This Privacy Notice applies to all personal data you provide to us and also to all personal data which we collect on you, either about how you use our website or mobile application (using "cookies") or about using iTms (Integrated task management system).
- WHO ARE WE?
ITMS is a task management software application developed for the provision of property maintenance by service providers from within the Social Housing sector. The application is fully integrated, in that it provides the ability to manage the process from reporting a repair to final invoicing in an entirely transparent and auditable single piece flow. The system is web-based and therefore provides economically sustainable entry costs.
iTms application provides a fully integrated system which is user-friendly but fundamentally at its core, the ability to visibly manage and accurately record the actual delivery costs. Effective management in simplistic terms might be considered as a combination of excellent service provision and cost control. Contributory factors in for filling the operational objectives include accurate repair diagnosis, effective dispatching and routing, maximizing productivity, transparency of cost and the ability to evidence performance.
As a data controller, iTms services Ltd is registered by ICO Data Protection Registration reference ZA228152,
Description of processing
The following is a broad description of the way this organisation/data controller processes personal information. To understand how your own personal information is processed you may need to refer to any personal communications you have received, check any privacy notices the organisation has provided or contact the organisation to ask about your personal circumstances.
We process personal information to enable us to provide our service which includes:
- personal details
- goods and services
- supplier details
- financial details
- lifestyle and social circumstances
- education and employment details
- health, safety and security details
- visual images, personal appearance and behaviour
- We also process sensitive classes of information that may include:
- physical or mental health details
- sexual life
- trade union membership
- offences and alleged offences
- criminal proceedings, outcomes and sentences
- racial or ethnic origin
- religious or other beliefs of a similar nature
- applicants for accommodation which include their families and households
- asylum seekers
- business associates
- local authority employees
- probation officers
- social workers
- spiritual and welfare advisers
- consultants and professional advisers
- survey respondents
- employees including self-employed contractors
- offenders and suspected offenders
- complainants and enquirers
- suppliers and service providers
- people captured by CCTV images
Who the information may be shared with
We sometimes need to share the personal information we process with the Individual themselves and also with other organisations. Where this is necessary we are required to comply with all aspects of the Data Protection Act (DPA). What follows is a description of the types of organisations we may need to share some of the personal information we process with for one or more reasons.
- Where necessary or required we share information with:
- current, past or prospective employers
- family, associates and representatives of the person whose personal data we are processing
- educators and examining bodies
- suppliers and service providers
- financial organisations
- central government auditors
- survey and research organisations
- other housing associations or trusts
- trade unions and associations
- health authorities
- enquirers and complainants
- security organisations
- health and social welfare organisations
- professional advisers and consultants
- the housing corporation
- probation services
- charities and voluntary organisations
- police forces
- courts and tribunals
- professional bodies
- employment and recruitment agencies
- credit reference agencies
- debt collection agencies
- press and the media
- HOW TO CONTACT US
2.1. Contact details of iTms services Ltd
Contact details of iTms services Ltd Data Protection Officer
iTms services Ltd has a Data Protection Officer (DPO) to whom you can turn with your questions.
Contact details of the DPO: E: dpo@iTms.uk T: +44 (0) 20 8064 0477
iTms Services Limited, 88 Maidenhead Road, Windsor SL4 5EL T: +44 (0) 20 8064 0477 E: info@iTms.uk
- YOUR PERSONAL DATA – WHAT IS IT?
Personal data relates to a living individual who can clearly be identified from that data, in particular, your name, address, phone number, e-mail address, credit or bank card number, information on special care. Identification can be made by the information alone or in conjunction with any other information otherwise in the data controller’s possession or likely to come into such possession.
- HOW DO WE COLLECT PERSONAL DATA?
We collect your data on our website, mobile app, via email, call centre and post.
- WHY DO WE COLLECT PERSONAL DATA? (DATA PROCESSING PURPOSES)
We collect and use your personal data for the following purposes:
- In order to generate user account, for this purpose, we collect the following data: name surnames, addresses, telephone numbers, e-mail and IP addresses, credit/debit card or other payment details.
- To deliver the services you have required from us, for this purpose we collect the following data: name surname, company information, gender, phone number, e-mail address, credit or bank card details, information on special care (sensitive personal data), details of tax and other addition taxation information.
- To facilitate the services of third parties services or services on our website. For this purpose, we collect the following data: name surname, company name, gender, registration numbers, phone number, e-mail address, credit or bank card details, information on special care, date of use, details of fleet, assets and other Account numbers.
- To communicate with you (for example in the event of task and jobs disruption). For this purpose, we collect the following data: name surname, company name, gender, registration numbers, phone number, e-mail address, information on special care, date of use, details of fleet, assets, and other Account numbers.
- To send you reminders on task, job, services and other required self-controlled reminders. For this purpose, we collect the following data: agreements on SLA, service due dates, change of actions such date and times, mileage or other measuring forms changes.
- To send you newsletters. For this purpose, we collect the following data: name surname and contact details, details of your requests, categories, skills matrix, etc.
- To provide task and other job For this purpose, we collect the following data: name surname, company information and contact details, details of your job categories, skills matrix, Courses Attended, Historical Training Recommended, Historical Training Declined, GPS location via smart mobile devices.
- To communicate with you to carry out customer KPI (Key Performance Indicators) for analytical purposes, for quality improvements, for service developments, to improve the performance of the online management system iTms, or to tailor services to your needs. For this purpose, we collect the following data: Name Surname, contact details and historical services, assignments and other service details.
- To support administrative and legal purposes for example anti-fraud screening, for health and safety and other security purposes. For this purpose, we collect the following data: name surname, address, phone number, IP address, geolocation data, financial transaction history, credit/debit card details, fleet and other asset registration information.
- To comply with the mandatory provisions of the applicable laws. For this purpose, we collect the following data: personal data related to immigration, customs and other HMRC taxation, personal data related to invoicing, data related to persons and/or requesting special assistance; personal data related to our obligations to avoid any task, job, variation, alerts delays and breaches of the applicable laws.
6.1 PROCESSING SENSITIVE PERSONAL DATA
In certain cases we also need to process special categories of personal data (sensitive personal data), e.g. health-related data, for example when you request special assistance from an operator (such as the provision of oxygen), or when you provide us with information about your ability communicate, drive, work, or assist (for instance if you are pregnant, or allergy information) or any other disabilities, for safety reasons.
To process your sensitive personal data we will need to obtain your specific consent, otherwise, we may not be able to provide you with the requested service(s). We may use your sensitive personal data where necessary in order to establish, exercise or defend legal claims, and to ensure compliance with the mandatory legal requirements. The transfer of your sensitive personal data to third parties, even outside the European Economic Area may also be required during the provision of the services requested from us based on mandatory legal provisions.
Based on your consent we perform profiling in order to provide you with offers tailored to your needs, preferences and interests. Offers might include task and job offers and other services requests, Offers might mean offers of different services and categories that may suit and meet your skill matrix of our contracted partners or other third persons. The offers might be provided via email alerts, phone or push notifications.
Profiling is any form of automated processing of your personal data consisting of the use of personal data to evaluate certain personal aspects relating to you, in particular, to analyse or predict aspects task and job assignments, categories, personal skills and geolocation that matches of you against tasks assignment required.
- LEGAL BASIS OF DATA PROCESSING
The legal basis of data processing activities indicated in point a)-e) of Section 5 of this Privacy Notice lies in Subsection (a) Paragraph (1) of Article 5 of Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information (hereinafter the “Freedom of information Act”), i.e. based on your consent, and commencing from 25 May 2018 also Article 6 (1) (b) of the General Data Protection Regulation (Regulation No. 2016/679 of the European Parliament and of the Council) ("GDPR"), i.e. such processing activities are necessary for the performance of contract or in order to take steps at the request of data subject to entering into a contract.
The legal basis of data processing activities indicated in point f)-g) of Section 5 of this Privacy Notice lies in Subsection (a) Paragraph (1) of Article 5 and Subsection (a) Paragraph (2) of Article 5 of the Freedom of information Act, i.e. based on your consent, and commencing from 25 May 2018 also Article 6 (1) (a) and Article 9 (2) (a) of the GDPR, i.e. such processing activities will be based on your consent.
The legal basis of data processing activity indicated in point h-i) of Section 5 of this Privacy Notice lies in Subsection (a) Paragraph (5) of Article 6 of the Freedom of information Act, i.e. based on your consent, and commencing from 25 May 2018 also Article 6 (1) (f) of the GDPR, i.e. such processing activity will be based on iTms services the legitimate interest. If the legal basis is the legitimate interest of iTms services, we will carefully consider your interests and fundamental rights and freedoms, and whether these override such legitimate interests (balancing test).
The legal basis of data processing activity indicated in point j) of Section 5 of this Privacy Notice lies in Subsection (b) Paragraph (1) of Article 5 and Subsection (a) Paragraph (5) of Article 6 of the Freedom of information Act, i.e. based on your consent, and commencing from 25 May 2018 also Article 6 (1) (c) of the GDPR, i.e. such processing activity is necessary for compliance with legal obligation(s).
