Business privacy policy:
This privacy policy sets out how Comtek Accounts Ltd uses and protects any information that you give Comtek Accounts Ltd when you use this website.
Comtek Accounts Ltd is committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified when using this website, then you can be assured that it will only be used in accordance with this privacy statement.
Comtek Accounts Ltd may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes. This policy is effective from 1/7/2012.
What we collect
We collect no information on the user of this web site.
Security
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information.
How we use cookies
We don’t use cookies on this web site, but we do use Google Anlytics, Google Adwords, Bing Ads, and social networking links, which do store cookies.
Links to other websites
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
GDPR compliance
Sam Smith, our Head of Software Development and Comtek Accounts Ltd appointed Data Protection Officer, is responsible for ensuring our systems have ‘privacy by design’ and that our default mode is one of GDPR compliance.
This explains the data we hold and where:
‘What constitutes sensitive data?' - we store very little "Personal information"
WE Don't hold personal data unless you are a customer, and then only to bill and support you
'What data do you hold?'
1) Accounts - Billing Details + E-mail (On Premises)
In house CRM - Billing Details + E-mail + Notes for Cases/Projects, etc (On Premises)
2) We have three different business activities using online Servers, all hosted with RackSpace which are very secure:
- A) Simply Postcode - Billing Details + Password - Salt + Encrypted SHA384 (SHA2)
- B) Postcode LITE - Billing Details + Password - Salt + Encrypted SHA384 (SHA2)
- C) Software License System - Billing Details + Password - Salt + Encrypted SHA384 (SHA2)
Also records IP address and usage for support purposes
No credit card information is held
A and B - Accounts are deleted after 1 year if dormant
Billing Details - May include Phone, Mobile (optional) number, billing history
This must be stored for 7 years to comply with HRMC regulations
‘Where is the data stored and How secure?'
- Accounts and CRM in house on Windows 2016 Server. Incoming Firewall + Encrypted Drives. Remote access is via encrypted VPN.
- Rackspace in Reading and Heathrow. Very secure. Very few ports open, Cisco managed firewall. Remote access is via encrypted VPN.
The Privacy Shield is provided by firewalls and internet security. All communication to Rackspace servers is via a encrypted VPN
No Sensitive Account/Personal data leaves the building
Access to data
Yes - we can give you all data held within 1 month
Right to be forgotten
Yes - within one month all data will be erased
Security Breech
We will report any breaches of security to ICO (Information Commission Office) and people affected within 3 days.
We are a Small Company
For companies that have more than 250 employees, there's a need to have documentation of why people's information is being collected and processed, descriptions of the information that's held, how long it's being kept for and descriptions of technical security measures in place.