SYS3 LIMITED
SYS3 Limited is a limited company registered in England under the number 04154104
COMMITMENT TO INFORMATION SECURITY
We are providing you with this Privacy Notice in demonstration of our commitment to information security.
INFORMATION SECURITY MANAGEMENT
SYS3 manages information security in-house in order to control its information assets and the information assets of it’s clients correctly.
Contractual Agreement
Policies & Protocols
SYS3 Limited maintains operating policies and protocols to cover:
SYS3’s relevant policies and protocols help us to fully realise our commitment to lawful, fair and transparent data processing.
Guidelines & Training
SYS3 Limited commits to oversee the competence of all our human resources in respect of compliance with GDPR. Thids includes the issue of contractual and procedural documentation, as described above, as well as the implementation of training for all relevant members of staff.
Training is provided directly by SYS3 Limited to enable employees and contractors to operate consistently.
Risk Assessment
SYS3 Limited has run a GDPR audit to determine that our physical office environment, our IT systems, our personnel, our policies and our practices conform to the standards of the General Data Protection Regulation.
We operate a formal incident management process to identity, contain and recover from a data breach, should one occur. Our employees are trained to report any suspicious of data breach to our Data Protection Officer in line with our Data Protection Policy.
YOUR PERSONAL INFORMATION
Why we process your personal information
In the course of transacting with us you may be required to provide personal information to include: your name, address, telephone number, email address, and any feedback you give to us, including by phone, email, post, or when you communicate with us via social media.
Your personal information may be used by us to:
YOUR RIGHTS
Access and correction
You have the right to access the personal information that we hold about you in many circumstances. This is sometimes called a “Subject Access Request.” If we agree that we are obliged to provide personal information to you (or someone else on your behalf), we will provide it to you or them free of charge.
Before providing personal information to you or another person on your behalf, we may ask for proof of identity and sufficient information about your interactions with us that we can locate your personal information.
If any of the personal information we hold about you is inaccurate or out of date, you may ask us to correct it. If you would like to exercise these rights, please contact our Data Protection Representative, Nina Doherty, at nina@sys3.com
Right to stop or limit our processing of your data
You have the right to object to us processing your personal information if we are not entitled to use it any more, to have your information deleted if we are keeping it too long or have its processing restricted in certain circumstances. If you would like to exercise this right, please contact our Data Protection Representative, as detailed above.
How long will you keep my information?
We will retain a record of your personal information only for as long as it is necessary to do so. Our objective is to provide you with a high quality and consistent service. We will always retain your personal information in accordance with law and regulation.
OUR SUPPLIERS AND THIRD PARTIES
Qualifying the compliance of suppliers and third parties is essential to establishing our own Statement of Compliance with GDPR. Should any suppliers or third parties with whom we share personal information – either as data controllers or data processors – fail to evidence conformity to the requirements of GDPR (or fail to ameliorate their non-conformity under notice) we will terminate our relationship with them.
Our current key suppliers/third parties in the context of personal information data processing have documented evidence of their compliance with GDPR.
PHYSICAL SECURITY
SYS3 Limited commits to protecting data through appropriate physical measures, these can be broken down into:
Premises Access Control
Access to our office environments is physically controlled during business hours. Our premises are alarmed and list of keyholders held at all times.
Server Access Control (Physical)
Server, routers, and other business critical equipment is stored securely within each premises.
Server Access Control (Digital)
Remote access to servers is carefully managed and monitored with enhanced security protocols in place.