We are very pleased about your interest in our company. Data protection has a particularly high priority for the management of IT Nation Ltd.

The use of our website www.itnation.co.uk is possible without any indication of personal data. However, if a data subject wants to use special services of our enterprise via our website, processing of personal data could become necessary. If processing of personal data is necessary and if there is no legal basis for such processing, we will generally obtain the consent of the data subject.

The processing of personal data, such as the name, address, e-mail address, or telephone number of a data subject shall always be in line with the UK`s Data Protection Act 2018 and the General Data Protection Regulation, and in accordance with the country-specific data protection regulations applicable to us. By means of this privacy policy, our enterprise would like to inform the public about the kind, scope and purpose of the personal data collected, used and processed by us. Furthermore, data subjects are informed of their rights by means of this privacy policy.

As the controller, we have implemented numerous technical and organisational measures to ensure the most complete protection of personal data processed through this website. Nevertheless, Internet-based data transmissions can always have security vulnerabilities, so that absolute protection cannot be guaranteed. For this reason, every data subject is free to transmit personal data to us by alternative means, for example by telephone.

Definitions

The privacy policy is based on the terms used in the DPA and GDPR.

We use the following terms, among others, in this privacy policy:

(a) Personal Data

Personal data is any information relating to an identified or identifiable natural person (hereinafter “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

  1. b) Data Subject

Data subject means any identified or identifiable natural person whose personal data are processed by the controller.

(c) Processing

Processing means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

  1. d) Restriction of processing

Restriction of processing is the marking of stored personal data with the aim of limiting their future processing.

  1. e) Profiling

Profiling shall mean any automated processing of personal data which consists in using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or change of location.

  1. f) Pseudonymisation

Pseudonymisation is the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures which ensure that the personal data are not attributed to an identified or identifiable natural person.

  1. g) Controller or data controller

The controller or person responsible for processing is the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its designation may be provided for under Union or Member State law.

(h) Processor

Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

(i) Recipient

Recipient means a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not a third party. However, public authorities that may receive personal data in the context of a specific investigative task under national law shall not be considered as recipients.

  1. j) Third party

Third-party means a natural or legal person, public authority, agency or other body other than the data subject, the controller, the processor and the persons authorised to process the personal data under the direct responsibility of the controller or the processor.

  1. k) Consent

Consent means any freely given specific and informed indication of the data subject’s wishes, in the form of a statement or other unambiguous affirmative act, by which the data subject signifies his or her agreement to the processing of personal data relating to him or her.

Name and address of the controller

The controller within the meaning of the DPA and GDPR is:

IT Nation LTD

The Exchange, Express Park,

Bristol Road, Bridgwater,

England, TA6 4RR

01278 45 45 40

07840 51 51 50

Support@ITNation.co.uk

Cookies
Cookies are text files which are stored on a computer system via an internet browser. Numerous Internet pages and servers use cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a string of characters by which Internet pages and servers can be assigned to the specific Internet browser in which the cookie was stored. This enables the visited Internet pages and servers to distinguish the individual browser of the data subject from other Internet browsers that contain other cookies. A specific Internet browser can be recognised and identified via the unique cookie ID. You can learn more about cookies in general by visiting All About Cookies and in our Cookie Policy.

Server log files

We automatically collect and store information in so-called server log files, which your browser automatically transmits to us. These are browser type and browser version, Operating system used, referrer URL, Host name of the accessing computer, Time of the server request, IP address. This data is not merged with other data sources.

The collection of this data is based on Art. 6 paras. 1 lit. f GDPR. IT Nation has a legitimate interest in the technically error-free presentation and optimisation of its website – for this purpose, the server log files must be collected.

Hosting

The hosting services we use are for the provision of the following services: Infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance services, which we use for the purpose of operating this online offer.

In doing so, we, or our hosting provider, process inventory data, contact data, content data, contract data, usage data, metadata and communication data of customers, interested parties and visitors of this online offer on the basis of our legitimate interests in an efficient and secure provision of this online offer pursuant to Art. 6 paras. 1 lit. f GDPR in conjunction with. Art. 28 GDPR (conclusion of order processing contract).

