ISDM Solutions Ltd-Privacy Notice

This Privacy Notice explains what we do with your personal data, whether we are providing you with a service, receiving a service from you, using your data to ask for your assistance, you are visiting our website, or you work for our company. It describes how we collect, use and process your personal data, and how, in doing so, we comply with our legal obligations to you. Your privacy is important to us, and we are committed to protecting and safeguarding your data privacy rights.

We are ISDM Solutions Limited (“we”, “us” and “our). This Privacy Notice tells you what we do with information we hold about you.

The notice is addressed to individuals who are either

• staff of ISDM
• those associated with the recruitment of staff e.g. next of kin, referees
• potential customers in receipt of marketing information
• visitors to our website
• Individuals leaving information through online forms
• suppliers
• customers
• former employees of ISDM Solutions

All of these parties shall be referred to as “you” throughout this privacy notice.

1. ISDM Staff

1.1 Staff Data

When you engage with ISDM we will ask for information about you, such as your name, address, bank details, email address, NI (National Insurance) Number etc. This is known as your Personal Data.

We will also collect information about you from other sources which also forms part of your Personal Data. This includes information from background checks, employee references, credit checks, training certifications etc.

We may also ask you for some sensitive information for example criminal convictions, motoring offences, religious background and information about your health. This is known as Sensitive Personal Data.

ISDM are required to retain and process this data in order to fulfil our contractual obligations to you as your employer. Additionally, this allows us to complete a robust recruitment process to ensure our legitimate business interests are met.

Explanation of the way in which ISDM will process your personal data and reasons are as follows:

• Administer monthly pay -contractual
• Administer monthly pension payments -contractual
• Administer monthly childcare vouchers,-contractual
• Action health cash plans -contractual
• To carryout necessary background checks to ensure recruitment policies are adhered to-legitimate business interest
• To arrange the training required to enable you to conduct your role at the level expected and continue your development in ISDM we will use your details to register you with training providers and technology partners-legitimate business interest
• To allow you to obtain access to certain software programs required to do your job at ISDM-legitimate business interest
• To connect you to our workforce via company-controlled communications tools-legitimate business interest
• To connect you with our clients and suppliers your contacts details will be made available-legitimate business interest
• To manage any company car, phone, credit card you have been assigned your personal data will be stored and processed with 3^rd party providers-legitimate business interest
• To ensure you are covered under the terms of company car and travel insurance your personal data will be shared with insurers-legal
• To process monthly expenses your personal data will be processed to ensure you received reimbursement-contractual requirements
• To promote our organisation structure and skill set your photographs may be used on our website, internal digital signage or for promotional campaigns sent out externally- Consent
• To communicate skill sets to our customers, Staff Bios and CVs may be shared with customers as evidence of our core capabilities-=legitimate business interest
• To manage our IT environment, ensuring security of all data, ISDM can monitor the usage of both company and personal devices on its network. This is done in a manner that does not impact your privacy but provides vital information on network performance and security-legitimate business interest
• To review productivity of staff, night shift staff and remote workers ISDM can monitor the usage of company and personal devices on its to ascertain specific browsing activity per user-legitimate business interest to monitor productivity of staff

All forms of staff personal data referred to above shall be held throughout the period that the employee remains with our company and shall be deleted after 1 year of them leaving.

In the case of staff financial related data, this will be retained for a period of 6 years as per statutory requirements.

After this time the data shall be removed from circulation and deleted.

• Third Party contact details

At times we will use personal data in the form of 3^rd party contact details that our candidates and/or staff have provided to us.

These are used for the following purposes:

• If a staff member has put your name and contact details down on our Induction form as an emergency contact, we’ll contact you in the case of an accident or emergency affecting them;

We do this because it is in the vital interest of the employee to do so.

This data will be held for the period that the employee remains with our company and shall be deleted after 1 year of them leaving.

• If your name has been put down by a candidate or a prospective member of staff as a referee, we will contact you in order to take up an employee reference.

This is an important part of the recruitment process and could be the difference between the individual getting a job or not. It is in our legitimate business interest to hold and process data this way.

This data will be held for the period that the employee remains with our company and shall be deleted after 1 year of them leaving.

2. Marketing

• Outbound Marketing

To promote ISDM services and to ensure success and growth of our company ISDM may at times contact you with information on our services and latest news We may periodically send you information that we think you may find interesting, – We can use your data in this way because it is in our interest in promoting and managing our business to do so. We balance this interest with the impact on you, and at any time you can ask us to stop using your information for this purpose. Please see the section below for information on how to ask us to stop.

