Information About Us
Median IT Limited, a limited company registered in England under company number 12902437 with registered address at 183 Edgware Road, NW9 6LP, London
Data Protection Officer
We are registered with the Information Commissioners Office (ICO) as a data controller. Under GDPR article 37, Median IT has not appointed a Data Protection Officer (DPO) as we are not required to . The person responsible for data privacy is our Managing Director.
Email us: firstname.lastname@example.org
Write to us: Managing Director, Median IT Limited, 183 Edgware Road, NW9 6LP
The Information we gather
What information we collect?
During the course of conducting business operations, Cardonet collects, stores and processes specific personal data including, but not limited to: We generally collect the following data:
– First Name
– Last Name
– Email Address
– Phone Numbers
– IP Address
Why we collect that information
The main reason information is collected is for the purposes of providing services and support, maintaining customer relationships, business operations and the ongoing development of business activities. Additional reasons for collecting your data are provided below.
Where we store that information
This data is currently stored in our CRM, Marketing Automation and internally managed helpdesk systems. These are secure, fully encrypted systems that provide leading access restrictions. We rely on our providers to back up the systems and we back up our helpdesk solution internally.
How long we hold that information
Unless there is a specific legal requirement for us to keep the information, we will retain it for no longer than is necessary for the purposes for which the data was collected or for which it is to be further processed. We make reasonable efforts to keep the data we hold up-to-date and accurate.
Systems we use to process data
We use different systems to process data, including:
- CRM and Marketing automation systems.
- Servers, storage, networks and connections.
- CCTV and access control systems.
- Telecoms and Communications systems.
- Remote Access and Monitoring Tools.
- Email and instant messaging systems.
- Helpdesk system and support related tools.
- Intranet and Internet systems.
- Guest WIFI Portal Logins
Why we process Personal Data
We process information about you for the following reasons:
- Marketing our business.
- Compliance with legal, regulatory and corporate governance obligations and good practice
- Ensuring business policies are adhered to.
- Ensuring the confidentiality of commercially sensitive information.
- Statistical analysis.
- Preventing unauthorised access and modifications to systems.
- Processing customer or third-party data.
- Analysing purchasing preferences and improving services.
- Providing customer services.
- Operational reasons, such as recording transactions, training and quality control.
- Ensuring safe working practices, monitoring and managing staff access to systems and facilities.
- Recording human resource information, such as staff administration and assessments, monitoring staff conduct and disciplinary matters.
- Checking references.
Under the Data Protection Legislation, you have the following rights, which we will always work to uphold:
- The right to access the personal data we hold about you.
- The right to have your personal data rectified if any of your personal data held by us is inaccurate or incomplete.
- The right to be forgotten, i.e. the right to ask us to delete or otherwise dispose of any of your personal data that we hold.
- The right to restrict (i.e. prevent) the processing of your personal data.
- The right to object to us using your personal data for a particular purpose or purposes.
- The right to withdraw consent. This means that, if we are relying on your consent as the legal basis for using your personal data, you are free to withdraw that consent at any time.
- The right to data portability. This means that, if you have provided personal data to us directly, we are using it with your consent or for the performance of a contract, and that data is processed using automated means, you can ask us for a copy of that personal data to re-use with another service or business in many cases.
- Rights relating to automated decision-making and profiling. We do not use your personal data in this way.
How and where we store your Personal Data?
we will only store your personal data or store some of your personal data in the UK. This means that it will be fully protected under the Data Protection Legislation.
we will only store your personal data OR store some of your personal data within the European Economic Area (the “EEA”). The EEA consists of all EU member states, plus Norway, Iceland, and Liechtenstein. This means that your personal data will be fully protected under the EU GDPR and/or to equivalent standards by law. Transfers of personal data to the EEA from the UK are permitted without additional safeguards.
we may store some or all of your personal data in countries outside of the UK. These are known as “third countries”. We will take additional steps in order to ensure that your personal data is treated just as safely and securely as it would be within the UK and under the Data Protection Legislation as follows:
we ensure that your personal data is protected under binding corporate rules. Binding corporate rules are a set of common rules which all our group companies are required to follow when processing personal data. For further information, please refer to the Information Commissioner’s Office.
we will only store or transfer personal data in or to countries that are deemed to provide an adequate level of protection for personal data. For further information about adequacy decisions and adequacy regulations, please refer to the Information Commissioner’s Office.
we will use specific approved contracts which ensure the same levels of personal data protection that apply under the Data Protection Legislation. For further information, please refer to the Information Commissioner’s Office.
Please contact us about the particular data protection safeguards used by us when transferring your personal data to a third country.
Personal data security is essential to us, and to protect personal data, we take the following measures:
- limiting access to your personal data to those employees, agents, contractors, and other third parties with a legitimate need to know and ensuring that they are subject to duties of confidentiality.
- procedures for dealing with data breaches (the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, your personal data) including notifying you and/or the Information Commissioner’s Office where we are legally required to do so;
Do we share your Personal Data?
We will not share any of your personal data with any third parties for any purposes, subject to the following exceptions.
In some limited circumstances, we may be legally required to share certain personal data, which might include yours, if we are involved in legal proceedings or complying with legal obligations, a court order, or the instructions of a government authority.
we may contract with third parties for hosting and data storage purposes:
If you sign up for newsletter during WIFI signup in places where we provide WIFI service.
If any of your personal data is transferred to a third party, as described above, we will take steps to ensure that your personal data is handled safely, securely, and in accordance with your rights, our obligations, and the third party’s obligations under the law.
we may change this Privacy Notice from time to time. This may be necessary, for example, if the law changes, or if we change our business in a way that affects personal data protection.