Data protection at NetSupport

NetSupport Limited is committed to keeping information provided by you confidential and we shall always be transparent with you about how we are using your details. As customers or others who want to interact with us, you should always feel safe and secure in how your data is handled.

This policy explains how we comply with the General Data Protection Regulation (GDPR), the Data Protection Act 2018 (DPA) and the Privacy and Electronic Communications Regulations (PECR).

The R.I.S.E. Magazine is a site aimed at sharing the best of practices and resources across the education community and is provided by NetSupport Ltd, as set out in our Terms and Conditions.

This Privacy Notice aims to explain this website, our marketing and education activities and our interaction with you at events, and where these may affect your privacy and personal details. For example, how we process, collect, manage and store those details and how your rights under the GDPR, DPA and PECR are adhered to.

As this site also enables a subscription membership, at no cost, additional information is provided.

How do we obtain your information and why?

In all cases where we collect personal information, we will always endeavour to tell you why we need the information and how we will use it.

Existing subscribers to the R.I.S.E. Magazine mailing list have already provided contact details to allow us to notify you of when new issues of the magazine are available. In additional, general information about NetSupport activities and products may also be shared. Information on existing subscribers is kept for a maximum of 12 months, or until they become a subscribing member of the R.I.S.E. Magazine site. At that point they are considered members, and previous subscription records are removed for this purpose.

Members

Existing subscribers who register for membership of this site will also remain subscribed to notifications about new issues of the magazine, as well as periodic summaries of recent articles and, when available, notifications of new articles (including member-only articles).

Members will provide a username, contact email address and can then also provide information around their full name and organisation. This is deemed as ‘contact information’.

Accessing our website

NetSupport collects information we learn about you from visiting our website and using our online services. Our website gathers statistical and other analytical information from all visitors to it. Your web browser automatically lets us know:

  • the website from which you come from when visiting us
  • your IP addres
  • the date and time of access, and,
  • the browser you are using and the operating system of your device.

We use this information to ensure a stable connection, the efficient use of our website, and also to evaluate system security and stability. This is necessary and in our legitimate interest. We do not use your geographic presence to target you to particular regional sites.We keep this information for a maximum of 12 months but may remove it at an earlier date to ensure accurate information is collected. This is deemed as ‘visitor information’ and is collected for both subscribing members and anonymous visitors.

Subscriptions to mailing lists

Subscribing members are added to a new mailing list as part of joining the R.I.S.E. Magazine website. This includes the option to receive notifications about other NetSupport activities, and you can remove yourself from NetSupport information at any point.

Storage and retention

How we store your information

All information is stored either in our data centre in the UK, on cloud servers hosted in the EU or through other vetted data processors who store data within the US. Where additional tools are used to process personal data, if they are outside of the UK or EU, supply chain management is in place to ensure all relative compliance is adhered to.

Who can access your personal data?

NetSupport Limited takes significant care to ensure only staff trained for the relevant role can access and use your personal data, and only for the purpose it was collected for. Access controls are in place to prevent unintentional or intentional access by unauthorised employees.

Who do we share with?

NetSupport Limited will never sell your information or share it with any third party. However, we will share your details with any government agency entitled to this information by law.

How long do we keep your personal data?

Existing subscribers to the R.I.S.E. Magazine notifications will have their data retained for this purpose for a maximum of one calendar year from the publication of this Privacy Notice.

New subscriber members of this site, and existing subscribers who become subscribing members of this site, will be retained for the period of their membership plus one calendar year, unless requested otherwise. Where this information is used to inform you of other NetSupport Ltd information, this will be retained for as long as required or until we know the information is no longer correct, unless informed otherwise.

Your rights

Overview

You have the following rights if the respective legal requirements are met:

  • the right to be informed about the collection and use of your personal data
  • the right to have access to your personal data
  • the right to request rectification of incorrect data or completion of incomplete data
  • the right to request deletion of your personal data stored with us
  • the right to request restriction of processing of your data
  • the right to request data portability
  • the right to object to the processing of your personal data.

Right to be informed

You have the right to be informed about the collection and use of your personal data:

  • the purposes for which the personal data are processed
  • the categories of personal data that are processed
  • the recipients or categories of recipients of the personal data
  • the retention periods for the personal data
  • all available information about the origin of the data, if the personal data was not collected from you
  • the details of the existence of existence of an automated decision-making process, including profiling
  • the details of transfer of the personal data to any third countries or international organisations.

Right of access

You have the right to receive, upon request, information about the personal data stored with us about you, free of charge, commonly known as ‘data subject access request.’ You have the right to ask for:

  • confirmation of the data processing activities involving your data
  • a copy of your personal data, and
  • information outlined in this Privacy Policy.

Right to rectification

You have the right to seek the immediate rectification by us of inaccuracies in your personal data. Considering the purposes of the processing, you have the right to request the completion of incomplete personal data and add newly available supplementary information.

