This policy also explains your rights in relation to your personal information.
Who we are
If you are a client of our business and receive services from us then we will be the data processor for any personal information that we may process on your behalf and we will access, store, retain, and process personal information in accordance with the terms of the services agreement between you and us.
What this policy covers
We will process the personal information you provide us with in adherence with all Scottish data protection legislation. These laws include the EU General Data Protection Regulation for as long as it applies to the United Kingdom and the Data Protection Act 2018.
How you consent to us collecting or processing your personal information
If you do not click or select the “I Agree” button that appears in the overlay at the top of your screen then we will endeavour to not collect your personal information.
If you receive services from us then we will process personal information on your behalf in accordance with the terms of the service agreement between you and us. The types of personal information that we process and the duration of that processing will vary on a case-by-case basis.
Information we may collect
You may give us personal information about you by filling in forms on our website or by corresponding with us by phone, e-mail or otherwise. This includes information you may provide to us when you subscribe to our services or enquire into our services.
If you are not one of our client’s then, depending on how you contact us, we may ask you to provide us with your:
- Full name;
- Postal address;
- Landline and/or mobile number;
- E-mail address; and
- IP address.
If you are one of our client’s then the type of personal information that we may process on your behalf varies depending on your business and the services that you have asked us to provide. However, broadly speaking, we may process the following personal information on your behalf:
- E-Mail addresses;
- IP Addresses;
- Financial information; and
- Government issued identification.
Please contact us if you would like further information about the types of personal information we may process on your behalf. This type of personal information will vary from client to client and more detailed information can be found in your services agreement with us.
How is your personal information collected?
The way we collect personal information can be broadly categorised into the following:
- Information given by you directly: In order to provide you with our services we may ask you to provide personal information or we may access personal information in an ancillary capacity when accessing your systems. For example, we ask for your contact information when you open a support ticket with us, contact us for technical assistance, take part in training and events, contact us with questions/enquiries, or request a quote for equipment/services.
Our analytics provider is Google through its Google Analytics service. Google is a global company with many of its services based outside of the United Kingdom and the European Union. You can find out more about how Google treats your personal information [HERE].
Google may transfer your personal information outside of the United Kingdom and the European Union.
The below list details the cookies used in our website.
How we may use your personal information
We will only use your personal data when the law allows us to do so. Most commonly, we will use your personal data in the following circumstances:
- Where you have consented before the processing.
Consent means processing your personal information where you have signified your agreement by a statement or clear opt-in to processing for a specific purpose. Consent will only be valid if it is a freely given, specific, informed and unambiguous indication of what you want. You can withdraw your consent at any time by contacting us.
- Where we need to perform a contract that we are about to enter or have entered with you.
Performance of contract means processing your personal information where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract. This includes complying with our terms and conditions of service.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights to not override those interests.
Legitimate interest means the interest of our company in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal information for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us.
- Where we need to comply with a legal or regulatory obligation.
Complying with a legal obligation means processing your personal information where it is necessary for compliance with a legal obligation that we are subject to.
We will only send you direct marketing communications by e-mail, SMS, or telephone if we have your consent. You have the right to withdraw that consent at any time by contacting us.
We will not pass your personal information to any third party for marketing purposes.
Purposes for which we will use your personal information
The personal information that we may collect about you when you visit our website helps us to provide you with a good experience when you browse our website and also allows us to improve our website. We use analytics cookies to allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily. These cookies also allow us to see overall patterns of usage on our site and help us record any difficulties you may have with our website. The lawful basis for processing this personal information is your consent.
If you are one of our client’s or become a client of our business then we may process personal information on your behalf. This includes personal information about you, your colleagues, staff, employees, and representatives.The personal information that we collect is necessary for the purposes of supplying our services and we will only collect or process personal information where it is necessary for performing our services.If part of providing our services to you we need to share your personal information with our identified suppliers then we will tell you. You can find a list of our current approved suppliers at www.lugoit.co.uk/subprocessors.By way of example, we may use your personal information:
- To provide you with a quote for services/hardware or IT support;
- If you enter into a contract with us, to provide you with products or services we will use your personal information to fulfil our obligations as stated in the contract;
- If you submit a query to us, to interact with you;
- If you participate in our marketing, to contact and engage with you through our website, social media and at specified events;
- Establish and administer a database of information regarding your IT systems to allow us to support your needs;
- Internal record keeping; and
- Processing payment for the purchase of our products and/or services.
