IT LAB LIMITED (“We”) are committed to protecting and respecting your privacy.
This policy (together with our terms of website use and any other documents referred to on it) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
For the purpose of the General Data Protection Regulation (GDPR) (the Regulation), the data controller is IT Lab Limited of Floor 2, 40 Bernard Street, Bloomsbury, London, WC1N 1LE.
By registering as a user of the services provided by IT Lab or by using the website generally, you agree to these terms.
Questions, comments and requests regarding this privacy statement are welcomed and should be addressed to firstname.lastname@example.org
General questions, comments and requests should be addressed to email@example.com
HOW WE COLLECT AND USE (PROCESS) YOUR DATA
We may collect and process the following data about you:
- From information that you provide by filling in forms on our site www.itlab.com (our site). This includes information provided at the time of registering to use our site, subscribing to our service, posting material or requesting further services. We may also ask you for information when you report a problem with our site.
- If you contact us, we may keep a record of that correspondence.
We may also ask you to complete surveys that we use for research purposes, although you do not have to respond to them.
- From details of transactions you carry out through our site and of the fulfilment of your orders.
- From details of your visits to our site including, but not limited to, traffic data, location data, weblogs and other communication data, whether this is required for our own billing purposes or otherwise and the resources that you access.
- For recruitment purposes. The information we ask for is used to assess your suitability for employment. You don't have to provide what we ask for but it might affect your application if you don't.
Our legal bases for processing your data will be one of the following: performance or fulfilment of a contract, legitimate interest where an assessment has been carried out or your consent where necessary but this will be made clear at the point of data collection. We will only process your data in the following manner:
- Lawfully, fairly and transparently;
- Only for the purpose stated at the time of collection;
- Only personal data that is adequate, relevant and limited to what is necessary for the stated purpose will be collected;
- It is your responsibility to ensure that any personal data you provide is accurate at the time of collection and if there are changes to the personal data, and we will take every reasonable action to ensure the data remains accurate;
- Your personal data will not be kept longer than necessary for the stated purpose except for statistical reasons in which case appropriate technical and organisational measures will be implemented to safeguard your data;
- We will process your data in a manner that ensures security using appropriate technical or organisational measures.
We may collect information about your computer, including where available your IP address, operating system and browser type, for system administration and to report aggregate information to our advertisers. This is statistical data about our users’ browsing actions and patterns, and does not identify any individual.
WE MAY USE INFORMATION HELD ABOUT YOU IN THE FOLLOWING WAYS
We use information held about you in the following ways:
- To ensure that content from our site is presented in the most effective manner for you and for your computer.
- To provide you with information, products or services that you request from us or which we feel may interest you, where you have consented to be contacted for such purposes.
- To carry out our obligations arising from any contracts entered into between you and us.
- To allow you to participate in interactive features of our service, when you choose to do so.
- To notify you about changes to our service.
We may also use your data, or permit selected third-parties to use your data, to provide you with information about goods and services which may be of interest to you and we or they may contact you about these by post or telephone.
If you are an existing customer, we may contact you by various means with information about goods and services similar to those which were the subject of a previous sale to you.
If you are a new customer, and where we permit selected third parties to use your data, we (or they) may contact you by various means if you have consented to this.
We may share your data with third-parties for marketing purposes. If you do not want us to; please contact firstname.lastname@example.org if this is your preference.
USE OF IT LAB WEBSITE AND SOCIAL MEDIA
If you follow a link from our website, application or service to another site or service, this statement will no longer apply. We are not responsible for the information handling practices of third party sites or services and we encourage you to read the privacy statements appearing on those sites or services.
Our websites, applications or services may enable you to share information with social media sites, or use social media sites to create your account or to connect your social media account. Those social media sites may automatically provide us with access to certain personal information retained by them about you (for example any content you have viewed). You should be able to manage your privacy settings from within your own third-party social media account(s) to manage what personal information you enable us to access from that account.
Please refer to the terms of website use for guidance.
This site uses Google Display Advertising, specifically, Google Remarketing.
- If you would like to opt-out of Google Analytics for Display Advertising and customise Google Display Network ads you can use the Ads Preferences Manager.
- We use Remarketing with Google Analytics to advertise online.
- Third-party vendors, including Google, show our ads on sites across the Internet.
- We, and third-party vendors, including Google, use first-party cookies (such as the Google Analytics cookie) and third-party cookies (such as the DoubleClick cookie) together to inform, optimise, and serve ads based on someone’s past visits to our website.
WHEN AND HOW WE SHARE INFORMATION WITH OTHERS
We may disclose your personal information to any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.
We may disclose your personal information to third parties:
- In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
- If IT Lab or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
- If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of website use or supply and other agreements; or to protect the rights, property, or safety of IT Lab, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
TRANSFERRING PERSONAL DATA
The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. Such staff maybe engaged in, among other things, the fulfilment of your order, the processing of your payment details and the provision of support services. By submitting your personal data, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy statement. Such measures may include (without limitation) transferring the Personal Data to a recipient in a country that the European Commission has decided provides adequate protection for personal data, to a recipient that has achieved binding corporate rules authorisation in accordance with data protection legislation, or to a recipient that has executed standard contractual clauses adopted or approved by the European Commission.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to prevent unauthorised access.
YOUR RIGHTS (DATA SUBJECT RIGHTS)
Under GDPR, you have the following rights as an individual which you can exercise in relation to the information we hold about you:
- The Right of Access to obtain from the controller confirmation as to if personal data concerning you is being processed.
- The Right to Rectification of inaccurate personal data concerning you.
- The Right to Erasure (otherwise known as the right to be forgotten) of personal data concerning you without undue delay.
- The Right to Restrict Processing under certain conditions.
- The Right to Data Portability where you can receive the personal data concerning you in a structured, commonly used and machine readable format and have the right to have those data transmitted to another controller.
- The Right to Object to processing of your data at any time on grounds relating to your particular situation.
- The Right Not to be Subject to Automated Decision Making including Profiling.
- The Right to lodge a complaint with the Supervisory Authority (SA) which in the UK is the Information Commissioners Office (ICO).
- You will not be charged for data subject access requests (except where the request might be excessive or unreasonable) and you will receive a response to any data subject request within one month (30 days).
You can also exercise any of the above rights at any time by contacting us at email@example.com.
Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
SECURITY OF YOUR INFORMATION
We take the security of all the data we hold very seriously. We adhere to internationally recognised security standards and our information security management system relating to client confidential data is independently certified as complying with the requirements of ISO/IEC 27001: 2013. We have a framework of policies, procedures and training in place covering data protection, confidentiality and security and regularly review the appropriateness of the measures we have in place to keep the data we hold secure.
DATA STORAGE AND RETENTION
All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted using SSL technology. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
All personal data is subject to a retention schedule which takes into account the statutory retention periods of certain data.
CHANGES AND UPDATES TO THE PRIVACY STATEMENT
Any changes we may make to our privacy statement in the future will be posted on this page and, where appropriate, notified to you by e-mail.
Date of last update: 18/05/2018