1. Privacy Statement
1.1 Black Bear IT Solutions Limited and its partners ("Black Bear IT Solutions", "us", and "we") respect your right to privacy. At Black Bear IT Solutions, we look after your personal information carefully. We adhere strictly to the requirements of UK data protection law and, in accordance with current law, we are registered on the public register of data controllers which is looked after by the Information Commissioner.
2. What does Black Bear IT Solutions do?
2.1 Black Bear IT Solutions is a Managed Service Provider and Cloud Service Provider to businesses, as well as a Hardware supplier and IT Support company.
3. What information does Black Bear IT Solutions collect, and when?
3.1 There are lots of 'touch points' where you may provide data to us voluntarily or where it is collected automatically. Given the number of services we offer, what data we collect from you depends on individual clients, potential clients and their users. Types of personal data we typically collect at different touch points includes:
• When you visit our website:
we may collect certain information automatically from your device. For example, your IP address, device type, unique device identification numbers, browser type, broad geographic location (e.g. country or city-level location) and other technical information. We may also collect information about how your device has interacted with our website, including the pages accessed and links clicked.
• When you become a client of Black Bear IT Solutions and purchase services/hardware from us:
your companies name, contact/user name, billing/delivery/supply address, orders and receipts, email, telephone number and a record of the products and services that you either currently have or have had from us in the past 3 years.
• When you contact us by any means (such as telephone, email, letter or SMS) with account queries or to complain about the service you have received:
the content of your communications with us, including emails, letters, webchats and phone calls. When we call you or you call us, we will record any telephone calls that we have with you, to make sure that we are providing you with a good service and meeting all our responsibilities.
• When you book an engineer visit or call with technical queries:
information about your network, the problem you are experiencing, type of software used, any other details we need and/or that you give us to help solve the problem.
• When you choose to complete any surveys we send you, we will receive the information you volunteer about your use and of our goods and services. •
When you ask for a quotation for a new service and/or product we will retain information pertinent to that quotation, as deemed appropriate by our staff and/or given by the client.
• When you've given a third-party permission to share with us the information they hold about you. For example, your previous telephone, broadband or IT supplier.
• Whenever any of our suppliers share information with us about the product or service you have purchased.
3.1.1 Sensitive Data: some of the information that you provide to us may include sensitive business information, for example; number of users, turnover, business growth and your clients & suppliers. You may provide this information to us voluntarily, for example during communications relating to account management. If we need to keep sensitive information obtained from you, we will obtain your consent, at the point when we ask you to provide this information.
4. Why does Black Bear IT Solutions process the information that it does?
Most commonly, we need business information for one of four reasons: (1) to perform a contract and/or support clients; (2) where it is in our legitimate interests to do so; (3) where it is required to comply with legal or regulatory obligations; and (4) where you have provided your consent.
4.1 Where we use your data to carry out contract(s) and provide products or services to you, if you don't give us the correct information, we might not be able to provide you with the product or service(s) you ordered from us. We need your personal information in order to do the following:
• Supply you with the services you selected and to support you with those services.
• Instruct our partners to provide you with the services you have selected; (when we do this, we still control your personal information and we have strict controls in place to make sure it's properly protected)
• Send you product or service-information messages (for example, to inform you of any changes that might affect your service)
• Manage your account (such as accurately billing you for the services and taking payment for services);
• Update our records about you (to ensure that they are up-to-date and accurate);
• Comply with our regulatory obligations;
• Detect fraud; and
• Check your identity.
4.2 We may also use this information for legitimate business purposes, such as:
• If you have not opted out, or where we are otherwise permitted by law, provide you with marketing communications about similar good and services;
• To improve our products and service offerings;
• Staff training;
• Recovery of bad debt; and
• Analysing business metrics.
5. Who does Black Bear IT Solutions share my information with?
5.1 We may disclose your personal information to the following categories of recipients:
• to any competent law enforcement body, regulatory, government agency, court or other third party where we believe disclosure is necessary (i) as a matter of applicable law or regulation, (ii) to exercise, establish or defend our legal rights, or (iii) to protect your vital interests or those of any other person;
• to any other person with your consent to the disclosure.
6. Legal basis for processing your information
6.1 The law on data protection sets out a number of different reasons for which a company may collect and process your data. Our legal basis for collecting and using the information described above will depend on the personal information concerned and the specific context in which we collect it, including:
In specific situations, we can collect and process your data with your consent. For example, when you consent to enable us to quote for or to provide services to you.
When collecting your personal data, we'll always make it clear to you which data is necessary in connection with a particular service.
6.3 Contractual necessity
In certain circumstances, we need your personal data to comply with our contractual obligations. For example, if we contract to IT Support we'll need to collect your name and business address details in order to provide you with onsite support at the correct address.
6.4 Legal compliance
If the law requires us to, we may need to collect and process your data. For example, we can pass on details of people involved in fraud to law enforcement agencies.
6.5 Legitimate interest
Sometimes, we require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests.
We carry out the following activities on the basis of legitimate interest:
• Marketing activities: you may choose not to receive marketing communications from us. If you do not opt-out from receiving marketing communications from us, you will be provided with communications about other similar services and products we feel would benefit your company from time to time and we may also request you to complete client satisfaction questionnaires. A facility is provided to enable you to opt-out of receiving marketing communications at any time (as instructed in every communication of this type).
