Effective 3rd May 2018

Spheroid (UK) Ltd t/a Compubits offers IT support, consultancy and related products and services (“Services“) through its website (“Websites“).

This policy describes what personal information Compubits collects, why it is collected, and how it is used. It applies to personal data and other information collected by us from or about prospective clients, current clients (“Clients“), and visitors and users of our Websites.
By using or continuing to use our Services or Websites, you consent to the processing of your data within the terms of this Privacy Policy.

Information we collect

Personal information provided by you

When engaging with Compubits through our Websites or other means, you may be invited to provide personal information that you may elect to provide. Examples of these engagements include, but are not limited to, filling out a web form to request additional information about our services, completing a survey, asking a question, contacting us through a web chat, providing feedback, or commenting on a blog. Personal information may also be collected by us when you send us an email, call us on the phone, send us a text, message us through social media platforms, or any other means you may choose to communicate with us. If you choose to become a Client of our service, you will be required to provide some basic personal information on our order forms. Our order forms indicate data that is required or optional. In these interactions with you, we may collect the following information about you or other members of your organization that you elect to provide:

  • Name
  • Title
  • Phone numbers
  • Email addresses
  • Mailing address
  • Account login credentials
  • Security questions and answers
  • Billing and Payment information
  • Time zone
  • IP Address
  • Feedback, testimonials, comments and notes that you may provide
  • Customer support inquiries
Other data Clients process and store with us

As a service provider, Compubits stores and processes data (“Client Controlled Data”) as directed by its Clients. For example, Clients of our spam filtering service configure the “MX records” on domains they control to route email through the filtering service so that we can filter out spam messages for them. To cite another example, Clients of our managed hosting service control what content and emails they store on our servers. Clients’ ability to control the Client Controlled Data we store and process for them is limited by the capabilities of the Compubits Services they are subscribed to, the associated Terms of Service of the subscribed Services, and applicable laws for the handling of the data they control.

Website visitor information

When you visit our Websites, our web servers automatically log data about your visit, including your IP address, browser type, operating system, geographic location, the pages you visited, the website that referred you, the date, time and length of your visit and any other data that your browser may have provided. If you choose to provide additional personal information to Compubits during a visit to our Websites or by email, your IP address may be used to link this additional personal information to the website visitor data that we collect, which means your website visits may not be anonymous to us. See the “Cookies and third party tracking technologies” section of this policy for additional methods we use to collect website visitor information.

How we use your information

Personal information collected will only be used in a manner consistent within the context it was collected, unless specific and clear consent is given by you to use the data for purposes beyond the original purpose it was collected for.

To provide Services to Clients

Personal information provided directly by Clients (excluding Client Controlled Data as defined above) is used to provide Services, provide Client support, bill for Services, provide Clients information on using our Service, notify Clients of issues with our service, improve our Service, and keep Clients informed about our service offerings. If Clients choose to provide additional personal information beyond what is required, this information will only be used to enhance the Client’s experience unless the Client provides consent to use the data for other purposes.

To send communications to our Clients

If you are a Client of Compubits, we may occasionally contact you about billing, issues related to your service, and information about new services we offer. In order to stop receiving these communications, you can either change the contact information on your account profile or cancel your account with us by sending us your written instructions. We also give customers the option to subscribe to optional communications that allow them to get service status updates and feature updates. Customers can subscribe or unsubscribe to these notifications by sending a request to support@compubits.com to be excluded from specific Client communications. Depending on what types of Client communications you want to stop, it may require us to discontinue all outbound communications with you to accomplish your request.

To communicate with prospective clients

lf you have requested information about our services, we may occasionally contact you about our service offerings. If our communication to you was sent by email and an unsubscribe link is not included, you may simply respond with an opt-out request. You may also opt out of phone calls or other contacts by simply letting us know that you are no longer interested. You may also send a request to support@compubits.com to opt-out of these communications. Please allow up to 2 business days for us to remove you from our contact lists.

Use of Client Controlled Data provided by Clients

Client Controlled Data (as previously defined) that is controlled by our clients is only used in accordance with the instructions of our Clients and within the limitations of subscribed Services and Terms of Service. Upon request, Compubits will provide Clients a data processing addendum that is compliant with EU General Data Processing Regulations which amends the agreement (or Terms of Service) between Compubits and the Client and governs Compubits’ processing of client data. Regardless of whether clients choose to sign this data processing addendum, Compubits will follow the principles for protecting data privacy as specified in the addendum when acting as a data processor to handle data on behalf of its clients.

