Onesys is on the Register of Data Controllers in compliance with the Data Protection Act.
Onesys collects the data provided by you together with information we learn about you during our mutual communications and any relevant information already in the public domain.
Information you provide when giving us feedback or when completing questionnaires will be strictly confidential. This will enable us to improve our services.
. Onesys uses the legal basis of processing necessary as part of or to enter into a contract with the subject legal basis for communicating with our customers and suppliers.
Onesys also acquires contact details from data providers who notify the individual that the data will be used for marketing purposes. Onesys therefore uses the legitimate interest legal basis for communicating with our prospective clients on the grounds that it is reasonable that the products and services that we offer are likely to be of interest to commercial businesses. In addition to this, Onesys will acquire your explicit consent to send you information regarding our products and services. You are able to withdraw that consent at any time.
Any recipient or categories of recipients of the personal data
Your information may be passed to and used by all Onesys Group companies. We will never pass your data to anyone else, except for use by our software partners whilst processing your service or product request on our behalf within the EU. In addition, we may need to share your data with our software partners and the suppliers of our email distribution and support desk solutions who are located in the United States of America (see below).
Details of transfers to third country and safeguards
Mailchimp
Onesys Limited use Mailchimp for the distribution of company newsletters and marketing communications. Mailchimp are registered with the EU-US privacy shield and will only process personal data provided by Onesys Limited (company name, contact name, email address) on our instructions.
Freshworks
The Onesys Limited support desk function is controlled by software developed by Freshworks on servers which are hosted by Amazon Web Services situated in Virginia USA. Amazon Web Services are ISO27001 compliant and Freshworks are registered with the EU-US privacy shield and will only process personal data (company name, contact name, email address, phone number) provided by Onesys Limited on our instructions.
Retention period or criteria used to determine the retention period
OSL will retain personal details of clients whilst a contract exists between OSL and a given client and for a period of six years following termination of the contract. OSL will retain the personal details of our prospects for a period of six years.
Data Subject Rights - Subject Access Requests
The General Data Protection Regulation (GDPR) grants you (hereinafter referred to as the ‘data subject’) the right to access particular data that we hold about you. This is referred to as a subject access request. We shall within one month from the point of receiving the request and all necessary information about you. Our formal response shall include details of the personal data we hold about you including:
-
Sources from which we acquired the information
-
The purposes for processing the information
-
Persons or entities with whom we are sharing the information
Right to rectification
You, the data subject, shall have the right to obtain from us, without undue delay, the rectification of inaccurate personal data we hold concerning you. Taking into account the purposes of the processing, you, the data subject, shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
Right to erasure
You, the data subject, shall have the right to obtain from us the erasure of personal data concerning you without undue delay.
Right to restriction of processing
Subject to exemptions, you, the data subject, shall have the right to obtain from us restriction of processing where one of the following applies:
· The accuracy of the personal data is contested by you, the data subject, and is restricted until the accuracy of the data has been verified.
· The processing is unlawful and you, the data subject, oppose the erasure of the personal data and request the restriction in its use
· We no longer need the personal data for the purposes of processing, but it is required by you, the data subject, for the establishment, exercise or defence of legal claims.
· You, the data subject, have objected to processing of your personal data pending the verification of whether there are legitimate grounds for us to override these objections.
Notification obligation regarding rectification or erasure of personal data or restriction of processing
We shall communicate any rectification or erasure of personal data or restriction of processing as described above to each recipient to whom the personal data has been disclosed, unless this proves impossible or involves disproportionate effort. We shall provide you, the data subject, with information about those recipients if you request it.
Right to data portability
You, the data subject, shall have the right to receive your personal data, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit this data to another controller, without hindrance from us.
Right to object
You, the data subject, shall have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you, including any personal profiling; unless this relates to processing that is necessary for the performance of a task carried out in the public interest or an exercise of official authority vested in us. We shall no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing, which override the interests, rights and freedoms of you, the data subject, or for the establishment, exercise or defence of legal claims.
Right not to be subject to decisions based solely on automated processing
We do not carry out any automated processing, which may lead to an automated decision based on your personal data.
Invoking your rights
If you would like to invoke any of the above data subject rights with us, please write to The Data Processing Officer, Onesys Limited, Systems House, Main Street, Little Ouseburn, York,
YO26 9TD.
Accuracy of information
In order to provide the highest level of service possible we need to keep accurate personal data about you. We take reasonable steps to ensure the accuracy of any personal data or sensitive information we obtain. We ensure that the source of any personal data or sensitive information is clear and we carefully consider any challenges to the accuracy of the information. We also consider when it is necessary to update the information, such as name, or address changes and you can help us by informing us of these changes when they occur.
Questions and queries
If you have an questions which are not answered by this Privacy Policy or have any potential concerns about how we may use the personal data we hold, please write to he Data Processing Officer, Onesys Limited, Systems House, Main Street, Little Ouseburn, York, YO26 9TD.
Policy changes
This Privacy Policy is regularly reviewed. This is to make sure that we continue to meet the highest standards and to protect your privacy. We reserve the right, at all times, to update, modify, or amend this Policy. We suggest that you review this policy from time to time to ensure you are aware of any changes we may have made, however, we will not significantly change how we use information you have already given us without your prior agreement. The latest version of the policy can be found at
http://www.onesys.co.uk/system-pages/privacy-policy/
If you have a complaint
If you have a complaint regarding the use of your personal data or sensitive information then please contact us by writing to The Data Processing Officer Onesys Limited, Systems House, Main Street, Little Ouseburn, York, YO26 9TD.
If your complaint is not resolved to your satisfaction and you wish to make a formal complaint to the Information Commissioner’s Office (ICO), you can contact them on 01625 545745 or 03030 123 1113. You also have the right to judicial remedy against a legally binding decision of the ICO where you consider that your rights under this regulation have been infringed as a result of the processing of your personal data. You have the right to appoint a third party to lodge the complaint on your behalf and exercise your right to seek compensation.