Who we are
This policy applies to LBT Computer Services Limited which is located in the United Kingdom. For the purposes this policy and LBT Computer Services Limited, our website(s) and app(s) will be referred to as we, us, our.
Privacy and data protection laws
We are committed to complying with privacy and data protection laws in all the countries in which we operate, to the extent that such laws are applicable to us.
We may operate a number of different websites and Apps (web/cloud and mobile).
If you are accessing our Site and/or Services from a location outside of the UK or the European Economic Area (the “EEA”), please refer to the section “Additional information for international users (outside of the UK or EEA)” at the end of this policy for important additional information.
Legal Basis and purpose for processing your personal data (UK and EEA residents only)
- You have given consent to the processing of your personal data for one or more specific purposes;
- it is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract;
- it is necessary for compliance with a legal obligation to which we are subject
- it is necessary in order to protect your vital interests;
- it is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us;
- it is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data.
If you are accessing our Site and Services from a location outside of the UK or EEA, we will also comply with any applicable authorisations and requirements for processing your personal data under your local privacy and data protection laws (to the extent that they apply to us).
How we collect your personal data
We are committed to protecting your personal information and respecting your privacy. We may collect and process personal data about you in a number of different ways, depending on the nature of our relationship with you.
Some of the ways that we commonly collect and process personal data include:
- When you provide your personal data directly to us in the course of accessing our website and/or Services.
- When we analyse existing personal data that we already hold about you in order to better understand your use of our products and services, or other matters that are relevant to our relationship with you.
- Viewing or subscribing to our websites and social media functions.
- Corresponding with us using services such as web contact forms, webchat facility, telephone, email or written letter.
- Signing up to marketing material or newsletters.
- Entering competitions or participating in discussion boards.
- Applying for a job vacancy, including personal data collected from third parties as part of reference checking.
- Purchasing, licensing or accessing products, including mobile applications (Apps).
Location-based features of our Sites and/or Services use GPS or other similar functionality, which you may be asked to enable on your device before you can use these features (please see the section “Your Location Information” below).
We also use web and mobile analytics technologies for our Sites and/or Services, which automatically collect certain types of Device information and Log Information about your usage (please see the section “Your Device Information” below).
We use your personal data in the following ways
- Provide you with personalised access to our Apps.
- Provide you with information about other goods and services we offer that are similar to those that you have already purchased or enquired about.
- Provide you with newsletters, promotions and other information about goods or services or third party goods or services that we offer and that we feel may interest you where you have consented to such communications.
- Carry out our obligations from any contracts you have entered into with us.
- Customer satisfaction surveys and market research.
- Process job vacancy applications and CV’s.
- Respond to your enquiries and complaints.
- Notify you about changes to our products and services.
Our Legitimate Interests
There are times when we will rely on legitimate interests to process personal data, particularly when it is not practical to obtain consent. We will always consider if it is fair and balanced to do so and if it is within your reasonable expectations. We will balance your rights and our legitimate interests to ensure that we use your personal information in ways that are not unduly intrusive or unfair. Examples are:-
- Reporting criminal acts and compliance with law enforcement agencies
- Internal and external audit for financial or regulatory compliance purposes
- Statutory reporting
- Operate our platforms and communicate with you as necessary when providing our services to you for our legitimate interest.
- Maintenance of “do not contact” lists (suppression lists)
- Customer satisfaction surveys and market research.
- Physical and Network security
- Work Experience placements
- Financial Management and Control
- General Administration
Categories of personal data you give to us
The personal data you may give us includes:-
- Telephone number
- Email address,
- Date of birth and age
- User name and passwords to access our Sites and Services
- Personal profile description and photograph
- Reviews and ratings in our Apps
- Routes and activity information in our Apps
- Equality and diversity information.
- Location Information (see the “Your Location information” section below)
Your Location information:
- We may use GPS technology or other technology to determine your current location in order to provide certain functionality to you as part of our Sites and/or Services. Some of our location-enabled Services require your location data for the feature to work. If you wish to use the particular feature, you will be asked to consent to your data being used for this purpose.
- In order to record Longitude and Latitude in our app, background access to your location is required. This is so your location can be recorded when you use the app. Your recorded locations are stored securely, and will be visible to other users within your organisation/company, the organisation/company you are using the app on behalf of.
- You can withdraw your consent to determine your current location at any time through your Device setting.
Your Device information
Each time you visit or use our Sites and/or Services, we may automatically collect the following information:
- details of your use of any of our Apps or your use of the app, location data, (see the “Your location information” section above).
- URL click stream information showing how users have reached our Site and Services and whether they access other third party sites via any external links.
We use the Device information in the following ways
- To administer our Services for troubleshooting, data analysis, testing, research, statistical and survey purposes;
- To improve our Services to ensure that content is presented in the most effective manner for you and for your Device;
- To allow you to participate in interactive features of our Site, Services and Apps, when you choose to do so;
- As part of our efforts to keep our Sites and/or Services safe and secure;
- To determine which features your Device supports which assists our development strategy.