To analyze and improve our Websites and Services

Compubits uses website visitor data to track the effectiveness of our advertising, to improve website compatibility with devices and browsers, identify and block malicious accesses to our websites, and measure traffic levels in order to maintain proper server capacities.

Cookies and third party tracking technologies

Compubits uses the following technologies to improve your experience and our business:

  • Cookies: If your web browser allows it, we use cookies to track certain information about you and the status of your current website visit. Examples of information stored includes, but is not limited to, preferences you selected, the source that brought you to our site, and whether or not you are signed in as a customer. Cookies may be required for portions of our website and service offerings to function properly.
  • Third party tracking technologies: We may sometimes embed third party tracking technologies in our website pages to track visits to our website. These third parties may also use cookies. These third party service providers assist us in better understanding our site visitors and are not permitted to use the information they collect on our behalf except to help us analyse our website traffic and improve our business.

Disclosure of personal information

Compubits does not disclose your personal information to third parties except in the following cases:

  • For legal or safety reasons: We reserve the right to disclose personal information if we have reason to believe, in good faith, that one of the following conditions are met: (1) we have a legal obligation to do so, (2) it is necessary to protect our rights, (3) to investigate fraud, (4) in response to lawful requests by public authorities, including to meet national security or law enforcement requirements or (5) it is in the interest of our safety, your safety, or public safety.
  • Merger or acquisition: In the event that Compubits is involved in a merger or acquisition that requires us to transfer personal information to a new entity. In such a case, the new entity will be bound by the same terms of this privacy policy in relation to your personal information that we collected prior to the merger or acquisition.
  • Service providers: With third party service providers that act as agents on our behalf (also known as sub-processors) that assist us in our business activities. These service providers are only authorized to use personal information that is necessary to provide services to us and Compubits remains liable to ensure that they provide the same level of protection as this Privacy Policy. The types of third party service providers and the purposes they serve are as follows:
    • PCI compliant payment processors for processing Client payments.
    • Email services for CRM use: Our primary CRM email system is self-hosted, but a backup copy of our email is stored with an email provider for backup use.
    • Co-location facilities: Our server hardware is co-located in secure data centers that have implemented strict access controls. Data center personnel are only authorized to access our servers under our direction.
    • Outsourced hosting: Most of our Services are hosted on hardware that we own, but we do sometimes outsource the hosting of some Services that we provide to meet the needs of our Clients and our business.

Updating or deleting your personal information

If you are a Client of Compubits, you may send a request to support@compubits.com. Requests will be denied if the data in question is required for our financial accounting or legal purposes or where the burden or expense of providing you access would be disproportionate to your privacy risks, or where the rights of other persons would be violated. In addition, our ability to process your request will be subject to our ability to confirm your identity. Requests that are allowed will be processed in a reasonable amount of time, usually less than 3 business days, but no longer than 30 days. Data that is updated or deleted from our live databases may still exist in its original form in our backups.

If your personal information was stored on our servers by one of our Clients, where our Client is the data controller and we are only the data processor, we will forward your request to our Client. Our Client’s handling of your request will be subject to any terms of service or contracts that you have with our Client.

Data security

We have implemented reasonable measures to protect against unauthorised access of personal information. Examples of methods we use are:

  • The use of strong SSL and TLS encryption for the transmission of personal information.
  • The use of both hardware and software firewalls to protect our servers from unauthorised access.
  • Providing ongoing training to our employees on the methods and tools we use to protect your information.

Protection of children

Our Websites and Services are all directed to people who are at least 13 years old or older. In compliance with the relevant GDPR requirements, we will not knowingly collect data from anyone under 13 years of age.

Links to Third Party websites

Our Websites includes links to third party websites. These third party sites have separate and independent privacy policies. We therefore have no responsibility or liability for the content and activities of these linked sites. Nonetheless, we seek to protect the integrity of our site and welcome any feedback about these sites.

Privacy Shield notice

Compubits will verify third-party compliance with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by theU.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States.

Privacy Principles

Compubits has certified to the Information Commissioners Office that it adheres to their Privacy Principles. We adhere to all Privacy Principles, including the principles of Notice, Choice, Accountability for Onward Transfers, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability as described below.

