Effective Date: 22 August, 2023
In this policy, “Precept IT" refers to Precept IT Limited, “personal data" signifies data that identifies living individuals, “prospect" denotes a business in contact with but without an established relationship with Precept IT (or a representative of a business), and “client" describes a business with an established relationship with Precept IT (or a representative of a business).
Precept IT collects and consolidates personal data, including names, addresses, emails, telephone numbers, transactional data, lifestyle and demographic data, both online and offline. This data is gathered through questionnaires, promotions, our partners, public sources, commercially available databases, our websites, and through professional services provided to clients. Personal data may be retained in identifiable or aggregated form (making individuals unidentifiable) for the purposes listed below.
Information Uses and Disclosures
Precept IT, along with the Precept IT group of companies, and our business partners, prospects, and clients (with Precept IT’s permission), may use this personal data:
- To send you relevant marketing communications.
- To enhance the relevance of marketing communications through lifestyle and demographic insight data.
- To maintain and improve marketing databases.
- To conduct research and analysis.
- For product development and testing.
- For identity validation and fraud reduction.
- To support client relationships.
- To connect and link your data with other marketing and advertising databases and platforms.
- For work planning, management, and strategic decision-making.
All personal data collected by Precept IT complies with the Data Protection Act 2018 and, when collected voluntarily through questionnaires, adheres to the use and disclosure statements on those questionnaires.
Personal data utilised in Precept IT’s data products and services may be shared with and used by members of the Precept IT group of companies globally, subject to appropriate permissions where applicable. We only share personal data outside this group with contracted suppliers that process personal data on our behalf and with our business partners, prospects, clients, and their subcontractors. When sharing with these parties, we ensure the implementation of appropriate contractual safeguards. These parties may be located in the UK or abroad.
Legal Reasons We Collect And Use Your Personal Information
We have a legal basis for all the data we process. We rely on a different legal basis depending on the data we are processing and the reason we are processing it. We rely on the following legal basis in these circumstances:
In some cases, you will give us consent to use your information in a certain way. If you have given us consent to use your data in a certain way, and we have no other legal basis for doing so, we will rely on your consent. The activities where we rely on your consent are:
- Processing job applications. You can withdraw consent at any time; however, please be aware we will be unable to process your application if you do so.
- You always have the right to withdraw your consent at any time. If you wish to withdraw your consent then please contact us using any of the details below.
We will rely on our legal obligations to process information for the following purposes:
- Complying with our responsibilities to regulators and under applicable legislation.
- Complying with our legal obligations as an employer.
- Complying with obligations to HMRC regarding records keeping of our financial activity, including information relating to transactions, billing, and payments.
- Complying with obligations to HMRC regarding their requirements relating to fraud prevention.
- Defending a legal claim or upholding the rule of law.
Performance of a Legal Contract
We will process information that relates to the services we are providing you with, or receiving from you, that are bound by our engagement with you (legal contract). The areas where we are processing data to enter into, or fulfil a legal contract are:
- Delivering services to you under contract and keeping you updated with changes or information relating to those services.
- When we are processing information from you to arrange a contract between us, such as when you give us your details to enter into an agreement for services with us.
- Performance of any legal contract as a supplier or customer.
We may rely on legitimate interest to process information. When we do this we will have assessed our legitimate interest to consider the rights and freedoms of the data subject.
We rely on legitimate interest to process personal information for the purposes to train our staff so that they can provide an exceptional service to all of our clients. There may be scenarios relating to their engagement with you which we review with them as part of training and development.
We rely on legitimate interests in some cases. For example, to invite you to certain events such as webinars and seminars. Our legitimate interest is to provide information to our clients and contacts that will support their use of our services, and that could be of benefit to them. We also rely on legitimate interest to send you marketing information, including offers and information about our services, if we believe they will be beneficial to you.
Who will we share your personal information with?
We take client confidentiality very seriously and will not share any information entered into any of our software or platforms unless required to do so by law. Other information we process we may share with:
- Professional advisers, advisers, and consultants that help us to manage Precept IT and achieve our objectives as a business;
- Training agencies that help us to develop our staff and services;
- Our accountants and solicitors that are engaged by us to provide services required by law, such as filing financial information with HMRC;
- We may use data processors, such as software providers, in the course of running the business including CRM providers, email communication platforms, social media platforms, and help desk management systems;
- Storage and archiving providers to ensure your information is protected securely and backed up.
- Any partners, suppliers, or third parties we share data with will be bound by strict agreements that meet the requirements of UK GDPR and will be monitored for performance with those agreements.
We do use some third-party sub-processors to the extent necessary to process some or all of your personal information. You can view the list of sub-processors we use below.
We will share personal information with official bodies if required by law including the ICO, the police, law enforcement, and intelligence agencies.
As part of providing our services, we may engage various third-party sub-processors to assist in data processing.
Subprocessors, where Precept IT acts as a Controller include:
- Quotient for quotations
- Xero.com for accounts
- HubSpot for CRM
- Mailjet for mailshots
- Fastfieldforms for engineer reports
- Voipcloud for the VoIP system
- Uptimerobot to monitor firewall pings
- Unifi Controller for Wi-Fi
Subprocessors, where Precept IT acts as a Processor include:
- GoTo (using Central SaaS solution for patch management and remote desk to client systems)
- Microsoft (using Office 365 for email support and document storage)
- Freshworks (using Freshdesk to log email support enquiries in relation to the service)
We obtain approval from our clients (controllers) to use the sub-processors listed where Precept IT acts as the Processor and form part of our services. Any changes to these sub-processors require prior approval from our clients.
