Who we are
Our website address is: https://finite-it.com.
What personal data we collect and why we collect it
Comments
Comments are switched off on this site, visitor’s IP addresses and browsers are monitored to help spam detection.
An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, if it were to be enabled on our site, your profile picture would be visible to the public in the context of your comment.
Media
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
Cookies
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracing your interaction with the embedded content if you have an account and are logged in to that website.
How long we retain your data
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
What rights you have over your data
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
Where we send your data
Visitor comments may be checked through an automated spam detection service.
TERMS AND CONDITIONS UNDER WHICH WE WILL COLLECT AND USE YOUR DATA
We are bound by the General Data Protection Regulation (the Regulation) and the Data Protection Act.
Our obligations extend to any personal data which we hold relating to you. The Regulation defines ‘Personal Data’ as “any information relating to a data subject”. A data subject is the identified or identifiable natural person to whom the personal data relates. In relation to these terms the data subject is ‘you’ the customer.
As Data Controller of your data we must ensure the following as regards your Personal Data.
a. We must process and use your personal data lawfully, fairly and in a transparent manner in relation to you.
b. Personal data must be collected only for specified explicit and legitimate purposes. It will not be further
processed in any manner incompatible with those purposes.
c. Personal data must be adequate, relevant and limited to what is necessary in relation to the purpose for which
it is processed.
d. Personal data must be accurate and where necessary kept up-to-date. Every reasonable step will be taken to
ensure that data which is inaccurate, having regard to the purpose for which it is processed, is erased or
rectified without delay.
e. Personal data must not be kept in a form which permits identification of data subjects for longer than is
necessary for the purpose for which the data is processed.
f. Personal data must be processed in a manner that ensures its appropriate security and with full integrity and
confidentiality.
g. We as the Data Controller are responsible for and must be able to demonstrate compliance with these data
protection principles.
WHAT DO WE DO WITH IT?
Access to your personal data will be restricted only to those Directors or members of staff who need to access it for the purposes of running the business, ensuring you are kept up to date with any contract changes, informed of on-going jobs that we are carrying out on your behalf, ensuring you receive up to date product and sales information, updating you on quotations or pricing adjustments or to request payments of outstanding invoices. We will only use your data for legitimate business purposes and we will not sell your data or use any automated process for weighing decisions about you.
We will use your data for collection, recording, organisational purposes, storage, adaption or alteration for record keeping, retrieval, consultation and general use. Also for the purposes of erasure and destruction.
We consider we are justified in processing your personal data for these purposes as necessary for entering into and performing our contract with you as a supplier, it may be necessary for compliance with a legal obligation to which we as your supplier are subject, or it may be necessary to protect the business interests of us as the supplier.
DATA SHARING
We will not share your data with any third party other than as required by us as a supplier in complying with our statutory or legal obligations under relevant legislation.
DATA SECURITY
Protection
Our system ensures:
a. Security of personal data where appropriate.
b. The ability to ensure ongoing confidentiality, integrity and availability and resilience of our processing
systems and services.
c. The ability to restore the availability and access to personal data in a timely manner in the event of a
physical or technical incident.
d. A process for regularly testing, assessing and evaluating the effectiveness of technical and organisational
measures for ensuring the security of data processing.
We have therefore addressed the specific risks of accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access.
DATA RETENTION
Our policy for data retention is as follows:
a. Customer contact (You are the contact point for all enquires for your company). We hold this data for a maximum
time of three (3) years, this is to allow us to comply with any legal or government requirements that affect you
as a customer.
b. Contract contact (You are the contact point for the administration of any contract). We hold this data for a
maximum time of five (5) years, this is to allow us to comply with any legal or government requirements that
affect you as a customer.
c. Accounts contact (You are the contact point for the accounts function of your company). We hold this data for a
maximum time of three (3) years, this is to allow us to comply with any legal or government requirements that
affect you as a customer.
We do our best not to retain personal data in a form that enables our customers to be identified for longer than is necessary to fulfill the purposes for which we collected it in the first place.
PROVISION OF INFORMATION
At any time you can contact us by telephone, e-mail or in writing if you have any concerns about the data which we hold.
The intended purpose and legal basis for processing is in connection with the performance of your employment contract and the protection of the business.
The legitimate interest for which some of your data may be processed is the proper administration of the business and the protection of the business, you and other employees and other third parties with whom the business deals.
The recipients of your personal data will only be those persons entitled and restricted within the business and where required to comply with any regulatory obligation on us as an employer for instance, HMRC.
FAIR AND TRANSPARENT PROCESSING
In the Consent Form we have set out your rights and the fact that you have the right to withdraw your consent at any time. You have the right to lodge a complaint with the Information Commissioner’s Office at any time.
DATA PORTABILITY RIGHT
The right to Data Portability is distinct from the right to access personal data. Your rights to data portability include the right to:
1. Receive a copy of your personal data from us as the Data Controller in a commonly used and machine readable
format and store it for further personal use on a private device.
2. Transmit the personal data to another Data Controller.
3. Have your personal data transmitted directly from one Data Controller (i.e. us) to another where this is
technically possible.
BREACH OF NOTIFICATION RIGHT
When a personal data breach is likely to result in a high risk to your rights we must notify you of the security breach without undue delay.
If we notify you of a personal data breach then we will do so in clear and plain language and include at least the following information:
Name and contact details of the Data Protection Officer or other contact person within our organisation.
The security breach’s likely consequences.
The measures taken to address the security breach including measures to mitigate potential adverse effects.
COMMUNICATING WITH YOU
Where we supply you with information and communicate with you we will do so concisely, transparently, in a way which is easy to understand and easily accessible and in clear plain language.
STEPS WE WILL TAKE AS DATA CONTROLLER TO HELP YOU EXERCISE YOUR DATA SUBJECT RIGHTS
To help satisfy the obligations imposed on us under the Regulation and to help you to exercise your data subject rights, we will take the following steps but not limited to the following:
Implementing internal procedures and protocols to help the exercise of your rights.
To review and revise privacy notices to ensure they comply with the Regulation and our obligations.
Implement internal procedures and protocols for handling and responding to data subject requests in a timely and appropriate manner.
Implement authentication procedures to verify the identity of data subjects making access or other requests.
Develop template response letters.
Develop forms to collect additional information where necessary for preparing data subject request responses.
Create an inventory or log for recording data subject requests and for tracking responses.
Develop interoperable formats and other means that allow data portability.
Consider portals that allow direct data subject access to personal data through user names and passwords.
EXCLUSIONS
Our policies, processes and systems respond to any data subject access request, rectification, erasure, restriction of or objecting to processing, or data portability requests from you as a customer but will now allow data of a privileged nature nor data referring to another individual to be changed or deleted.