Privacy Policy

Privacy policy & notices

Macnamara ICT Ltd

Effective Date: May 01, 2021

To be reviewed: April 2022

Responsible Person: Ciaran Kenny, ciaran@macnamara-ict.co.uk, 020 8132 5803‬

Macnamara ICT Ltd gathers, stores and processes the minimum personally identifiable information required to maintain and develop our business and to deliver our service to our clients. In this policy and set of privacy notices we set out the personally identifiable information we gather, store and process, the legal basis on which we do this, what the information is used for, how it is protected, for how long it is retained and how it is disposed of and how you can exercise your rights in respect of any personally identifiable information we may hold about you.

Macnamara ICT Ltd gathers, stores and processes information about the following categories of individuals (Data Subjects):

  1. Employees, ex-employees and job applicants.
  2. Individuals employed by, contracted to or otherwise associated with our clients.
  3. Individuals employed by, contracted to or otherwise associated with companies who supply Macnamara and/or our clients with goods or services or with whom we have a business partnership or other business relationship.
  4. Individuals to whom we sell and market our services with a view to establishing a contractual relationship.

For all four categories of data subject Macnamara ICT Ltd acts, in respect of the UK GDPR (2018) as the Data Controller, with several service providers, as specified in the relevant Privacy Notices, acting as Data Processors.

We store and process only the minimum information required to fulfil the purpose under the lawful basis for which the information is collected, which includes our: legitimate Interest in marketing our services and developing our business, requirement to fulfil our contracts and maintain business relationships with clients, suppliers, partners and suppliers to our clients as well as our contractual obligations to employees and our statutory and/or legal obligations.

We regularly conduct Data Protection Impact Assessments (DPIA) in respect of the personally identifiable information (PII) we store and process and/or which is stored and processed on our behalf by service providers. DPIAs indicate that, apart from employee-related information, the risk posed to the rights of, and privacy and security of data subjects through the loss, corruption or unauthorized exposure of such information is minimal. Notwithstanding the minimal level of risk, we have taken extensive precautions, as outlined in the relevant privacy notices (below), to ensure the confidentiality, integrity and availability of all PII we store and process or which is stored and processed on our behalf.

While providing IT support services, advice and consultancy to our clients, Macnamara acts as a Data Processor in respect of any PII for which the client is a Data Controller and to which we may be given access by virtue of our contractual relationship. The respective roles of Macnamara and our clients are defined in our contract of service.

We act in respect of the information that clients store and process only under their instructions and in compliance with the UK GDPR (2018) and this Privacy Policy.

All individuals (data subjects) about whom we store or process information or where this information is stored or processed on our behalf or where we process such information on behalf of another Data Controller, such as one of our clients, have the following rights:

  1. The right to be informed: individuals have the right to be informed about the collection and use of their personal information, we fulfil our obligation in this respect through a privacy notice (see below) made available when the information is collected and/or on request.
  2. The right of access: individuals have the right to access the information we hold or process about them. This information will be supplied on request allowing for the time taken to complete any necessary searches.
  3. The right to rectification: individuals have the right to require that we correct any inaccuracies in the information about them which we process, or which is processed on our behalf by any Data Processor which we use to process information on our behalf. Corrections, subject to any necessary verification, will be made on request.
  4. The right to erasure: individuals have the right to require that we delete their information, and we will do so on request unless doing so conflicts with our contractual, statutory or legal obligations, conflicts with the rights of another individual or is technically impossible or cost prohibitive. In any case we will explain the precise action taken and reasoning in response to a request for erasure.
  5. The right to restrict processing: individuals have the right to require us and any data processors operating on our behalf not to process their information, allowing us to store but not use their information. Requests to restrict processing will be actioned on receipt unless doing so conflicts with our contractual, statutory or legal obligations, conflicts with the rights of another individual or is technically impossible or cost prohibitive. In any case we will explain the precise action taken and reasoning in response to a request to restrict.
  6. The right to data portability: individuals have the right to request a copy of their information in a format that allows for the information to be transferred to, or imported into, another system. We will supply information in standard portable formats as appropriate to the content including csv files, MS Word, MS Excel and PST files. Where a particular format is requested, we will supply in that format if technically possible and not cost or time prohibitive.
  7. The right to object: individuals have the right to object to our processing their information in specific ways or by specific processors and where such requests do not conflict with our contractual, statutory or legal obligations, the rights of another individual and are not technically impossible or time or cost prohibitive we will comply with any objections received. In any case we will explain the precise action taken and reasoning in response to a request for erasure.
  8. Rights in relation to automated decision making and profiling: Macnamara does not use any of the personally identifiable information it collects, stores or processes for automated decision making or profiling.

