PRIVACY POLICY

The EU General Data Protection Regulation (GDPR) came into force across the European Union on 25th May 2018 and brought with it the most significant changes to data protection law in two decades. Based on privacy by design and taking a risk-based approach, the GDPR has been designed to meet the requirements of the digital age.


OUR COMMITMENT


Coretek Group remain committed to ensuring high standards of information security, privacy and transparency.
We have always had a robust and effective data protection program in place which complies with existing law and abides by the data protection principles. We place a high importance on protecting and managing customer data in accordance with the new GDPR standards.


We are dedicated to safeguarding the personal information under our remit and in developing a data protection regime that is effective, fit for purpose and demonstrates an understanding of, and appreciation for the new regulation. Our objectives for GDPR compliance have been summarised in this statement and include the development and implementation of new data protection roles, policies, procedures, controls and measures to ensure maximum and ongoing compliance.


We will also work closely with our customers and partners to help them meet their obligations through the provision of professional services.


GDPR PREPERATION


As part of our GDPR compliance process, we have reviewed and updated all our internal processes, procedures, data systems and documentation in order to help ensure that we are fully compliant with the new regulations.


Coretek Group already have a consistent level of data protection and security across our organisation, however, it is our aim to stay fully compliant with GDPR by continuing to review and update, but not limited to, the following data protection categories;

  • Data Protection
  • Data Retention
  • Data Breaches
  • International Data transfers and Third-party disclosures
  • Subject Access Requests
  • Processor Agreements


OUR GDPR PRINCIPLES

  • Accountability and governance measures are in place to ensure that we manage customer and partner data in accordance with GDPR data protection requirements.
  • We will only process personal data for specified and lawful purposes and to hold relevant and accurate personal data, and where practical, we will keep it up to date.
  • Data breach procedures ensure that we have safeguards and measures in place to identify, assess, investigate and report any personal data breach at the earliest possible time.
  • We have revised our Subject Access Request (SAR) procedures to accommodate the revised 30-day timeframe for providing the requested information.
  • We will endeavour to ensure that personal data is not transferred to countries outside of the European Economic Area (‘EEA’) without adequate protection.


OUR GDPR FOCUS


  • We aim to build on our existing security and business continuity systems to help ensure our compliance, including ISO 9001:2015 and to introduce ISO 27001 into our own compliance.
  • The provision of services and solutions which help customers to understand and prepare for GDPR, develop compliance plans and build a stronger platform for the future by taking control of their data compliance.
  • The Coretek Group has a robust ISO-based Quality Management System (QMS – ISO 9001:2015) and in order to ensure compliance will implement additional or augmented company-wide controls to meet GDPR requirements within the Information Security Management System (ISMS ISO27001).
  • Updated Information Security policies and procedures (backed by ISO27001) will build on existing management systems, including our QMS system and our ITIL Service Desk system.
  • A core foundation of our Information Security, Control and Classification policy will be informed by gap analysis, data protection risk assessments and supported by communication and training programmes.
  • Coretek’s Data Protection Officer, will inform, advise and monitor compliance. The company will implement tools as appropriate that support the process, provide the necessary security and ongoing delivery of objectives.
  • We will provide training to our team and generally raise the awareness and importance of GDPR to our business.
  • We will continually look at ways of improving our systems and procedures to better comply with GDPR best practice.


DATA STORAGE AND CORETEKCLOUD


For any of our clients specifically hosted on our CoretekCloud platform, we have put considerable security measures in place with regards to the protection of data, as follows:

  1. Physical location – CoretekCloud is hosted within a tier 3 datacentre where physical access to the environment is tightly controlled. This is also a UK based datacentre with no CoretekCloud data residing off shore.
  2. Physical Access to the platform by Coretek Staff – Physical staff access is only permitted via an access control list and only a small number of senior engineers are granted authorised to do so.
  3. Public access to the service – Access to the service is carried out solely through a secure web portal which is maintained with security patches on a regular basis. This portal is also PCI compliant.
  4. 3rd party software services (Azure Backup / Office 365) – As per above, the data that is being hosted in these environments is located solely in UK based datacentres.
  5. Data Guardians – Only a select number of senior staff are permitted access to tenant company data. General service desk technicians only have basic access to carry out session shadowing for support procedures and password resets. No access to tenant company data is permitted, in line with how most larger service providers approach this.
  6. Login attempt monitoring – Failed logins to the environment are monitored and reported to Coretek 3rd line support on a daily basis.
  7. Backups and Data retention – Company file data is backed up on a daily basis with a retention range of one full year. Other third party client apps are also backed up on a daily basis, however these are only retained for a 30 day period.
  8. Use of personal information stored in CoretekCloud – The only personal information that is stored and reported on is that used in point 6 above. Usernames of those CoretekCloud tenant users who have failed to authenticate are recorded and reported on for auditing purposes. Aside from that, no other personal data is used.


DATA AND CORETEK.CO.UK


You may be asked to submit personal information via our website such as your name, company, website, email address and phone number.


We use this Data to communicate with you, for example; replying to enquiries, commercial communications or informing you about our products and services.


Your data will be protected in full compliance with the GDPR legislation and in line with our principles outlined above. We may also collect data via cookies, please see our Cookie Policy for full details.


COOKIES


About this cookie policy


This Cookie Policy explains what cookies are and how we use them. You should read this policy to understand what cookies are, how we use them, the types of cookies we use i.e, the information we collect using cookies and how that information is used and how to control the cookie preferences. For further information on how we use, store and keep your personal data secure, see our Privacy Policy.

