It is Softcat’s policy to ensure that personal information is handled securely and with respect as well as in accordance with relevant regulations such as the UK Data Protection Act 2018, the Irish Data Protection Act 2018, the EU General Data Protection Regulation (GDPR) and the UK GDPR.
Following Brexit the UK’s data protection legislation may diverge from the EU standards. Our current approach is to continue to operate in accordance with the EU GDPR standard (together with any additional requirements in relevant jurisdictions) and to the extent of any divergence we will operate to the higher standard.
We do not sell or rent any information, whether gathered on line or via our normal working relationship, without your express permission.
What personal data do we hold on you?
The information we hold on you will be dependant on our relationship with us. In most cases, such as if you’re a customer, partner or someone we’d like to work with this will include:
- Job role
- Work address
- Telephone number(s)
- Email address
For visitors to our websites we will also be recording:
- IP address
- Account usernames
How do you use my personal data?
Getting in touch and account management
Our most regular use of your personal data will be contacting you regarding our products and services and for operational tasks associated with these such as order processing, invoicing and renewals.
If you’re not a current customer and no longer wish to hear from our team you can request to be added to our “Do Not Contact” list either through informing our staff or emailing email@example.com. We’ll retain your name, employer, email address and telephone to ensure you are not contacted or added into our system again.
If you attend an event run by Softcat we will gather personal information as part of the registration process. This information may be used to track event attendance, relay any details before, during or after the event, gather feedback, and for future communications with you, in accordance with this policy.
Some events may have a photographer and/or videographer present and the content they create may be shared publicly. If you do not wish to appear in any photos or videos that may be used by Softcat, please let us know by contacting firstname.lastname@example.org.
Using our websites
Every time you visit our websites such as Softcat.com, SupportCat and eCat, we store a log of your visit that shows the unique identifier of your machine and gather information about your use of the sites. Common uses of this information include:
- Customising your user experience when interacting with our own and partner websites
- Providing products/services and any associated maintenance and technical support
- Providing incident and other alerts, and information about product upgrades, updates, renewals
- Generating logs, statistics and reports on service usage, and service performance;
- Evaluating, developing and enhancing products, services, and our infrastructure;
- Blocking access where there is a breach of the Terms and Conditions for use of the site.
If you participate in any Softcat surveys, we may use the data you supply to carry out market research. This research is conducted to support our business activities and anonymised results may be published externally. Research may also be used to improve our understanding of our users' demographics, interests and behaviour where relevant to engagements with Softcat. If you'd like any further information, please e-mail email@example.com.
Marketing and promotions
We (or other selected third parties acting on our behalf) may contact you from time to time in order to provide you with information about products and services that may be of interest to you. All marketing emails that we send to you will follow the email guidelines described under “Phone and Email Communication from Softcat”. You have the right to ask us not to process your personal data for marketing purposes, but if you do so, we may need to share your contact information with third parties for the limited purpose of ensuring that you do not receive marketing communications from them on our behalf.
If you provide us with your data at a career fair or similar event, we will use the data you provide to request feedback from you and to help us assess the success of the event and, if you consent, we will retain your data (for a maximum of 24 months, unless you agree to a longer period) and use it to contact you about future employment opportunities with us.
If you are making a job application or enquiry, you may provide us with a copy of your CV or other relevant personal information. Please review our recruitment data policy for more information.
What's our lawful basis for processing data?
Data protection regulations such as GDPR require organisations to have a lawful basis for the processing of personal data. In most cases Softcat will be acting as the controller of your personal data and using the principle of legitimate interest as the lawful basis of processing.
This means we have a genuine and legitimate reason to hold your data and the risk of us doing so is not outweighed by the risk of harm to your rights and freedoms.
Where we use data we carefully consider any potential impact on you and your rights. We also ensure we have controls in place so if you ask us to stop processing your data for any purpose we can respect this request.
Phone and email communications from Softcat
Softcat's employees regularly contact existing customers and other organisations for the purpose of discussing IT solutions.
If you’re not a current customer and no longer wish to hear from our team you can request to be added to our “Do Not Contact” list either by informing our staff or emailing firstname.lastname@example.org. We’ll retain your name, employer, email address and telephone to ensure you are not contacted or added into our system again.
Our standards for email communications
- Emails will clearly identify us as the sender
- Emails sent to you from our email marketing platform will include an option to unsubscribe from future email messages
- You may unsubscribe from all mailing lists, with the exception of any emails regarding legal notices, invoicing or license renewals
- Any third parties who send emails on our behalf will be required to comply with legislative requirements on unsolicited emails and the use of personal data
We send emails from a number of different domains in both plain text and HTML email formats. Emails are usually sent using sender email address: @softcat.com
If you receive an email which claims to come from us but does not use these domains, or if you are suspicious that an email may not be approved by us, then please send a copy of the email to ITsecurity@softcat.com so we can investigate.