• Research and Analysis

To carry out research and analysis, including analysis of our customer base, and other individuals whose personal information we use to analyse behaviour, preferences and interests, develop new products, improve our services, identify usage trends and understand the interests of our users. -We can use your Personal Data in this way because it is in our interests to improve our services.

• Website Users

We collect a limited amount of data from our Website Users which we use to help us to improve your experience when using our website and to help us manage the services we provide. This includes information such as how you use our website, the frequency with which you access our website, your browser type, the location you view our website from, and the times that our website is most popular. If you contact us via the website, for example by using the chat function, we will collect any information that you provide to us, for example your name and contact details. If you are signed into Google Services, we will also be provided your gender and age, if you have added this information to your online profile. This is anonymous information and is not a unique identifier.

2.2.1 ISDM Cookies Policy

What’s a cookie?

A “cookie” is a piece of information that is stored on your computer’s hard drive and which records your navigation of a website so that, when you revisit that website, it can present tailored options based on the information stored about your last visit. Cookies can also be used to analyse traffic and for advertising and marketing purposes.
Cookies are used by nearly all websites and do not harm your system. If you want to check or change what types of cookies you accept, this can usually be altered within your browser settings.
How do we use cookies?

ISDM Solutions use cookies to track your use of our website. This enables us to understand how you use the site and track any patterns that emerge individually or from larger groups. This helps us to develop and improve our website and services in response to what our visitors want and need;

Cookies are either:

– Session cookies: these are only stored on your computer during your web session and are automatically deleted when you close your browser – they usually store an anonymous session ID allowing you to browse a website without having to log in to each page, but they do not collect any information from your computer; or

– Persistent cookies: a persistent cookie is stored as a file on your computer and it remains there when you close your web browser. The cookie can be read by the website that created it when you visit that website again. We use persistent cookies for Google Analytics and for personalisation.

– Performance cookies: These cookies enable us to monitor and improve the performance of our website. For example, they allow us to count visits, identify traffic sources and see which parts of the site are most popular.

– Functionality cookies: These cookies allow our website to remember choices you make (such as your user name, language or the region you are in) and provide enhanced features. For instance, we may be able to provide you with news or updates relevant to the services you use.

2.3            Consent in Marketing

• We need your consent for some aspects of these activities which are not covered by our legitimate interests (in particular, the collection of data via cookies,)
• Soft opt-in consent is a specific type of consent which applies where you have previously engaged with us and we are marketing other-related services. Under ‘soft opt-in’ consent, we will take your consent as given unless or until you opt out. For most people, this is beneficial as it allows us to suggest other services to you.

If you are not happy about our approach to marketing, you have the right to withdraw your consent at any time. Nobody’s perfect, even though we try to be. We want to let you know that even if you have opted out from our marketing communications through our preference centre, it is possible that your details may be recaptured through public sources in an unconnected marketing campaign. We will try to make sure this doesn’t happen, but if it does, we’re sorry. We’d just ask that in those circumstances you opt out again.

3. Suppliers

ISDM require a small amount of information that equates to personal data from our Suppliers to ensure that things run smoothly for both businesses. We need contact details such as names, emails and phone numbers of relevant individuals at your organisation so that we can communicate with you.

We process this information within our organisation as it is in our legitimate business interest to do so.

Additionally we will be required to compile details on the skills, qualifications and certifications of our engineering supply chain and at times provide this information to our customers to ensure that, as a supplier, you are evaluated and selected for delivery of the appropriate jobs. We do this as we have a legitimate reason to do so to ensure the suitability of our suppliers and quality of our service.

We will retain this information as long as our business relationship exists with you. Archived data is deleted after 6 years so any personal data will be retained in line with company policy.

4. Customers

ISDM are required to use the personal data of your staff at times to plan and deliver our service to you, execute business transactions and develop our ability to serve you better.

Personal data of your staff can include names, email addresses, contact details. These details may appear within our proposal documents, commissioning documents and other project related documents and CRM system. We process this data as we build a case for successful delivery of each business transaction.

Customer data will also be stored within our systems to ensure that the service we provide to our customer base can be delivered. ISDM manages and maintains software licensing for its customers where names and emails are stored in line with license allocations. Access to this data is controlled under strict administrator rights.

We have controlled access to customer Global Address Lists via allocated licenses to ensure the support desk function is able to be delivered in line with service contractual agreements.

We can use your Personal Data where we are required to do so pursuant to a contractual obligation with you or to fulfil a legitimate business interest and deliver the goals of our business.

At times names and contact details of your employees will be used to train and induct staff to your way of working.

We can use your data in this way because we have a legitimate interest to do so and it will assist us to provide the best service to you.

