This privacy notice tells you about the information we process about you whilst you utilise business services provided by Next DLP, and in some aspects after you cease using those services. In delivery of our business services information at time we serve data processors and, by law, we are required to provide you with information about us, about why and how we use your data, and about the rights you have over your data.
This privacy notice tells you about the information we process about you whilst you utilise business services provided by Next DLP, and in some aspects after you cease using those services. In delivery of our business services information at time we serve data processors and, by law, we are required to provide you with information about us, about why and how we use your data, and about the rights you have over your data.
Next DLP provides business Cyber security services in the form of the Reveal services.
Our customers utilise the online Cloud services we provide. The utilisation of such systems results in information of the usage being captured in the system history and related logs.
This information is held for our legitimate interests around business contract delivery, quality of service delivery and legitimate interests around subjects such as cyber-security and crime prevention.
For the Reveal product: we process Customer Data. “Customer Data” includes, but is not limited to (i) information which identifies or could reasonably be used to identify any natural person, including without limitation a person’s first and last name, home or other physical address, telephone number, fax number, email address, social security number, driver’s license, government issued identification card, UDID, IP address, etc., (ii) data collected directly from a user via an application’s user interface (name, address, date of birth), (iii) data that is gathered indirectly, such as mobile phone numbers, IMEI, or UDID, and (iv) data gathered about a user’s behaviour, such as purchase and transactional information, location data, web browsing data or the applications used which is linked to a unique profile.
We do not use the information gathered to make any automated decisions that might affect you.
Information relating to security logs involves storage on Next DLP servers within secured third party data centres. EU customer data is stored within the EEA and US customer data is stored on a data centre in the US.
All information is held in line with the Next DLP Retention Policy. For the Reveal Cyber service this is normally 3 months.
We will only process the personal data on instructions from a Controller
If we become aware of a personal data breach, we will notify the relevant controller without undue delay
We will ensure that any transfer outside the UK/EEA is authorised by the Controller and complies with the GDPR’s transfer provisions.
We will not engage another processor (i.e. a sub-processor) without the Controller’s prior specific or general written authorisation.
As a data processor we will sometimes need to assist the data controller in facilitating requests made by individuals, i.e. if requested, delete any data we are processing on behalf of a controller.
Further information on what we process is contained in Exhibit A, the Data Processing Addendum, of Next DLP’s Master Services Agreement available on the Next DLP website.
If you have a complaint about our use of your information, we would prefer you to raise it with us in the first instance by emailing dpo@nextdlp.com to give us the opportunity to put it right, in the UK you as escalation you can contact the Information Commissioner’s Office via their website at www.ico.org.uk/concerns or write to them at:
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF