Customer Owned Data

As a provider of Services, we may receive, process or store certain information, including personal data, on behalf of our Customers. All such information (“Customer Data”) is owned and controlled by our Customers, who are the data controllers for such information with respect to EU data protection law.

Customer Data may include information from the end points and other systems, tools or devices which Supreme Systems monitor and support  IT support services contract. Collected data include event logs, end user information (such as IP address, email address and computer name), and other data where relevant to a support or service request. Supreme Systems is a “Data Processor” for Customer Data.

Supreme Systems processes Customer Data on the basis of instructions from our Customers. If Supreme Systems receives a data subject request, we may direct you to the Customer as they are the “Data Controller”.

Supreme Systems collects information as part of its normal business operations and in the administration of its relationship with Customers, which may include personal data.

Business contact and Customer Relationship Management

Supreme Systems collects information as part of its normal business operations and in the administration of its relationship with Customers, which may include personal data.

We collect and maintain information about our Customers, which may include company name, business contact name and title, phone number, email and end user contact details.

We may also collect; billing address, financial account, credit card information, order details, subscription and license information.

In addition, we collect user credential and profile data (name, contact, authorized users) of Customer’s authorized users and account administrators.

Typically, the personal data we might request may include name, business affiliation, business address, telephone number, and email address, and details required to resolve enquiries or complaints.

We may also obtain personal data about Customers from third parties, such as LinkedIn and other publicly accessible sources.

Customer support and service

When Customers contact us for support or other customer service requests, we maintain support tickets and other records related to the requests, including any information provided by Customers related to such support or service requests. We may also collect call recordings related to support and customer service-related calls.

Customer Data may also include information from the end points and other systems, tools or devices which Supreme Systems monitor and support  IT support services contract. Collected data include event logs, end user information (such as IP address, email address and computer name), and other data where relevant to a support or service request. Supreme Systems is a data processor for Customer Data.

Internet traffic and cookies

When you visit our Sites, our server automatically collects certain browser or device generated information, which may in some cases constitute personal data, including but not limited to:

  • your domain
  • your IP address
  • your date, time and duration of your visit
  • your browser type
  • your operating system
  • your page visits
  • information from third parties
  • other information about your computer or device

Data Submitted via our website enquiry forms includes personal data such as organization name, email address, full name, phone number. This data is submitted by the customer to Supreme Systems and would be used for responding to enquires only.

Our site uses cookies. For more information about our use of cookies email us at privacy@supremesystems.co.uk.

Our site may contain links to third party sites. Since Supreme Systems does not control nor is responsible for the privacy practices of those websites, we encourage you to review the privacy policies of such third party sites. This policy applies solely to our site.

De-identified data

We may de-identify and aggregate certain data we collect such that the data no longer identifies or can be linked to a particular customer or an individual data subject (“De-identified Data”), subject to the terms of any applicable customer agreements. We may use this data to improve our Services, analyze trends, publish market research, and for other marketing, research or statistical purposes, and may disclose such data to third parties for these specific purposes.

Other data

Supreme Systems collects, uses and maintains certain data related to its business and the Services it provides to Customers, which is not personal data; this privacy notice does not restrict our use and processing of such data.

Use of personal data

The following is an overview of our purposes for using personal data that we process as a data controller. Additional details on how we process your personal data may be provided to you in a separate notice or contract.

For individuals in the European Union, our processing (i.e. use) of your personal data is justified on the following legal bases:

  • Performance of contract: the processing is necessary to perform a contract with you or take steps to enter into a contract at your reques
  • Compliance with law: the processing is necessary for us to comply with a relevant legal obligation (for example, laws which require us to collect tax information from customers, carry out checks on customers, or which compel us to disclose information to public authorities or regulators)
  • Our legitimate Interests: the processing is in our legitimate interests, subject to your interests and fundamental rights, and notably our legitimate interest in using applicable data to conduct and develop our business activities, such as developing and maintaining relationships with our customers (the majority of the processing covered by this notice is legitimate interest based)*
  • Defend our rights: where the processing is necessary to the establishment, exercise or defense of legal claims
  • With your consent: you have consented to the processing (for example, where we are required by local law to rely upon your prior consent for the purposes of direct marketing)

*In all cases where legitimate interests is relied upon as a lawful basis, we take steps to ensure that our legitimate interests are not outweighed by any prejudice to your rights and freedoms. This is achieved in a number of ways, including through the application of principles of data minimization and security, and by taking steps to ensure that personal data is only collected or otherwise obtained where it is relevant to the lawful business activities, and where using personal data is reasonably necessary for those activities.

