Privacy Policy

Purpose

The purpose of this policy is to explain to you how we control, process, handle and protect your personal information through the business and while you browse or use this website. If you do not agree to the following policy, you may wish to cease viewing / using this website, and or refrain from submitting your personal data to us.

This privacy notice has been produced in line with the General Data Protection Regulations.

Policy key definitions

  • “I”, “our”, “us”, or “we” refer to the business, Onebyte Limited.
  • “you”, “the user” refer to the person(s) using this website.
  • GDPR means General Data Protection Act.
  • PECR means Privacy & Electronic Communications Regulation.
  • ICO means the Information Commissioner’s Office.
  • Cookies mean small files stored on a users computer or device.

Key principles of GDPR

Our privacy policy embodies the following key principles; (a) Lawfulness, fairness and transparency, (b) Purpose limitation, (c) Data minimisation, (d) Accuracy, (e) Storage limitation, (f) Integrity and confidence, (g) Accountability.

Who are we?

When we refer to ‘we’ (or ‘our’ or ‘us’), that means Onebyte Limited, a company registered in England and Wales under registration number 05329402 at Bankside 300, Peachman Way, Broadland Business Park, Norwich NR7 0LB.

Onebyte is a technology and risk management company.  We collect your personal information to provide you and your company with these services.   As part of this process of managing your IT systems, we provide IT solutions, a helpdesk, remote network management & monitoring, on-site technology alignment, technology strategy reviews and budgeting.  We work to best practise standards and continually align to ensure compliance.

What is personal data?

When we say ‘personal data’ we mean identifiable information about you, like your name, email, address, telephone number, bank account details (employees & suppliers only), payment information, support queries and so on. If you can’t be identified (for example, when personal data has been aggregated and anonymised), then this notice doesn’t apply. This notice applies to clients, staff, partners and suppliers.

Information we may collect

Clients / Customers / Partners / Suppliers

  1. Work or personal telephone number
  2. Work or personal email address
  3. Full Name (First and Surname)
  4. Work address
  5. Home address
  6. IP address

Employees

  1. Full name
  2. Home address
  3. Work address
  4. Telephone Number
  5. Email address
  6. Photograph
  7. Date of Birth
  8. National Insurance Details
  9. Tax Code
  10. Car Registration
  11. Bank Account Details
  12. Posts on Social Media

Examples of how we use data

Using your information in accordance with data protection laws

We may store your name in combination with your desktop or mobile telephone number so that we can contact you to provide our service.

Or we may add your name as a friendly identifier against the computer or computers you use, so we can locate you quickly and provide our IT support service.

The agents/probes we install on your desktops, laptops and mobile devices automatically collect information about the device, such as the internet protocol (IP) address, device type, media access control (MAC) address so we can troubleshoot problems with them and provide our service to you.

We may use your personal mobile phone number or your home address if we are required to install, deliver to or assist with issues in your home network.

How we collect your data

When you visit our website or use our services, we collect personal data.  The ways we collect it can be broadly categorised into the following:

Information you provide to us directly: When you use our services we might ask you to provide personal data to us.  For example, we may ask for your telephone number or email address information when you contact us with questions or request support.   If you don’t want to provide us with personal data, you don’t have to, but it might mean you can’t use our service.

Information we collect automatically: We collect some information about you automatically when you use our services or visit our website, like your IP address and device type.  We also collect information when you navigate through our website and services, including what pages you looked at and what links you clicked on.  For example, if your organisation purchases web filtering services, we will monitor sites to provide security against cyber threats etc…   This information is useful for us as it helps us to provide the best possible experience for your organisation. Some of this information is collected using tracking technologies.

Information we get from third parties:  The majority of information we collect, we collect directly from you.  Sometimes we might collect personal data about you from other sources, such as publicly available materials or trusted third parties like our marketing and research and credit checking partners.  We use this information to supplement the personal data we already hold about you, in order to better inform, personalise and improve our services, and to validate the personal data you provide.