The lawful basis for processing of this personal information is our obligation to perform our contract with you and we may also process personal information for our legitimate interests in order to ensure adherence to our services agreement and to ensure compliance with laws.
Disclosure of your information
We will only share and disclose your personal information with your consent. In some circumstances we may need to disclose personal information to select third-parties to provide you with additional services and business functions. The disclosure of this personal information is only to the extent necessary for us to fulfil our contractual obligations or as required by law. We will not use, sell, or transfer your personal data to any third-parties for marketing purposes without your express consent.
You can find a current list of our approved third-party suppliers at www.lugoit.co.uk/subprocessors.
We undertake an annual review of our commercial relationships with our third-party suppliers in order to ensure that they process personal information in accordance with our instructions and in compliance with UK data protection legislation.
The transfer of personal information from us to an of our approved third-party suppliers is subject to a signed agreement that ensures the protection of your personal information.
Where we store your personal information
We will not knowingly transfer your personal information outside of the UK or the European Economic Area without your consent.
We store your personal information in secure facilities located in 16 High Street, Linlithgow, EH49 7AE. We take the protection of your personal information seriously and have several layers of security measures in place including SSL, encryption, two factor authentication, firewalls and end-point protection. We ensure that all staff are aware of their responsibilities to store and transfer personal information securely. We utilise IT documentation tools to ensure your personal information is kept in a secure place that only authorised personnel can access.
In certain circumstances it may be necessary for us to transfer your personal information outside of the UK and the European Economic Area. You can find the list of our approved third-party suppliers at www.lugoit.co.uk/subprocessors. This page also explains where your personal information may be stored and what measures have been put in place to protect that personal information.
While we will do our best to store and protect your personal information, please be aware that the transmission of information via the internet is not completely secure. We cannot guarantee the security of your data transmitted from our website and any transmission is at your own risk. Once we have received your data we have internal processes and procedures to prevent unauthorised access.
Your legal rights
Under certain circumstances you have the following rights under data protection laws in relation to your personal information.
You have the right to:
- Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it. Data subject access requests must be in writing. Please see our contact details at the bottom of this page if you wish to submit a request.
- Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us and your identity.
- Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully, or where we are required to erase your personal information to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
- Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal information for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
- Request restriction of processing of your personal information. This enables you to ask us to suspend the processing of your personal information in the following scenarios:
- If you want us to establish the data’s accuracy;
- Where our use of the data is unlawful but you do not want us to erase it;
- Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or
- You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
- Request the transfer of your personal information to you or to a third party. We will provide to you, or a third party you have chosen, your personal information in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
- Withdraw consent at any time where we are relying on consent to process your personal information. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
What if I do not consent or withdraw my consent?
If you are not a client or have only visited our website then you withdraw your consent at any time by contacting us.
If you are a client of our business then personal information processed by us as part of the services we provide will be held in accordance with the terms of our services agreement. If you do not consent to us collecting personal information as part of the services that we supply then we cannot guarantee the full provision of services and cannot be held responsible or liable to you for any reduction or restriction in access to our services.
We will only keep your personal information for as long as necessary to provide you with your contracted services and to enable us to meet out regulatory obligations. We are also required to keep data for the purposes of satisfying our legal, accounting, and reporting requirements. At the end of this time period we will securely delete all personal data that identifies you or could be used to identify you.
You can read our data retention policy at www.lugoit.co.uk/retention
Contact & Complaints
Contact: Ron Weatherup, Managing Director
Telephone: +44 (0)300 024 2242
Postal: Lugo Limited, 16 High Street, Linlithgow, EH49 7AE, United Kingdom.
If you are still dissatisfied you have the right to contact the Information Commissioner, who regulates compliance with data protection legislation in the UK at: ico.org.uk. You can also call the ICO on +44 (0)303 123 1113 or +44 (0)1625 545 745 or you can write to them at: Information Commissioner’s Office
Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF.