Go Internet | Isle of Wight & Hampshire

Privacy Policy

Go Internet regards the lawful and correct treatment of personal information as very important and is fully committed to the principles of data protection, as set out in the General Data Protection Regulation.

Why do we have this policy?

Our privacy policy will help you understand what information we collect, how we use it, and what choices you have.

On 25 May 2018, the European General Data Protection Regulation (GDPR) will apply. And, as it is an EU regulation, the GDPR will automatically take effect without the need for it to be locally implemented by member states.

Designed to help safeguard data protection rights for individuals, the GDPR introduces a single set of rules across the EU when it comes to how organisations handle data relating to identifiable individuals.

Under the General Data Protection Regulation, Go Internet is termed a ‘data controller’ which means that we are responsible for how and why personal data is used. Go Internet staff can help you with any queries about the information in this privacy policy.

Currently Go Internet will not have a designated Data Protection Officer as personal data is only processed on a small scale. If this changes an independent designated Data Protection Officer will be utilised.

Please also note that this privacy policy covers the Go Internet website only. Other websites linked to or from this site are not covered by this policy. Our services (such as home or business broadband) have separate Terms & Conditions. 

What information do we collect and receive?

We process personal data in connection with customer enquiries and to improve our marketing, by analysing how users browse our website. All data is collected to help our current and future customers.

Under GDPR, because the consent needs to be clear, specific and explicit we avoid relying on consent unless absolutely necessary. For this reason, we use ‘legitimate interests’ to process your data. This means the interests of our organisation in conducting and managing our activities to enable us to give you the best service. For example, we have an interest in making sure you receive only the emails that matter to you, so we may process your information to send you only the information you are interested in or need. You can inform us if you wish to be contacted differently, or not contacted at all – see number 9 in this document for information on how you can do this.

What personal data could we hold about you?

You may be asked for personal data if you want to make an enquiry through one of our contact/enquiry forms on the Go Internet website.

We will use the personal information you provide to administer our relationship with you and deliver the services you have told us you wish to use or to send you information that you have requested. We may also offer you the opportunity to receive additional information about our activities or those of our volunteers, supporters, service providers and partners. You may opt out of this at any time by legal@gointernet.co.uk

Information that you supply will be treated in confidence and in accordance with the principles of the GDPR guidelines.

The types of personal data we hold on you might include:

  • Your full name
  • Your address
    Your business name
  • Your telephone number
  • Your email address
  • Any other notes you provide us with via the contact form

This information is kept as accurate as possible – all of our staff take responsibility for keeping this database up to date and have an awareness of data protection.

We store your personal data just for the intended purpose (e.g. we won’t sign you up to every mailing list we run unless you ask us to), and we take steps to collect only the minimum personal data necessary, that it’s accurate, and kept for only as long as necessary, after which it is deleted from our database.

We will amend your record when you tell us that your details have changed. If you leave an organisation and would like us to delete your record, we’ll do it straight away if you tell us. Otherwise we’ll keep it on file for 3 years, after which, if we still haven’t heard from you in another capacity, we’ll delete it on your behalf.

How do we use your information?

We use your information to provide you with a quotation or to improve our website’s user experience. Go Internet uses this information as reasonably necessary and in accordance with your instructions. We will not normally contact you by post, but there may be exemptions. You can opt out of these at any time.

What other information could we hold?

Go Internet may also collect and receive:

  • Billing and other information: we may collect and store the billing address and financial information.
  • Service usage information: from time to time, we conduct surveys and interviews with individuals and organisations. We will explain any specific privacy notices as part of the activity, should it differ from this privacy policy.
  • Website traffic and newsletter readings: we also store some information to enable us to see how popular pages on our website are and news items in our newsletters. This typically involves assessing aggregate level information, such as IP addresses. Analysing this information allows us to tailor our services to meet your needs.
  • Device information. We may collect information about the device you are using to access our services on, including what type of device it is, what operating system you are using, device settings, application IDs, unique device identifiers, and crash data. Whether we collect some or all of this information often depends on what type of device you are using and its settings.

How does Go Internet protect the security of your information?

Go Internet takes security seriously. We take various organisational and technical steps to protect information you provide to us from loss, misuse, and unauthorised access, alteration or disclosure.

Occasionally, we introduce changes or improvements to our systems. Any test data that may have been used in this connection are managed in a secure and confidential manner.

We will conduct due-diligence on our supply chain ensuring that all suppliers and contractors are GDPR-compliant. Go Internet will also include a contractual clause so suppliers will need to inform us of any data breach.

Use of Cookies

Go Internet uses cookies on our websites, please browse our Cookie Policy here.

When can we share and disclose your information?

For the majority of the time, we do not share the information described in this privacy policy with other organisations. The circumstances we do share any personal data with third parties are described below. You can determine your own preferences for such sharing and disclosure by contacting us at any time.