Where we collect personal data, we’ll only process it:

  • to perform a contract with you, or
  • where we have legitimate interests to process the personal data and they’re not overridden by your rights, or
  • in accordance with a legal obligation, or
  • where we have your consent

If you’re someone who works for an organisation that we supply services to and you believe that the organisation has provided us with personal data for us to provide our service, then you will need to contact that organisation to request information about that data (including when you want to access, correct, amend, or request that the user delete, your personal data).

The provision of some data is a contractual requirement or a requirement necessary to enter into a contract. You are not obliged to provide this data, but if you do not, then we may be unable to enter into a contract with you or fully perform the contract we have entered into with you. In some cases, it may lead to the termination of your contract with us.

How we use your data

Onebyte may use your personal data to provide our services to your Organisation, Employer, or to our staff to fulfil our role as Employer to manage pay, tax etc.. The provision of some data is a contractual requirement or a requirement necessary to enter into a contract. You are not obliged to provide this data, but if you do not, then we may be unable to enter into a contract with you or fully perform the contract we have entered into with you. In some cases, it may lead to the termination of your contract with us. We may also use your personal data for other purposes, which may include the following:

To communicate with you.  This may include:

  • providing you with information you’ve requested from us (like ticket responses, help responses, training materials, or product information) or information we are required to send you.
  • operational communications, like changes to our websites and services, security updates, or assistance with using our websites and services
  • marketing communications (about our MSP service or another product or service we think you might be interested in) in accordance with your marketing preferences.
  • asking you for feedback or to take part in any research we are conducting (which we may engage a third party to assist with).

To support you: This may include assisting with the resolution of technical support issues or other issues relating to the services, whether by telephone call, help chat or email.

To enhance our services and develop new ones: For example, by tracking and monitoring your use of websites and services we can keep improving and enhancing our security features, or by carrying out technical analysis of our websites and services we can optimise your user experiences and provide you with more efficient tools.

To protect: So that we can detect and prevent any fraudulent or malicious activity, and make sure that everyone is using our websites and services fairly and in accordance with our terms of use.

To market to you: In addition to sending you marketing communications, we may also use your personal data to display targeted advertising to you online – through our own websites and services.

To analyse, aggregate and report:  We may use your personal data we collect about you and other users of our services to produce aggregated analytics and reports, which we may share with your organisation.

To run our business in an efficient and proper way: This includes testing our systems, managing our financial position, business capability, planning, communications, corporate governance and audit.

Internet cookies

We use cookies on this website to provide you with better user experience. We do this by placing a small text file on your device / computer hard drive to track how you use the website, to record or log whether you have seen particular messages that we display, to keep you logged into the website where applicable, to display relevant adverts or content, referred you to a third party website.

Some cookies are required to enjoy and use the full functionality of this website.

We use a cookie control system which allows you to accept the use of cookies and control which cookies are saved to your device/computer. Some cookies will be saved for specific time periods, where others may last indefinitely. Your web browser should provide you with the controls to manage and delete cookies from your device, please see your web browser options.

Data security and protection

We ensure the security of any personal information we hold by using secure data storage technologies and precise procedures in how we store, access and manage that information. Our methods meet the GDPR compliance requirement.

Sponsored links, affiliate tracking & commissions

Our website does not contain any adverts, sponsored or affiliate links.

Email marketing messages & subscription

Under the GDPR we use the consent lawful basis for anyone subscribing to our newsletter or marketing mailing list. We only collect certain data about you, as detailed in the “How we use your data” above. Any email marketing messages we send are done so through an EMS, email marketing service provider. An EMS is a third-party service provider of software/applications that allows marketers to send out email marketing campaigns to a list of users.

Email marketing messages that we send may contain tracking beacons / tracked clickable links or similar server technologies in order to track subscriber activity within email marketing messages. Where used, such marketing messages may record a range of data such as; times, dates, I.P addresses, opens, clicks, forwards, geographic and demographic data. Such data, within its limitations, will show the activity each subscriber made for that email campaign.