Collection of general data and information

The website collects a series of general data and information each time a data subject or automated system accesses the website. This general data and information is stored in the server’s log files. The following data may be collected: (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system accesses our website (so-called referrer), (4) the sub-websites which are accessed via an accessing system on our website, (5) the date and time of an access to the website, (6) an Internet protocol address (IP address), (7) the Internet service provider of the accessing system and (8) other similar data and information that serve to avert danger in the event of attacks on our information technology systems.

When using these general data and information, we do not draw any conclusions about the data subject. This information is rather required in order to (1) correctly deliver the contents of our website, (2) optimise the contents of our website as well as the advertising for these, (3) ensure the permanent operability of our information technology systems and the technology of our website as well as (4) to provide law enforcement authorities with the information necessary for prosecution in the event of a cyber attack. Therefore, the data and information collected anonymously is, on the one hand, evaluated statistically and is further evaluated with the aim of increasing the data protection and data security of our enterprise, and ultimately ensuring an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from any personal data provided by a data subject.

Contact possibility via the website

If you contact us via phone, e-mail or contact form the data you provide will be stored so that your message can be forwarded to the correct contact person. This is done in accordance with Article 6 lit. f) GDPR to process your request. Your data provided will not be used for any other purposes, in particular not for advertising.

Newsletter

We send newsletters, e-mails and other electronic notifications with promotional information and only with the consent of the recipients or legal permission. Apart from that, our newsletters contain information about our products, offers, promotions and [1] or [2] depending on what they selected. Registration for our newsletter takes place in a so-called double opt-in procedure. This means that after registration you will receive an e-mail in which you are asked to confirm your registration. This confirmation is necessary so that no one can register with other email addresses. The registrations for the newsletter are logged in order to be able to prove the registration process in accordance with the legal requirements. This includes the storage of the registration and confirmation time as well as the IP address. The legal basis for the storage is Art. 6 Para. 1 lit. a) GDPR.

Processing of customer and contract data

We collect, process and use personal data only to the extent that it is necessary for the establishment, content or amendment of the legal relationship. This is done on the basis of Art. 6 paras. 1 lit. b GDPR, which permits the processing of data for the fulfilment of a contract or pre-contractual measures. We collect, process and use personal data about the use of our Internet pages (usage data) only insofar as this is necessary to enable the user to use the service or to bill the user. The collected customer data is deleted after completion of the order or termination of the business relationship. Legal retention periods remain unaffected.

Commercial and business services

We process data of our contractual and business partners, e.g. customers and interested parties (collectively referred to as “contractual partners”) in the context of contractual and comparable legal relationships as well as related measures and in the context of communication with contractual partners (or pre-contractual), e.g. to answer enquiries.

We process this data to fulfil our contractual obligations, to secure our rights and for the purposes of the administrative tasks associated with this information as well as for the business organisation. We only disclose the data of the contractual partners to third parties within the scope of the applicable law to the extent that this is necessary for the aforementioned purposes or for the fulfilment of legal obligations or with the consent of the contractual partners (e.g. to participating telecommunications, transport and other auxiliary services as well as subcontractors, banks, tax and legal advisors, payment service providers or tax authorities).

We inform the contractual partners which data is required for the aforementioned purposes before or in the course of data collection, e.g. in online forms, by means of special labelling (e.g. colours) or symbols (e.g. asterisks or similar), or in person.

Unless otherwise specified the purposes of processing are Contractual performance and service, contact requests and communication, office and organisational procedures, administration and response to requests, visit action evaluation, interest-based and behavioural marketing, profiling (creating profiles of users). And, the

Legal bases are Contractual performance and pre-contractual enquiries (Art. 6 para. 1 p. 1 lit. b. GDPR), Legal obligation (Art. 6 para. 1 p. 1 lit. c. GDPR), and our legitimate interests (Art. 6 para. 1 p. 1 lit. f GDPR).

Technical services

We process the data of our customers and clients (hereinafter uniformly referred to as “customers”) in order to enable them to select, purchase or commission the selected services or works as well as associated activities and to pay for and deliver them or to execute or provide them.

The required information is identified as such in the context of the order, purchase order or comparable contract conclusion and includes the information required for the provision of services and billing as well as contact information.

