Privacy & GDPR Policy
Introduction
Please read this privacy notice carefully as it describes our collection, use, disclosure and retention and protection of your personal information. This privacy notice applies to all data collected by Ostara Systems Ltd. Where you provide us with your personal information in any way as described in section 2 below, you are agree that we may collect, store and use it based on our legitimate interest for processing (ie: for internal administrative purposes and direct marketing). This is based on you providing consent, which you may withdraw at any time, as described in this privacy notice.
Our business will ensure that personal data that we hold is kept secure and that it is held for no longer than is necessary for the purposes for which it is being processed. In addition, we will retain the minimum amount of information to fulfil our statutory obligations and the provision of goods or/and services – as required by the data protection legislation, including the General Data Protection Regulation (GDPR).
1. Who we are
Our privacy notice applies to all systems, websites and technology of Ostara Systems Ltd (a company incorporated in England with company registration number 04642803 and whose registered office address is Ash House, Breckland, Linford Wood, Milton Keynes, MK14 6ET), but excludes any product applications or services that have separate privacy notices which do not incorporate this privacy notice.
2. How we collect information
To the extent permissible under applicable law, we collect information about you and any other party whose details you provide to us when you:
- Complete online forms (including all call back requests);
- Interact with us using social media;
- Provide your contact details to us by emailing
- Contact us offline, for example by telephone or post
- Apply for a role at Ostara Systems
- Become an employee of Ostara Systems
If you intend giving us personal information about someone else, you are responsible for ensuring that you comply with any obligation and consent obligations under applicable data protection laws. In so far as required by applicable data protection laws, you must ensure that beforehand you have their explicit consent to do so and that you explain to them how we collect, use, disclose and retain their personal information or direct them to read our privacy policy.
3. How we use your information
To the extent permissible under applicable law, we use your information to:
- Provide any information and services that you have requested;
- Manage our relationship with you (for example, customer services and support activities);
- Monitor, measure, improve and protect our content, website and services and provide an enhanced service for you;
- Provide you with any information that we are required to send to you to comply with our regulatory or legal obligations;
- Deliver targeted advertising, marketing or information which may be useful to you based on your query to our website;
- Activities related to your employment at Ostara Systems
We may monitor and record our communications with you, including e-mails and phone conversations. Information which we collect may then be used for training purposes, quality assurance, to record details about our website and services that you ask us about, and in order to meet our legal and regulatory obligations generally.
4. Sharing your information
We may share your information with:
- Another organisation if we sell or buy (or negotiate to sell or buy) any business assets;
- Another organisation to whom we may transfer our agreement with you; and
- Government departments where reporting is mandatory under applicable law.
- Any company’s system on which we rely on, as a controller or processor of data
5. Marketing
From time to time, we may use your information to contact you with details about our products and services which we feel may be of interest to you. You have the right at any time to stop us from contacting you for marketing purposes. You can unsubscribe from any email marketing using the links provided in the emails we send to you, or by contacting us at info@ostarasystems.com.
6. Your information and your rights
If you are based in the EEA or within another jurisdiction having similar data protection laws, in certain circumstances you have the following rights:
- The right to be told how we use your information and obtain access to your information;
- The right to have your information rectified or erased or place restrictions on process your information;
- The right to object to the processing of your information e.g. for direct marketing purposes;
- The right to have any information you provided to us on an automated basis returned to you in a structured, commonly used and machine-readable format, or sent directly to another company, where technically feasible (“data portability”);
- Where the processing of your information is based on your consent, the right to withdraw that consent subject to legal or contractual restrictions;
- The right to object to any decisions based on the automated processing of your personal data, including profiling; and
- The right to lodge a complaint with the supervisory authority responsible for data protection matters (e.g. in the UK, the information commissioner’s office).
We will retain your personal information for as long as is necessary and relevant for our legitimate business purposes, in accordance with Appendix 1 of this document, or as otherwise permitted by applicable laws and regulation.
7. Disposal
We must ensure that personal data is securely disposed of when it’s no longer needed. This will reduce the risk that it will become inaccurate, out of date or irrelevant.
