Privacy Policy

Privacy Policy

1. Introduction

Busted Networks Limited takes privacy very seriously, and this policy sets out to provide a clear understanding of how we manage and use personal data in accordance with all Data Protection legislation, including the General Data Protection Regulation ((EU) 2016/679) and any subsequent legislation or laws that come into effect from time to time. This Privacy Policy may be reviewed occasionally to comply with updates or changes in legislation, our business practices or technological advances.

2. Who we Are

Busted Networks Limited is an IT Support Services company providing a wide range of IT products and services across the Hampshire and West Sussex area.

3. Use of Personal Information

Busted Networks Limited will only use your personal data when the law allows us to. We may be required to collect certain personal information in order to:

4. What Information we Collect

The type of information we collect may include (but not be limited to):

Please note that personal data will not be collected without the Consent of a data subject. Data will only be processed if there is a lawful basis for doing so.

5. Why we Collect Information

Busted Networks Limited may use your information for the following purposes:

6. How do we Collect Information

We will collect information in the following ways:

7. Storage of information

Any data we hold is stored securely on our systems based in the UK. We do also use a number of Cloud Service Providers (CSPs), some of which have data centres in a number of locations globally, however we have ensured that they have the appropriate policies and procedures in place to comply with GDPR.

8. Sharing of Information

We do not purchase or sell any personal information. We do not share personal information unless lawfully required to do so or unless we have full written consent from the data subject.

9. Data Retention

We will only retain personal information for as long as necessary to fulfil the purposes it has been collected for, including for the purposes of satisfying any legal, accounting or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. Once you are no longer a customer of Raycon we will retain and securely destroy your personal information in accordance with applicable laws and regulations.

10. Security Measures

Our Information Security Management System ensures that adequate security controls are in place to protect information and personal data from being accessed, corrupted, lost or stolen. We limit access to your personal information to employees and contractors within the business.

We do not store or transfer your personal data outside the European Economic Area, however should we do so, we will ensure our Suppliers are compliant with GDPR processes and procedures.

We currently have procedures in place to deal with any potential data breaches and will notify yourselves or regulators when we are legally required to do so.

11. Your Rights as a Data Subject

As a data subject whose personal information we hold, you have certain rights. If you wish to exercise any of these rights, please email info@bustednetworks.com or use the information supplied in the Contact us section of our website. In order to process your request, we will ask you to provide two valid forms of identification for verification purposes. Your rights are as follows:

The right to be informed

We are obliged to provide clear and transparent information about any data processing activities we may undertake. This is provided by this privacy policy and any related communications we may send you.

The right of access

You may request a copy of the personal data we hold about you free of charge. Once we have verified your identity and, if relevant, the authority of any third-party requestor, we will provide access to the personal data we hold about you as well as the following information:

  1. The purposes of the processing
  2. The categories of personal data concerned
  3. The recipients to whom the personal data has been disclosed
  4. The retention period or envisioned retention period for that personal data
  5. When personal data has been collected from a third party, the source of the personal data

If there are exceptional circumstances that mean we can refuse to provide the information, we will explain them. If requests are frivolous or vexatious, we reserve the right to refuse them. If answering requests is likely to require additional time or occasions unreasonable expense (which you may have to meet), we will inform you.

The right to rectification

When you believe we hold inaccurate or incomplete personal information about you, you may exercise your right to correct or complete this data. This may be used with the right to restrict processing to make sure that incorrect/incomplete information is not processed until it is corrected.

The right to erasure (the ‘right to be forgotten’)

Where no overriding legal basis or legitimate reason continues to exist for processing personal data, you may request that we delete the personal data. This includes personal data that may have been unlawfully processed. We will take all reasonable steps to ensure erasure.

The right to restrict processing

You may ask us to stop processing your personal data. We will still hold the data, but will not process it any further. This right is an alternative to the right to erasure. If one of the following conditions applies you may exercise the right to restrict processing:

  1. The accuracy of the personal data is contested
  2. Processing of the personal data is unlawful
  3. We no longer need the personal data for processing but the personal data is required for part of a legal process
  4. The right to object has been exercised and processing is restricted pending a decision on the status of the processing

The right to data portability

You may request your set of personal data be transferred to another controller or processor, provided in a commonly used and machine-readable format. This right is only available if the original processing was on the basis of consent, the processing is by automated means and if the processing is based on the fulfilment of a contractual obligation.

The right to object

You have the right to object to our processing of your data where

12. Your Duty to Inform us of Changes

It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your relationship with us.