Data Protection Statement for IT Support Services

In order to carry out IT support tasks there may be occasions when Gritstone Computers employees need to access your organisations IT systems that contain sensitive business information data or the personal data of individuals that is stored on your systems.

Whilst carrying out support and maintenance on these systems we take the protection of your data seriously and ensure our support systems and processes are compliant with the EU’s General data Protection Regulations.

Our support systems are designed to protect your data.

For further information on our data protection policy please call us on 01756 730 123 or email info@gritstone.co.uk

ICO Registration

EPB Services Limited (T/A Gritstone Computers) is registered with the Information Commissioner’s Office under registration reference:

Z9671761

Employee Training & Awareness

All Gritstone Computers employees are trained in, and aware of, the requirement for data security and protection. Additional training will be undertaken as required to ensure our staff remain aware of best practice.

Company Ethos & Information Security

Gritstone Computers is committed to the principles and practice of information security and data protection.

Regular Reviews

Gritstone Computers will regularly review its policies and procedures on information security and data protection to ensure they are both adequate and in line with current guidance and best practice.

Non Disclosure Agreements

Gritstone Computers is happy to sign a Non Disclosure Agreement if our clients feel it is necessary for the protection of sensitive business information.

Processes for onsite support

We do not ask for confidential information unless absolutely necessary to carry out the support task.

We do not access confidential information unless absolutely necessary to perform the support task and permission is given by the relevant party.

No personal or confidential information is taken offsite in physical form.

Digital data is not stored unless absolutely necessary, only stored with consent and only stored for as long as necessary to complete the support task.

Processes for remote support

All remote support connections are carried out under a secure SSL encrypted connection that cannot be intercepted.

We do not ask for confidential information unless absolutely necessary to carry out the support task.

We do not access confidential information unless absolutely necessary to perform the support task and permission is given by the relevant party.

No confidential information provided to us in a support session is stored for any longer than the length of said support session.

Support Requests

Most support request are submitted by email. Our internal email system is protected by our company firewall and data on our network is stored securely.

Emails you submit will be stored for as long as necessary for us to complete the support task. Emails may be stored longer for the purpose of creating a support incident history log.

Server Backups

As part of our server maintenance and support packages we put in place a system to automatically backup your data. Often, this will be stored onsite on secondary hard drives.

If you subscribe to the Acronis Cloud Backup solution, those backups will be stored securely in the cloud. You can read Acronis’s Data Security and Privacy Policy at https://kb.acronis.com/content/14188