Privacy Policy

Direct Support Limited understands our customer’s concerns over the privacy of Personal Data you may submit to us during the use of our services.

This policy provides you with information about what types of information is collected, what tracking takes place, how we use the collected information and with whom we share the information.

By providing Personal Data to Direct Support Limited during the course of any services we provide to you, you agree to the terms and conditions of this policy.

The information we collect.

Personal Data is anything which identifies you as an individual, either on its own or by reference to other information. We may collect the following Personal Data from you when you use our services:

● Information such as name, address, email address or contact number which are collected to support the transactions carried out between you and us on or in relation to the service or product offered

● Information you may enter or exchange on to our company systems in order to allow us to conduct our services. This may include our online helpdesk, forms, project documentation, contracts and emails.

● Technical information about your systems which we setup, manage or plan to deploy

● System passwords in order to complete the works we are employed to carry out. All system level documentation is stored in on online password manager which is encrypted and protected by MFA.

● We work with third parties such as business partners, sub-contractors, advertising networks and analytics providers and may receive information about you from them

● We may also obtain information about you that is in the public domain, for example contact details presented on the websites of potential customers.

● Any other information that you choose to send to us

How we use the Personal Data we collect

Personal Data submitted to us via any of the means above will be used for the purposes specified in this privacy policy.

We will use the Personal Data for the purpose of:

● answering any enquiry you raise

● to deliver agreed products and services to you

● to facilitate your use of our support/customer portals and the services available through it

● delivering and supporting the services to which you subscribe, including notification of service status updates

● administering your customer account, and to support other general business activities

● sending you marketing communications (for which you have opted-in)

● administering and enhancing our service provisions

● improving our service to you

● satisfying legal or regulatory requirements

● supporting the proposed or actual sale, merger or transfer of all or a portion of our business; and/or as otherwise described in this policy.

The duration for which we retain the Personal Data will differ depending on the type of data and the reason why it was submitted. However, in some cases Personal Data may be retained on a long-term basis: for example, if you subscribe for services with us, basic Personal Data about you will normally be retained for so long as you receive those services from us. Personal Data that we need to retain for legal purposes will normally be retained for at least six years, in accordance with usual commercial practice and regulatory requirements.

Disclosures

We may disclose information about you to other organisations who provide specific business services to us.

Such organisations (listed below) are required to handle your Personal Data in accordance with applicable laws related to privacy and data protection. The processing of any Personal Data by the organisations will be explicitly defined within contractual terms.

Service providers – organisations who require your Personal Data in order to deliver the business services to which you subscribe to through Direct Support Limited and/or its partners.

Financial Services organisations - used to support the financial processes that we perform. For example, these include credit checks against prospective customers, to ensure we are not exposed to unnecessary financial risk, and BACS to facilitate those customers paying via Direct Debit.

Payment Gateways – used to facilitate the payment for services. The organisation will only have access to the Personal Data you provide directly to them when you make a credit card or electronic payment. We will not collect or store credit card or electronic payment details. If we issue you a payment via direct bank transfer such as BACS, our banking system may securely store your details for the purposes of future transactions.

General Service providers – who provide specific, ad-hoc services to us. For example, Courier services, Backup Providers, CPD and teaching services, event planners etc

Cloud Service Providers - who host bespoke business applications that allow us to improve the efficiency and effectiveness of our general business activities. Including but not limited to; Helpdesk Platform, Email and Doc Storage Facilities and Remote Backup facilities.

Auditors - used to validate our compliance with the Vendor’s contractual Terms and Conditions. For example, Personal Data (email address) may be used to confirm our licence management procedures are correct.

Transaction Manager / Prospective Purchasers – Personal Data may be used to validate the business performance, customer volumes declared by us as part of a sale or merger.

Other persons or organisations permitted or required by applicable law or regulation.

Except as provided in this privacy policy, we will not disclose Personal Data to any other category of organisation.

International data transfer

Information that we collect may be stored and processed on systems we use to run our business. All documents and email are stored on servers in the European Economic Area.

We will only transfer Personal Data when satisfactory safeguards are in place.

We will only transfer data to/use systems that comply with GDPR as required with any international company trading with customers within the European Economic Area.