Each of these rights can be exercised by contacting our Managing Director, Geoff Courts by phone on 020 8132 5804, by email at geoff@macnamara-ict.co.uk or by post at Macnamara ICT Ltd, 16 Upper Woburn Place, London WC1H 0AF.

Requests will be fulfilled as quickly as possible. We will aim to fulfil all requests within one month of receiving all the information, including ID and verification if required, necessary to fulfil the request. If for technical or other reasons we anticipate the process taking longer than one month, the person making the request will be advised accordingly and kept informed of progress every two weeks until the process has been completed.

If additional information, clarification of the request and/or verification or ID information is required to fulfil a request, the person making the request will be advised accordingly and the process of fulfilling the request will not begin until any such additional information is supplied.

We may receive requests that we cannot fulfill in part or in full because the request conflicts with our contractual, statutory or legal obligations, the rights of another individual or is not technically possible or is time or cost prohibitive.

In such cases the person making the request will be informed accordingly and given the opportunity to challenge and/or discuss the reasoning on which the decision is based.

Any requests to exercise the above rights should specify which right is being exercised and, if more than one is involved, they will be handled as separate requests.      

We will not normally charge a fee to fulfil a request to exercise any of these rights. The only circumstances in which we reserve the right to charge a fee is where we judge the request to be manifestly unfounded or excessive or where the same information is repeatedly requested by the same individual.

Special note on backups

Like all responsible businesses, to ensure that we meet our obligations in terms of the integrity and availability of the information we store and process, we ensure that this information is regularly backed up.

Where we use another company as a data processor for information that is subject to a request based on any of the above rights, we will endeavor to ensure that any of the information that has been included in a backup of their systems or information stores is also included in the response to the request. This, however, is not always possible, as outlined below in relationto information where we control the backup. We will, in any case, ensure that any all information held in a third-party backup remains beyond use and cannot be accessed without being subject to fulfilment of the relevant request.     

For information where Macnamara is fully in control of the backup system and methodology, a snapshot is made several times a day and stored online in encrypted form where it is kept for seven years. This allows for information to be restored at multiple points in time over seven years.

Data subject access requests (DSAR) are fulfilled by running an audited e-discovery search across all information stores as it is not always possible to know where information about an individual may be found.

In respect of DSARs involving access to information, rectification of information, erasure of information, restriction of or objection to processing, a problem can arise if data is restored from backup after an e-discovery search has been run and information relating to the DSAR is restored and added to live information.

It is not technically possible to extend the e-discovery process to include encrypted backups in that the searchable backup indexes do not contain sufficient information, e.g., file content, to identify all information that may be required to fulfil a DSAR.

To resolve this technical obstacle to complete fulfilment of DSARs Macnamara has adopted the following procedure:

  1. Information in encrypted backups cannot be accessed, the only way backed up content can be accessed is via a procedure to restore it to live data stores.
  2. Only a director can restore information from a backup.
  3. When there is a requirement to restore information from a backup this is logged.
  4. All DSARs are logged, and a copy is maintained of the e-discovery search used to fulfil the request.
  5. Whenever information is restored from backup, any relevant e-discovery searches are re-run, targeting the restored information before this information is returned to the live environment and made generally available.
  6. If any information subject to a DSAR is detected as a result of re-running the e-discovery search, the original DSAR is then fulfilled in respect of that information.

Based on the above procedure, encrypted backups managed by Macnamara are defined as out of scope for DSARs.

How do we keep information safe?

Macnamara ICT Ltd is dedicated to the confidentiality, integrity and availability of all information it stores and processes and, in respect of personally identifiable information, is determined, at a minimum, to always meet in full its UK GDPR (2018) obligations and to strive to go beyond this high standard in the protection of personally identifiable information.

Macnamara is certified Cyber Essentials Plus, IASME Governance Gold and IASME Quality Principles. Copies of our certificates are available on request from ciaran@macnamara-ict.co.uk

Both in terms of the information we control and process and where we use third-party online services, personal information is encrypted at rest with AES-256 and, in transit with TLS.

Access to our own systems, and wherever possible third-party services we use, are protected by two-factor authentication.

Information is stored and processed within the EEA, where third-party processors are used and the possibility is identified that information may be transferred outside the EEA, we ensure that this is only done in a way that is compliant with UK GDPR (2018) either to a country with a data protection adequacy finding, binding corporate commitments or EU Commission approved standard contractual clauses.