Disclosure of personal data

As part of our business operations and administration of services Supreme Systems may also appoint third party service providers (who will operate under our instructions) to assist us in providing information, products or services to you, in conducting and managing our business, or in managing and improving our services or the sites. Supreme Systems may share your personal data with these affiliates and third parties to perform services that the third parties have been engaged by Supreme Systems to perform on Supreme Systems behalf, subject to appropriate contractual restrictions and security measures, or if we believe it is reasonably necessary to prevent harm or loss, or it believes that the disclosure will further an investigation of suspected or actual illegal activities.

Supreme Systems reserves the right to share any information that is not deemed personal data or is not otherwise subject to contractual restrictions.

If personal data is transferred outside the EU to other Supreme Systems group companies or to third party service providers, we will take steps to ensure that your personal data receives the same level of protection as if it remained within the EU, including by entering into data transfer agreements, using the European Commission approved Standard Contractual Clauses, or by relying on certification schemes such as the EU – US Privacy Shield.

We contractually require agents, service providers, and affiliates who may process personal data related to the services to provide the same level of protections for personal data as required under the Principles. Supreme Systems currently does not transfer personal data to a third party for the third party’s own use, but only for Supreme Systems’ purposes as outlined above.

Other disclosures

  • Law enforcement or national security. In accordance with our legal obligations, we may transfer Customer Data, subject to a lawful request, to public authorities for law enforcement or national security purposes.
  • Business Transfers. We may share personal data with third parties in connection with potential or actual sale of our company or any of our assets, or those of any affiliated company, in which case personal data held by us about our users may be one of the transferred assets.

Marketing

Where lawful to do so and, subject to your consent wherever required, we may communicate with customers and related business contacts about our services. If you wish to unsubscribe from receiving marketing communications, please use the “unsubscribe” link in our promotional emails to request that we stop sending you communications.

Security

Supreme Systems aims to safeguard and protect your personal data from unauthorized access, improper use or disclosure, unauthorized modification or unlawful destruction or accidental loss, and Supreme Systems utilizes and maintains certain reasonable processes, systems, and technologies to do so.

However, you acknowledge that no environment is completely secure or error-free, and that these processes, systems, and technologies utilized and maintained by Supreme Systems are subject to compromise. Accordingly, we cannot be held responsible for unauthorized or unintended access that is beyond our control.

Retention of Your Personal Data

We apply a general rule of keeping personal data only for as long as required to fulfil the purposes for which it was collected. However, in some circumstances, we may retain personal data for other periods of time, for instance where we are required to do so in accordance with legal, tax and accounting requirements, or if required to do so by a legal process, legal authority, or other governmental entity having authority to make the request, for so long as required.

In specific circumstances, we may also retain your personal data for longer periods of time corresponding to a statute of limitation, so that we have an accurate record of your dealings with us in the event of any complaints or challenges.

Your rights

Subject to applicable law, you may also have some or all of the following rights available to you in respect of your personal data;

  • to obtain a copy of your personal data together with information about how and on what basis that personal data is processed
  • to rectify inaccurate personal data, including the right to have incomplete personal data completed
  • to erase your personal data (in limited circumstances, such as where it is no longer necessary in relation to the purposes for which it was collected or processed)
  • to restrict processing of your personal data under certain circumstances
  • to port your data in machine-readable format to a third party (or to you) when we justify our processing on the basis of your consent or the performance of a contract with you
  • to withdraw your consent to our processing of your personal data (where that processing is based on your consent)
  • to obtain, or see a copy of the appropriate safeguards under which your personal data is transferred to a third country or international organization

In addition to the above rights, under EU data protection law, applicable individuals have the right to object, on grounds relating to your particular situation, at any time to any processing of your personal data for which we have justified on the basis of a legitimate interest, including profiling (as opposed to your consent) or to perform a contract with you. You also have the right to object at any time to any processing of your personal data for direct marketing purposes, including profiling for marketing purposes.

You also have the right to lodge a complaint with your local supervisory authority for data protection.

Please note that we may request proof of identity, and we reserve the right to charge a fee where permitted by law, especially if your request is manifestly unfounded or excessive. We will endeavor to respond to your request within all applicable timeframes.

If you contact us regarding Customer Data for which we are a data processor, we will attempt to refer your request to the relevant Customer, and data controller for your personal data.

Contact Information

If you have any questions in relation to this notice, please contact us at privacy@supremesystems.co.uk.