Your rights

You have the right to:

● request confirmation whether we hold your Personal Data and, if so, to access that Personal Data. We will inform you of the purposes for which the Personal Data is processed; the categories of the Personal Data processed; whether your Personal Data has been disclosed and the categories of recipient of the disclosure; whether your Personal Data has been transferred to another country or international organisation; the expected period for which the Personal Data will be stored. If we did not obtain the Personal Data directly from you, we will also inform you of the source. We may withhold such Personal Data to the extent permitted by law.

● request correction of the Personal Data we hold.

● request erasure of your Personal Data, subject to any legal obligation to which we are subject or where the processing of the Personal Data is for the establishment, exercise or defence of legal claims. We will accept your request for erasure where we have a legal obligation so to do, acceptance of such a request is otherwise at our discretion. Please be aware that the erasure of your Personal Data may affect our ability to provide the services associated with it to you and in some cases our acceptance of an erasure request may require your account to be closed and services terminated.

● restrict processing of your Personal Data where you contest the accuracy of the Personal Data we hold, consider our processing to be unlawful, consider that we no longer need the Personal Data but it is required by you in relation to a legal claim or where you have objected to our processing in accordance with your legal rights, provided in each case that we shall only be required to apply such restriction where we have a legal obligation to do so and until the issue giving rise to the restriction is resolved.

● withdraw any consent that you have previously given to our processing of your Personal Data.

● receive the Personal Data you have provided to us. We may withhold such Personal Data if it adversely affects the rights and freedoms of others.

● object to the processing of your Personal Data, for example the use of your Personal Data for direct marketing purposes.

If you opted to receive any communications from us, but subsequently change your mind, you may opt-out at any time by emailing us on the provided email address for instruction on what to do next. You can email compliance@directsupport.co.uk - alternatively, you may unsubscribe from any emails you have received by replying to the email with the word OPT-OUT in the subject line.

While we will restrict the processing of your Personal Data in line with your request, we may add your Personal Data (name and address) to a ‘suppression list’ to ensure we do not send any communications in the future.

Children

We will never knowingly collect Personal Information from minors (children under 16 years of age, or any other age defined under applicable law). If we become aware that a minor is attempting to or has submitted Personal Information via this Site, we will notify the user that we will not accept his or her Personal Information. We will then remove any such Personal Information from our records.

Due to our works within the Education Sector, it is possible our team may be in involved in processing data across appropriate systems. We will ensure we do not store the information past the requirement, by deleting any information from our systems as soon as it is processed. We will only act on this type of data if instructed directly by an authoritative member of staff at your organisation.

Updating information

Please let us know if the Personal Data which we hold about you needs to be corrected or updated. Failure to inform us of a change to your Personal Data may result in the suspension, or withdrawal, of your subscribed services.

Third party websites / publishers

At times, our website or digital communications which we share with you may contain links to other websites or publishers. We are not responsible for the privacy policies or practices of third parties. We recommend that you make yourself familiar with the privacy policy for any third-party website or material you visit.

Questions about this Privacy Policy

If you have any questions about this Privacy Policy or our treatment of your Personal Data, please contact us by writing by using the email address compliance@directsupport.co.uk or call us on 020 8892 6862.

In the unlikely event that you have a complaint about our treatment of your Personal Data, it will be dealt with in accordance with our complaints handling procedure. You should email compliance@directsupport.co.uk and we will respond to you within 28 days.

If you are dissatisfied with this response you may request that your complaint be escalated, in which case it will be escalated to a Director who will review your complaint and the initial response and provide a further response within 28 days of your request to escalate the matter.

If we are unable to resolve your complaint, you may make a complaint to the Information Commissioner’s Office. Please see https://ico.org.uk/ for more information.

Whilst this privacy policy sets out a general summary of your legal rights in respect of your Personal Data, this is a complex area of law, and this privacy policy is not intended to represent legal advice. More information about your rights in respect of your Personal Data can be found on the Information Commissioner’s website at https://ico.org.uk

Data controller

The data controller responsible in respect of the information collected on any of our systems is Direct Support Limited, 5 The Mews, Bridge Road, Twickenham, TW1 1RF

Policy amendments

We may update this privacy policy from time-to-time by posting a new version on our website. We recommend that you check this page regularly. Continued use of any services offered by Direct Support Limited will indicate your acceptance of any changes.

Opt-outs

If you opted to receive any communications from us, but have subsequently changed your mind, you may opt-out at any time by emailing us at compliance@directsupport.co.uk