Tomo Technology Ltd (Tomo) collects and processes personal data in order to provide services to our clients. Tomo is committed to being transparent about how it collects and uses that data and to meeting its data protection obligations. Reference is also made to Tomo’s Data Protection Policy.
This Privacy Notice explains the types of personal data may collect, how we will handle it, store it and keep it safe.
1. WHAT INFORMATION DOES TOMO COLLECT?
We will collect, store and use information about:
- our own employees;
- prospective employees;
- the employees of potential customers and customers;
- the employees of our suppliers and contractors; and
- users of smartphone or other devices that we are engaged to repair, wipe, sanitise or destroy.
A separate notice is made available to our employees and prospective employees.
Tomo collects and processes a range of information containing personal data about you. This includes the following:
- your name, address and contact details, including email address and telephone number;
- website browsing history stored on your device;
- emails, text messages and all other messages on social media or other platforms which are stored on your device;
- location data and all information stored on your mobile device.
We may collect this information in a variety of ways including directly from you when you contact us, from our website, when you use our online “contact us” tool, when you buy or sell stock from or to us, when you engage us to provide services or from third parties where we are sub-contracted to provide services.
Your personal data may be stored in hard copy in files which are stored in a locked cabinet and in our IT systems.
2. WHY DOES TOMO PROCESS YOUR PERSONAL DATA?
Tomo processes personal data for the purposes of carrying out our contract with you and performing the services that you have instructed.
Tomo also has a legitimate interest in processing data where we have been engaged by a third party, for example your mobile phone provider or recycling organisation to carry out repair, data wiping or destruction services.
There may be some occasions where we seek your consent to process personal data but in such case you will be provided with full details of what consent is sought for, so that you will be able to carefully consider whether to provide that consent. Where you have provided consent for Tomo to process your data, you have the right to withdraw that consent at any time.
We may use contact details to send information about other products and services from time to time but you will always have the option of telling us not to contact you in this way. If you do not wish to receive this information please let us know by contacting Tomo at 17 Brand Place, Unit 1-2, Glasgow G51 1DR; 0141 370 0105; or email@example.com
3. WHO HAS ACCESS TO DATA?
Your information may be shared internally as appropriate to provide the services instructed and to administer the relationship that we have with you.
Tomo also shares your data with third party service providers that process data on its behalf in connection with IT services and the repair, wiping and destruction of mobile devices. Where we do so, those processors are subject to contractual arrangements only to process data in accordance with our instructions.
We will also share your data with carefully selected independent third parties to carry out repairs, sanitisation or destruction of devices on our behalf. These parties are required to contract with us keep your data safe.
We only share the minimum personal data that enable our suppliers and partners to provide their services to you and us.
Tomo will also share your personal data as required by law, with our professional advisers for the purposes of obtaining advice and in the context of a sale of some or all of our business. In those circumstances, the data will be subject to confidentiality arrangements.
If your data is transferred outwith the UK or the EU we will make sure that adequate safeguards are in place, an adequacy agreement or other contractual arrangement is in place as required by law.
4. HOW DOES TOMO PROTECT DATA?
Tomo takes the security of your data seriously. Tomo has policies and controls in place to try to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by its employees in the performance of their duties.
Where Tomo engages third parties to process personal data on its behalf, they do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data.
5. HOW LONG DOES TOMO KEEP YOUR DATA?
Tomo will hold your personal data for the duration of any contract with you or your employer and for a fixed period 7 years thereafter, unless we are engaged to erase or destroy your personal data, in which case it will be erased or destroyed as soon as reasonably practicable.
6. YOUR RIGHTS
As a data subject, you have a number of rights. Please refer to Tomo’s Data Protection Policy for further details of these rights:-
- access and obtain a copy of your data on request;
- require Tomo to change incorrect or incomplete data;
- require Tomo to delete or stop processing your data, in certain circumstances;
- object to the processing of your data where Tomo is relying on its legitimate interests as the legal ground for processing;
- portability; and
- right to object to automated decision making.
If you would like to exercise any of these rights, or if you have any concerns about how your personal data us being processed, please contact Tomo at 17 Brand Place, Unit 1-2, Glasgow G51 1DR; 0141 370 0105; or firstname.lastname@example.org
If you believe that Tomo has not complied with your data protection rights, you can complain to the Information Commissioner:-
Information Commissioner’s House
0303 123 1113
7. WHAT IF YOU DO NOT PROVIDE PERSONAL DATA?
Where you have entered into a contract with Tomo for provision of services, failing to provide the data may mean that Tomo is unable to properly implement the contract and that you are unable to exercise certain contractual rights.
MONITORING AND REVIEW
This policy was last updated in November 2020 and shall be regularly monitored and reviewed.