1, Personal Information OverAir LTD holds-
1,a Customer/Client contact data- OverAir requests full name, telephone, email, system serial and address (if applicable- business invoicing or postal). This data is solely used to generate lawful payment invoices and inform or reply to customers to the explanation of services, status of repairs and collection of current and uncollected jobs.
OverAir does not partake in email marketing or electronic and phone based sales advertising.
OVERAIR LTD WILL RESPOND TO OUR CUSTOMER AND CLIENTS RIGHT TO REMOVE OR EDIT THEIR CUSTOMER CONTACT AND RECOVERY DATA IMMEDIATELY . Warranty data will need to be kept to verify purchase date and work carried out.
2,a Customer/Client passwords- data recovery/repairs- Overair LTD requests passwords on behalf of our customers for the purpose of repairs, testing and access to and for the movement of data.
Full and partially successful Data Recovery services ALL include the movement of clients data to customers secured devices and/or encrypted and secured OverAir storage. Customer/Clients decisions to progress with data recovery attempts, by nature automatically give consent to OverAir to handle all customer OWNED data. At no point will OverAir own our clients owned data. All data is securely removed once payment is processed.
Work and jobs invoiced out under the term “Data Recovery” accept no liability to “lost data” as the service term implies full or partial device data loss from check in.
3,a Customer device management- OverAir LTD takes all precautionary steps to securely manage both software and physical data. Including physical unattended office/building access locking and liability insurance.
Customer contact software data, is stored on the XERO accounting and invoicing software package. Access to OverAirs XERO account is only granted to GDPR TRAINED employees of OverAir LTD OR it’s financial accounting partners and their access is restricted to accounting level ONLY.
All EMAIL and forms of electronic communication are encrypted and secure, this is managed via passwords and 2 step verification if necessary. Any data voluntarily submitted electronically of email is at the risk of the sender. We will highlight or erase information that is not relevant to our services.
OverAir does not hold any paper customer data unless XERO is inaccessible or a physical trade in is implicated- once data has been moved to digital systems it is destroyed.
3, PRIVACY and SECURITY
3,a OverAir will protect the customer and client data held in it’s care. OverAir takes precautionary action to maintain it’s digital security though both manual management of it’s systems passwords and it’s live internet security. All systems that maintain digital data both contact and owned are regularly reviewed and tested.
3,b We are not using people’s data in ways they would find intrusive or which could cause them harm, unless we have a very good reason.
3,c If we process children’s data, we take extra care to make sure we protect their interests.
3,d Our processes will always be clearly outlined during our check-in procedure and links to our privacy and GDPR compliance will be made readily available.
3,e OverAir has the ability to erase and remove customer data from it’s invoicing system or any hardware systems.
3,f OverAir will act on all digital and physical treats immediately and efficiently.
4 Customer/ Clients rights
4,a OverAir will act on behalf of it’s customers objections to the processing of their personal data. We use a “No means no” procedure and work with our customers to provide a service that they deem suitable if our data management is unsuitable.
4,b OverAir LTD allows it’s customers to move, copy or transfer their personal data from one IT environment to another in a safe and secure way, without hindrance to usability.
4,c OverAir is always looking to improve its security protocols with regards to data protection.
5 DPIA Data Protection Impact Assessment
5,a OverAir reviews it’s needs and management of DPIA when needed for appropriate projects and jobs.
5,b OverAir will nominate a DPO (data protection officer) to ensure guidelines are followed and kept unto date.
6,a Invoice generation and contact requests online are consent to our customers sharing sensitive customer contact information with OverAir.
6,b DATA recovery evaluation check-in is consent to the investigation of possible data recovery and it’s viability and cost implications.
6,c By sharing data with Overair we also have our clients and customers consent to remove and Data upon request.
6,c OverAir is also looking to implement a digital capture system.
7 ICO- Information commissioners office
7,a OverAir has followed the guidelines set out and constructed by the ICO and takes it’s practices very seriously. Our checklist report is green and we will endeavour to keep up to date with all necessary changes.