1. Introduction
RedMosquito is a private limited company registered in Scotland SC258294.
RedMosquito is the controller of data we collect when you have an account on our client access portal or ticketing system. This notice describes our privacy practices that govern how and why we collect data when you create an account and when you subsequently use our portal or other services. Our different portals facilitate many functions of our IT Managed Services including ticketing, reporting and remote access.
RedMosquito is required to gather some personal data to meet statutory and contractual requirements. This document contains detailed information about the purposes for which your data will be processed by RedMosquito and the legal basis for processing. It relates to data you share with us and data shared by others on your behalf.
2. Securing your Personal Data
RedMosquito GDPR compliance program has taken place over the past 12 months during which we have audited our systems and updated policies and procedures as required. We have completed a Data Protection Impact Assessment, Privacy Policies, Cookie Policy and have the required procedures in place to process Subject Access Requests. As part of our preparations we have reviewed our security accreditations and we are in the final stages of preparations for the internationally recognised Information Security standard ISO 27001.
In October 2018 RedMosquito gained ISO 27001:2013 certification, confirming that we have implemented industry standard security measures to ensure the secure management of your personal data. This includes appropriate physical, organisational and technical measures to safeguard your information. We regularly review these measures and where appropriate, we strengthen and enhance those measures. In particular, we have implemented multi-factor authentication for all systems.
Whenever we send your personal data to you, we will ensure appropriate security is applied to prevent unauthorised access to your personal data or interception of your personal data by anyone not authorised to have it.
If you wish to send any of your personal data to us, we strongly recommend you do not send it by open email. Instead, you should select a safe method to provide your personal data to us such as in a password protected archive.
3. How we use personal data
Personal data you give to us
You may give us information when you request a quote, purchase our products and/or use our services or supply services to us, for example:
- If you apply for a quote from us.
- If you enter into a contract with us for the purchase of one of our products or the provision of services, and when you use those services;
- If you register with our customer access portal or contact us via the form on our website;
- If you submit a query to us, for example by email, telephone or social media, (including where
you reference us in a public social media post); and - If you participate in any marketing activity such as entering a competition, or promotion, or
survey.
4. When you provide personal data to us about someone else on their behalf
When giving us information about an employee or a person connected to your business, you confirm that they have appointed you to act on their behalf including giving you consent to instruct us to process their personal data, to receive this data protection notice on their behalf and to inform them about the way in which we will process their personal data.
5. Information we create from your personal data
We will create some information with your personal data internally, for example:
- When we assign you a customer account ID;
- When we create a support ticket in order to assist you with a technical issue;
- When we place an order for equipment (hardware and/or software) at your request, which is to be delivered directly to your premises;
6. Legal Basis for Processing
We will always ensure that any personal data we receive has been collected lawfully and fairly in accordance with your rights under the relevant data privacy laws. Where appropriate we will ask for your consent for the specific use of your personal data.
Where we are using the personal data that you provide to us for the purpose of setting up and administering your Managed IT Services we will not seek your consent for this purpose. This is because the personal data you provide to enable you to purchase the services will legitimately be used by us to do what you have requested. Your rights and the protection of your personal data are not in any way hindered by this approach.
The legal basis for processing shall be where processing is necessary for the performance of a contract, compliance with a legal obligation, to protect your vital interests, for the performance of a task carried out in the public interest or where you have given consent.
7. Personal information we hold about you
The information we hold about you may include:
- Your name, address, contact details;
- Details about any contact we have had with you such as providing quotes;
- Details of the services you have received, support tickets you have created;
- Feedback that you give to us regarding the services we have provided; and
- Records (logs) of telephone calls between you and us.
8. Who we share your personal data with
Disclosure for regulatory or legal purposes:
RedMosquito will only share your personal data with other companies or organisations where there is a legitimate reason for doing so. For example, we are obligated to provide information to specific Government departments such as HM Revenue and Customs.
Our service providers – we may pass your data to third party service providers contracted to RedMosquito in order to provide you with the services you require. Through the contracts and security measures we put in place, any third parties that we may share your data with are obliged to keep your details secure and to use them only to fulfil the service they provide to you on our behalf.
9. Sharing your personal data with your authorised representative
You have appointed an Administrative Contact and a Security Contact (Primary Contact and Accounts Approver) in order to enable us to communicate with you appropriately when providing our services, we may send them copies of correspondence relating to the services and any renewal documentation. We may disclose information to them where appropriate to enable them to make decisions about the services we provide.