The method of disposal should be appropriate to the nature and sensitivity of the documents concerned and includes:
- Non-Confidential records: place in waste paper bin for disposal
- Confidential records: shred documents
- Deletion of Computer Records
- Certified hardware destruction
Contact Details
Ash House, Breckland, Linford Wood, Milton Keynes, MK14 6ET
Open:
9:00 AM – 5:00PM
Phone:
0844 880 2582
Email:
Appendix 1: Document retention schedule
The below table sets out the retention schedule of data held by Ostara Systems Ltd, and is regularly reviewed, and where necessary, updated.
|
Type of record |
Retention period |
Where is it stored? |
Reason |
Method of Management |
|
Employment records: |
||||
|
PAYE records (Pay & tax: pay deductions, tax forms, payroll, loans) |
7 years from end of fiscal year |
Payroll System |
Legal & Contract Obligation/Auditing |
Project Task |
|
Maternity and paternity pay records |
7 years from end of fiscal year |
Payroll System |
Legal & Contract Obligation/Auditing |
Project Task |
|
Medical and health records |
3 months after employment ceases |
HR System |
Legal |
HR System Automation |
|
Candidates (Job seeker CVs and related details) |
6 months after last action |
HR System
|
HR Recruitment & Feedback |
HR System Automation |
|
Accident report forms |
10 years after last action |
HR System |
Health & Safety |
HR System Automation |
|
Employment records: redundancy & welfare records, and formal disciplinary actions |
7 years after last action |
HR System |
Legal & Contract Obligation/Auditing |
HR System Automation |
|
Employees that left the business: emergency contacts and bank account details |
3 months after employment ceases |
Payroll System |
Legal |
HR System Automation |
|
Commercial contracts: |
||||
|
Contracts with clients |
10 years after end of contract |
Secure Contracts Filing Cabinet & Network (O Drive) |
Client Contracts |
[NJH] |
|
Contracts, leases, guarantees and indemnities |
10 years after last action |
Secure Admin Filing Cupboard |
Legal |
Shred hard copies |
|
Client Purchase orders |
10 years after end of contract |
Secure Admin Filing Cupboard |
Contractual |
Shred hard copies, delete any electronic copies |
|
Supplier Invoices |
20 years after last action |
Secure Admin Filing Cupboard |
Legal & Contract Obligation/Auditing |
Shred hard copies, delete any electronic copies |
|
Tax and Accounting Records: |
||||
|
Accounting & financial management information |
Indefinite |
Secure Admin Filing Cabinet |
Audit |
Shred hard copies |
|
Stock transfer forms and share certificates |
Indefinite |
Secure Admin Filing Cabinet |
Audit |
Shred hard copies |
|
Marketing records: |
||||
|
CRM Data |
Indefinite |
CRM System |
Sales & Marketing |
[N/A] |
|
Operational records: |
||||
|
Closed circuit television recordings |
See CCTV Policy |
See CCTV Policy |
See CCTV Policy |
See CCTV Policy |
|
Fire Risk Assessments |
2 Years |
O Drive |
Legal |
[Delete from O Drive] |
|
Policies/Procedures |
Indefinitely, unless superseded. Old Versions kept for 1 year. |
O Drive/HR System |
Legal |
[Delete from O Drive] |
|
Complaints |
7 years from end of fiscal year |
O Drive |
Legal & Contractual |
[Delete from O Drive] |
|
Property plans and surveys |
1 Year after lease expires |
Secure Contracts Filing Cabinet |
Legal |
[Shred hard copies] |
|
Pat tests, fire risk assessment |
Indefinitely |
Ostara System |
Legal |
[N/A] |
|
Register of shareholders |
Life of company |
Secure Admin Filing Cupboard |
Legal |
[N/A] |
|
Memorandum of association |
Life of company |
Secure Admin Filing Cupboard |
Legal |
[N/A] |
|
Register of directors and secretaries |
Life of company |
Secure Admin Filing Cupboard |
Legal |
[N/A] |
|
Insurance schedules, including Employer’s liability insurance certificates |
Life of company |
Secure Admin Filing Cupboard |
Legal |
[N/A] |
|
Email records: |
||||
|
HR/Personnel related emails only of former employees of Ostara |
Delete emails after 3 years |
Gmail |
|
Emails to be deleted |
|
All email records other than the above |
Indefinitely |
Gmail |
|
[N/A] |
|
Messaging Records: |
||||
|
All messages contained within Zoho Cliq |
Indefinitely |
Gmail |
|
[N/A] |
|
Ostara System Client Data: |
||||
|
Client data contained within the Ostara System |
7 years after end of contract |
The Individual Client’s Ostara System |
N/A |
Annual Purge/Deletion Process |
|
Infrastructure critical information (e.g. log files etc) |
7 years after end of contract |
The Individual Client’s Ostara System |
N/A |
Annual Purge/Deletion Process |