Consequences of refusal/failure of providing personal data
Please be aware that we need the personal data listed in Section 5 a) in order to perform the General Conditions of iTms (integrated Task management systems) services and provide you with our services. If you do not provide us with the requested personal data we will not be able to provide you with all or parts of the services you have requested.
If you withdraw your consent or do not provide the consent for the use of your sensitive data mentioned in Section 6.2, we may not be able to provide all or parts of the services you have requested. Please note that in these circumstances you will not be able to cancel or obtain a refund of any service request you have paid.
- HOW LONG DO WE KEEP YOUR PERSONAL DATA?
We process your personal data for the time required consistent with the purposes set out in this Privacy Notice or for the period of limitation prescribed in the relevant laws.
We keep your personal data for no longer than reasonably necessary: for a period of 6 years from the fulfilment of the contract concluded with us (i.e. deletion of your iTms user account) in order to comply with applicable data retention laws.
In case of accounting documents, the retention period is 8 years from the closing of the financial year, in accordance with Section 169 of Act C of 2000 on Accounting.
If a court or disciplinary procedure is initiated, then the personal data will be retained until the termination of the proceedings, including the duration of any possible remedy, which data thereafter, in the case of civil claims, will be deleted after the civil law statute of limitation runs.
We do not monitor, collect or store any of internet search concerning you.
In the case of consent-based data processing, personal data will be processed until the consent is withdrawn.
- FURTHER PROCESSING OF PERSONAL DATA
If we need to use your personal data for a different purpose, not covered by this Privacy Notice, we will provide you with a new notice explaining all condition relating to the new processing prior to the new processing takes place. If required, we will seek your consent before commencing the new data processing activity.
- YOUR PERSONAL DATA PROTECTION RIGHTS
Pursuant to the applicable data protection law you may have the right
to request access to your personal data,
to request rectification of your personal data,
to request erasure of your personal data,
to request restriction of processing of your personal data,
to request data portability,
to object to the processing of your personal data (including an objection to profiling; also other rights in connection with automated decision-making),
to withdraw your consent, and to lodge a complaint with the supervisory authority.
10.1 Right to access
You may have the right to obtain from us confirmation as to whether or not personal data concerning you is processed, and, where that is the case, to request access to the personal data.
You may have the right to obtain a copy of the personal data undergoing processing. We may request additional information from you for identification or for further copies requested by you, we may charge a reasonable fee based on administrative costs Right to rectification
You may have the right to obtain from us the rectification of inaccurate personal data concerning you. Depending on the purposes of the processing, you may have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
10.3. Right to erasure (right to be forgotten)
Under certain circumstances, you may have the right to request from us the erasure of your personal data and we may be obliged to erase such personal data. In such cases, we will not be able to further provide you with our services.
10.4. Right to restrict processing
Under certain circumstances, you may have the right to request from us the restriction of processing your personal data. In this case, the respective data will be marked and may only be processed by us for certain purposes.
10.5. Right to object and rights relating to automated decision-making
Under certain circumstances, you may have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data, including profiling, by us and we can be required to no longer process your personal data.
Moreover, if your personal data is processed based on our legitimate interest, you have the right to object at any time to the processing of personal data concerning you for such purpose.
Furthermore, under certain circumstances in case of automated individual decision-making, you have the right to obtain human intervention. We inform you that iTms services Ltd services do not apply automated decision-making mechanism.
10.6. Right to data portability
Under certain circumstances you may have the right to receive your personal data, which you have provided to us, in a structured, commonly used and machine-readable format (i.e. in digital form) and you may have the right to request the transmission of those data to another entity without hindrance from us, if such transmission is technically feasible.
10.7. Right to withdraw consent
When the processing of your personal data is based on your consent, you can withdraw your consent at any time without giving any reason to us, free of charge by clicking the link provided in each newsletter, or via changing preferences in your iTms account or mobile device. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
If you withdraw your consent to our processing your personal data, we may not be able to provide all or parts of the services which you have requested (e.g. in case of special assistance service, if the processing of sensitive data is required by us).
10.8. Right to lodge a complaint with the supervisory authority
If you feel that your personal data rights have been breached, you can also contact and lodge a complaint with the local data protection authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement.
- HOW DO WE PROTECT YOUR PERSONAL DATA?
iTms services Ltd complies with its obligations under the applicable data protection laws by
keeping personal data up to date;
storing and destroying it securely;
not collecting or retaining excessive amounts of data;
protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.
