ITILITY LTD is committed to upholding the eight Data Protection Principles of good information handling practice.
Data must be:
These principals are intended to protect the rights of individuals about whom we record personal data. For further information on Data Protection please go to the website of the Data Protection Registrar. If you have any questions concerning personal information or if you wish to see details of the information held about you, please contact our Support Team.
What information we hold about you and where we obtain this from;
The personal data that we collect about you may include the following information:
We collect your personal data from you as a controller when we provide quotations for a service you have requested, when we setup your service for and when we make changes to your service or provide support/maintenance for that service. This may also involve the collection of data from or about others who are associated with you and your service or those you have given us permission to contact in connection with providing that service. By giving us information about someone else for the purpose of arranging your services, you confirmed that you have their permission to do so and that you have shared this privacy notice with them.
Our services are not directed or available to children, and you may not use our services if you are under the age of 16. We will take reasonable steps to identify our customers and confirm their age. No products or services that we offer are made available to anyone who cannot confirm their age.
We also collect information from publicly available sources and third party databases made available to the industry such as Action Fraud for the purposes of reducing fraud and financial crime as well as any other third party databases where your personal data may be held, provided such third parties have a lawful basis on which to share such personal data with us.
Why we record this data
We collect data in order to conduct our business and to develop and improve our service/support to our customers. Information (such as name, address, and contact details) and other information is collected in order to bill our customers, manage and maintain customer accounts and provide service to them.
Your data is critical to your business, so it is essential that you are in control of it. We only hold your customer and contact information for the purpose of setting up your services and billing for those services. We do not store or hold any payment information. We will never ask you for any other information, personal or otherwise, unless it is required in the unusual event that information is necessary for a specific service you have requested. We will not store that information.
We do not share any of your information or data with anyone unless we are required to do so in order to provide a service you have requested, by law enforcement authorities or under the direct instruction of a Court.
How we use your personal data and the lawful basis for doing so
Where we are relying on a basis other than consent
We may rely on one or more of the following legal bases when processing your personal data for the following purposes:
We may exchange information with reference agencies through various databases to help us check information provided and also prevent fraudulent use of our services.
Purposes for which we process your personal data and the basis on which we can do this (this is what the law allows)
In order to perform our contractual obligations to you. This would include our fulfilling your requests for services we offer and maintaining those services;
The processing is necessary in connection with any contract that you may enter into with us
To administer your account, including financial transactions relative to the services we offer;
The processing is necessary in connection with any contract that you may enter into with us
To assist in the prevention and reduction of fraud and other financial or cyber-crime;
The processing is necessary for us to comply with the law and our legal requirements
In the interests of security and to improve our service, telephone calls you make to us may be monitored and/or recorded;
The processing is necessary to pursue our legitimate interest in the management and operation of our business
Special categories of data and criminal convictions
We may also need to collect special categories of data from you, such as information about your online intentions, in order to perform our contractual obligations to you. The lawful basis on which we can do this is that the processing is necessary for reasons of substantial public interest relating to fraud and financial or cyber-crime. We may also collect information on criminal convictions which we may share with third parties. The lawful basis on which we can do this is that the processing is necessary for reasons of substantial public interest.
Marketing and selling
We collect personal information from you through online registration forms, telephone conversations and e-mails, for market and product analysis in relation to the services we provide only. We process personal information collected via our websites in order to:
Data may also be stored concerning the way you use and manage your account and the products or services that you request us to provide.
How we contact you about other products and services
We may from time to time process your personal data to let you know about similar products and services that may be of interest to you. This is because we value your custom and we pride yourselves in offering professional and tailored advice which meets your specific service needs. This includes keeping you informed on the latest hardware and industry information or details of any offers or promotions relating to the services we provide to you. Where you have requested, or we have provided a specific service for which we act as a reseller, we may also pass information about you to third parties and they may use the information held about you to provide you with that service or information on other products and services which they feel may be of interest to you. We may contact you by post, telephone or e-mail. You will be given the option to stop receiving any communications from us in this regard at any time however please note that this will not affect us contacting you about the servicing of products that you have specifically requested from us.
