Concerning the privacy of your data
Storbtech Ltd is committed to protecting your privacy and maintaining the security of any personal information (personal data) received from you. We strictly adhere to the requirements of the EU General Data Protection Regulation 2016/679 (GDPR).
The purpose of this policy is to explain to you what personal data we collect, how we may use it, your rights over it, how we keep it secure, how we report on it, and how to complain about our use of it.
Your rights under the GDPR include:
How we collect and use your personal information
When you place an initial order with us, we collect sufficient data to allow us to process and fulfil your order. This includes your:
We collect additional information (data) in order to comply with the GDPR and EU Rules governing the supply of Digital Services. This includes your:
You have the right to withhold any personal data that is not required for the order process, but you must give your consent to our Terms and Conditions in order for us to provide you with our services.
We use the personal data collected to notify you of your purchase and to communicate with you in connection with all matters relating directly to our services, until termination of the services.
From time to time we may send you updates of our products and services. We will only contact you if we have acquired your specific consent.
We do not sell, rent, share, or exchange your personal data with any third party for commercial reasons. We will only share your personal data with any organisation, agency, or regulatory body if required to do so by law.
We do not collect sensitive data about you.
You can ask us what personal data we hold on you at any time, free of charge. In order to maintain the accuracy of the data, you can check, update, amend, or remove personal data by logging into your account.
How we use third parties for storing and processing your information
We use third party agencies (known as Subprocessors) to process your personal data only as is necessary to provide you with our services, maintain appropriate records for regulatory and taxation purposes, and keep your personal data secure.
Any Subprocessor engaged in the processing of personal information is also required to be GDPR compliant.
Where your personal data is transferred outside of the EEA (European Economic Area), specific protections are required. Certain agencies require access to your personal data. For example, a bank or card processing agency may need to verify your personal information for authorisation outside the EEA.
Under the GDPR, transfers of personal data outside the EEA are restricted unless the receiving entity has obtained an "adequacy decision" from the EU Commission or there is a valid data transfer mechanism in place. For example, QuickBooks (Intuit) participates in the EU-US and Swiss-US Privacy Shield Frameworks.
How long we retain your personal information
Your personal data is retained for as long as is necessary in order to provide the services agreed with you. Other types of data, for example, order data, may be retained for differing periods of time, including following the termination of our services. Legal and Statutory requirements determine how long we are required to retain certain types of data. Broadly, these include:
In the absence of any legal requirements, personal data will only be retained as long as is necessary to provide you with the agreed services. Data will be erased if you withdraw consent to the data being processed or held and request it be erased, except where any data may be required to be held for Statutory, Historical or Statistical purposes.
From time to time during the retention period, the need to retain identified data will be reviewed. In particular, the type of data and its purpose for processing will be re-considered and whether there remain lawful grounds for its continued processing. Out of date information will be archived.
Following the expiration of the applicable retention period, personal data may not necessarily be completely erased, if it is considered sufficient to anonymise the data. This may, for example, be achieved by means of:
If no fixed retention period has been determined, because of the limited amount of personal data retained, we will provide the criteria used to determine the rationale for retention of any particular data, upon request.
How we maintain the security of your personal information
We follow strict security procedures in the storage and disclosure of information you have given us, to prevent unauthorised access in accordance with the EU GDPR.
Passwords are encrypted , we recommend that you use strong Passwords to access your account and change them regularly.
The data held by us is stored on servers located within the UK. It is ISO 27001 and 9001 accredited. It has multiple levels of security and staff on-site 24x7x365.
You will be notified of any breach in the security of your personal data by either accidental or deliberate causes, without undue delay. Where required, in respect of certain types of breach identified, we will comply with the GDPR and report to the appropriate authority within the regulatory 72 hours.
A personal data security breach is defined as leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data.