Oxford Computer Consultants is committed to protecting and respecting user privacy and security. Whenever users provide us with user personal information via a website “Site(s)”, we will treat that information following the relevant data protection policy, and current UK Data Protection legislation. Typically, we will be Data Processors acting on behalf of our clients; the Data Controller.
Please read the following carefully to understand our views and practices regarding user personal data and how we will treat it. This policy may change from time to time, so please check this page periodically.
Oxford Computer Consultants
Oxford Computer Consultants (OCC) is a company limited by guarantee. The registered address is 23-38 Hythe Bridge Street, Oxford OX1 2EP. OCC will act as the Data Processors of all data submitted via websites hosted by OCC for our clients. Users can contact our Data Protection Officer by email at firstname.lastname@example.org.
User privacy is important to OCC. We comply with the provisions of the General Data Protection Regulation (GDPR), which came into force on the 25th May 2018, and the UK Data Protection Act 2018. To this end, it is possible to visit our hosted sites without revealing personal or sensitive data. We may, however, request information from users such as their contact details. Data entered on our hosted sites is not explicitly shared with any third parties, though data may be stored in Microsoft Azure and/or Amazon AWS cloud services.
Following the General Data Protection Regulation 2018 (GDPR), the legal basis for our processing of user data is consent (for the purposes listed in the section below). Users may withdraw this consent at any time by contacting us using the details stated above. GDPR provides users with the following rights regarding their data:
- Users have the right to access any personal data which we hold on them, including details of what information is stored, to which recipients data has been disclosed and how long the data will be retained. We will provide access to their information as soon as is reasonably possible within one month of the request. Access is free of charge, though we may charge an administration fee for any further copies requested of the same data. Please contact us at email@example.com.
- Users have the right to rectification of their data where it is inaccurate or incomplete; if this data has been disclosed to a third party, we will inform them of the rectification wherever possible.
- Users have the right to restrict further processing of their data where they have requested rectification of personal data. Once the accuracy of personal data has been established, we will inform them before lifting the restriction on processing.
- Users have the right to the erasure of their data where their consent has been withdrawn or where it is no longer needed for the stated purpose. We will erase their information as soon as is reasonably possible within one month of the request. We will inform third parties of this erasure wherever possible.
- Users have the right to data portability, whereby they can obtain a copy of their data and reuse it in a different IT environment. We will provide this data in an open, machine-readable format (e.g. CSV) within one month of their request.
- Users have the right to complain to a supervisory body if they are dissatisfied with how their data has been handled. The appropriate body in this case would be the Information Commissioner’s Office.
Who has Access to User Information?
We are committed to protecting the personal data of our clients, supporters, users and members. Any details users give us will be held per the General Data Protection Regulation 2018 and Data Protection Act 2018. OCC will not sell, share, or rent this information to third parties unless we have users’ explicit permission to do so, or we are required to do so by law, for example, by a court order or for the prevention of fraud or other crime.
Data Retention Policy
Users data will be retained no longer than is necessary for the data processing purposes identified above; this will be determined based on consent. We will hold the data users submit until user consent is withdrawn or until the details we hold are no longer considered to be valid. User data will be deleted within one month if users withdraw consent to continued processing and request that their data be erased. For business continuity, we create regular backups of website data. Backups will be retained no longer than 30 days. If data is erased, any backup of the data will be deleted at the end of the retention period. However, should we restore any data from a backup before the retention period has elapsed, we will manually remove all such data from the restored system (rather than attempt to delete the data from all the backups).
Security Precautions in Place to Protect the Loss, Misuse or Alteration of User Information
When users give us personal information, we employ security best practice to ensure that it is treated securely. The transmission of all information users send to, and receive from hosted sites is encrypted. Once we receive user information, it is stored on secure servers and protected by our strict security procedures.
Whilst we take reasonable steps to protect user personal information, the internet is not completely secure and as such Oxford Computer Consultants cannot guarantee the security of any information users transmit to us, and users do so at their own risk.
Where we have given (or where users have chosen) a password that enables users to access certain parts of sites hosted by us, the users are responsible for keeping this password confidential. We ask users not to share passwords with anyone.
If at any time users would like to contact us with their views about our privacy practices, or with any enquiry relating to personal information, users can do so by using the aforementioned contact details.