We take appropriate technical and organizational measures to ensure the protection of your personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, in particular, but not limited to where the processing involves the transmission of data over a network, and against all other unlawful forms of processing.
iTms Services Ltd, in line with this, among other things, applies different levels of access rights to the data, which ensures that only the appropriate authorized person has accesses to the data, whose knowledge of the data is necessary to fulfil his or her obligation arising out of or in connection with the performance of his or her job.
We pay special attention to the safe transmission of the personal and financial data. This data is transmitted from your computer to the iTms server of iTms services data centre through encrypted channels with the support of the Secure Socket Layer (SSL) technology.
- SHARING YOUR PERSONAL DATA
iTms services, in the course of its operation, may utilize the services of various data processors and external service providers to handle and process your personal data for specific purposes, on behalf of and in accordance with the instructions of iTms services Ltd. In addition, under the applicable UK laws, iTms services are required to share your personal data with governmental bodies, authorities and other enforcement bodies.
The data processors shall process the personal data at the most as long as the term of the data processing contract concluded with them is valid and in force, or until they are required to keep your data under the applicable data retention laws.
We may disclose your personal data to the following categories of third parties (recipients) for the purposes described below:
Escrow and data back up centres and other third parties who are your service providers other above services through chain;
third-party providers whose services you may require (including, dispatchers, field employees, subcontractors, suppliers ) on our online iTms site, in your application or via our call centre;
our partners and clients in schemes that you have joined;
credit card companies, payment service providers to process the payments you initiated on our website, in our application or via our service centre;
third parties running customer service on our behalf;
other third-party service providers involved by us for data processing;
third parties, such as law firms, courts, other bodies or service providers in order to enforce or apply any contract with you;
government authorities or enforcement bodies such as the police and regulatory authorities, upon their request and only as required by the applicable law or to protect our rights or the safety of our customers, staff and assets.
The data processing of such third parties may also be governed by their own privacy policies. Please review the privacy policies on the website of such third parties directly for more information about their data processing practices. Furthermore, we also receive information about you from third parties, for instance when you part of another organisation that uses our services and/or iTms services.
12.1. Data Processors
iTms services engage certain third parties to provide assistance during the performance of the services bought from us. Such third parties provide the following services:
support centres ;
training and other customer mobilisation support;
payment processing services;
data centres ;
security and IT support services;
12.2. Call centre
We engage third party suppliers for the provision of call centre services for us. Our call centre processes your personal data in accordance with this Privacy Notice and applicable law. All calls are recorded and may be used as a data to identify you and to ensure the quality of our services and for possible future customer handling. Tickets can be also submitted electronically, via post or via email are also archived and also may be used as a data to identify you and to ensure the quality of our services and for possible future customer handling.
12.3. Government authorities and enforcement bodies:
We may transfer your personal data to government authorities or enforcement bodies such as the police and regulatory authorities, upon their request and only as required by applicable law; or to protect our rights or the safety of our customers, staff and assets.
- TRANSFERRING YOUR PERSONAL DATA TO THIRD COUNTRIES
The transfer of your personal data outside of the European Economic Area is not necessary in order to provide you with a service that you have requested, your personal data may be partially viewed but not fully accessed by iTms Services partnering members and data processors and service providers from countries that do not provide the same level of data protection as provided in the European Economic Area. Therefore, iTms services will, if necessary, take all measures which in relation to the recipients of your personal data, is necessary to ensure an adequate level of protection as defined by the applicable data protection law, in particular through the application of the Standard Contractual Clauses issued by the European Commission or by a decision of the European Commission which states that the country in which the recipient of the viewing and transferred data provides an adequate level of data protection.
If the transfer of your personal data outside of the European Economic Area is necessary in order to ensure any other additional service, and adequate level of protection of personal data cannot be ensured, then we shall request your express consent relating to any such data transfers abroad.
- CHANGES TO OUR PRIVACY NOTICE
If we change this Privacy Notice, we will publish the updated version of it on our website, https://itms.uk/
- THIRD PARTY WEBSITES
The iTms services website provides links to other websites for your convenience and information. Please be aware that these sites may be owned and run by other companies and organizations and have different security and privacy policies. iTms services have no control over and take no responsibility for any information, material, products or services contained on or accessible through those websites.
- THIRD PARTIES LIABILITY
iTms services are not responsible for third parties’ use of your data, where such use is permitted for their own purposes. In such cases, these third parties also are considered data controllers, please consult their privacy policies for further information.