Go Internet may share information with others as follows:

  • With third party service providers and agents: We may engage third party companies or individuals, such as third party payment processors, mailing houses etc, to process information on our behalf.
  • To comply with laws: To comply with legal or regulatory requirements and to respond to lawful requests, court orders and legal process.
  • To enforce our rights, prevent fraud and for safety: To protect and defend the rights, property, or safety of us or third parties, including enforcing contracts or policies, or in connection with investigating and preventing fraud.

How do you contact us about the data we hold on you?

If you would prefer us to:

  • Stop contacting you
  • Amend your information
  • Delete your information
  • Change your preferences (for instance if you would prefer us to only contact you about certain things or restrict what information we have about you)
  • Any other change

Please tell us. You can do so by emailing legal@gointernet.co.uk

We will make any changes requested within 1 month.

You also have the right to ask us for a copy of the information we hold about you and to have any inaccuracies in your information corrected.

Reporting a Concern.

If you feel we haven’t handled your data properly, please do contact us and we will do everything we can to rectify the problem.

If you feel this doesn’t go far enough, or if you want to report your concern elsewhere, you can contact the Information Commissioner’s Office (ICO): https://ico.org.uk/concerns/

Reporting a Data Breach

Go Internet encourages a culture where employees and volunteers feel comfortable in self-reporting when they have made innocent mistakes – the root cause of the vast majority of data breaches. Any breach should be reported immediately to the managing director: Trevor Cook on trevor.cook@gointernet.co.uk

The GDPR describes a personal data breach as “a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.” This applies to data held in any form.

Go Internet will instigate an incident response plan (see appendix 1.), lead by the CEO to investigate any data breaches within 72 hours.

Breaches will be reported to the ICO unless they are “unlikely to result in a risk to the rights and freedoms of individuals.” Examples of ICO notable breaches are where it may “result in discrimination, damage to reputation, financial loss, loss of confidentiality or any other significant economic or social disadvantage.”

Go Internet will only inform individuals concerned where there is a high risk of the above.

Changes to this Privacy Policy

We may change this policy from time to time. If we do, we will post any changes on our website. If you continue to use the services after those changes are in effect, you agree to the revised policy.

Last revised: 13th September 2020

————-

Appendix 1

There are four key steps to consider when responding to a breach or suspected breach.

STEP 1: Contain the breach and do a preliminary assessment

Move quickly to secure your systems and fix vulnerabilities that may have caused the breach.

Take all affected equipment off line immediately

Update credentials and passwords of authorized users. (If a hacker stole credentials, your system will remain vulnerable until you change those credentials, even if you’ve removed the hacker’s tools).

If the data breach involved personal information improperly posted on Go Internet website, immediately remove it. Be aware that internet search engines store, or “cache,” information for a period of time. You can contact the search engines to ensure that they don’t archive personal information posted in error.

Other websites: Search for Go Internet exposed data to make sure that no other websites have saved a copy. If you find any, contact those sites and ask them to remove it.

Interview people who discovered the breach. Also, talk with anyone else who may know about it. Consider:

» how it happened

» what information was taken

» how the thieves have used the information (if you know)

Document the investigation.

STEP 2: Evaluate the risks associated with the breach

Document:

When the breach was detected, by whom and what method
Scope of the incident/affected systems
Data that was put at-risk
How the breach was contained and eradicated?
Work performed or changes made to systems during recovery
Areas where the response plan was effective and what needs improvement

STEP 3: Notification

When reporting a breach, the GDPR says you must provide:

a description of the nature of the personal data breach.
the categories and approximate number of individuals concerned; and the categories and approximate number of personal data records concerned.
the name and contact details where more information can be obtained.
a description of the likely consequences of the personal data breach (Could there be media or stakeholder attention as a result of the breach or suspected breach?)
a description of the measures taken, or proposed to be taken, to deal with the personal data breach, including, where appropriate, the measures taken to mitigate any possible adverse effects.

STEP 4: Prevent future breaches

The CEO of Go Internet will ensure that any data breach action plans are acted upon.

If service providers were involved, Go Internet will examine what personal information they can access and decide if you need to change their access privileges. Go Internet will also, ensure service providers are taking the necessary steps to avoid another breach. If service providers say they have remedied vulnerabilities, Go Internet will verify this.

NOTICE OF DATA BREACH

Dear [Insert Name]:
We are contacting you about a data breach that has occurred at Go Internet.

What Happened?

[Describe how the data breach happened, the date of the breach, and how the stolen information has been misused (if you know)].

What Information Was Involved?

This incident involved your [describe the type of personal information that may have been exposed due to the breach].

What We Are Doing

[Describe how you are responding to the data breach, including: what actions you’ve taken to remedy the situation; what steps you are taking to protect individuals whose information has been breached; and what services you are offering

(like credit monitoring or identity theft restoration services).]

What You Can Do

We recommend that you place a fraud alert on your credit file. A fraud alert tells creditors to contact you before they open any new accounts or change your existing accounts.

Need more explanation?

If you still don't feel confident or if you'd like to find out more information about this topic, please contact us directly, our team would love to help!

Make a quick enquiry

Fill-in the form below and a member of our team will get back to you to discuss your requirements.