All information is backed up at least daily.

Macnamara staff are restricted in access to information until they have completed the necessary training and their access has been approved by the Managing Director.

When no longer required information is deleted such that it cannot be recovered.

All equipment used to access your information is encrypted and is securely and environmentally responsibly disposed of at end of life.

More information.

If you have questions about this policy or would like to know more about how we store, process and protect the information for which we are responsible or if you have any questions or concerns please contact our Security Lead, Ciaran Kenny by phone on 020 8132 5803, by email at ciaran@macnamara-ict.co.uk or by post at Macnamara ICT Ltd, 16 Upper Woburn Place, London WC1H 0AF.

 

How to complain.

You can complain or raise a concern about anything related to how we store, process or protect personally identifiable information. To do so, please contact our Security Lead, Ciaran Kenny by phone on 020 8132 5803, by email at ciaran@macnamara-ict.co.uk or by post at Macnamara ICT Ltd, 16 Upper Woburn Place, London WC1H 0AF. We will do everything we can to address your complaint or concern.

If you remain dissatisfied or believe that we have not complied with our obligations, you can contact the Information Commissioner’s Office (ICO) and ask for assistance. You should do this within three months of your last contact with us.

You can raise your case with the ICO by following this link: https://ico.org.uk/make-a-complaint/your-personal-information-concerns/

Privacy notice 1: Employees, ex-employees and job applicants.

As your employer, ex-employer or company where you have applied to work, Macnamara ICT Ltd is a Data Controller in respect of the personally identifiable information we hold about you.

What information about you do we store and process?

We gather, store and process only the information required: to verify your eligibility for employment, perform relevant background checks, fulfil our contractual obligations to you, fulfil our legal, statutory or regulatory obligations and maintain your employment records.

To minimise risk to your information we have not detailed the precise information we store and process in this online policy. However, you are entitled to know exactly what personally identifiable information we store or process about you and we maintain a register of personally identifiable information which we are happy to make available to you subject to verification of your identity and right to know.

On what lawful basis do we store and process this information?

In the case of job applicants, we store and process your information based on our legitimate interest in hiring employees. We have determined that our interest in this respect is legitimate in that hiring employees is necessary to the maintenance of the company, storing and processing your information is necessary for this purpose and our doing so is not in conflict with your interests.

For current and past employees, we store and process your information to fulfil our mutual contractual obligations and to meet statutory, regulatory and/or legal requirements.  

What risks do you face?

We regularly conduct Data Protection Impact Assessments (DPIA) in respect of your information and have concluded that unauthorised disclosure of your information would be a significant breach of your privacy and may expose you to risk of identity fraud, embarrassment or other dangers. Corruption, or loss of access to, the information we hold about you presents you with a close to zero risk.

Considering the potentially serious risks involved, we will advise you within 24 hours of our becoming aware of any unauthorised disclosure of your information. We will also report any such breach to the Information Commissioners Office.

Can anyone else access your information?

Except for HMRC, the DWP and other government agencies with the right to access employee information, we do not share your information with any third parties unless we are required to do so by law. We contract with several third-party service providers to store and process your information. In all cases we ensure that such service providers do not have direct access to your information are contractually bound by the provisions of the UK GDPR (2018) in respect of their role as Data Processors of your information.

Amongst the data processors we use to process your information are:

  • Microsoft SharePoint Online
  • Microsoft Exchange Online
  • Microsoft Teams
  • Microsoft Azure

As with your personally identifiable information, to minimise risk to your information we have not included all data processors we use in this online policy, however, we maintain a record of other data processors that we may also use to store or process your information and we are happy to supply this on request subject to verification of your identity and right to know.

For how long do we keep your information?

We retain employee information for as long as it is necessary to fulfil our legal obligations as your employer. Unless otherwise required for statutory, regulatory or legal reasons we maintain your information for the duration of your employment with the company and for seven years afterwards.

All information relating to unsuccessful job applicants is deleted at the end of the relevant recruitment process.

All emails sent from, or received by, Macnamara are retained for five years and then deleted.

Privacy notice 2: Individuals employed by, contracted to or otherwise associated with our clients.

Macnamara ICT Ltd has been contracted by your company or organisation to provide IT support, technical consultancy, planning and implementation, telephony and/or Internet connectivity services. Macnamara is a Data Controller in respect of the personally identifiable information we hold about you.

What information about you do we store and process?

We store and process the minimum personally identifiable information about you to provide our service.

