Introduction

Ryland Technology Ltd (Ryland) provides a range of IT-related services for businesses, including website and software development, database development, consultancy, website hosting and domain name services. We process personal data to allow us to provide these services and to function as a business, including advertising our services, maintaining our offices, accounts, and records and finding and managing our employees.

Ryland takes data protection very seriously. We may collect and process your personal data when you use our website or when you request our services or contact us for other reasons but will only do so where it is necessary on the legal bases and for the purposes set out below. If the processing of your personal data is necessary and there is no statutory basis for the processing, we will obtain your consent first.

Ryland’s processing of personal data will always be in accordance with applicable data protection laws, including the EU General Data Protection Regulation (GDPR). This Privacy Notice is to inform you about why we collect and process personal data, and about your rights in relation to this processing.

In this document, "we" means Ryland Technology Ltd, and "you" means the person whose data we are discussing.

How we collect and process your data

Clients and Suppliers

What data we collect

When you contact us to enquire about a service we provide, or in relation to providing a service to us, you might give us your name, contact details, financial details, and other personal details. We may also seek additional details from your website and other publicly-accessible sources (such as LinkedIn or Companies House), and we may collect data in relation to how you use our website (see below) and other services provided by us.

How we use this data

We may use this data for the following purposes:

  • to correspond with you about our services or yours, to discuss whether we wish to agree a contract;
  • to provide, manage, and personalise our services to you under a contract;
  • to manage complaints and resolve other queries and requests (including the exercise of your rights in relation to the data we hold – see below);
  • to review and improve the performance of our services, including to provide training to staff;
  • to undertake checks for the purposes of security, detecting and preventing fraud, and to verify your identity before providing services to you;
  • to undertake ‘due diligence’ enquiries where we are obliged to do so before passing data to you or using your services;
  • to recover debts owed and enforce other obligations we are entitled to under our agreements with you, as well as to protect ourselves against harm to our rights and property interests;
  • to comply with regulatory and legal obligations to which we are subject and to cooperate with regulators and law enforcement bodies.

The legal basis for our use of the data

We must have a legal basis to process your personal data. In most cases, the legal basis will be one of the following:

  • to enable us to provide services to you, or to correspond with you with a view to agreeing a contract (performance of a contract);
  • to enable us to comply with our legal obligations (for example, keeping tax records);
  • to meet our legitimate interests as a business, including:
    • enabling us to operate as a business and provide services to you and other customers;
    • providing information to you about our products and services that may be of interest;
    • ensuring a high standard of service;
    • ensuring we investigate and respond to queries and complaints about our services, and to prevent future complaints;
    • protecting our business interests and the interest of our customers;
    • preventing fraud;
    • running our business prudently and ensuring we can recover debts owed to us and protect our assets.
  • where we have your consent to do so;
  • in exceptional cases, where there is a substantial public interest.

If we enter into a contract to provide services to you, there are separate Terms & Conditions that will apply to that contract and that will include additional relevant information.

We will not use personal data you provide us for marketing purposes unless we have obtained your explicit consent.

Website Visitors

What data we collect

We use website logs to record limited details about visitors to our website and to the websites of clients hosted by us, including IP address, browser type, access time and URLs visited. If you have been given access to the client extranet part of our website, we may monitor the way in which you use that service, including the pages that you access and the files that you download.

How we use this data and the legal basis for doing so

We use this data in accordance with our legitimate business interests to allow us to monitor interest in and use of our services, to analyse the performance and effectiveness of the websites and our servers, and for security reasons.

We will not use this data for any other purpose and we will not sell it to third parties.

Cookies

Cookies are text files that are stored on your computer via your web browser. We do not use cookies for standard visitors to our website. We only use cookies for the extranet part of the website (the client login section), where they are used to allow you to log in. These are ‘session cookies’, which are usually deleted when you close your browser window (subject to your browser settings). You can modify your browser to reject cookies (but this would stop you logging in).

Job Applicants

What data we collect

If you have contacted us seeking employment, you might give us your name and contact details, as well as other data including your employment and education history. We may also seek further details from publicly-available sources (such as LinkedIn).

How we use this data

We will use this data to allow us to consider your application in relation to the job you have selected and any other jobs available at that time. If appropriate, we will use your data to arrange interviews and assessments, to seek references (with your permission) and to undertake other enquiries which we are obliged to make.

If you have asked us to keep your details on file, we will use your data to consider you for any future positions that arise.

We will not use your data for any other purpose.

Our legal basis for doing so

We do this in accordance with our legitimate business interest in conducting the recruitment process.

If you go on to be employed by Ryland, you will be given further details about how we process your data as an employee.

Marketing

What data we collect

We may collect data about companies we wish to offer our services to from publicly-available sources such as company websites or LinkedIn. This data may include the name, position and contact details of individuals who work at those companies.

How we use this data

We may use this data to contact those individuals to describe and offer our services.

Our legal basis for using this data

We do this on the basis of our legitimate interests as a business in marketing and selling our services, as this data has been made publicly available by the owner and is being used for the purpose the owner envisaged. We will not supply this data to any third parties, and if the owner asks us not to contact them again then we won’t.