Unless otherwise specified the purposes of processing are Contractual performance and service, contact requests and communication, office and organisational procedures, administration and response to requests, visit action evaluation, interest-based and behavioural marketing, profiling (creating profiles of users). And, the

Legal bases are Contractual performance and pre-contractual enquiries (Art. 6 para. 1 p. 1 lit. b. GDPR), Legal obligation (Art. 6 para. 1 p. 1 lit. c. GDPR), and our legitimate interests (Art. 6 para. 1 p. 1 lit. f GDPR).

Presence in social networks

We maintain online presences within social networks in order to communicate with users active there or to offer information about us there. We would like to point out that user data may be processed outside the European Union. This may result in risks for users because, for example, it could make it more difficult to enforce users’ rights. Furthermore, user data is usually processed within social networks for market research and advertising purposes. For example, usage profiles can be created based on the usage behaviour and resulting interests of the users. The usage profiles can in turn be used, for example, to place advertisements within and outside the networks that presumably correspond to the interests of the users. For these purposes, cookies are usually stored on the users’ computers, in which the user behaviour and the interests of the users are stored. Furthermore, data independent of the devices used by the users may also be stored in the usage profiles (especially if the users are members of the respective platforms and are logged in to them). The relevant legal basis is our legitimate interests (Art. 6 para. 1 p. 1 lit. f. GDPR).

When you send a data subject access request

The legal basis for the processing of your personal data in the context of handling your data subject access request is our legal obligation and the legal basis for the subsequent documentation of the data subject access request is both our legitimate interest and our legal obligation. The purpose of processing your personal data in the context of processing data when you send a data subject access request is to respond to your request. The subsequent documentation of the data subject access request serves to fulfil the legally required accountability.

Your personal data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. In the case of the processing of a data subject access request, this is three years after the end of the respective process. You have the possibility at any time to object to the processing of your personal data in the context of the processing of a data subject access request for the future. In this case, however, we will not be able to further process your request. The documentation of the legally compliant processing of the respective data subject access request is mandatory. Consequently, there is no possibility for you to object.

Legal defence and enforcement of our rights

The legal basis for the processing of your personal data in the context of legal defence and enforcement of our rights is our legitimate interest. The purpose of processing your personal data in the context of legal defence and enforcement of our rights is the defence against unjustified claims and the legal enforcement and assertion of claims and rights.

Your personal data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. The processing of your personal data in the context of legal defence and enforcement is mandatory for legal defence and enforcement of our rights. Consequently, there is no possibility for you to object.

Warning against forged e-mails (spoofing), spam and phishing

The security of our customer’s data is our top priority. In the following we would like to give you some security advice: Beware of so-called phishing and spoofing attempts Unfortunately, our brand can also be misused as the supposed sender in this scam. In concrete terms, this means that consumers receive fake e-mails in our name. These emails can even be based on our brand layout and may be difficult to distinguish from our emails. The fraudsters want to exploit the position of trust between us and our customers and thus steal sensitive data (e.g. login, customer data, payment information) or install harmful software (such as viruses or Trojans) on your computer or smartphone. The creation of these emails and the sending of them is not done by us, even if our name should be used as the sender. Unfortunately, we cannot influence the sending of these illegal e-mails.

Data retention

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, the data processed by us will be deleted or restricted in their processing in accordance with Art. 17 and 18 GDPR. If the data is not deleted because they are required for other and legally permissible purposes, their processing is restricted. This means that the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons.

Sharing and national and international data transfer

In the course of our processing of personal data, it may happen that the data is transmitted to other bodies, companies, legally independent organisational units or persons or that it is disclosed to them. Recipients of this data may include, for example, payment institutions in the context of payment transactions, service providers commissioned with IT tasks or providers of services and content that are integrated into a website. In such cases, we comply with the legal requirements and, in particular, conclude corresponding contracts or agreements that serve to protect your data with the recipients of your data.

We may transfer personal data to other companies within our group of companies or grant them access to this data. Where this transfer is for administrative purposes, the transfer of data is based on our legitimate business and commercial interests or is made where it is necessary for the performance of our contract-related obligations or where we have the consent of the data subjects or legal permission.