To minimise risk to your information we have not detailed the precise information we store and process in this online policy. However, you are entitled to know exactly what personally identifiable information we store or process about you and we maintain a register of personally identifiable information which we are happy to make available to you subject to verification of your identity and right to know.

On what lawful basis do we store and process this information?

We store and process this information based on the contractual agreement we have with your company or organisation to supply our services and communicate with you and other members of your staff, management and finance departments.

What risks do you face?

We regularly conduct Data Protection Impact Assessments (DPIA) in respect of your information and have concluded that unauthorised disclosure of your information presents you with a close to zero risk to your rights or interests while loss of access to, or corruption of, your information presents you with no identifiable risk.

If we determine that your information has been subject to unauthorised access, we will inform you and your employer within 24 hours of our becoming aware of the breach.

Can anyone else access your information?

Your employer is contractually entitled to access the information we hold about you. We do not share your information with any other companies unless it is necessary to provide service to you, for example, to arrange a delivery to you. We contract with several third-party service providers to provide our service to you. Where this involves sharing your information with them, we ensure that such service providers do not have more than the minimum necessary direct access to your information and that they are contractually bound by the provisions of the UK GDPR (2018) in respect of their role as Data Processors of your information.

Amongst the data processors we use to process your information are:

  • Microsoft SharePoint Online
  • Microsoft Exchange Online
  • Microsoft Teams
  • Microsoft Azure

As with your personally identifiable information, to minimise risk to your information we have not included all data processors we use in this online policy, however, we maintain a record of other data processors that we may also use to store or process your information and we are happy to supply this on request subject to verification of your identity and right to know.

For how long do we keep your information?

We keep your information only for as long as necessary to provide the service we are contracted to provide to your employer. If you end your employment with your company or organisation or our contract with your employer comes to an end, we will delete all personally identifiable information we hold about you.

All emails sent from or received by Macnamara are retained for five years and then deleted.

Privacy notice 3: Individuals employed by, contracted to or otherwise associated with companies who supply Macnamara and/or our clients with goods or services or with whom we have a business partnership.

Macnamara ICT Ltd is an IT support and consultancy company that has a business relationship with the company or organisation for which you work. This relationship may relate to goods or services your company or organisation supplies to Macnamara or to one or more of our clients. We may also have a business relationship with your employer based on other mutual business interests such as a joint venture or Macnamara may be considering buying your goods or services or recommending them to our clients. Macnamara is a Data Controller in respect of the personally identifiable information we hold about you.

What information about you do we store and process?

We store and process the minimum personally identifiable information about you to maintain our business relationship with your company or organisation.

To minimise risk to your information we have not detailed the precise information we store and process in this online policy. However, you are entitled to know exactly what personally identifiable information we store or process about you and we maintain a register of personally identifiable information which we are happy to make available to you subject to verification of your identity and right to know.

On what lawful basis do we store and process this information?

Where either Macnamara or one or more of its clients has a contractual relationship with your business or organisation we store and process your information on the basis that doing so is necessary either to fulfill our contract with your company or organisation or with our client.

Where no contractual relationship is involved, we store and process your information based on our legitimate interest in maintaining our business relationship with your company or organisation or our legitimate interest in providing our service to our client.

We have determined that our interests in these respects are legitimate in that building and maintaining relationships with other companies and organisations is necessary to maintaining and growing our company and providing our service to our clients, storing and processing your information is necessary for this purpose and our doing so is not in conflict with your rights or interests.

What risks do you face?

We regularly conduct Data Protection Impact Assessments (DPIA) in respect of your information and have concluded that unauthorised disclosure of your information presents you with a close to zero risk to your rights or interests while loss of access to, or corruption of, your information presents you with no identifiable risk.

Can anyone else access your information?

We do not share your information with any other companies or organisations unless required to do so by law. We may store your information in third-party provided services. When we do this, we ensure that such service providers do not have more than the minimum necessary direct access to your information and are contractually bound by the provisions of the UK GDPR (2018) in respect of their role as Data Processors of your information.

Amongst the data processors we use to process your information are:

  • Microsoft SharePoint Online
  • Microsoft Exchange Online
  • Microsoft Teams
  • Microsoft Azure

As with your personally identifiable information, to minimise risk to your information we have not included all data processors we use in this online policy, however, we maintain a record of other data processors that we may also use to store or process your information and we are happy to supply this on request subject to verification of your identity and right to know.

For how long do we keep your information?