Any email marketing messages we send are in accordance with the GDPR and the PECR. We provide you with an easy method to withdraw your consent (unsubscribe) or manage your preferences / the information we hold about you at any time. See any marketing messages for instructions on how to unsubscribe or manage your preferences.

Our EMS provider is; Hubspot. We hold the following information about you within our EMS system;

  • Full Name (First and Surname)
  • Email address
  • Postal address
  • Phone number
  • I.P address
  • Subscription time & date
  • Other public data sourced by HubSpot

Analysing your communications

We may review, scan, or analyse your communications on the Services for fraud prevention, risk assessment, regulatory compliance, investigation, product development, research, and customer support purposes.

For example, as part of our fraud prevention efforts, we scan and analyse messages to mask contact information and references to other websites. In some cases, we may also scan, review, or analyse messages to debug, improve, and expand product offerings. We use automated methods where reasonably possible.

However, occasionally we may need to manually review some communications, such as for fraud investigations and customer support, or to assess and improve the functionality of these automated tools. We will not review, scan, or analyse your communications to send third party marketing messages to you, and we will not sell reviews or analyses of these communications.

These activities are carried out based on our legitimate interest in ensuring compliance with applicable laws and our Terms and Conditions, preventing fraud, promoting safety, and improving and ensuring the adequate performance of the Services.

Google Analytics and Google Adwords

Parts of the Services use Google Analytics and Google Adwords. Use of Google Analytics and Google Adwords is subject to

Google Privacy Policy:
https://policies.google.com/privacy

AdWords Terms & Conditions:
https://support.google.com/adwordspolicy/answer/54818?hl=en

Google Analytics Terms of Services:
https://www.google.com/analytics/terms/us.html

How we share your data

Other than as stated in this Privacy Policy, we will not release Personal Information to unaffiliated third parties, we will not sell your information on to marketing companies.

There will be times when we need to share your personal data with third parties. We will only disclose your personal data to:

  • third party service providers and partners who assist and enable us to conduct our business and to support your service for example by operating a help desk, provide a billing service,  providing payroll services and credit check agencies.
  • regulators, law enforcement bodies, government agencies, courts or other third parties where we think it’s necessary to comply with applicable laws or regulations or to exercise, establish or defend our legal rights. Where possible and appropriate, we will notify you of this type of disclosure
  • an actual or potential buyer (and its agents and advisers) in connection with an actual or proposed purchase, merger or acquisition of any part of our business
  • other people when we have gained your specific consent.

International Data Transfers

Onebyte shares data with Continuum our helpdesk which is based in the US. Access their privacy and data protection information at https://www.continuum.net/general-data-protection-regulation.

Onebyte shares data with DWS our billing specialists. They are located in the UK and their privacy notice can be found at https://daisygroup.com/privacy/

Onebyte shares data with Connectwise our Professional Services Automation tool. They are located in the US and information on their privacy policy can be found at https://www.connectwise.com/privacy-policy 

Onebyte shares data with Xero Accounting Software, Xero is headquartered in New Zealand. When personal data is hosted or processed outside of the European Economic Area by Xero, GDPR requires that it remains protected by appropriate safeguards in line with EU law. Some of Xero EU customers’ data is processed in New Zealand (where Xero’s Headquarters are located). New Zealand is recognised by the EU as an ‘adequate’ country (i.e. safe country) to receive and process EU personal data, pursuant to European Commission Decision 2013/65/EU. Information on their privacy policy can be found at https://www.xero.com/uk/about/terms/privacy/.

When we share data, it may be transferred to, and processed in, countries other than the country you live in – such as the United States where our helpdesk is locatedThese countries may have laws different to what you’re used to, please be assured where we disclose personal data to a third party in another country,  we put safeguards in place to ensure your personal data remains protected.