We may transfer personal data within IT Nation to other persons within our organisation or grant them access to this data. Where this transfer is for administrative purposes, the transfer of data will be based on our legitimate business and commercial interests or will be made where it is necessary to fulfil our contractual obligations or where there is consent from the data subjects or legal permission.

Typically and unless otherwise stated in this policy, data may be shared on the basis of our contractual and pre-contractual obligations, in accordance with Art. 6 para. 1 lit. b) GDPR. Equally, if you have consented to it, or where there we have a legal obligation to do so or on the basis of our legitimate interests (e.g. when using agents, hosting providers, tax, business and legal advisors, customer care, accounting, billing and similar services that allow us to perform our contractual obligations, administrative tasks and duties efficiently and effectively). If we commission third parties to process data on the basis of a so-called “processing agreement”, this is done on the basis of Art. 28 GDPR.

We may also disclose information in other circumstances such as when you agree to it or if the law, a Court order, a legal obligation or regulatory authority ask us to. If the purpose is the prevention of fraud or crime or if it is necessary to protect and defend our right, property or personal safety of our staff, the website and its users.

As an international business and because of the technologies used within our Company, personal information may be accessed by IT Nation colleagues and third-party service providers from locations outside of the European Economic Area, whose data protection laws may not be as extensive as those in Europe. To ensure the same level of protection is in place when processing data is conducted outside the European Economic Area, IT Nation uses appropriate safeguards approved by the European Commission. IT Nation applies appropriate protection to make sure personal data remains adequately protected and is treated in line with this Policy. IT Nation has international data transfer agreements between its companies and with relevant third-party service providers based on standard contractual clauses approved by the European Commission.

How we protect personal information

Any personal information given to IT Nation will be treated with the utmost integrity, care and security. A variety of physical and technical measures are used to keep data safe and prevent unauthorised access to, or use of, or disclosure of personal information.

Electronic data and databases are stored on secure computer systems and IT Nation controls general access to information, using both physical and electronic means. IT Nation colleagues receive data protection training, and the Company has detailed security and data protection policies that colleagues are required to follow when handling personal data.

All reasonable steps are taken to ensure that personal information is kept secure from unauthorised access. However, we cannot guarantee it will be secure during the transmission process to this website because this transmission is not controlled by IT Nation.

Security measures

For security reasons and to protect the transmission of content, that you send to us, this site uses SSL or TLS encryption. You can recognise an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line. If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Third-party links

This website contains links to other websites, including those of other companies within IT Nation. These businesses will have their own privacy policies, tailored to their particular business practices and the sectors in which they operate. If following those links, IT Nation recommends reviewing the privacy policy of each website to understand how personal data is used in that particular entity. The inclusion of links to these websites does not imply an endorsement or validation of their content, and IT Nation is not responsible for their privacy practices of, nor do we accept any liability in connection with the content on such websites.

How to update your information and marketing preferences

We want to ensure each Party remains in control of personal information disclosed. IT Nation ensures that the personal information held is accurate and up-to-date to the best of our ability. The Company is committed to allowing any Party the opportunity to opt-out of future marketing communications.

Information on how to opt-out will be given when personal information is collected and specified on every marketing or news alert email sent. If at any stage a Party would like to update or correct such personal information, or opt-out of future marketing communications, email or write the Company at the physical or email addresses provided in the ‘Contacting Us’ section below.

Online presences in social media

We maintain online presences within social networks and platforms in order to be able to communicate with the customers, interested parties and users active there and to inform them about our services there. When calling up the respective networks and platforms, the terms and conditions and data processing guidelines of their respective operators apply.

Unless otherwise stated in our privacy policy, we process the data of users if they communicate with us within the social networks and platforms, e.g. write posts on our online presences or send us messages.

Obligation to provide personal data

You are not obliged to provide us with personal data. However, depending on the individual case, the provision of certain personal data may be necessary for the provision of the above services. If you do not provide us with this personal data, we may not be able to provide the service.

Automated individual decision-making including profiling

We do not make automated decisions in individual cases, including profiling.

Do Not Track

Do Not Track is a privacy preference you can set in most browsers. We support Do Not Track because we believe that you should have genuine control over how your info gets used and our site responds to Do Not Track requests.