We use the Log Information in the following ways
- Ensure the content of our Sites and/or Services are fit for the purpose for which they are set up and to develop the experience of our users;
- To ask you to review our products and services.
Information we pass to Third Parties and other Data Sharing
In order to facilitate your use of our Sites and/or Services, we may have to share your personal data with third parties to provide elements of our Site, Services and Apps to you. We will provide your personal data to third parties when they need the data to perform particular functions in delivering our OS Sites and/or Services to you or as part of our regulatory compliance. These include:-
- Service providers acting as data processors, located in the UK and EEA who provide data hosting facilities, IT and system administration services.
- Service providers located in the UK and EEA acting as data processors who administer our customer email service, webchat service, API Services.
- Service providers who are manufacturers of Products where a device requires interaction with third parties for registration of devices, third-party software and downloading of mapping tiles.
- Service providers such as Adjust for functionality to monitor app downloads and app usage analytics primarily to track the source of app downloads.
- Service providers acting as a data processor for the facilitation of our recruitment processes.
- HM Revenue & Customs, regulators and other authorities acting as processors or joint controllers based in the United Kingdom who require reporting of processing activities in certain circumstances.
- We may disclose your personal information to any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the Companies Act 2006.
- Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them.
- If we are under a duty to disclose or share your personal data in order to comply with any legal or regulatory obligation or request.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service provider processors to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
Data transfers to third countries
Your personal information may be transferred to, and processed in, countries other than the country in which you are resident. These countries may have data protection laws that are different to the laws of your country (and, in some cases, may not be as protective).
Specifically, our Website servers are located in the UK, EEA and Australia, and our third party service providers and partners operate in [UK, EEA, USA and Australia. This means that when we collect your personal information, we may process it in any of these countries.
Data security and how we store personal data
We may store personal data as either secure physical records, electronically on our internal IT systems, in cloud storage.
Once it is within our control, we will do our utmost to ensure your personal data is processed in a way that ensures appropriate security from unauthorised or unlawful processing, accidental loss, destruction or damage
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Retaining your personal information
We will retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. We may also retain your personal data for a reasonable period afterwards to allow us to respond to any follow up enquiries or complaints, or for as long as you remain a registered user of our products and services.
To determine appropriate retention periods for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, we may use or store this information indefinitely without further notice to you.
In some circumstances you can ask us to delete your data: see Right to Erasure below for further information.
Data protection rights for UK and EEA Data Subjects
If you are a resident of the UK or EEA, you have the following data protection rights:
Withdraw Consent – Where we are using your personal information on the basis of your consent, you have the right to withdraw that consent at any time.
Right to be Informed – You have the right to be told how your personal information will be used. This policy document, and shorter summary statements used on our communications, are intended to be a clear and transparent description of how your data may be used.
Right of Access – You can write to us asking what information we hold on you and to request a copy of that information. This is called a Subject Access Request. We will have 30 days to respond to you once we are satisfied you have rights to see the requested records and we have successfully confirmed your identity. Details on how to submit a Subject Access Request if you are in the UK or EEA can be found in our data protection policy.
Right of Erasure – You have the right to be forgotten (i.e. to have your personally identifiable data deleted). However, we may not always be able to comply with your request of erasure for specific legal reasons, which will be notified to you. In some cases, we may recommend that we supress you from future communications, rather than data deletion, particularly if you have purchased an item from our e-commerce shop which comes with a warranty. Our Customer Services Team will be happy to advise you.
Right of Rectification – If you believe our records are inaccurate you have the right to ask for those records concerning you to be updated. This enables you to have any incomplete or inaccurate data we hold about you corrected. We may need to verify the accuracy of the new data provided to us.
Right to Restrict Processing – In certain situations you have the right to ask for processing of your personal data to be restricted because there is some disagreement about its accuracy or legitimate usage.
Right to Data Portability – Where we are processing your personal data under your consent, the law allows you to request data portability from us to another service provider. This right is largely seen as a way for people to transfer their personal data from one service provider to another. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Right to Object – You have an absolute right to stop the processing of your personal data for direct marketing purposes, simply contact us and we are happy to assist.
Right to object to automated decisions – In a situation where a data controller is using your personal data in a computerised model or algorithm to make decisions “that have a legal effect on you”, you have the right to object. This right is more applicable to mortgage or finance situations. We do not undertake complex computerised decision making that produce legal effects.
Categories of personal data collected are
- Email address
- User name and passwords.
Other worldwide locations
We will always follow the guidance and regulations in other countries worldwide outside of the UK and EEA to protect your data.
Data Protection Officer:
- Email: DP@LBT.co.uk
- Post: Park Farm Ind Est, Ermine Street, Buntingford, Herts, SG9 9AZ