This General Data Protection Regulation (GDPR) Statement, should be read in conjunction with the Datacom Group Privacy Policy, applies to all EU Data Subjects (as defined below).

The following definitions are used in this GDPR Statement:

Controller – where Datacom directly collects Personal Information from EU Data Subjects. Please refer to our Privacy Policy.

Customer – the counterparty to a Service Agreement with Datacom who has received consent from EU Data Subjects to collect and process their Personal Information.

EU Data Subject – living individual residing in a European Union Member State, including the United Kingdom.

GDPR – Regulation (EU) 2016/679 of the European Parliament and Council, and all applicable data protection and privacy laws, and regulations in any EU Member State or nation within the European Economic Area.

Legitimate Interest – the legal basis under GDPR for collection of Personal Information.

Personal Information – any Personal Information as defined in the Datacom Privacy Policy of an EU Data Subject.

Processor – where Datacom processes Personal Information on behalf of a Customer under Service Agreements for the provision of IT services. Please refer to our Privacy Policy.

Service Agreement – any written contract, any written statement of work, or any other written binding agreement between Datacom and the Customer.

1. Legal basis for collection of Personal Information of EU Data Subjects

Datacom collects, uses, stores and transfers Personal Information to manage its relationship with its Customers, employees, business partners and other third parties (“covered individuals”) and better serve covered individuals by personalising their experience and interaction with Datacom. Such processing is done in compliance with applicable laws, Service Agreements, including appropriate notice and consent.

2. EU Data Subject rights

Datacom, as a collector that stores and processes Personal Information as stated in our Privacy Policy, understands the rights of EU Data Subjects. Subject to identity verification and depending on the processing activity we are undertaking, EU Data Subjects have a right to:

(a) Request that we provide you with a copy of Personal Information that we collect,to be informed of the source of your Personal Information, the purpose of collection and legal basis, as well as the processing methods used by Datacom and to whom your Personal Information may be transferred.

(b) Request that we correct inaccurate Personal Information. We may seek to verify the accuracy of the Personal Information before correcting it.

(c) Request that we delete your Personal Information when it is no longer needed for the purpose under which it was collected or you withdraw your consent to use (subject to our legal obligations for retaining historic records).

(d) Ask us:

  • To restrict your Personal Information, where the Personal Information is not accurate or unlawfully processed, or it is no longer needed for the purpose under which it was collected. We will only continue to use your Personal Information where we have your consent or to protect the rights of covered individuals or exercise legal rights
  • To provide your Personal Information to you in a readable format or have it transferred to another party for automated processing under consent or Service Agreement. 

(e)  Object to any processing of your Personal Information which has our Legitimate Interests as its legal basis, if you believe your fundamental rights and freedoms outweigh our Legitimate Interests. You can also request that we change the manner in which we contact you for marketing purposes or you can remove yourself from our marketing lists.

We may not always be able to fully address your request, for example, if it would impact the duty of confidentiality we owe to others, or if we are legally required to retain Personal Information, or we are entitled to deal with the request in a different way.

3. How you can access, correct, update, restrict or delete your Personal Information

If you wish to access, correct, update, restrict, or delete Personal Information that we hold about you, please write to us using the contact details set out in our below. 

4. Processing and sub processing Personal Information on behalf of Customers

The details of the Personal Information that will be processed by Datacom on behalf of a Customer, including the duration, purpose and categories of Personal Information, will be set out in a Service Agreement with the Customer for authorisation to process Personal Information. Datacom will create and maintain records of the processing of the Personal Information. By signing the Service Agreement, the Customer authorises Datacom to process or to subcontract the processing of personal data to a third party and confirms that consent has been obtained from the EU Data Subjects.

5. Personal Information transfers

Personal Information from EU Data Subjects will only be transferred outside of the European Economic Area in accordance with the provisions and protections within the GDPR. Datacom uses a variety of lawful data transfer mechanisms for this purpose, including EU Standard Contractual Clauses (SCC). 

Datacom has an intragroup agreement on the transfer and processing of Personal Information within the Datacom global group which has the EU SCC incorporated. This agreement allows Datacom to ensure that Personal Information, including Personal Information originating from the European Economic Area, which is transferred cross-border and processed by other Datacom entities, including those located outside the European Economic Area, is adequately protected in accordance with the GDPR.

6. Children’s privacy

Datacom does not knowingly collect information from children as defined by local law and does not target its websites and services to children. We encourage parents and guardians to take an active role in their children’s online activities and interests.

7. Notification of changes

We may update this GDPR Statement from time to time. If we do, we will post the revised version, with an updated revision date.

8. Questions and Datacom representative

Any questions or complaints concerning this GDPR Statement or in relation to any Personal Information can be raised with the Datacom privacy officer at the contact details set out in the Datacom Privacy Policy, or alternatively please contact Mr Ian Charlesworth, Datacom’s representative based in the UK.

Last review: 23 June 2020

Datacom Group