Complaints and data subject requests

If you contact us to make a complaint or to exercise your data subject rights (see below), we will process the personal data you supply us to allow us to respond to your request. This is on the basis of our legitimate business interests in responding appropriately to such requests. Once we have responded to your request, we will only retain personal data that is necessary for us to be able to confirm that we have fulfilled your request and to respond to any follow-up requests, for example additional complaints or related legal proceedings (or where otherwise legally required to do so). We will not use this data for any other purpose.

Domain Name Registration and SSL Certificates

If you order a domain name from us, we will seek to register the domain on your behalf. You will be listed as the registrant / legal owner, and we will be listed as the technical, administrative and billing contact. This means we have to provide your name and contact details to the third party company who provides this service to us, and they will in turn pass your details to the relevant domain registry. The domain registry may make your details publicly-accessible (or accessible to third parties) in a database such as WHOIS. By ordering domain names from us, you acknowledge that we will use your data in this way in order to fulfil the contract.

If you order an SSL certificate from us, we will pass your name and contact details to the third party who provides this service to us. By ordering an SSL certificate from us, you acknowledge that we will use your data in this way to fulfil the contract.

Third parties, overseas transfers, and data processing agreements

All the personal data you provide us is treated as confidential by default.

We may share your personal data with certain third parties for the purposes outlined above, including to provide the services you have requested. For example:

  • if you order domain names or SSL certificates from us, we will pass your details to the relevant third parties as outlined above;
  • we may store your data on servers in data centres run by third parties;
  • we may pass your bank account details to our bank to allow us to make payments to you; and
  • we may pass your details to a debt collection agency if you do not pay what you owe us.
  • Where we are processing data (including personal data) on behalf of a client, our Terms and Conditions include the relevant data processing clauses required by Article 28 of GDPR. In the course of this processing, we may use third parties (known as “subprocessors”) to help us provide our services. For example, data may be stored on servers that are hosted in data centres run by third parties. A current list of our general subprocessors is available here.

    Before we share data with any third parties, we ensure that they provide at least the same level of protection for your data as we do (and that our contract with them requires them to do this). If they are outside the European Economic Area and are not in a jurisdiction that has been designated by the European Commission as having adequate levels of protection for personal data, we will put in place appropriate safeguards (for example the “standard contractual clauses” written by the European Commission for this purpose) to ensure that your data is adequately protected.

    We will not pass your data to third parties for any other purpose, and we will never sell your data.

    Law enforcement, legal process and compliance

    We may disclose your personal data if required to do so by law or where we reasonably believe that disclosure is necessary to comply with applicable laws, in response to a court order, judicial or other government warrant, or to otherwise cooperate with law enforcement or other government agencies.

    We also reserve the right to retain or disclose your personal data where we believe, in good faith, that it is necessary to take precautions against liability, protect ourselves from fraudulent, abusive or unlawful use of our services, investigate and defend ourselves against claims or allegations, protect the security or integrity of our systems and services, or to protect our property or other legal rights, enforce contracts, or to protect the rights, property, or safety of others.

    Data Security

    We follow generally accepted industry standards to protect the data we process, including technical and physical security measures. This includes (where appropriate) firewalls, encryption, password protection and access control.

    However, it should be noted that absolute security cannot be guaranteed, and so if you transmit data to us this is done at your own risk. If you have any questions or are concerned that your personal data may have been compromised, please contact us using the details below.

    Data Retention

    We will keep your personal data for as long as we have a relationship with you. Once our relationship with you has come to an end (for example, when an agreement between us is terminated or you decide not to order services from us), we will retain your personal data in accordance with our standard retention periods. These are calculated based on the type of personal data we hold and the purposes for which we hold it, as set out above.

    Automated Profiling

    We do not undertake any automated profiling or decision-making in relation to personal data that we control.

    Your rights

    You have certain rights under GDPR and other data protection laws in relation to our processing of your personal data. The include the rights to:

    • request a copy of the personal data we hold about you;
    • request that we supply you (or a nominated third party) with an electronic copy of the personal data that we hold about you;
    • inform us of a correction to your personal data;
    • request that we restrict our use of your personal data;
    • request that we erase your personal data;
    • object to particular ways in which we are using your personal data; and
    • know whether your data has been transferred outside the European Economic Area, and if so what safeguards were put in place to protect it.

    Where we are processing your data on the basis of your consent, you have the right to withdraw your consent.

    Your ability to exercise these rights will depend on a number of factors. If you wish to exercise these rights, you may contact our Data Protection Manager (or any other employee) using the details below.

    Further details of your rights can be found on the Information Commissioner’s Office website.

    If you are unhappy with our response to your request, you have the right to complain to the Information Commissioner’s Office, whose details are below.

    Updates to this notice

    This notice was last updated on 24 May 2018. We may update this notice at any time and the latest version will always be available on our website. Where any change has a substantial impact on you, we will give you sufficient notice to allow you to exercise your rights (for example, to object to the processing).

    The Supervisory Authority

    The lead Supervisory Authority overseeing Ryland is:

    Information Commissioner’s office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, United Kingdom. Telephone: +44(0)3031231113; email: casework@ico.org.uk; website: ico.org.uk.

    How to contact us

    If you have any questions or requests regarding your personal data, please contact the Data Protection Manager in the following ways:

    Email: please use the contact form.

    Telephone: 01494 472707

    Post: Data Protection Manager, Ryland Technology Ltd, 2 Newmans Row, Lincolns Inn, Lincoln Road, High Wycombe, HP12 3RE.