You can at any time change or withdraw your consent from the Cookie Declaration on our website.

Learn more about who we are, how you can contact us and how we process personal data in our Privacy Policy.

Your consent applies to the following domains: www.coretek.co.uk



What are cookies?


Cookies are small text files that are used to store small pieces of information. The cookies are stored on your device when the website is loaded on your browser. These cookies help us make the website function properly, make the website more secure, provide better user experience, and understand how the website performs and to analyze what works and where it needs improvement.


How do we use cookies?


As most of the online services, our website uses cookies first-party and third-party cookies for a number of purposes. The first-party cookies are mostly necessary for the website to function the right way, and they do not collect any of your personally identifiable data.

The third-party cookies used on our websites are used mainly for understanding how the website performs, how you interact with our website, keeping our services secure, providing advertisements that are relevant to you, and all in all providing you with a better and improved user experience and help speed up your future interactions with our website.


What types of cookies do we use?


Essential: Some cookies are essential for you to be able to experience the full functionality of our site. They allow us to maintain user sessions and prevent any security threats. They do not collect or store any personal information. For example, these cookies allow you to log-in to your account and add products to your basket and checkout securely.


Statistics: These cookies store information like the number of visitors to the website, the number of unique visitors, which pages of the website have been visited, the source of the visit etc. These data help us understand and analyze how well the website performs and where it needs improvement.


Marketing: Our website displays advertisements. These cookies are used to personalize the advertisements that we show to you so that they are meaningful to you. These cookies also help us keep track of the efficiency of these ad campaigns.


The information stored in these cookies may also be used by the third-party ad providers to show you ads on other websites on the browser as well.


Functional: These are the cookies that help certain non-essential functionalities on our website. These functionalities include embedding content like videos or sharing contents on the website on social media platforms.


Preferences: These cookies help us store your settings and browsing preferences like language preferences so that you have a better and efficient experience on future visits to the website.


CookieTypeDurationDescription
Commenter's CookiesPersistent365 daysWhen visitors comment on our blog, they get cookies stored on their computer. This is purely a convenience, so that the visitor won't need to re-type all their information again when they want to leave another comment. Three cookies are set for commenter's:
  • comment_author
  • comment_author_email
  • comment_author_url
The commenter cookies are set to expire a little under one year from the time they're set.
Google AnalyticsPersistentVariousGoogle Analytics is a simple, easy-to-use tool that helps website owners measure how users interact with website content. As a user navigates between web pages, Google Analytics provides website owners JavaScript tags (libraries) to record information about the page a user has seen, for example the URL of the page. The Google Analytics JavaScript libraries use HTTP Cookies to "remember" what a user has done on previous pages / interactions with the website. Google Analytics supports two JavaScript libraries (tags) for measuring website usage: analytics.js and ga.js. The following sections describe how each use cookies.

analytics.js – Cookie Usage

The analytics.js JavaScript library is part of Universal Analytics and uses first-party cookies to:
  • Distinguish unique users
  • Throttle the request rate
By default, this library sets cookies on the top level domain, excluding the leading dot, and sets the cookie path to the root level (/).
User CookiesPersistant365 DaysThere are cookies for logged in users and commenters.

Users are defined as those people who have registered an account with our site.

Commenters are defined as those people who have made a comment on our site, without logging in via an account first.

The actual cookies contain hashed data, so you don't have to worry about someone gleaning your username and password by reading the cookie data. A hash is the result of a specific mathematical formula applied to some input data (in this case your user name and password, respectively). It's quite hard to reverse a hash (bordering on practical infeasibility with today's computers). This means it is very difficult to take a hash and "unhash" it to find the original input data. Our site uses a few cookies to bypass the password entry portion. If our site recognizes that you have valid, non-expired cookies, you go directly to the logged-in interface. If you don't have the cookies, or they're expired, or in some other way invalid (like you edited them manually for some reason), our site will require you to log in again, in order to obtain new cookies. The cookies stored are:
  • Your user credentials
  • A double-hashed copy of your password
  • Unique session cookies
Within these cookies, there are various functions which store your authentication details, indicate when you're logged in, who you are and to remember any user specific customisations which are not stored permanently by your account. There is also a function to delete the cookies from your browser when you click the "Logout" link.
User Cookies - Session OnlySessionSession OnlyThis is the same as the main 'User Cookies' policy, except these cookies are only stored for the duration of your session. A session is ended when a user clicks the 'Logout' link.  
Viewed Cookie PolicyPersistent365 daysThis cookie sets a flag to remember if a visitor has accepted/closed the cookie info bar. It sets a persistent cookie called ‘viewed_cookie_policy‘ for 365 days.


How can I control the cookie preferences?


Should you decide to change your preferences later through your browsing session, you can click on the "Privacy & Cookie Policy" tab on your screen. This will display the consent notice again enabling you to change your preferences or withdraw your consent entirely.


In addition to this, different browsers provide different methods to block and delete cookies used by websites. You can change the settings of your browser to block/delete the cookies. To find out more out more on how to manage and delete cookies, visit wikipedia.org, www.allaboutcookies.org.


We use a cookie to remember whether or not you've accepted our Cookie Policy. You can delete this cookie by clicking this link.


CONTACT US


If you have any questions about our Privacy Policy and GDPR, please contact enquiries@coretek.co.uk

FREE YOURSELF FROM IT FRUSTRATION

Remember, your organisation is only as strong as its weakest link. Book in a free consultation with Coretek today to benefit from our 20 years of experience and ensure your IT systems are working in your favour. Includes an in-depth report with actionable next steps completely free. Contact Coretek and relieve IT stress today!