Ormonde Technologies (SurfBox) Ltd (‘the Company’) needs to collect user data (information) for limited purposes from users of its services in public libraries, shopping centres, airports, hotels and other public venues hosting its services. The purpose of processing user data is for the delivery of internet, print and copy services at these venues. Data Protection is the safeguarding of the privacy rights of individuals in relation to the processing of user data.
This is a statement of the Company’s commitment to protect the rights and privacy of individuals in accordance with the General Data Protection Regulation (GDPR).
Data Protection Principles
The Company will administer its responsibilities under the regulation in accordance with the stated data protection principles as follows:
- Obtain and process information fairly
The Company will obtain and process user data fairly and in accordance with the fulfilment of its functions. The user data obtained during the fulfilment of its functions are as follows:
- Printing: Individual’s documents submitted for print purposes. Additionally, the individual’s email address is required to be submitted for the purpose of submission of print jobs via email.
- Scanning / Copying: Individual’s documents obtained for scanning purposes. Additionally, individual’s email is required to be submitted for the purpose of scanning document to email.
- Keep it only for one or more specified, explicit and lawful purposes
The Company will keep data for purposes outlined in the previous section that are specific, lawful and clearly stated and the data will only be processed in a manner compatible with these purposes. The Company will not retain or disclose user data for any purpose other than for delivery of its services.
- Keep it safe and secure
The Company will take appropriate security measures against unauthorised access to, or alteration, disclosure or destruction of, the data and against their accidental loss or destruction. The Company is aware that high standards of security are essential for all personal information.
- Retain it for no longer than is necessary for the purpose or purposes
The Company will only retain data for the duration of its service delivery and for any support purposes relating to the services. Specifically, data is retained temporarily for the purposes outlined in Section 1 as follows:
- Printing: Jobs submitted for printing are retained in electronic format for printing purposes up to a maximum of three days. Print jobs cannot be exported or duplicated for printing or viewing elsewhere. Physical print copies can only be obtained by the user by means of a one-time PIN code that has been returned to their email address.
- Scanning / Copying: Documents obtained for scanning or copying purposes are stored in a temporary folder for the duration of the user’s session. They are permanently deleted at the end of the session.
The Company has overall responsibility for ensuring compliance with the Data Protection regulation. However, all employees of the Company who collect and/or control the contents and use of user data are also responsible for compliance with the Data Protection regulation. The Company will provide support, assistance, advice and training to all staff to ensure it is in a position to comply with the legislation. The Company has appointed a Data Protection Officer who will assist the Company and its staff in complying with the Data Protection legislation.
Procedures and Guidelines
This Statement supports the provision of a structure to assist in the Company’s compliance with the Data Protection regulation, including the provision of best practice guidelines and procedures in relation to all aspects of Data Protection.
This Statement will be reviewed regularly in light of any legislative or other relevant indications.
This document was last updated on Thursday 11 January 2018.