On the 25 May 2018, The General Data Protection Regulation (GDPR) came into effect and applies to all EU businesses.
The regulation requires businesses to document how client data is managed, in a simple and easy-to-understand format. This document details how My IT Guy manages your data.
We take our responsibilities under GDPR seriously, and we welcome the enhanced rights of individuals to maintain control over their personal data.
Legitimate Interest and Contractual Obligations
To offer our services we need to collect key bits of data about you. This data can be used to personally identify individuals and either carry a legitimate interest (a legitimate reason as to why we need it) or a contractual obligation (an agreed reason why we need it).
An example of a legitimate reason: you have contacted My IT Guy, and we therefore have a legitimate interest (reason) to store your data so that we can contact you in return.
An example of a contractual obligation: we are supporting your company’s IT systems. To do this, we need to be able to recognise the individuals in your business that have access to your computer system. The authorisation to keep, manage and secure this data would be laid out in a contract.
Our approach to your data and your clients’ data
We’re keenly aware that our business is all about data; your access to it, manipulation of it, and security of it. We’re sensitive to the fact that we may hold personal data about you and your company and that in some cases we may indirectly have access to personal data about your clients. For example, if we’re tasked with managing your server, we might have access to the personal data stored on it.
- My IT Guy neither needs nor seeks access to information about your clients to perform the IT support services we provide.
- We will never read, share or remove data you hold, unless you expressly request us to do so as part of the IT support work you have tasked us to perform.
- Our focus is on making your data accessible to you, and secure. We have no business with the content of that data.
The data we hold about you
We need to know your name and contact details to be able to identify you, communicate with you, and to securely manage the data we hold about you.
This data is also used to identify you when we’re offering our support and assistance services. An example would be when you report a problem with your computer and we need to be able to identify your computer and account to help you.
The rights you have to your data
You have a right to be informed about how we use your data, as laid out in this document. You have the right to update your personal data, and to have it deleted upon request. You have the right to obtain a copy of your personal data via a Subject Access Request.
The security of your data
We use several services to manage and maintain the data we control and process. These services are vetted to make sure they abide by the highest levels of security, and if they are based in the USA, are Privacy Shield Certified. Where possible, we implement our own additional access controls and security procedures.
The data we hold about you and your company is always encrypted, both in storage and in transfer.
The Data Processors we use to manage your data
All of the third-party services we use recognise the importance of GDPR and have their own statements. My IT Guy will gladly provide information on these Processors to our clients on request.
Subject Access Request (SAR)
It is important that you can find out what personally identifiable data a business holds about you.
You can contact us to make a Subject Access Request and you will need to supply identification before we can proceed with the SAR to make sure that you are the real owner of the data you are requesting. We will then collect the data we hold about you and release it to you within 30 days of your request and suitable identification being produced.
Your first SAR request is free of charge, however, any subsequent requests which fall within a close period of your first request will be chargeable.