To interest you in other products and services (marketing)-We may use your information to make decisions about what other products and services you might be interested in and contact you by email about these products and services. -We can use your data in this way because it is in our interest in promoting and managing our business to do so. We balance this interest with the impact on you, and at any time you can ask us to stop using your information for this purpose.

We will retain this information as long as our business relationship exists with you. Archived data is deleted after 6 years so any personal data will be retained in line with company policy.

ISDM records incoming calls to its VC concierge service line as it is contractually required to do so. All customers are advised of this recording before the call is actioned. The data produced as a result of this recording is retained for 90 days and then deleted from the platform.

5. Sharing Personal Data

We can share your information including Personal Data and Sensitive Personal Data with the following parties for the purposes set out above. This is done in line with our Data Protection Policy and Procedures.

5.1             The ISDM Group of Companies- ISDM Solutions ltd and ISDM Solutions Inc, and also Ammi Systems Ltd to which our company is an investor.

Other ISDM affiliates may have access to and use of Personal Information in connection with the conduct of our business where appropriate.

5.2            Our Service Providers

External third-party service providers, technology partners or affiliates in a service provider role, such as accountants, lawyers and other outside professional advisors; IT support and security service providers including cloud-based providers; and similar third-party service providers that assist us in carrying out business activities connected with fulfilling our contractual obligations with you.

5.3            Other Third Parties

To a third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings); As we believe to be necessary, appropriate and legal under GDPR guidelines

5.4            Legal Reasons

To comply with legal process, to respond to requests from public and government authorities including public and government authorities outside your country of residence, to enforce our terms and conditions, to protect our operations, to protect our rights, privacy, safety or property, and/or that of you or others; to detect and prevent crime, including fraud; and to allow us to pursue available remedies or limit the damages that we may sustain.

5.5            Fraud and Credit Agencies

We may share your personal information with these agencies for the purposes of identity verification, detecting fraud and for credit referencing purposes.

These agencies may undertake a search with credit reference agencies to verify identity. The credit reference agency will check the details supplied against any database, public or otherwise. A record of searches will be retained. The credit reference agency may use the details provided to assist other companies for verification and identification purposes.

6. ISDM Obligation to you

We will take all steps reasonably necessary to ensure that your Personal data is treated securely and in accordance with this Privacy Notice. This includes putting in place agreements with the people we send your information to, to require them to treat your information with similar protections to those that apply in the UK.

6.1             Contacting Us about this Notice

Our Data Protection Officer is in charge of dealing with questions you may have about this privacy notice or dealing with your requests to exercise your rights which are described below. Our Data Protection Officer can be contacted at

privacy@isdmsolutions.com

Or by writing to DPO, 10 Cromac Place, Belfast, BT7 2JB

6.3   Your Rights

One of the GDPR’s main objectives is to protect and clarify the rights of EU citizens and individuals in the EU with regards to data privacy. This means that you retain various rights in respect of your data, even once you have given it to us. These are described in more detail below.

• To ask us to fix information about you that is wrong or incomplete, this is known as a right to rectification.
• To ask us to delete information about you, this is known as the right to erasure.
• To tell us you no longer agree to us using information about you and ask us to stop, this is known as a right to object.
• To tell us to stop using information about you to sell you products and services, which is known as the right to restrict processing.
• To make a “subject access request”, which is a request for us to send you the information we have about you.
• To ask us to provide you or someone else (on your request) in a structured, commonly used and machine-readable format with the information you have provided to us about yourself. This is known as a “data portability” right.
• To ask us not to use information about you in a way that allows computers to make decisions about you based solely on automated processing.

Sometimes we will not stop using your information when you ask us to, for the reasons described in this notice, but we will tell you about this if you make a request.

In other cases, if we stop using your information we will not be able to provide the services that you are asking us to give you. We will tell you about this if you make a request.

To get in touch about these rights, please contact us at privacy@isdmsolutions.com

We will seek to deal with your request without undue delay, and in any event within one month (subject to any extensions to which we are lawfully entitled). Please note that we may keep a record of your communications to help us resolve any issues which you raise.

7. Complaints

You have the right to complain about how we treat your Personal Data and Sensitive Personal Data to the Information Commissioner’s

Office (ICO). The ICO can be contacted at:

https://ico.org.uk/global/contact-us/

We are only allowed to keep your information if we need it for one of the reasons we describe above.

We will keep it for up to 7 years to satisfy industry, regulatory and contractual requirements.

8. Changes to this Privacy Notice

We may update this Privacy Notice from time to time. We will notify you of the changes where we are required by law to do so.