We will only contact you about other products and services providing we have your consent to do so. To opt in or opt out, or to amend your existing preferences, please visit;
Who we pass your personal data to
We may need to pass your personal data to other companies which may include:
The information you share with us may be transferred by us or any of the types of firms or organisations we have noted above, to other countries in order for processing to take place, including locations outside of the UK and the European Union. We will only do so if there are adequate levels of protection in place as required by applicable data protection laws.
We will only store your data for as long as is necessary to comply with the requirements of your service contract(s) and any legal obligations or lawful processing conditions that may exist as a result. You have a number of rights concerning the personal information we use, which you may ask us to observe. In some cases, even when you make a request concerning your personal information, we may not be required, or be able to carry out your request as this may result in us not being able to fulfil our legal and regulatory obligations under the lawful processing conditions under which we hold your data or because there is a minimum statuary period of time for which we have to keep your information. If this is the case, we’ll let you know our reasons.
You can ask us to:
If you have any questions or concerns about this privacy notice or your data protection rights, please contact us using our details set out at the beginning and end of this privacy notice.
You also have the right to make an enquiry or to complain to the Information Commissioner’s Office (ICO) if you are unhappy with our use of your data, or if you think we have breached a legal requirement. Further details about the ICO are available at: ico.org.uk
WE PROTECT YOUR BUSINESS DATA
Security and protection of data is our priority. Security features are built into all of our products, services, and infrastructure to keep data protected at every layer of our network and facilities.
We invest in staff and technology to continually improve that security, protecting not only our infrastructure and operations, but also your business.
PHYSICAL SECURITY TO PROTECT DATA INTEGRITY
We distribute data across multiple data centres in our network, so that in the event of a incident or disaster, it can automatically be moved to another stable and protected location. Each of the data centres in our network is monitored and protected 24/7, and access is rigorously controlled with measures like enhanced physical security and CCTV.
CUSTOM HARDWARE WITH SECURITY AT ITS CORE
Security starts in our physical infrastructure and hardware. We ensure the security of our hardware, including vetting the suppliers we work with and using brands that are at the forefront of technology. This foundation allows us to deliver and build on security from the ground up.
ENCRYPTION TO KEEP DATA PRIVATE AND PROTECTED
Encryption brings an even higher level of security and privacy to our infrastructure and services. We hold your data in our data centres where it is protected by security technology like HTTPS, Transport Layer Security and firewalls.
PROCESSES FOR SECURE OPERATIONS
We use security monitoring to protect our network from malware
We constantly monitor our network and deploy patches and other updates through automated network analysis and proprietary technology. This lets us detect and respond to threats to protect our network from spam, malware, viruses, and other forms of malicious attacks.
We actively scan to find vulnerabilities
We scan for software vulnerabilities, using a combination of commercially available and purpose-built in-house processes, intensive automated and manual penetration testing, quality assurance processes, software security reviews, and external audits.
We design with security in mind
Our staff are constantly reviewing our network and ensuring products utilize strong security protections.
STRONG CONTROLS TO LIMIT ACCESS TO TRUSTED PERSONNEL
We limit access to your business data to our own personnel who need it to do their jobs; for example, for setup, support or billing of services. When we work with tour partners like customer software suppliers to provide our services, we conduct an assessment to ensure they provide the appropriate level of security and privacy needed for our own network but do not share your information unless we have your permission following a specific request for a service by you and only that information required to provide the service requested.
INCIDENT MANAGEMENT TO RESOLVE THREATS QUICKLY
Our network staff operate 24/7 and react quickly to detect and resolve potential security incidents. We also test our incident response plans regularly, so that our staff always remain prepared.
A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added, and this allows web applications to respond to you as an individual.
Most web browsers allow some control to restrict or block cookies if you wish. However, if you disable cookies you may find this affects your ability to use certain parts of our website, products or services.
Links to other websites
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy notice. You should exercise caution and look at the privacy statement applicable to the website in question.
You may request details of personal information which we hold about you under the General Data Protection Regulation. If you would like a copy of the information held on you then please write to The Data Controller, Itility Limited, Elizabeth House, Victoria Street, Manchester. M11 2NX United Kingdom
If you believe that any information we are holding on you is incorrect or incomplete, please write to us or email us at firstname.lastname@example.org as soon as possible. We will promptly correct any information found to be incorrect.
If you have a complaint about Itility or an associated trading style, please contact us at the following address:
The Data Controller
Or click here to send an email
An award-winning company, Itility has been recognised in the following ways: