PRIVACY POLICY

Last Updated: 07/01/2019

We are committed to protecting and respecting your privacy. The aim of this page is to explain how we may gather and use information about you through your use of this website. All use of such information is governed by the principles and practices set out in this statement.

General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679)

The purpose of this document is to consider how this regulation may affect our own in house management systems, as well as our customers and in turn their customers when using our Technopoly products and services.

We do not profess to be GDPR experts, nor do we expect the following to be treated as formal advice or in any way a legal consent or recommendation. We do expect our customer to take their own advice and inform us of any specific requirements they may have for our consideration.

We understand that the core remit of this regulation is to give each individual the right to consent to their personal data being collected and used for any purpose, to allow them to be able to know what data is being held about them, as well as for that individual to have the right to have their data deleted upon request.

Our position is that we will consider any actions that may be necessary to make our systems compliant with this regulation and to work closely with our customers to understand any requirements they may have and which we should take into consideration going forward.

Technopoly provides software products that by their very nature provide facilities to store personal data. This may involve personal names and details of customers and suppliers contacts as well as our customer employees and their customer’s employee information that may be required to provide services to the customer and any individual.This information may be held in part or across different system modules on our in-house customer and project management databases as well as our customer facing products and services.

HMRC

We understand that any requirements by HMRC by way of legal compliance to meet their needs for reporting and tax compliance supersedes all other requirements.

Technopoly Internal Systems

It is the policy of Technopoly to never distribute or sell on any information to any other third party for any other purpose, unless legally required to do so.

CMD Systems

Technopoly has an internal Customer Management Database, customer file areas and other systems that run on its in-house servers. These host all the information required to market our products, hold customer contact information and service agreements as well as licence and contact management information.

These systems are private and protected internal and are accessed by all employees of Technopoly by a unique username and password. Employees are bound to uphold full confidentiality of the information stored in these systems as part of their terms of employment.

My World

Our Customer Support and Management Portal is a web-based application hosted off site within a secure data centre in the UK.

Access to this portal is by a secure TLS protected domain and by a customer derived username and encrypted password. Access is isolated to user specific information and where permission is authorised company specific information is also available.

Passwords may be changed by the user at any time and we always recommend that a strong password is used and regularly changed by all users.

Personally identifiable information stored within the portal will be populated by authorised personal at the respective companies and therefore infers consent for us to hold this information unless notified otherwise.

Some data such as cookies stored on user’s computers and are essential to execute private and secure sessions and for sales transactions within our website. These cookies hold no personal information and can be deleted manually. Please see our Privacy Policy for further information.

New Features

As part of a raft of improvements to My World we will also be increasing our security measure for all users. These changes will include stronger password requirements and encryption methods as well as the ability to edit and delete some personal information as required.

A one time request for consent of existing information already stored will be requested prior to release of the new My World system.

Sage Accounts

Technopoly uses Sage accounts and holds customer and contact information to allow the production of financial instruments, including invoices, purchase orders credit notes, statements and reports.

Other information as required by HMRC is stored and used solely for the purposes of complying with their requirements and legislative compliance.

Technopoly Software, Products and Services

Technopoly supplies these software products for use by our customers. The software is licensed to the customer, but the data contained therein is solely the responsibility of each customer.

It is therefore the responsibility of the customer for gaining consent for the collection, use and storage of any data held in these systems.

Web Applications

Technopoly provide several web applications some of which transfer personal data from the customers local internal system up to the web application. The transferred information is only that essential for functionality such as names, contact information, usernames and passwords. It is the responsibility of the customer to acquire consent for this information to be held on their internal system and associated web application.

It will also be the responsibility for the customer to delete this data from their internal systems if requested to do so. Deleted information will automatically be reflected on the web application during the transfer process.

Data Imports

Where customers provide information for us to import to any application or web site, which may include employee information from their customers. We would expect that consent has been given from any individual whose information is supplied, prior to release of this data to us.

Technopoly may store any import spreadsheets or data files provided on their own in-house servers in a dedicated customer file area.

Data Links

Where Technopoly have been engaged to provide data links (including API’s) from its systems or web ordering sites to other third party or customer in house procurement systems, (Punch out’s, order imports, EDI links and API’s, etc.).

We would expect the customer to be responsible for gaining consent to the collection, use and storage of any date held in these systems, and for any subsequent additions of information that may be transferred to our web ordering or customer applications.

Data Deletions

In respect to the “right to erasure” of any personal data, we would advise the following procedure:

Because the systems we supply depend on links between an employee record and their orders, or time sheet information, it will be necessary to maintain the integrity of any links, otherwise the reports and other data links within the system will not be able to function.

To comply with any request for records to be deleted, we would advise that the key employee identifier, usually their employee number be maintained within the system and that their employee name, payroll number, be edited to be just their initials and the word deleted added.

There are also the options to flag an employee as left / ”no longer employed” with a date, this option will need to be flagged to not show that individual’s records in any live system.

Other employee information under this top-level record can then be edited/deleted, including personal records such as driving licence documents, details, date of birth, mobile phone numbers, individual delivery addresses etc.

Customers and their customers may then use their own internal procedures to verify that these deletions have been made and formally record these on their own internal systems to notify the individual concerned.

Access to internal systems

To provide support to our customers, access to the customers personal computers, servers and systems is often required. This access is facilitated in one of the following ways:

LogMeIn™
This web application offers a secure method to access remote computers without the requirement to know any user personal user names or passwords.
TeamViewer™
This web application offers a secure method to access remote computers without the requirement to know any user personal user names or passwords.
Windows Remote Desktop (RDP)
In order to access a user machine via RDP knowledge of the recipient’s Windows™ username and password is required unless a specialized account has been created for Technopoly’s personal use. Consent for these credentials is requested at the time of creation and consent for access is requested, from a director or other authorized employee, prior to every connection where the target machine is a user’s personal computer. All RDP usernames and passwords are stored in our internal system to limit the transmission of these credential for future use.

Internal security policies

Technopoly’s internal security policies have been amended to improve procedures and reduce the transmission of sensitive information.

Information we may request or store

Where required to offer support and services Technopoly may request the following information either verbally by telephone or by email.

Names of employees
Basic Company information
User, account and company information already present in any product licensed from Technopoly
Account usernames
Product information

Information we will NEVER ask for or store in an unencrypted format

Technopoly will never ask for the following information under any circumstance and if this information is requested it should never be divulged.

Passwords (System, web, account or third party) With the exception of RDP for which approval should be from a director or other pre-authorised personal.
Debit, credit, bank or associated financial information.Apart from bank account, sort code and third-party merchant/vendor setup information (e.g PayPal).

Cookies

Our website, like many others, stores and retrieves information on your browser using 'cookies'. This information is used to make the site work as you expect it to. It is not personally identifiable to you, but it can be used to give you a more personalised web experience.

We respect your right to privacy and as such do not use any cookies or services to track, monitor or infringe on your privacy in any way that we deem to be invasive. The cookies we use are strictly for website functionality and performance tracking only.

System Session Cookies:

These cookies are used by our website to store anonymous session and login tokens. They may identify you as a single user when you move between pages, but carry no personally identifiable information and are destroyed when you close your browser, unless you actively choose to be remembered for easier login on your next visit.

Performance Cookies

From time to time we may use cookies to monitor this sites performance and activity.

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site.

All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.

Managing Cookies

Some cookies are necessary for the website to function and cannot be switched off without limiting access and functionality. They are usually only set in response to actions made by you which amount to a request for services, such as logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.

Other non vital cookies such as Google analytics can be blocked without restricting website functionality. We ask that you do not block these cookies as they are a valuable tool in helping make our website better.

If you do wish to block cookies you will find that your browser already has the tools to give you control. You should find these settings and other site features in your browsers privacy options.

Finally if you do not wish to set cookies for this site and are unable to manage your cookie settings then please discontinue using this website.

Use of Forms

This site contains a number of forms you can fill in to provide us with information about yourself when requesting services, such as:

Asking us to contact you.
Signing up to our email newsletter.

We use this information purely for the purpose of providing you with the services you are requesting, or to keep you informed about new developments we think you may be interested in.

Your information will be held by Technopoly whose sole proprietor is Technopoly Ltd. Employees will only have access to your information if they need it to provide our services.

We do not generally share this information with any third parties, except where we use data processors to act on our instructions to provide our services. We will not pass on details to any other data controller without your express prior consent unless we are required by law to do so.

Controlling your Personal Information

You may request details of personal information which we hold about you under the Data Protection Act 1998. A small fee will be payable. If you would like a copy of the information held on you please contact us by any means provided on our contact page here.

If you believe that any information we are holding on you is incorrect or incomplete, please write to or email us as soon as possible, at the address provided. We will promptly correct any information found to be incorrect.

Links to other Websites

We may from time to time publish links to other websites we believe to be of interest. However we have no control over these sites, which are not governed by this privacy policy.