Privacy policy

What is the purpose of this document?

This privacy notice sets out how iTech Media Services Limited, a private limited company incorporated in England and Wales under company number 09587984 (“iTech”, “our”, “us” or “we”), uses and protects personal information collected regarding individuals who use our website, contact us, deal with our business or visit our offices, etc.

Under applicable data protection law, iTech is the ‘data controller’ which means we are legally responsible for personal information collected. We are registered as a data controller at the Information Commissioner’s Office, with registration ZA308307.

This privacy notice explains how and why we use your personal information, so it is important that you read it carefully.

If you have any questions about this privacy notice, please email us at legal@itech.media.

We reserve the right to amend this privacy notice from time to time without notice to you - therefore we recommend that you periodically check it to understand how we are processing your data.

Who does this document apply to?

This policy applies to our use of your personal data as a data controller in the following circumstances:

• When you use this website.
• When you contact us.
• When you apply for a job with us.
• When you work for a third-party organisation who we deal with.
• If you are a visitor to one of our offices as a guest.
• If you take part in a research/marketing survey for us.
• If you undertake any work experience with us.

This policy doesn’t apply to information about our employees.

Data protection principles

We comply with applicable data protection law and principles, which means that your data will be:

• Used lawfully, fairly and in a transparent way.
• Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
• Relevant to the purposes we have told you about and limited only to those purposes.
• Accurate and kept up to date.
• Kept only as long as necessary for the purposes we have told you about.
• Kept securely.

We will also keep appropriate records of processing to comply with the accountability principle under data protection law.

How we obtain your personal data

Primarily, we obtain personal data directly from you - either through your use of this website, when you contact us or deal with our organisation. Sometimes we receive information about you through third parties, but only during our course of usual business activities, for example where we use a recruitment agent or where a supplier has recommended a company that you might work for.

The kind of information we hold about you

The types of personal data that we hold about you will depend on the way that we have received your data. For example:

• Website users - we may process online identifiers to understand how our website is being used. More details on this can be found in our cookie policy.
• Where you contact us - we may process your name, contact details, any other information about yourself that you provide in your communications.
• When you apply for a job with us, we will collect your name, contact details and other relevant information regarding your application.
• When you visit our office - we may process your name, contact details, ID, CCTV footage of you, Wi-Fi usage information.

Please note that these are examples only and not intended to be an exhaustive list.

How we will use information about you

We will only use the personal information we collect about you to carry out our usual business activities, including but not limited to:

• internal reporting and record-keeping, to help manage and improve our operations.
• working with third-party organisations, where you might work for such organisation.
• deciding whether to appoint you to a role that you have applied for.
• complying with health and safety legislation, where we have a legal obligation to do so.

Our lawful basis for processing information about you

1. Legitimate interests

• Processing your personal data may be necessary for us to carry out our usual business activities, such as contacting you about an email you have sent us, recruiting new employees, managing safety and security or when we are contacting new suppliers, IT companies, etc.

2. Performance of a contract

• Where we have a contract with you or an organisation that you represent/work for, then we may process your personal data to carry out our contractual obligations.

3. Compliance with a legal obligation

• We may also process your personal data if we are subject to a legal obligation imposed on us, in order to comply with this obligation.

4. Consent:

• Where we use non-essential cookies on our website, we only do so if you have provided your consent prior to their use. More information can be found on our cookies policy.

How we use special category personal data

Special category personal data is data relating to racial or ethnic origin, political opinions, religious and philosophical beliefs, trade union membership, health data, biometric data or sexual orientation.

It is unlikely that we will process any special category personal data about you. If we do, then we will only process such data after receiving your explicit consent or, when we cannot get your consent, where processing is necessary to protect your vital interests. For example, if we need to process your health data due to a medical emergency and you are incapable of giving your consent.

Information about criminal convictions

We do not envisage that we will process information about criminal convictions.

Automated decision-making

You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making.

Data sharing

Why might you share my personal information with third parties?

We will only share your personal information with third parties in accordance with our legal basis for processing your personal data. For example, where we use third parties to help support us to carry out our usual business activities or where you have provided us with your consent to do so. We may also share your personal information with third parties where we have a legal obligation to do so.

All our third-party service providers are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.

International transfers

Some of our employees are based outside of the UK, for example in Poland and Spain, and so your personal information may be processed in these territories. Currently no additional safeguards are required for transfers of data to or from the UK and the EEA.

In some circumstances, a third-party that we work with may require a transfer of data outside of the UK/EEA, to a country that is not subject to an adequacy decision. In such scenarios, we include the relevant “Model Clauses” as part of the contract with those third parties, to ensure any transfer is subject to appropriate safeguards according to applicable data protection law.

Data security

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need-to-know. They will only process your personal information on our instructions and where they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected or actual data security breaches and will notify you and any applicable regulator where we are legally required to do so.

Data retention

How long will you use my information for?

Unless we are under a legal obligation to retain your personal information, we will only retain your personal information for as long as it is required for our purposes of processing. The exact time that we will retain your personal information will vary depending on the purpose of our processing.

Where we are required to retain certain information for legal or regulatory reasons, then we may retain such data for longer than we otherwise would for our own business purposes. After any period of retention, we will securely delete your personal information in accordance with applicable laws and regulations.

Where you have applied for a job at iTech, you may wish us to retain your personal information on file, on the basis that a further opportunity may arise in future. We will give you an opportunity to confirm this when you make your application.

Rights of access, correction, erasure, and restriction

Your rights in connection with personal information

Under certain circumstances, by law you have the right to:

• Request access to your personal information (commonly known as a "data subject access request"). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
• Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
• Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
• Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
• Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
• Request the transfer of your personal information to another party.

If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please email us at legal@itech.media.

Right to withdraw consent

Where you consent to the use of cookies on the iTech website, you always have the option update your preferences to withdraw this consent at any time.

Where you have applied for a job at iTech, if you agree to allow us to retain your personal data on file on the basis that a further opportunity may arise in future, and we may consider you for that, you have the right to withdraw your consent for processing for that purpose at any time. To withdraw your consent, please contact legal@itech.media. Once we have received notification that you have withdrawn your consent, we will no longer hold your personal data on file and subject to any legal requirements, we will securely delete your personal data.

Data protection officer

We do not have a legal obligation to appoint a data protection officer but have appointed a data privacy manager to oversee compliance with this privacy notice. If you have any questions about this privacy notice or how we handle your personal information, please email us at legal@itech.media.

Complaints

You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues. The Information Commissioner’s Office can be contacted at Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF www.ico.org.uk. The ICO helpline number is 0303 123 1113.

Last updated: 12 July 2023