Right to erasure

You have the right to request from us that personal data concerning yourself is immediately erased if one of the following grounds applies:

  • the personal data is no longer necessary for the purposes for which they have been collected or have been processed in any other way
  • you withdraw consent and there is no other legal ground for the processing
  • you object to the processing and there are no overriding legitimate grounds for the processing to continue
  • the personal data has been unlawfully processed, or
  • the deletion of the personal data is necessary for the fulfilment of a legal obligation.

Where our processing of your data is based on your consent, you have the right to withdraw your consent, but this will not affect the lawfulness of the processing based on your original consent. We will no longer process your data for the purpose you originally agreed to unless we have another legal basis for continuing to process your data, which we will explain to you.

In the event that we have made the personal data public and are obliged to delete it, we will take appropriate measures insofar as possible to ensure this data is removed. This may include us informing the third party processing your data to delete all links to the personal data (copies or replications).

Right to restriction of processing

You have the right to request from us a restriction of the processing, if one of the following requirements exist:

  • the correctness of the personal data is disputed by you
  • the processing is unlawful and you request a restriction of the use of the personal data rather than its deletion
  • we no longer require your personal data for the purposes of the processing, but you require it in order to enforce, exercise or defend legal claims, or
  • you have raised an objection to the processing, so long as it is not certain whether the legitimate grounds of NetSupport outweigh those of yourself.

Right to data portability

You have the right to receive the personal data that concerns you, which you have provided to us, in a structured, common and machine-readable format, and you have the right to transfer this data to another data controller without hindrance by us, considering:

  • the processing is based on consent or on a contract, and
  • the processing takes place with the aid of automated procedures.

When exercising your right to data portability, you have the right to ensure that the personal data is transferred directly by us to another data controller, where this is technically feasible.

Right to object

You have the right to object to the processing of your personal data, for reasons arising from your particular situation.

The above general right of objection applies to all processing purposes described in this Privacy Notice, which are processed on the basis of legitimate interests. This also applies in relation to data processing for the purpose of direct mail for marketing purposes. If you object to any processing of data, it will be stopped with effect for the future unless we, as the controller, are able to demonstrate overriding legitimate grounds for further processing that outweigh your interests.

You can ask us to stop sending you direct mail, or emails, or ask us to stop processing your details. Finally, if we do something inappropriate with your information, you can request compensation for any distress you are caused or loss you have incurred. You can find out more information on the ICO’s website http://ico.org.uk/for_the_public/personal_information.

Lawful bases, partners and e-privacy

Lawful bases

As well as having a purpose for needing and using your personal data, it has to be down within the limits of legislation. Under GDPR, this means Articles 6 and 9 tell us the specific lawful bases and the conditions behind using them. Where you are an existing subscriber to notifications, this has been through the lawful basis of consent. For new subscribing members, or those who change to be subscribing members, this will be a new instance of consent.

Cookies

Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site.

We do not store any personal data in the cookies that we use, or store the information anonymously to assist us in the running of the site, or for monitoring the activity and traffic both to and through our website. To do this, we use Google Analytics cookies.

We provide a control panel to help you choose which optional cookies you may wish to accept.

Depending on the browser you use, you should be able to control what cookies are placed on your device through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.aboutcookies.org or www.allaboutcookies.org.

To opt out of being tracked by Google Analytics across all websites visit http://tools.google.com/dlpage/gaoptout.

Partners and data processors

Data processors

As the data controller, we work with a range of companies to provide services and to run our business. These are covered as data processors and we take all reasonable steps to ensure that any data they process on our behalf is done as we have instructed and not used for other purposes. Below are tables covering the data we collect relating to each data processor and the purpose the data is used. This list is dynamic and will change from time to time. We will update this notice and advise people to review it should it be required. Unless there is a significant and specific change, we would not contact individuals, nor would we make specific announcements.

Infrastructure, commercial and financial

Service providerData collected or processedPurposePlace of processing
SiteGround
  • Hosting
  • Membership
This is a web hosting provider. We use it to store and publish the website and any information collected, including membership.UK

Analytics

Service providerData collected or processedPurposePlace of processing
Google Analytics
  • Device details
  • Ad ID details
  • Safeguarding information
Understand user activity to ensure the right solution works.US

Comms

Service providerData collected or processedPurposePlace of processing
Intuit Mailchimp
  • Contact details
  • Type of relationship
Notification of new editions of magazine, articles, and/or other relevant activities.US

 

DATA SHARING

[This is for any specific data sharing that we do (whether legally required or for specific reasons), e.g. HMRC, research, etc.]

Where information is used for research and analysis purposes, all personal data is anonymised prior to sharing, and is no longer considered personal data. Where research has been commissioned as part of larger case studies, reasonable efforts are made to ensure any personal data which has been anonymised cannot be combined with other data to subsequently identify individuals.