Cookies & Privacy Policy
-
Version
This is version 2018.1 of the policy. It is effective as of 23rd of May 2018 and supersedes all previous versions.
-
Terms
- DPA
- means the Data Protection Act 1998
- GDPR
- means the General Data Protection Regulations which come into force in the EU in 2018
- PID
- means personally identifiable data as defined under the terms of the GDPR
- We, Us, Our
- means Openstrike
- You, Your
- means the person reading this document and/or the organisation(s) which they represent
-
Controller
The Data Controller is Openstrike and the Data Protection Officer for Openstrike is the proprietor. The Data Controller may be reached by sending a plain text email to gdpr_processing@openstrike.co.uk with subject line "FAO: Data Controller".
-
Accuracy
By agreeing to this policy you warrant that any PID provided by you is correct at the time of provsion and will be maintained by you in a timely manner for the duration of its retention.
-
Purpose
The PID is retained for the purpose of supplying you and/or your colleagues and/or your organisation with goods and/or services. If you have no interest in our goods and/or services then you should not provide your PID to us in the first place.
The PID may also be used for logging and auditing of communications. Communications to and from us may be recorded in whole or in part and if that includes various PID then such data will also be retained.
-
Data Retention
PID will be retained by us until
- it is no longer a legal or operational requirement for us to retain it AND
- you request its removal OR
- we deem it to be obsolete
Obsolescence times for data categories are as follows:
- 48 months: communications metadata
- 90 months: sales/purchase data
- 360 months: everything else
-
Data Sharing
PID provided to us may be further disseminated by us in the following circumstances only
- As legally required by any statutory body
- As required by our suppliers in fulfilment of your purchases. These suppliers may be: couriers, certificate authorities, domain registries or registrars, hosting service providers, banks or other payment processors, etc.
- As required by our appointed auditors and accountants
- To you or your agents or to any person reasonably purporting to be you or your agents as part of a data subject request
-
Locations
PID will be stored by us in the United Kingdom only. If shared with other parties as above this restriction may no longer apply.
-
Amendments
You must inform us immediately via our automated systems once you become aware of any PID which you had previously provided to us and which has changed. If you are unaware of the correct automated system to use for this process you may contact us via email on gdpr_processing@openstrike.co.uk
If we become aware of incorrect, invalid or outdated PID relating to you we will contact you to ascertain the validity of the data and then make corrections to the data held as applicable. We may make these changes if you are uncontactable and we have reasonable grounds to suspect that the changes are warranted.
-
Data Subject Requests
You may request a full report of your PID which we hold at any time by writing to the data controller as directed above.
-
Data Excision Requests
You may request a full excision/redaction of your PID which we hold at any time by writing to the data controller as directed above.
-
Supervisory Authority
The supervisory authority for the protection of your PID is the Information Commissioner’s Office (ICO). If you have any complaints regarding the protection of your PID you may lodge a complaint with that office.
If you object in whole or in part to the principle or the implementation of the GDPR and you are an EU citizen please contact your MEP. If you are not an EU citizen then please contact the President of the European Commission.
-
Breach Reporting
Any breach or suspected breach of our systems, premises or records resulting in the potential compromise of PID will be reported to the Supervisory Authority within 48 hours of its detection.
Similarly, any breach or suspected breach of your systems, premises or records resulting in the potential compromise of PID should be reported to us and to the Supervisory Authority by you within 48 hours of its detection.
-
Cookies
This site does not offer any cookies to visitors unless and until they use the log in facility.
Visitors who do log in will be offered 2 cookies for their authentication and must accept these cookies if they wish to authenticate. They will also be offered a further cookie to manage the session status - accepting this is optional but can enhance the user experience. They will also be allowed to request 3 further cookies which will store their log in preferences but these must be actively requested, being entirely opt-in.