The GDPR is a EU directive which takes effect on the 25th May 2018. The primary focus of the regulation is to protect personal data, to strengthen the rights of data subjects and to ensure that organisations are taking the necessary precautions to protect against the risk of a data breach. CTS is registered with the Information Commissioners Office (ICO) who are the supervisory authority and will monitor the application of the GDPR in the UK. CTS will be referring to the ICO for any necessary clarification.
CTS is an IT solutions partner, working primarily within the education sector, providing managed IT support services and technical solutions.
Security of Data
Our IT systems, including cloud services, PCs, laptops and mobile devices are password protected. We are constantly evolving our systems to provide high levels of cyber security. Access to key parts of our systems is restricted to applicable personnel only.
Encryption is used where relevant.
Our offices are locked and alarmed out of hours.
Types of personal data we hold
You may have given CTS information on you by filling in an application form, at an event or online, or by corresponding with us by phone, e-mail or otherwise. The information you have given may include your name, address, e-mail address or phone number.
We process minimal data, for legitimate purposes. This may include:
- personal details
- family details
- lifestyle and social circumstances
- education and employment details
- financial details
- goods and services provided
We also process sensitive classes of information that may include:
- racial and ethnic origin,
- physical or mental health details
- offences and alleged offences
Why we need your data
We process personal data relating to those we employ to work at, or otherwise engage to work at, our head office and establishments we provide contracted services to. Data stored is used for employment purposes to assist in the running of the office or place of work.
We also process relevant information on our customers, potential customers and suppliers that is required in order for us to fulfil our lawful and contracted obligations.
All data is securely stored with restricted access to relevant personnel.
Purposes for processing information
We process personal information to enable us to provide IT support and advice services, for managing our own staff, maintaining our accounts and records and promoting our services.
How we collect your data
We collect the majority of personal data directly from the individuals concerned. We also collect information from third parties including referees, Disclosure and Barring Service and in the case of apprentices, professionals and authorities working with us.
From customers we collect information directly from the nominated contacts for the site, which is relevant to executing our contract.
From suppliers we collect information directly and occasionally through references as part of our due diligence.
Who we share data with
We sometimes need to share the personal information we process with the individual (self) and also with other organisations. Where this is necessary we are required to comply with all aspects of the Data Protection Act (DPA). What follows is a description of the types of organisations we may need to share some of the personal information we process with for one or more reasons.
Where necessary or required we share information with:
- family, associates and representatives of the person whose personal data we are processing
- current past and prospective employers
- service providers
- financial organisations
- employment and recruitment agencies
- professional advisers and consultants
- business associates
- educators and examining bodies
How long do we retain data
We retain personal data only for a legitimate and lawful reason and only for as long as necessary or required by law.
Your rights regarding your personal data
As a data subject you have the right at any time to request access to, rectification or erasure of your personal data to restrict or object to certain kinds of processing of your personal data, including marketing for CTS. You have a right to complain to the UK’s data protection supervisory authority, the Information Commissioner’s Office about the processing of your personal data. As a data subject you are not obliged to share your personal data with CTS.
If you wish to see, amend or remove the data we hold on you please contact the office directly by emailing firstname.lastname@example.org and request a Subject Access Request form