Please be sure to tell us if you authorise or nominate a new Administrative Contact or Security Contact so that we are able to only send your personal data to the right person.
10. Our use of other companies to provide our products and services to you
To assist us in the provision of our Managed IT Services we use other companies who work or provide related services under contracts with us. We ensure that the level of security and the quality of service provided by those other companies is equivalent to the standard of services we provide to you.
Some of the companies who work under contracts with us are located in countries outside of the European Economic Area. Where this is the case we transfer your personal data to them on terms that are approved by the Information Commissioner. This is to ensure the appropriate security for your information, both in the transfer stage and when it is processed, and that your rights and confidentiality are protected in the same way as they would be if your personal data was processed in the UK.
11. Retaining your personal information
RedMosquito will normally only keep your personal data for as long as necessary to provide you with the services you’ve chosen and to ensure we meet our regulatory obligations. This means that we will normally hold your account information and the personal data we have collected during the term of the plan for seven years after your services contract has finished.
At the end of this time period we will securely delete all personal data that identifies you or could be used to identify you. We will also ensure that any of the suppliers who have processed your personal data throughout the term of your contract delete your personal data from their systems.
12. Right to access, correct and delete your personal data
GDPR affords you with rights. These rights are summarised below. In order to assert any of these rights, you may contact RedMosquito.
The Right of Confirmation: Each Data Subject shall have the right to obtain from the Controller the confirmation as to whether or not Personal Data concerning him or her are being processed.
The Right of Access: You have the right to request access to the personal data held by us. You can do this by submitting a Subject Access Request.
Right to Rectification: You have the right to request that we correct any personal data we hold where it is inaccurate or incomplete
Right to Erasure (Right to be Forgotten): In certain circumstances you shall have the right to ask us to delete and erase the personal data we hold about you.
Right of Restriction of Processing: You have the right to restrict us processing your personal data where certain conditions apply such as, where you question the accuracy of your personal data we are processing.
Right to Data Portability: You have the right to receive the personal data in a structured, commonly used and machine-readable format.
Right to Object: You shall have the right to object, to certain types of processing of personal data such as direct marketing.
Automated Individual Decision-Making, Including Profiling: You shall have the right not to be subject to a decision based solely on automated processing, including profiling.
Right to Withdraw Consent: Where consent forms the basis for processing. You shall have the right to withdraw his or her consent to the processing of his or her personal data at any time. You can withdraw consent by contacting the Data Protection Officer.
13. Marketing
We constantly review our range of products and services as we want to provide the most innovative and relevant Managed IT Services to our customers. We are continually negotiating with market leading service providers, that we want you to take advantage of, so we would like to keep you informed about all of these exciting new products and services available to you.
You have the right to object to the use of your personal data for marketing purposes and RedMosquito is obligated to ensure marketing information is not sent to you if you assert this right.
If you do give us your permission to send marketing information to you, we will provide you with the opportunity to change your mind every time.
When you purchase a product or services from Red Mosquito Limited you may be provided with access to the Customer Access Portal where you can manage your tickets and create reports about the services we provide.
We will use cookies to track your use of our website to assist us in tailoring the layout and content of our site. When you visit certain pages on our website, a cookie will be downloaded onto your computer which will enable us to track which pages you visit and how often. To find out more about our cookie policy, please go to Terms and Conditions.
14. Data Protection Complaints
We want all of our customers to be happy with the way their personal data has been processed by us. If you are unhappy about the way, we have managed your personal data we would like to know about this. We are constantly striving to ensure we do the right thing, and we would like to be able to put things right.
You’ll find the contact details for our complaints teams at: https://www.redmosquito.co.uk/contact
However, if you are still dissatisfied you have the right to contact the Information Commissioner, who regulates compliance with Data Protection regulation and laws at: ico.org.uk.
You can also call the ICO on 0303 123 1113 or 01625 545 745 or you can write to them at:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
If you have any queries in respect of your Data Protection rights or the way your personal data is processed by RedMosquito please call us, email us at: data.protection <AT> redmosquito.co.uk or write to us at:
Data Protection
RedMosquito
21 Panorama Business Village
Glasgow
G33 4EN