Acc-Sys Software Ltd | Privacy Policy

Privacy Policy

Acc-Sys Software Ltd privacy statement

Data security always has been and always will be a top priority.

This privacy policy, together with our terms & conditions, sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us.

For the purposes of the Data Protection, the data protection officer can be reached at Acc-Sys Software Ltd, 198 St Helens Street, Ipswich, Suffolk, IP4 2LH.

About us

Acc-Sys Software Ltd is a registered company in England & Wales with company no 2608061 & VAT registration no GB 907 9956 69

Our registered address is...
Acc-Sys Software Ltd
198 St Helens Street
Ipswich
Suffolk
IP4 2LH

Acc-Sys Software Ltd is registered under the data protection act and is both Data controller and data processor of personal data. You can contact our designated data controller at the above address.

Information we may collect from you

We may collect and process the following data about you...

Information that you provide by filling in forms on our websites. This includes information provided at the time of registering an account, purchasing services from us or requesting further services.

If you contact us letter or email, we may keep a record of that correspondence
Details of transactions you carry out through our site and of the fulfilment and administration of your orders
Details of your visits to our site including, operating system, browser type, referring / exit pages and URLs, number of clicks, domain names and pages viewed, whether this is required for our own billing purposes or security

In the circumstances where we are acting as a data processor, we shall only act on the instructions of our customer as the data controller. If you provide us with personal data about a third party (for example when registering a domain on their behalf), you warrant that you have obtained the express consent from the third party for the disclosure and use of their personal data.

Web site and cookies

When someone visits our web sites, we collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as number of visitors to the various parts of the site. We collect this in a way that does not identify anyone. We do not make any attempt to find out the identities of those visiting our web site. We will not associate any data gathered from this site with any personally identifying information from any source.

Our web site uses cookies, but these are only used for essential purposes such as tracking your orders and payments through our web site and other such functions such as Google Analytics (where you will remain totally anonymous).

We do not use cookies for advertising or marketing purposes.

How we use personal data

To register a customer account.
To process orders that you have placed with us.
To invoice for services that you have with us.
To handle customer service and careers enquiries.
To ensure that content from our site is presented in the most effective manner for you and for your computer.
To provide you with information, products or services that you request from us or which we feel may interest you, where you have consented to be contacted for such purposes.
To carry out our obligations arising from any contracts entered-into between you and us.
To allow you to participate in interactive features of our service, when you choose to do so.
To notify you about changes to our service.
To carry out statistical analysis

We do not sell any data to third parties

Data retention

We only retain your personal data for as long as we need it to fulfil the purposes for which we have initially collected it, unless otherwise required by law. We will retain and use information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements as follows...

Invoice data is kept for a minimum of 7 years as required under UK Law
Log files are stored for at least 6 months. However, anonymised data may be kept for longer.
Backups can potentially be held indefinitely or until you cancel any backup service you have with us

In the rare event backups containing personal information are restored post-deletion, Acc-Sys Software Ltd will make every reasonable effort to ensure data that has been forgotten is not inadvertently restored and ensure all traces of data are removed within a maximum period of 120 days unless additional retention obligations apply.

Where we store your personal data

The personal data that we collect from you will be stored on our servers inside the European Economic Area ("EEA") and, where possible, the UK. Any sensitive data will be encrypted. Occasionally, we may have to transfer personal data outside of the EEA. For example, domain registration data needs to be sent to our domain registrar outside of the EEA for the registration of any none .uk domain.

By submitting your personal data, you agree to this transfer, storing or processing of data outside the EEA. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with the GDPR and our data protection policies.

HMRC Making Tax Digital

Acc-Sys Accounts uses the HMRC Making Tax Digital (MTD) service for companies within the UK. The following policies apply to this service...

Acc-Sys Accounts will securely transmit data required by HMRC to their MTD service.
No HMRC logins or passwords are stored within our systems
HMRC fraud prevention data will be recorded and securely transmitted to HMRC as part of the MTD process
HMRC will be informed of any data breach relating to MTD within three working days of us becoming aware of such a breach

Remote Support

For support purposes, we use remote access to sites/systems/computers. Our remote access policy is as follows...

To solve/prevent/secure your IT infrastructure, we will from time to time need to access Servers/Software Systems i.e. back end infrastructure (if applicable). You would not normally be aware of such instances. Access would be solely for applying security patches, preventing/solving problems and verifying data backups.
We will never copy or transfer any of the files stored on these devices unless you’ve explicitly given us permission to do so. Any files that we do transfer will be held securely by us and deleted once they are no longer required.
We would never remote control any individual’s computer without first obtaining permission for every occasion.
Remote control applications will remain password protected to prevent any unauthorised access.
All remote-control sessions will be encrypted

Remote support is optional and you have to specifically opt in to receive it. Remote support lowers the cost of support and increases security (due to the speed we can rollout critical patches) so would always recommend opting in to this service.

Your rights

Unless subject to an exemption under the GDPR, you have the following rights regarding your personal data...

The right to request a copy of your personal data which we hold about you.
The right to request that we correct any personal data if it is found to be inaccurate or out of date.
The right to object to our use of your personal data and request your personal data is erased where it is no longer necessary for us to retain such data. This is known as your right to be forgotten. Please note that there may be legal reasons as to why we will need to keep your data, but please do inform us if you think we are retaining or using your personal data incorrectly.
You have the right to ask us not to process your personal data for marketing purposes. We inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by following the Unsubscribe link at the bottom of any emails we send or writing to us at Acc-Sys Software Ltd, 198 St Helens Street, Ipswich, Suffolk, IP4 2LH.
The right to lodge a complaint with the Information Commissioners Office. Please see https://ico.org.uk/concerns/ for further information.

Data breaches

In the event of a data breach, the affected individuals will be contacted within three working days of us becoming aware of such a breach, it will be reported to the Information Commissioner, and a full report, highlighting any risk, will be provided.

_{v1.2 Last Updated 3rd June2019}