As a prospective customer, we will hold very little information about you:
We also generate log files from various servers: this will include an IP address assigned to you or, more likely, to someone who provides you with Internet access. If you do not want us to see your actual IP address, feel free to visit us via Tor.
References to the basis of processing (e.g. "(Basis: Art. 6(f).)") are a reference to the article of the General Data Protection Regulation under which we undertake the processing in question.
We use the information we hold about you to respond to your enquiry, such as helping work out the best service for you.
(Basis: Art. 6(b): this is necessary to deliver the service to you.)
We use recordings of communications you have with our staff, including call recordings, for staff training and quality assurance purposes
(Basis: Art. 6(f): we do this for the legitimate interest of providing the best possible service to you.)
We use the information we hold about you to defend our networks and services from attacks.
(Basis: Art. 6(c): we have to do this to comply with legal and regulatory obligations.)
We use information we hold, including any call recordings, to help demonstrate the existence or content of contracts, prevent and detect fraud, and for establishing and defending our legal rights.
(Basis: Art. 6(f): we do this for the legitimate interest of protecting A&A.)
If we are need to do so as part of a court or ADR process, we will process your personal information to either bring a claim, or defend a claim or dispute.
(Basis: Art. 6(f): we do this for the legitimate interest of protecting A&A.)
If we are served with a binding order (for example, a court order, a notice under the investigatory powers framework, or a notice from the Information Commissioner’s Office) which includes you, we will be required to process your personal data to be able to comply with it.
(Basis: Art. 6(c): we have to do this to comply with legal and regulatory obligations.)
We may use the logs from our servers to assist with A&A’s security, as well as to determine visitor behaviour and help us plan our business strategy (e.g. such as working out which pages on the site are most popular, or whether particular events have caused an increase in traffic).
(Basis: Art. 6(c): we have legal and regulatory obligations to protect our clients and their information. Art. 6(f): strategy planning is a legitimate, indeed sensible, thing for a business to do.)
We operate CCTV, covering public internal and external areas of our premises.
(Basis: Art. 6(f): we do this for the legitimate interest of protecting A&A.)
We run some mailing lists, to which you can subscribe if you wish.
(Basis: Art. 6(a): you consent to being on the mailing list for as long as you choose to remain a subscriber.)
We do not transfer or process data outside the European Economic Area unless the processing requires it (for example, where you are corresponding with us from outside the EEA and we reply to you).
We cannot force you to provide us with data, and it is your choice whether you give us everything we need to provide our services to you or not. If you choose not to provide us with the data we need, we may not be able to provide you with the service.
You have lots of rights in respect of our processing of your personal data, and you can exercise most of them yourself:
As a general principle, we will not transfer your personal data to third parties without your permission.
There are three exceptions to this: