The term “Altodigital Networks Limited” or “us” or “we” refers to the owner of this website. The term “you” refers to the user or viewer of this policy.
Altodigital is an independent provider of office technology and supplies with over 35 years’ experience offering a range of products and services spanning across print, IT, communications, document management and office supplies. To complement these services, Altodigital offers a UK based call centre and 24/7 web portal. To support the service capability, Altodigital also operates a network of nationwide technical expertise.
Altodigital own many business assets, including physical items, IT services, communication systems, information and personnel, all of which have a high value to Altodigital and therefore need to be suitably protected.
To ensure the adequate protection of these business assets from a wide range of threats, Altodigital employs an Information Risk Management approach to the implementation of physical, procedural, technical and personnel security measures throughout the organisation. This ensures that all risks pertinent to Altodigital’s business assets are identified, prioritised, managed and treated in an effective and consistent manner, thereby maintaining their Confidentiality, Integrity and Availability.
We appreciate the trust you place in us when sharing your personal data. The security of that data is very important to us. In this document, we will explain how we collect, use and protect your personal data.
We will also explain what rights you have with regards to your personal data and how you can exercise those rights.
Altodigital Networks Limited (Altodigital), has committed to protect all processing of personal data, and has appointed a Data Protection Officer (DPO).
Altodigital’s management team are committed to ensuring that all their employees responsible for the processing of personal data are aware of and comply with the contents of this policy.
In addition, Altodigital will make sure all Third Parties engaged to process personal data on their behalf (i.e. their Data Processors) are aware of and comply with the contents of this policy. Assurance of such compliance must be obtained from all Third Parties, whether companies or individuals, prior to granting them access to personal data controlled by Altodigital.
Personal data should be collected only from the data subject unless one of the following apply:
If personal data is collected from someone other than the data subject, the data subject must be informed of the collection unless one of the following apply:
Where it has been determined that notification to a data subject is required, notification should occur promptly, but in no case later than:
Data subjects have the right to be informed about the collection and use of their personal data, when required by applicable law, contract or where it considers that it is reasonably appropriate to do so, Altodigital will provide this information to data subjects.
When the data subject is asked to give consent to the processing of personal data and when any personal data is collected from the data subject, all appropriate disclosures will be made in a manner that draws attention to them, unless one of the following apply:
These disclosures may be given orally, electronically or in writing. If given orally, the person making the disclosures should use a suitable script or form approved in advance by the DPO. The associated receipt or form should be retained, along with a record of the facts, date, content and method of disclosure.
Altodigital collects and processes personal data such as a contact name, phone number, and email address for the following purposes:
Altodigital will process personal data in accordance with all applicable laws and applicable contractual obligations. Specifically, Altodigital will not process personal data unless at least one of the following requirements are met:
There are some circumstances in which personal data may be further processed for purposes that go beyond the original purpose for which the personal data was collected. When deciding as to the compatibility of the new reason for processing, guidance and approval must be obtained from the DPO before any such processing may commence.
If consent has not been gained for the specific processing in question, Altodigital will address the following additional conditions to determine fairness and transparency of any processing beyond the original purpose for which the personal data was collected:
Due to the nature of Altodigital as a business, Children’s data is not processed.
To ensure that the personal data it collects, and processes is complete and accurate in the first instance and is updated to reflect the current situation of the data subject, Altodigital shall adopt all necessary measures.
The measures adopted by Altodigital to ensure data quality include:
Altodigital will not retain personal data for longer than necessary in relation to the purposes for which it was originally collected, or for which it was further processed. All personal data should be deleted or destroyed as soon as possible where it has been confirmed that there is no longer a need to retain it.
Altodigital shall adopt physical, technical and organisational security measures to protect data subjects’ Confidentiality, Integrity and Availability.
This includes the prevention of loss or damage, unauthorised alteration, access or processing, and other risks affecting the confidentiality, integrity and availability of the personal data.
The minimum set of security measures to be adopted are set out in Altodigital’s Information Security Policy and includes the following:
The DPO will establish a system which will enable the exercise of rights granted to the data subjects, which under the EU GDPR are:
Legal requirements may override the rights of EU GDPR which shall be taken into consideration if a data subject’s rights are to be exercised.
Based upon a written subject access request to the DPO by contacting firstname.lastname@example.org. and successful confirmation of identity, data subjects are entitled to obtain the following information about their own personal data:
It should be noted that situations may arise where providing the information requested by a data subject would disclose personal data about another individual. In such cases, information must be redacted or withheld as necessary or appropriate to protect that person’s rights.
All Altodigital entities must obtain personal data using only lawful and fair means where appropriate with the knowledge and consent of the individual concerned.
Altodigital is committed to requesting and receiving consent of an individual prior to the collection, use or disclosure of their personal data.
The DPO, with the cooperation of the business, shall establish a system for obtaining and documenting data subject consent for the collection, processing, and/or transfer of their personal data. The system must include provisions for:
Data subjects have the right to withdraw consent of the processing of their personal data at any time.
To request withdrawal of consent, please contact the DPO by email: email@example.com
Altodigital may transfer Personal Data to internal or Third-Party recipients located in another country where that country is recognised as having an adequate level of legal protection for the rights and freedoms of the relevant data subjects.
An approval transfer mechanism is complied with when transferring to countries lacking an adequate level of legal protection.
Altodigital employees may only transfer personal data where one of the transfer scenarios listed below applies:
For Altodigital to carry out its business effectively across its various Altodigital entities, there may be occasions when it is necessary to transfer personal data from one Altodigital entity to another, or to allow access to the personal data from an overseas location. Should this occur, the Altodigital entity sending the personal data remains responsible for ensuring protection of that data.
When transferring personal data to another Altodigital entity, Altodigital must:
Should you wish to discuss a complaint, please feel free to contact the DPO by email: firstname.lastname@example.org.
All complaints will be treated in a confidential manner.
Should you feel unsatisfied with our handling of your data, or about any complaint that you have made to us about our handling of your data, you are entitled to escalate your complaint to a supervisory authority within the European Union. For the United Kingdom, this is the Information Commissioner’s Office (ICO), who is also our lead supervisory authority. Its contact information can be found at https://ico.org.uk/global/contact-us/.
The EU GDPR introduces a responsibility on all organisations to report certain types of personal data breaches to the supervisory authority for the UK the Information Commissioners office (ICO) https://ico.org.uk/
The timescale of reporting a data breach must be within 72 hours of becoming aware of the breach. If the breach is likely to result in a high risk of adversely affecting an individual’s rights and freedoms, organisations must also inform the individuals affected without undue delay.
Altodigital must also keep a record of any personal data breaches, regardless of whether notification is required.