Protecting our customers’ data is a priority for Everything Tech. With the General Data Protection Regulation (GDPR) coming into effect in May, we welcome the opportunity to deepen our commitment in the area of data privacy & I.T. Security.
We are making changes to our policies, processes, products and systems to ensure that we comply with the Regulation and continue to put data protection first. We’re also committed to helping our customers meet their requirements under the Regulation.
Information we collect & store
In order to provide our services, we need to collect information about your business and your employee’s:
A. Employee Information.
To provide support we need to collect information about you, your business and its employees. We collect business email addresses, mobile and fixed line telephone numbers along with the business address.
B. Transaction Information
In order to take payments from our clients we employ the services of GoCardless. As a recognised Direct Debit provider GoCardless confirm to the latest security standards and are ISO27001 compliant. Everything Tech have limited access to your details on the GoCardless platform, we are not able to identify complete account details.
C. Access your information and data
As your IT provider it would be impossible to perform our work without complete access to your servers and data. Every customers contract contains the following clause:
Data Protection & Privacy
It will be necessary for ET to have full unrestricted access to the customer’s data for the period of this contract. Throughout the contract, we commit to:
- Store and access data in accordance with industry standard guidelines.
- Where applicable and possible we will encrypt all customer data both on and off site. Off-site backups will be encrypted with high encryption and not accessible to anyone other than ET.
- Request explicit permission from a Director of The Client before we share or expose any data to a third party.
- Treat data in the strictest confidence.
- Only access data when required to carry out our responsibilities as outlined in this agreement.
In most cases Everything Tech provide backup services to its customers. In all cases (unless otherwise expressly stated in writing data is stored in the following manner
• On servers that reside inside the EU.
• Encrypted in transit (data is encrypted when its being sent to the cloud based storage).
• At rest (data is encrypted where it’s stored).
Protection of your Information
We will take reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your personal information. We store passwords for our customers servers and services in a secure portal. All passwords are encrypted and access is controlled by two factor authentication.
Access to your systems (computers, server & networking equipment) is via our secure Endpoint Management solution and can only be accessed by Everything Tech Employees.
Everything Tech will retain records relating to staff members for up to three years after you tell us the member of staff has left the organisation. We do this in order to retain ticket information should we be required to recover information about an issue relating to your IT.