Last Updated: 2019-07-01
'We' or 'Goldbyte' refers to Martin Falkus and the collection of services personally offered to you by Martin Falkus from goldbyte.co.uk
'You' refers to any user(s) and customer(s) of our services
If you are a visitor and not a customer of ours, providing your personal data to us is not a contractual requirement. You can choose not to provide this information; however, you might not be able to gain access to our information, services or products.
Roles and Responsibilities
When placing an order with us you enter a contract with us to become a customer of ours. In this scenario Goldbyte has the legal basis to become a controller of the necessary personal data we are required to collect from you in order to provide you with the service you ordered, collect payment and keep you notified of renewals etc.
We are only data controllers of our own customers' data. Goldbyte has the role of data processor when our customers use the products we provide to them to run their own services. Our customers are data controllers when using our products to provide their own services to their own users.
All our systems collect data for robust breach detection, investigation and internal reporting procedures so we can prevent and detect breaches and keep a record of them if they were to occur.
Within 72 hours of becoming aware of a personal data breach we will notify the UK's ICO and if this is of high risk of adversely affecting individuals’ rights and freedoms we will notify those individuals.
If one of our sub-processors notify us about a breach that impacts our customer's data we will notify them.
Goldbyte does not control how our customers process data, configure their applications, and so on. It is up to the customer to maintain high security standards for the applications they configure and we require this in our Terms of Service.
You bear sole responsibility for maintaining the security of any environments maintained under your account(s). You are solely responsible for ensuring compliance with any and all applicable privacy guidelines and regulations for all jurisdictions in which you may operate with respect to appropriate practices for the collection, storage, and dissemination of personal information using your Goldbyte service. In no event shall Goldbyte be held liable for your failure to adopt and/or practice appropriate measures for safeguarding personal information stored within or transmitted through your Goldbyte service.
What Type of Personal Data Do We Collect about You?
|Type of Personal Data||Purpose(s) for Processing||Legal Basis for Processing|
Identity Data includes first name, last name, company name, email and username, and passwords (hashed).
Contact Data - includes billing/delivery address, email address and telephone numbers.
Financial Data - Card details, bank account and other payment details are collected and used by our third party payment providers on their own servers only, our servers do not come into contact with these details.
This is for purposes of completing your purchase with us so we can provide you with the service you ordered from us.
We will keep records of all our contact with you via email to aid support.
|Processing is necessary for the performance of a contract or to enter into such a contract with you.|
Marketing and Communications Data - includes your preferences in receiving marketing from us via email and your communication preferences.
Sending you news, information and special offers by email. We record a detailed log of all consent changes. You can opt in and out at any time via your client area.
|Your consent – which you can withdraw at any time from your self-service client area.|
Data you choose to host with us using our products
Usage Data includes information about how you use our website, products and services.
We do not use the data you host with us for any other purpose than to fulfil the contract you have with us and for us to meet our own legal requirements. The data is yours, you are responsible for it and you are the controller of all your own data.
For support purposes, when you request support you give permission for us to view your data e.g. for diagnosing call scenarios that do not appear in the dashboard database as expected. We can impersonate your portal login when you request us to support you. We automatically scan your data for security and legal issues.
Transaction Data - includes details about payments to and from you and other details of products and services you have purchased from us.
We require to collect payment from you in order to provide you with the product you ordered.
We require to store transaction logs for us to legally complete tax returns and financial record keeping.
Processing is necessary for the performance of a contract or to enter into such a contract with you.
The processing is necessary to comply with legal and regulatory obligations.
Technical Data - includes internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this Website, Requested pages, Referring Page, and other information which identifies your machine.
Logging includes client area access, intrusion prevention and web application firewall, access logs, error logs.
We are legally obliged for all our systems to collect logging and diagnostic data for robust breach detection, investigation and internal reporting procedures so we can prevent and detect breaches and keep a record of them if they were to occur.
When someone visits our websites we use a third party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website. Our use of Google Analytics makes use of IP Anonymization and we do not transfer any personally identifiable information, we do not use advertising integration.
The processing is necessary to comply with legal and regulatory obligations.
The processing is necessary to support our legitimate business interests.
When will we contact you?
As part of your contract with us we will contact you regarding updates to the services you have with us. This includes renewal and billing reminders, notification of maintenance and security issues, updates about changes to your products.
If you open a support ticket or email us we will contact you regarding this and notify you when the ticket you opened is closed.
All our billing is paperless, so you will receive invoices and receipts via email.
You will not receive updates and marketing about products you have not purchased unless you have opted in to join our mailing list.
Data Retention Policy
Customer Data - on termination of contract, when you become an inactive customer with no active products or invoices, we retain customer data in our web based systems until the following tax year's tax return is completed by us unless it is requested for us to delete this sooner.
Backups of data - We keep backups over the past 3 months to help us to restore any of your services in the event of a disaster caused by you or by us. We can erase individual accounts from our historical backups on request if they need to be erased sooner.
Analytics and logs of activity - We keep logs for at least the past year to help us comply with our legal obligations to prevent data breaches and to monitor usage. We cannot erase logs on request and by using our services you agree your usage will be logged.
Financial Records - We must legally keep financial records for 6 years from the end of the last company financial year they relate to. On termination of a contract we do not erase personal data from our financial records until after this time, but we do erase it from our web based systems.
Managing Your Data
Access and Rectify - You can access and rectify the majority of your personal information from our self-service client area. Anything you cannot see there you can contact us and we will be able to update records on your behalf and provide you with an export.
Erasure - We will respond to all requests to erase data within one month, this will come with no fees unless it is unfounded or excessive. If you contact us and no longer want your details on record, we can erase these records on request. If you wish to terminate your contract with us we will erase data according to our data retention policy, but can do this quicker on request. Some data, such as financial records, we are legally obliged to keep for longer.
Security and Integrity of your Personal Data
You will keep your data up to date via your self-service portal. If we learn of any changes we will update your account accordingly to keep your details up to date.
We will never request your password, you should never pass on your password to anybody, only you are permitted to sign into your Goldbyte services with your password.
Your personal information will be transmitted over an secure encrypted connection when you use our portal and other services from us.
All our own servers and backups are located in the UK.
We only partner with third parties to reliably deliver the services you purchased, we do not use third parties if it is not necessary for the product you have purchased.
We only use third parties who sub-process personal data who meet our data protection and compliance requirements for us to be compliant ourselves.
Essential; i.e. required to make the website work
Login session cookies for our client area. These cookies identify you as being logged in to the secure parts of our website for the duration of your visit. Our secure areas will not work unless cookies are enabled.
Non-essential; i.e. that aren’t needed to make the website work
Amendments to this document
We aim to notify you via email of amendments made to this document, if you disagree with any changes made you will be permitted to request a termination of your account.