AURORA MANAGED SERVICES LTD is committed to protecting your Personal Data. In accordance with legislation, the General Data Protection Regulation ((EU) 2016/679), this Privacy Statement sets out Our obligations and explains why we have that information, how we use, manage and protect it, and Your rights in relation to that information.
The procedures detailed in this Statement are to be followed at all times by Aurora, its employees, contractors, or other parties working on behalf of the Company.
| Column 1 | Column 2 |
|---|---|
| “You”, ”Your”, “Data Subjects” | Clients (Prospective/Existing), Suppliers, Business partners |
| “We”, “Our”, “the Company”, “Aurora” | AURORA MANAGED SERVICES LTD (Company No. 06228885), |
| Aurora Managed Services Ltd (Company No. 06228885), | |
| Corporate Information & Communication Technology Ltd (Company No. 04080684) | |
| Falcon Document Solutions Ltd (Company No. 02818404) | |
| Copylogic Ltd (Company No. 02370414) | |
| Classic Business Equipment Ltd (Company No. 03580061) | |
| The London Photocopy Company Ltd t/a In Doc (Company No. 02606913) | |
| Regent Document Solutions Ltd (Company No. 02052396) | |
| Digital Copier Systems Eastern Ltd (Company No. 04160580) | |
| “Personal Data” | Any information about an individual from which that person can be identified. This includes (but is not limited to) name, address, email address, contact number, date of birth, Passport/ Driving Licence details. It does not include data where the identity has been removed (anonymous data). |
| “Special Category Data” | Personal Data defined by the GDPR as more sensitive and which requires more protection. This data includes race, ethnic origin, politics, religion, trade union membership, genetics, biometrics, health, sex life or sexual orientation. |
| “Controller” | Determines the purposes and means of processing personal data. With respect to our suppliers and business partners, Aurora is a Controller or Joint Controller. |
| “Processor” | Responsible for processing personal data on behalf of a controller. |
| “GDPR” | General Data Protection Regulation ((EU) 2016/679). A legal framework that sets out guidelines for the collection and processing of personal data with the EU and EEA. GDPR came into effect on 25th May 2018. |
All personal data must be:
We may Access, Collect, Delete, Process, Store or Transmit different kinds of Personal Data about you which we have grouped together as follows:
We do not collect any Special Category Data.
We obtain your data via a number of methods. You may provide us with the Personal Data we hold by filling in forms or by corresponding with us by post, phone, email or otherwise. This will include information that you provide when you apply for products or services, complete and sign (electronically or by hard copy) our order form or contracts, request marketing to be sent to you or contact us through our website or complete a feedback survey or form.
We may also have received this information from publicly available sources, such as Companies House, or from third party sources including, for example, your employer, or the business you are engaged by, to whom we provide or obtain products or services.
Additionally, if you are likely to be the individual, or one of a group of individuals within the organisation where you work, who would expect to be contacted for business communications purposes, we may obtain your data via a specialist ‘b2b’ data provider.
Finally, if we provide telephony services to you, we may have issued some of this data to you e.g. your business mobile number.
The Personal Data we hold and process is either necessary for the performance of a contract to which you are party (or in order to take steps at your request prior to entering into a contract), or it is necessary for our legitimate interests (or those of a third-party) and your interests and fundamental rights do not override those interests. Additionally, we may process your data where we need to comply with legal or regulatory obligations.
We do not rely on consent as a legal basis for processing your Personal Data in relation to sending Direct Marketing communications with you via email, SMS or post, however you have the right to object to Direct Marketing at any time by contacting us either by phone on 020 7503 3000 or email at the following email address: marketingteam@aurora.co.uk
Depending on our relationship with you, Aurora will process your data for a variety of purposes. We use your information to facilitate the following elements of our business operation:
We do not use your information for profiling or automated decision making.
We do not knowingly collect data relating to children.
We do not sell your Personal Data to anyone.
We do not share your Personal Data with third parties unless they are providing services to us under contract or disclosure is permitted, or required, by law.
To facilitate our business operation, we need to share some or all of your Identity Data or Contact Data with some of our business partners.
Where your data is shared, we require all parties to provide sufficient guarantees that they have the appropriate technical and organisational measures in place to protect your Personal Data in accordance with the Regulations. We do not allow our business partners to use your Personal Data outside of the specific purpose for which we have instructed them.
Our business partners may include:
Service Providers, Application Providers, b2b data providers, Cloud Computing and Infrastructure Providers, Billing and invoicing Providers, Professional advisors, HM Revenue & Customs, regulators and any other authorities.
We need to share some or all of your Personal Data with some of our business partners in order to keep a record of your marketing preferences.
All business partners will process your Personal Data acting as either a Joint Controller or Processor, and may be based inside and/or outside the EEA (see below for information relating to storage of your data outside the EEA).
We store all of your Personal Data inside the EU.
Where we have shared your Personal Data with a business partner, subject to the requirements below, your information may be processed by staff operating outside the EU who work for us or for one of our suppliers. That staff may be engaged in, among other things, the fulfilment of contracts with you, the processing of payment details and the provision of support services. Therefore, we may transfer some or all of your personal information to a country outside the European Economic Area (“EEA”).
The transfer may only take place, however, provided that one of the following conditions applies:
The personal information we hold has been assessed using a Data Protection Impact Analysis (DPIA). The DPIA is used to measure the potential risk to the personal information we hold relating to your freedoms and rights as individuals and any potential impact, if the information were breached or lost.
By carrying out the DPIA, Aurora Managed Services Ltd have implemented appropriate and proportionate measures to mitigate or lower those risks.
All Aurora staff are routinely trained on GDPR regulations during the course of their employment and new employees complete the required training on induction.
Staff processing data which would be considered to be of moderate to high risk to the rights and freedoms of individuals receive additional tailored regular training, and at commencement of employment with Aurora.
In addition, Aurora Managed Services Ltd have created or updated the following plans/policies:
These policies have been updated to ensure administrative, electronic and physical security measures have been put in place to ensure the information we collect about you is protected from access by unauthorised persons and protected against unlawful processing, accidental loss, destruction and damage.
A copy of these documents are available on request.
We will retain your personal information for the duration that your employer or the business you are engaged by, to whom we provide or obtain products or services, works with Aurora Managed Services Ltd and for a further 36 months, with the exception of any accounting records that are required to be kept for 84 months.
If at any point you believe the personal information we hold on you is incorrect, you want us to correct or delete that information, or you no longer want us to hold that information or contact you, you can exercise your rights under the current Data Protection laws. You may contact us at any time, to:
Your request must include your name, email address and postal address and we may request proof of your identity. Please allow at least 30 days for us to process your request.
Please note, we will not be able to delete information that is required to maintain our business purpose or that is required to facilitate a contract that is in place between your company and Aurora Managed Services Ltd.
For more information about your personal data rights, please visit the Information Commissioner Office website at: //ico.org.uk/for-organisations/data-protection-reform/overview-of-the-gdpr/individuals-rights/
We are not required to appoint a Data Protection Officer (DPO) under GDPR however the person responsible for ensuring compliance with GDPR, the act and this Privacy Statement can be contacted below:
Telephone number: 020 7503 3000
E-mail address: DPO@aurora.co.uk
Postal address: Unit 10, 11 & 12, Mead Lane Industrial Estate, Merchant Drive, Hertford, Hertfordshire, SG13 7BH
If you wish to raise a complaint on how we have handled your personal data, please contact our GDPR team in the first instance.
If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law, you can complain to the Information Commissioner’s Office (ICO). Their helpdesk number is 0303 123 1113.