US-based data centre by the Xero Accounting and Payroll online service. The data in question is encrypted both in transit and at rest and cannot be accessed by unauthorized persons. We require your written consent before this information is processed and/or stored outside the EEA.

What rights do you have in relation to the information we hold?
Insofar as the exercise of these rights does not conflict with our statutory or legal obligations or our mutual obligations as employee and employer you have the right:

  • To know that we hold information about you and what information we hold
  • To receive a copy of the information we hold in a standard format (Word, Excel, PDF, CSV, PST)
  • To require us to rectify any inaccuracies in the information we hold about you
  • To require us to delete your information
  • To restrict our ability to use your information
  • To object to our processing your data
  • We do not use your information for automated decision making or profiling.
  • To exercise your rights, please contact our Office Administrator, Marta Zawieja on 020 3102 2140 or marta@macnamara-ict.co.uk.

For Employment Candidates

Who are we?
Macnamara ICT Ltd is an IT support and consultancy company based in Unit 2.1 Hoxton Works, 128 Hoxton Street, N1 6SH London, UK. We are Data Controllers in respect of the personally identifiable information we collect from you and store and process in respect of our recruitment activities.

What information do we have?
In order to assess your suitability for an advertised role we have a legitimate interest in storing and processing the information provided by you including your CV, contact information and any emails exchanged during the recruitment process. We ask you for your consent to store and process this information as part of your application.

What risks do you face?
We have conducted a privacy impact assessment and concluded that the unauthorised disclosure, corruption or loss of the minimal personally identifiable information we hold about you presents you with a close to zero risk of breach of your privacy, identity fraud or other dangers.

Can anyone else access your information?
We do not share your information with any third parties without your explicit permission unless we are required to do so by law. We contract several third-party service providers to store and process your information. In all cases we ensure that such service providers do not have direct access to your information are contractually bound by the provisions of the GDPR in respect of their role as Data Processors of your information.

How long do we retain your information?
We will retain your information only for the duration of one recruitment exercise unless you ask us to retain your information on file in respect of future vacancies.

How do we keep your information safe?
We store and process your information in ISO 27001 data centres within the European Economic Area (EEA). Your information is encrypted and backed up at least daily.

What rights do you have in relation to the information we hold?
Insofar as the exercise of these rights does not conflict with our statutory or legal obligations you have the right:

  • To know that we hold information about you and what information we hold
  • To receive a copy of the information we hold in a standard format (Word, Excel, PDF, CSV, PST)
  • To require us to rectify any inaccuracies in the information we hold about you
  • To require us to delete your information
  • To restrict our ability to use your information
  • To object to our processing your data
  • We do not use your information for automated decision making or profiling.
  • To exercise your rights, please contact our Office Administrator, on 020 3102 2140 or office@macnamara-ict.co.uk.

For Vendor Contacts

Who are we?
Macnamara ICT Ltd is an IT support and consultancy company based in Unit 2.1 Hoxton Works, 128 Hoxton Street, N1 6SH London, UK. We are Data Controllers in respect of the personally identifiable information we collect from you and store and process in respect of our relationship with your company as a customer.

What information do we have?
In order to maintain or establish a relationship with your company we have a legitimate interest in storing and processing the minimal information provided by you including your name, email address, office and/or mobile phone number. We may also retain a record of contacts with you.

What risks do you face?
We have conducted a privacy impact assessment and concluded that the unauthorised disclosure, corruption or loss of the minimal personally identifiable information we hold about you presents you with a close to zero risk of breach of your privacy, identity fraud or other dangers.

Can anyone else access your information?
We do not share your information with any third parties without your explicit permission unless we are required to do so by law. We contract several third-party service providers to store and process your information. In all cases we ensure that such service providers do not have direct access to your information are contractually bound by the provisions of the GDPR in respect of their role as Data Processors of your information.

How long do we retain your information?
We will retain your information for the duration of your relationship with your company and for seven years thereafter.

How do we keep your information safe?
We store and process your information in ISO 27001 data centres within the European Economic Area (EEA). Your information is encrypted and backed up at least daily.

What rights do you have in relation to the information we hold?
Insofar as the exercise of these rights does not conflict with our statutory or legal obligations or any contractual obligations we may have to your company:

  • To know that we hold information about you and what information we hold
  • To receive a copy of the information we hold in a standard format (Word, Excel, PDF, CSV, PST)
  • To require us to rectify any inaccuracies in the information we hold about you
  • To require us to delete your information
  • To restrict our ability to use your information
  • To object to our processing your data
  • We do not use your information for automated decision making or profiling.
  • To exercise your rights, please contact our Office Administrator, Marta Zawieja on 020 3102 2140 or marta@macnamara-ict.co.uk.