We keep your information only for as long as necessary to maintain our business relationship with your company or organisation. If you end your employment with your company or organisation or our relationship with your employer comes to an end, we will delete all personally identifiable information we hold about you.

Where your personally identifiable information is included in records that we are required to retain for legal, statutory or regulatory reasons, e.g., invoices or other financial records, your information will be retained as part of these records for seven years or as specified by the legal, statutory or regulatory requirement.

All emails sent from or received by Macnamara are retained for five years and then deleted.

Privacy notice 4: Individuals to whom we market our services with a view to establishing a contractual relationship.

 

Macnamara ICT Ltd is an IT support and consultancy company that wishes to market its services to maintain and grow its business. Macnamara is a Data Controller in respect of the personally identifiable information we hold about you.

What information about you do we store and process?

We store and process the minimum personally identifiable information about you to keep you informed about our company and to develop a relationship with you with a view to building a business relationship with your company or organisation.

To minimise risk to your information we have not detailed the precise information we store and process in this online policy. However, you are entitled to know exactly what personally identifiable information we store or process about you and we maintain a register of personally identifiable information which we are happy to make available to you subject to verification of your identity and right to know.

On what lawful basis do we store and process this information?

We only store and process this information based on your explicit, informed consent which may be withdrawn at any time.

What risks do you face?

We regularly conduct Data Protection Impact Assessments (DPIA) in respect of your information and have concluded that unauthorised disclosure of your information presents you with a close to zero risk to your rights and interests while loss of access to, or corruption of, your information presents you with no identifiable risk.

Can anyone else access your information?

We do not share your information with any other companies or organisations unless required to do so by law. We may store and process your information in third-party provided services. When we do this, we ensure that such service providers do not have more than the minimum necessary direct access to your information and are contractually bound by the provisions of the UK GDPR (2018) in respect of their role as Data Processors of your information.

Amongst the data processors we use to process your information are:

  • Microsoft SharePoint Online
  • Microsoft Exchange Online
  • Microsoft Teams
  • Microsoft Azure

As with your personally identifiable information, to minimise risk to your information we have not included all data processors we use in this online policy, however, we maintain a record of other data processors that we may also use to store or process your information and we are happy to supply this on request subject to verification of your identity and right to know.

For how long do we keep your information?

We will keep your information until you ask us to delete it, enter into a business relationship with us or we consider you are unlikely to be interested in our services.

All emails sent from or received by Macnamara are retained for five years and then deleted.

Further Information

If you have any questions or require clarification or further information on anything in this policy, please contact Ciaran Kenny, either by email at ciaran@macnamara-ict.co.uk, or by phone pn 020 8132 5803‬.

Cookie Notice

This website uses cookies to ensure you get the best experience on our website. Learn More.

Scroll to Top

Subscribe to our monthly newsletter.
Get the best IT tips and Office ideas in your inbox.

We promise to keep your information safe. Unsubscribe at any time. Read our privacy policy.

Get the Ebook

"Five High-Value Business Initiatives That’ll Provide Massive Impact and Help You Get Noticed at Work"

Get this empowering Ebook in your inbox — when you subscribe to the Macnamara Newsletter. What’s in the Newsletter? Insightful articles, invites to exclusive events, powerful ideas, free training resources. Don’t miss out – subscribe today.

We promise to keep your information safe. Unsubscribe at any time. Read our privacy policy.

Get the Ebook

"Five Ideas That'll Help you Tame Unruly Systems and Team Members"

Get this empowering Ebook in your inbox — when you subscribe to the Macnamara Newsletter. What’s in the Newsletter? Insightful articles, invites to exclusive events, powerful ideas, free training resources. Don’t miss out – subscribe today.

We promise to keep your information safe. Unsubscribe at any time. Read our privacy policy.

Get the Ebook

"Five Powerful Ideas That’ll Take Your Personal and Business Development to the Next Level"

Are you an Office Manager who’s looking for next-level ideas? You need to read this Ebook — you’ll get it for free when you subscribe to the Macnamara Newsletter. What’s in the Newsletter? helpful articles, invites to events, powerful ideas, free training resources. Don’t miss out – subscribe today.

We promise to keep your information safe. Unsubscribe at any time. Read our privacy policy.

Get the Ebook

"Your Ultimate Guide To Office Delegation"

Get this empowering Ebook in your inbox — when you subscribe to the Macnamara Newsletter. What’s in the Newsletter? Insightful articles, invites to exclusive events, powerful ideas, free training resources. Don’t miss out – subscribe today.

We promise to keep your information safe. Unsubscribe at any time. Read our privacy policy.