Do you share my information with other organisations?
If Softcat are acting as a Data Processor to your organisation as part of a services agreement, international data transfers will be set out in our data processing agreement. In most circumstances this will only apply when consuming one of Softcat’s own services. If you are purchasing a third party product or service Softcat will be acting as a commercial intermediary and not as a data processor
In the event that we receive requests from government departments, agencies or other official bodies, we will only disclose your information if, and to the extent that we believe we are legally required to do so, (for example, but without limitation, upon receipt of a court order, warrant, subpoena or equivalent).
Except as set out above, we will not disclose your personal data save where we need to do so in order to enforce our rights.
Links to other sites
How long will you keep my information?
We will hold information for a s long as required based on your engagement with us. Where we retain information we will always consider the points below.
- We hold your information for as long as required to do the activities in this notice
- We think about what type of information it is, how sensitive it might be and any legal requirements
- We always think about the potential risk from anyone using or sharing this information without permission
What are my rights?
The right to be informed
You have a right to knowledge on what data we hold and how your data is used, this policy sets that out.
The right to update your data
We should make reasonable efforts to keep your data up to date and enable you to easily rectify any incorrect personal data we hold on you.
The right to know what data we hold on you
This is called right to access and it allows you to ask for full details of the information we hold on you.
If you'd like to request any information about your personal data or believe that we are holding incorrect personal data on you, please contact email@example.com.
It is possible to obtain a copy of the information that we hold on you.
The right to request your information is deleted
This is know as the right to erasure, alsow known as "the right to be forgotten" and means you can request your data is deleted.
Sometimes we can delete your information but other times it's just not possible, like if the law prohibits us from doing so. If you would like to requested the deletion of your data please speak with HR or contact firstname.lastname@example.org to discuss further.
The right to request your information is not used
This is known as the right to object and is your right to tell us to stop using your personal data.
If you're not a current customer and no longer wish to hear from our team you can request to be added to our "Do Not Contact" list either through informing our staff or emailing email@example.com. We'll retain your name, employer, email address and telephone to ensure you are not contacted or added into our system again.
The right to object also allows you to object to automated individual decision making, this may impact your ability to benefit from some services. If you are concerned about the use of automated decision making in Softcat you can contact firstname.lastname@example.org
Requesting your information is transferred
This is called the right to data portability. If you have a need for us to transfer some of your information and your usual contacts are unable to assist please contact email@example.com
The right to lodge a complaint with the ICO
If you have any concerns about our processing of your personal data, you can contact us through firstname.lastname@example.org.
Alternatively, or if you feel we have not resolved your concern, you have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk).
If you live in a country or territory located in the European Union (EU) or European Economic Area (EEA), you can complain to your national data protection regulator. You can find contact details of national data protection regulators in the EU and EEA, please refer to the European Data Protection Board website.
Data transfer to third countries
Following Brexit data transfers to and from countries outside the UK are treated as a data transfer to a third country.
To enable you to benefit from our worldwide partnerships with suppliers of IT products and services it may be necessary to transfer your personal data outside the UK. In most cases the transfer of information is limited to basic contact information such as name, employer, phone number and email address.
If Softcat are acting as a Data Processor to your organisation as part of a services agreement, international data transfers will be set out in our data processing agreement. In most circumstances this will only apply when consuming one of Softcat’s own services. If you are purchasing a third party product or service Softcat will be acting as a commercial intermediary and not as a data processor.
Cookies and tracking pixels
Softcat do not currently make use of tracking pixels.
We endeavour to hold all personal data securely in accordance with our internal security procedures and applicable law.
Unfortunately, no data transmission over the Internet or any other network can be guaranteed as 100% secure. As a result, while we strive to protect your personal data, we cannot ensure and do not warrant the security of any information you transmit to us, and this information is transmitted at your own risk.
If you have been given log-in details to provide you with access to certain parts of our Site (for example eCat), you are responsible for keeping those details confidential.
Who can I contact?
This is the website of Softcat Plc a company registered in England and Wales under company number 02174990 whose registered office is at Softcat plc, Fieldhouse Lane, Marlow, Buckinghamshire, SL7 1LW, United Kingdom and with a registered branches in:
- Ireland at, Softcat, No.2 Harbour square, Dun Laoghaire, Co. Dublin, A96 DA02
- Singapore at, Level 49, One Raffles Quay, North Tower, Singapore, 048583
- Netherlands at, Radarweg 29, 1043 NX, Amsterdam, The Netherlands
- United States at, Softcat, 4800 Hampden Ln, STE 200, Bethesda, MD 20814-2934
If you’d like to request any information about your personal data or believe that we are holding incorrect personal data on you, please contact email@example.com. It is possible to obtain a copy of the information that we hold on you.
If you wish to contact us by post please use our Marlow address. For the purposes of the EU GDPR, if you wish to contact us by post please use our Irish branch.
Notification of changes