• Carrying out credit checking for credit accounts, this includes both the initial check to offer credit and the ongoing monitoring of your credit file for our security.
• Collection of debt: we may need to process your data in order to recover unpaid debt.
• Data Analytics: we analyse customer data in order to better understand our client base and our service offering. We may also identify if you would benefit from particular goods and services (ie tailoring our marketing to you).
6.6 If you have questions about, or need further information concerning, the legal basis on which we collect and use your personal information, please contact us using the contact details provided below.
7. Cookies and similar tracking technology
8. How does Black Bear IT Solutions keep my information secure?
8.1 We use appropriate technical and organisational measures to protect the information that we collect and process about you. The measures we use are designed to provide a level or security appropriate to the risk of processing your personal information.
8.2 We check your identity when you get in touch with us, and we follow our security procedures and apply suitable technical measures to protect your information.
8.3 Specific measures we use include:
a. Implementing design principles within our infrastructure (e.g. use of firewalls);
b. adopting security safeguards against attacks (e.g. internal and external monitoring of network traffic use); and
c. security policies which provide working guidelines to our staff as well as enforce controls and procedures in line with data protection law and other industry-specific compliance requirements.
9. International data transfers
9.1 Your information will not be sent outside of the UK by us. Whilst all our partners are UK based, some have non-UK operations and they may send your information outside the UK. A list of partners who may do this can be requested.
10. Data retention
10.1 We retain information we collect from you only for as long as is necessary for the purpose for which it was collected. In most cases, we will keep your information while you're one of our clients, and for three years after. In other cases we'll store personal information for the periods needed for the purposes for which the information was collected or for which it is to be further processed. And sometimes we'll keep it for longer if we need to by law.
10.2 At the end of the retention period, your data will either be deleted completely or anonymised, for example by aggregation with other data so that it can be used in a non-identifiable way for statistical analysis and business planning.
11. Automated decision making
11.1 At this time we do not make use of any automated decision making techniques with your information. Should this change all clients would be informed with the right to opt out if appropriate.
12. Your data protection rights
12.1 You may have the following data protection rights:
• If you wish to access, correct, update or request deletion of your information, you can do so at any time by contacting us using the contact details provided below.
• In addition, you can object to processing of your information, ask us to restrict processing of your information or request portability of your personal information. Again, you can exercise these rights by contacting us using the contact details provided below.
• You have the right to opt-out of marketing communications we send you at any time. You can exercise this right by clicking on the "unsubscribe" or "opt-out" link in the marketing emails we send you. If you would prefer to opt-out over the telephone, or to opt-out of other forms of marketing (such as postal marketing) then please contact us using the contact details provided below.
• Similarly, if we have collected and processed your information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.
• You have the right to complain to a data protection authority about our collection and use of your information. For more information, please contact your local data protection authority. (Contact details for Information Commissioner's Office are available at www.ico.org.uk/global/contact-us)
12.2 We respond to all requests we receive from clients wishing to exercise their data protection rights in accordance with applicable data protection laws.
14 . Links from our Website to other sites
14.1 Please be aware that our site may provide access to other websites by linking to them. We are not responsible for the data policies (including data protection and cookies), content or security of these linked web sites.
15. How to contact us
15.1 If you have any questions or concerns about our use of your personal information, please contact Richard Alford as below:
• 01524 889158
• 2 Norfolk Street, Lancaster, LA1 2BW
15.2 The data controller of your personal information is Black Bear IT Solutions Limited, which is registered with the ICO with registration number ZA138368.
References to “Default” means any act, representation or omission by Black Bear IT Solutions Ltd, it’s officers, employees or agents which is done, made or not done as a result of any act, representation or omission in connection with this Agreement as a result of which Black Bear IT Solutions Ltd is legally liable to the Customer or any third party whether in contract, tort or otherwise. A number of Defaults which together result in or contribute substantially the same loss or damage shall be treated as one Default occurring on the date of occurrence of the last such default.
- Support Services
Black Bear IT Solutions Ltd will provide support for all systems or software. Any material changes to the system configuration without Black Bear IT Solutions Ltd being informed will render that system excluded from the Support Contract. It is the Customer’s responsibility to ensure that all systems or software not installed by a Black Bear IT Solutions Ltd engineer is compliant and free from corruption and to notify Black Bear IT Solutions Ltd of any new systems, hardware or software or it will not be supported.
Where parts are to be purchased on behalf of a Customer, the Customer will be responsible for all costs including VAT and delivery. Payment for parts or software shall be made prior to ordering the equipment, although Black Bear IT Solutions Ltd may accept normal invoiced payment in urgent cases and at it’s discretion. Delivery times cannot be guaranteed and no liability can be accepted for consequential damages caused directly or indirectly by late deliveries whatever the cause. Black Bear IT Solutions Ltd warrants replacing defective goods within the manufacturer’s “returns” period which ranges from 0 to 3 days depending on the source of the goods. The Customer shall also return all warranty cards and execute all licenses with the manufacturers of all and any hardware or software provided by Black Bear IT Solutions Ltd under this Agreement.