As you probably know, the GDPR Regulations come/came into force on 25^th May 2018. It applies to anyone holding Personal Identifiable information. In our case, as your communications/IT provider, this is limited to Usernames, Phone Numbers, Handsets Provided and Details of Service Provided. We do not hold any other personal information. All other information we hold is related to the Business or Company, IT Equipment, Software Licenses etc. and as this is technically not Personal Information, this falls outside the scope of the GDPR Regulation.

We have sought advice to check where we stand with holding Usernames, Phone Numbers and Service data and, because of our Contract to provide Communication Services, we are classed as having a legitimate need to keep this information on record. Because the Information we hold is specifically related to the employees of the Companies we deal with and is only related to providing the telecommunications of that company, we do not need to obtain individual consent from every individual to hold this information. If we kept records of Home Addresses, Dates of Birth, Bank Details etc. then we would need the consent of everyone.

1. Our Policy for handling client’s data

• Our staff have been trained to comply with the new GDPR regulations
• All data we hold/collect is appropriate for the service we are providing to a client
• It is encrypted and stored securely and only shared with partners with the consent of the data owner
• No data is shared with third parties whom are not providing a pre-contracted service for the client
• We process requests to purge (forget) data no longer relevant within 5 working days
• If a request to purge data will prevent a contracted service from being provided, then we will notify the requester

2. Data Subject Access Requests

• Upon receipt of a request we will confirm it is from an authorised representative
• SAR’s are processed and despatched within 28 days from the date of the request being validated
• If the request includes actions for the data, then this will also be processed

3. Data Breaches

• As per our policy all staff are trained to report a data breach as soon as identified to the Data Protection Officer
• The Data Protection Office will in turn:
  • Collate details around the breach including When, What & How it happened
  • Measures taken to prevent/correct the breach
  • Identify whose data has been breached
• They will then advise the ICO and Client affected of the details above as soon as possible*   We will be transparent about the information we are collecting and what we will do with it.
  *   We will use the information you give us for the purposes described in our Privacy Policy, which include providing you with services you have requested and enhancing your experience with Cheshire Business Services.
  *   We will also use the information to help us understand you better and so that we can give you relevant information.
  *   If you tell us, you don’t want to receive these messages we will stop sending them. We will, of course, continue to send essential information relating to a product or service you have purchased or contracted to , to keep you informed.
  *   We will put in place measures to protect your information and keep it secure.
  *   We will respect your data protection rights and aim to give you control over your own information.
  . If you have further questions please get in touch with us by writing to Director Cheshire Business Services (2008) Limited 89-91 Buxton Road Heaviley Stockport Cheshire SK2 6LR
  Without prejudice to your rights under applicable laws, the above is not  contractual and do not form part of your contract with us.