Notice

The purpose of this privacy policy is to notify and informs individuals about our obligations and their rights in accordance to the GDPR framework. Notice of this Privacy Policy is provided to individuals when individuals are first asked to provide personal information or as soon thereafter as is practicable. In any event, notice of our Privacy Policy will be provided before we use information or disclose information to a third party for a purpose other than that for which it was originally collected or processed. When we process Client Controlled Data on behalf of our Clients, the Client will be responsible for providing the appropriate notices and choices for personal information that is under their control.

Choice

Your personal information will not be shared or sold to third parties except as necessary as described in the “Disclosure of personal information” section of this policy. We offer individuals the opportunity to choose by either providing consent or opting out before their personal information is disclosed to a third party or used for a purpose that is materially different from the purpose for which it was originally collected. Individuals are given clear, conspicuous, and readily available mechanisms to exercise their choice. We currently do not collect information considered sensitive, but if we later decide to do so, we will obtain affirmative express consent (opt in) from individuals if such information is to be disclosed to a third party or used for a purpose other than those for which it was originally collected. In addition, we will treat as sensitive any personal information received from a third party where the third party identifies and treats it as sensitive.

Accountability for Onward Transfer

Compubits remains accountable and liable for all onward transfers of personal information to third parties in accordance with the GDPR framework. The type of third parties to which we disclose personal information to and the purposes for doing so are listed in the “Disclosure of personal information” section under the “Service providers” subheading of this policy.

Security

We take reasonable and appropriate measures to protect personal information from loss, misuse and unauthorised access, disclosure, alteration and destruction. For more information, see the “Data security” section of this policy.

Data Integrity and Purpose Limitation

We limit the personal information collected to that which is relevant to our business and use personal information in a way that is compatible with the purposes for which it has been collected or subsequently authorised by the individual. To the extent necessary for those purposes, we take reasonable steps to ensure that personal data is reliable for its intended use, accurate, complete, and current. Personal information is retained only for as long as necessary for processing or for statistical analysis or another approved purpose.

Access

Individuals have the right to know what personal information we are storing about them and to ensure it is accurate and relevant to the purposes for which we collected it. Upon request, we can provide access to the personal information that we store about you and, will take reasonable steps to give you access to correct, amend, or delete information that is inaccurate, subject to the limitations outlined in the “Updating or deleting your personal information” section of this policy.

Recourse, Enforcement, and Liability

We are committed to resolve your complaints about your privacy and our collection or use of your personal information. If you have a complaint, please contact us either by email at support@compubits.com or one of the following methods:

Through the Postal Service:
Spheroid (UK) Ltd t/a Compubits
138 Pinner Road
Harrow, Greater London,
HA1 4JE
UK

By speaking with a member of our support team:
020 8893 5555 (From within the UK)
+44 208 893 5555 (International callers)

If you are a resident of the EU/EEA or Switzerland and have a complaint that we have been unable to resolve for you, you may contact data protection authorities as follows:

  • EU/EEA residents may contact the EU Data Protection Authorities. For more information, visit the European Commission website (https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights- citizens/redress/what-are-data-protection-authorities-dpas-and-how-do-i-contact- them_en&sa=D&ust=1524518978541000).
  • Switzerland residents may contact the Swiss Federal Data Protection and Information Commissioner (https://www.edoeb.admin.ch/edoeb/en/home/the- fdpic/contact.html&sa=D&ust=1524518978541000).

Other Terms and Conditions

Services offered by Compubits are subject to this privacy policy and the Terms of Service associated with the offered services.

Changes to our Privacy Policy

This privacy policy may change from time to time. The effective date at the top of this policy will be updated when the last change to this policy was made. By continuing your use of our website and services you consent to this privacy policy and modifications made to the policy.

Questions or concerns

If you have questions, comments or concerns regarding this policy, you are welcome to email us at support@compubits.com and you will receive a prompt reply, usually within 2 business days. You may also contact us using the information below:

Through the Postal Service:
Spheroid (UK) Ltd t/a Compubits
138 Pinner Road
Harrow, Greater London,
HA1 4JE
UK

By speaking with a member of our support team:
020 8893 5555 (From within the UK)
+44 208 893 5555 (International callers)