For individuals in the European Economic Area (EEA), this means that your data may be transferred outside of the EEA. Where your personal data is transferred outside the EEA, it will only be transferred to countries that have been identified as providing adequate protection for EEA data (like New Zealand), or to a third party where we have approved transfer mechanisms in place to protect your personal data – i.e. by entering into the European Commission’s Standards Contractual Clauses, or by ensuring the entity is Privacy Shield certified (for transfers to US-based third parties).  For further information please contact us using compliance@onebyte.net.

Security

Security is a priority for us when dealing with your personal data.  We’re committed to protecting your personal data and have appropriate technical and organisational measures in place to make sure that happens.
To keep up to date with known phishing and other scams targeting our community, and for information on how to protect yourself from them, sign up to our security blog found on our website www.onebyte.net.

Retention

The length of time we keep your personal data depends on what it is and whether we have an ongoing business need to retain it (for example to comply with legal, tax or accounting requirements).

We will retain your personal data for as long as we have a relationship with you and for a period of time afterwards where we have an ongoing business need to retain it, in accordance with our data retention policies and practices shown below.

Category Data Type Retention Period
Employees Contact details 5 years post-employment
Employees Bank details 3 years post-employment
Employees Pension details 75 years post-employment
Employees Tax details 6 years post-employment
Employees Contact details 6 years post-employment
Employees Pay details 6 years post-employment
Employees Annual leave details 6 years post-employment
Employees Sick leave details 6 years post-employment
Employees Performance details 6 years post-employment
Successful candidates Contact details 6 years post-employment
Successful candidates Qualifications 6 years post-employment
Successful candidates Employment history 6 years post-employment
Successful candidates Ethnicity 6 years post-employment
Successful candidates Disability details 6 years post-employment
Unsuccessful candidates Contact details 6 months post-campaign
Unsuccessful candidates Qualifications 6 months post-campaign
Unsuccessful candidates Employment history 6 months post-campaign
Unsuccessful candidates Ethnicity 6 months post-campaign
Unsuccessful candidates Disability details 6 months post-campaign
Existing customers Contact details End of customer relationship, (on payment of final invoice) + 3 months
Existing customers Purchase history End of customer relationship + 3 months
Potential customers Contact details 1-year post-campaign
Potential customers Lifestyle information 1-year post-campaign

Following that period we will make sure it is destroyed or anonymised.

Your Rights

It’s your personal data and you have certain rights relating to it. When it comes to marketing communications, you can ask us not to send you these at any time – just follow the unsubscribe instructions contained in the marketing communication, or send your request to compliance@onebyte.net

You also have rights to:

  • know what personal data we hold about you, and to make sure it’s correct and up to date.
  • request a copy of your personal data, or ask us to restrict processing your personal data or delete it.
  • object to our continued processing of your personal data.

You can exercise these rights at any time by sending an email to compliance@onebyte.net.

If you aren’t happy with how we are processing your personal data please let us know by sending an email to compliance@onebyte.net.  We will review and investigate your complaint, and try to get back to you within a reasonable time frame.  You can also complain to your local data protection authority.  They will advise you on how to submit a complaint.

Your rights under GDPR

Under the GDPR your rights are as follows. You can read more about your rights in detail here:

  • the right to be informed;
  • the right of access;
  • the right to rectification;
  • the right to erasure;
  • the right to restrict processing;
  • the right to data portability;
  • the right to object; and
  • the right not to be subject to automated decision-making including profiling.
  • You also have the right to complain to the ICO if you feel there is a problem with the way we are handling your data.
  • We handle subject access requests in accordance with the GDPR.

Changes to this privacy notice

Last updated: 12 November 2019  

We may update this Privacy Notice to reflect changes to our information practices from time to time. If we decide to change this Privacy Notice, we will post the changes on this page so visitors to the Onebyte website and our clients and the users of their IT systems are aware of our practices, and we will change the “Last Updated” date above.

If we make a material change to our information practices, such as to how we use Personal Information, we will make reasonable efforts to provide notice on our website and/or through our clients and obtain consent to any such uses as may be required by law.