Transfer of your information outside the UK and European Economic Area (EEA)
For some business activities, it is necessary for us to transfer your personal information outside the UK/EEA or to an international organisation. The providers we use act as the data Processors and are bound by and adhere to UK GDPR requirements, such as Binding Corporate Rules, EU Standard Contractual Clauses including UK Addendum or UK International Data Transfer Agreement (IDTA).
We do not routinely transfer data outside of the UK/EEA, and if we do we will notify you of the reasons, the legal basis for doing so, any relevant risk assessments that we want to make you aware of, and the safeguards in place to protect your rights and freedoms.
How Long will we store your personal data for?
We will only keep your information for as long as necessary to complete the purposes we have described above. We use varying retention periods depending on the purpose of the information processed and review these periodically to make sure we are only keeping what we need (If information can be kept for two different periods, we will keep it for the longer of those two periods).
- Client Information – We will keep information about you as our client for a period of 3 years after our contract with you ends unless we have another legal basis to process that information;
- System information – Any information you enter into our platforms will be kept for a maximum of 12 months after you stop making use of our services. Depending on the service, the retention periods may be shorter than 12 months as stated within the contractual agreement;
- Financial Transactions – Information about you and any financial transactions, including fees paid and payments for services, we will keep for a period of 7 years to comply with HMRC requirements to keep accurate records that can be audited;
- Contact information – Information used in marketing with your consent or to pursue a legitimate interest will be kept for 30 days once you have withdrawn your consent. Otherwise, it will be retained for as long as is necessary and relevant to process personal information for the intended purposes.
Compliance with Data Protection Laws
Precept IT Limited is committed to adhering to the Data Protection Act 2018 and the UK GDPR, ensuring that our data processing activities comply with these regulations. Our commitment to compliance is reaffirmed annually through an evaluation by the Direct Marketing Association, of which Precept IT is an active member.
At all sites owned by or partnered with Precept IT, where technologies like “cookies" are employed, web browsers can be configured to notify individuals upon receiving a cookie. This notification provides individuals the choice to accept or decline the cookie. For an in-depth explanation of how cookies work, please visit www.cookiecentral.com.
We use Google Analytics software to collect information about how you use precept.it and how the website performs during your visit. This includes IP addresses. The data is anonymised before being used for analytics and web performance processing.
Google Analytics processes anonymised information about:
- the pages you visit on precept.it
- how long you spend on each precept.it page
- how you got to the site
- what you click on while you’re visiting the site
- general country/region you access precept.it from
- type of device or browser you used to visit the site
We do not store your personal information through Google Analytics (for example, your name or address).
We will not identify you through analytics information, and we will not combine analytics information with other data sets in a way that would identify who you are.
Opting Out of Digital Advertising Products
To opt out of Precept IT’s digital advertising products, click the opt-out link. Additionally, Precept IT participates in the Online Behavioural Advertising Icon program, allowing consumers to learn how tailored ads are developed and choose whether to receive future tailored ads.
Opting out of Precept IT’s digital advertising products means that Precept IT will no longer collect or share digital advertising data about you with our clients.
Please note that the Precept IT opt-out tool is cookie-based. To ensure the tool functions on your computer, your browser must be configured to accept third-party cookies. If you acquire a new computer, switch web browsers, or delete this cookie, you may need to perform the opt-out process again.
Transfer of Assets
As Precept IT evolves, there may be changes in control, divisions, subsidiaries, affiliates, or segments of Precept IT. In such cases, personal data may be regarded as a transferable asset. Additionally, if Precept IT or one of its divisions, affiliates, or subsidiaries is acquired, personal data may be transferred as part of the assets.
Precept IT places a high priority on security. We make substantial investments in securing our websites and systems to prevent unauthorised access to personal data.
General Data Protection Regulation (GDPR)
The General Data Protection Regulation (GDPR) is a privacy law that applies to the EU. Although the UK is no longer part of the EU, it has adopted the GDPR as the UK GDPR. Under the UK GDPR, the following additional matters apply:
Under the UK GDPR, you have a number of important rights that you can exercise free of charge. In summary, these rights are:
- Transparency over how we use your personal data and fair processing of your information (which includes the right to be given the information in this policy)
- Access to your personal information and other supplementary information;
- Require us to correct any mistakes or complete missing information we hold on you;
- Require us to erase your personal information in certain circumstances;
- Receive a copy of the personal information you have provided to us or have this information be sent to a third party, this will be provided to you or the third party in a structured, commonly used and machine-readable format;
- Object at any time to processing of your personal information for direct marketing;
- Object in certain other situations to the continued processing of your personal information;
- Restrict our processing of your personal information in certain circumstances;
- Request not to be subject to automated decision making which produces legal effects that concern you or affect you in a significantly similar way;
If you want more information about your rights under the UK GDPR, please see the Guidance from the Information Commissioner’s Office on Individual’s rights under the UK GDPR.
If you want to exercise any of these rights, please contact us (calling 0871 288 3642 or by emailing us at email@example.com) and let us know who you are and what right you want to exercise. We may need to ask for additional information regarding your identity, and we may also need some information from you on specific categories of data, types of processing activities, or periods of processing activities that you wish to focus your request around.
We will respond to you no later than one month from when we receive your request.
How to make a complaint
If something does go wrong or you are in any way unhappy with how we have treated your data then please do not hesitate to contact us by calling 0871 288 3642 or by emailing us at firstname.lastname@example.org.
The General Data Protection Regulation also gives you the right to lodge a complaint with a supervisory authority. The UK supervisory authority is the Information Commissioner’s Office who can be contacted at https://ico.org.uk/concerns/.