Do Not Sell My Personal Information

We do not sell information that directly identifies you, like your name, address or phone records.

Accuracy

It is important that the data we hold about you is accurate and current, therefore please keep us informed of any changes to your personal data.

Sensitive personal data

If collecting or storing sensitive personal data, such as information relating to health, personal values or beliefs or political affiliation about customers, visitors and exhibitors, we will typically ask for explicit consent.

Children’s personal data

Our services and products are directed to academics and business professionals. They are not intended for children under the age of 13 and we do not knowingly collect personal data from this age group. If any information is collected from a child under the age of 13 without verification of parental consent, it will be deleted and destroyed.

Hosting

The services for hosting and displaying the website are partly provided by our service provider as part of processing on our behalf. Unless otherwise explained in this privacy policy, all access data and all data collected in forms provided for this purpose on this website are processed on their servers. If you have any questions about our service providers and the basis of our relationship with them, please contact them as described in this privacy policy.

Content Delivery Network

For the purpose of a shorter loading time, we use a so-called Content Delivery Network (“CDN”) for some offers. With this service, content, e.g. large media files, are delivered via regionally distributed servers of external CDN service providers. Therefore, access data is processed on the servers of the service providers. Our service providers work for us within the framework of order processing. If you have any questions about our service providers and the basis of our cooperation with them, please use the contact option described in this privacy policy.

Rights of users and persons concerned

With regard to the data processing described in more detail below, users and data subjects have the right to

  • to confirmation as to whether data relating to them is being processed,
  • to information about the data processed, to further information about the data processing and to copies of the data;
  • to correction or completion of incorrect or incomplete data;
  • to immediate erasure of the data concerning them;
  • to receive the data concerning them and provided by them and to transfer this data to other providers/controllers;
  • to lodge a complaint with the supervisory authority if they are of the opinion that the data concerning them is being processed by the provider in breach of data protection provisions.

In addition, the provider is obliged to inform all recipients to whom data has been disclosed by the provider of any correction or deletion of data or restriction of processing that takes place. However, this obligation does not apply if such notification is impossible or involves a disproportionate effort. Notwithstanding this, the user has a right to information about these recipients.

Likewise, users and data subjects have the right to object to the future processing of data concerning them, insofar as the data is processed by the provider. In particular, an objection to data processing for the purpose of direct advertising is permissible.

The above rights may be limited in some circumstances, for example, if fulfilling your request would reveal personal information about another person, if you ask us to delete information which we are required to have by law, or if we have compelling legitimate interests to keep it. We will let you know if that is the case and will then only use your information for these purposes. You may also be unable to continue using our services if you want us to stop processing your personal information.

We encourage you to get in touch if you have any concerns with how we collect or use your personal information.

The legal bases of the processing

The legal bases for processing are listed below and at least one of these must apply whenever we process personal data:

  • Consent: the individual has given clear consent to process personal data for a specific purpose.
  • Contract: the processing is necessary for a contract or because you have asked us to take specific steps before entering into a contract.
  • Legal obligation: the processing is necessary for us to comply with the law (not including contractual obligations).
  • Vital interests: the processing is necessary to protect someone’s life.
  • Public task: the processing is necessary for us to perform a task in the public interest or for official functions, and the task or function has a clear basis in law.
  • Legitimate interests: the processing is necessary for our legitimate interests or the legitimate interests of a third party unless there is a good reason to protect your personal data which overrides those legitimate interests.

The Supervisory Authority

The Information Commissioner’s Office (ICO) in the UK is the for us relevant authority in matters of data protection. You have the right to make a complaint at any time to the ICO (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO, please contact us in the first instance.

Changes to Privacy Policy

To keep up with changing legislation, best practices and changes in how IT Nation processes personal data, this Privacy Policy may be revised at any time without notice by posting an updated version on this website. Checking back periodically will mean a Party will be made aware of any changes. This Privacy Policy should be read in conjunction with the website’s Terms.

Queries and Complaints
Any comments or queries on this policy should be directed to us. If you believe that we have not complied with this policy or acted otherwise than in accordance with data protection law, then you should notify us.