Möbius-Internet (the company) is committed to taking your privacy very seriously and protecting and respecting your information. We aim to be clear about how we use your personal information and this Privacy Notice will inform you about how we look after your information, what information we process and the reasons why. It will also explain the conditions under which we may share it with others and how we keep it secure. 

We deliver internet connectivity and local area networking services. Möbius-Internet is a trading name of Spindlewood Ltd which is owned by PMY Technologies UK Ltd. 

PMY Technologies UK Ltd is registered with the Information Commissioner ID Z1494010.

To be able to provide these services in an effective way, we are required to collect and use personal data. 

We are a ‘data controller’ which makes us responsible for the personal data that we gather from our service users, internal staff, external organisations and stakeholders and other individuals who interact with us.

We have a dedicated Information Security committee, which includes a nominated Data Protection Officer for PMY Technologies UK Ltd. You can contact the committee and operator for any queries relating to this privacy notice or any other query relating to your data. 

by email: InformationSecurity@pmygroup.com 

or write to: 

Unit 1 Customs House,
Tempars Firs Industrial Estate
Royal Wootton Bassett
Wiltshire
SN4 7SR

 

The General Data Protection Regulation (GDPR) regulates the processing of personal data.

We will ensure that we meet with the following 6 principles: 

1. Process all personal information lawfully, fairly and in a transparent manner. 

2. Collect personal information for a specified, explicit and legitimate purpose. 

3. Ensure that the personal information processed is adequate, relevant and limited to the purposes for which it was collected. 

4. Ensure the personal information is accurate and up to date.

5. Retains personal data for no longer than necessary for the purpose for which it is processed. 

6. Keep your personal information safe and secure and protect its integrity and confidentiality.

The GDPR is a rights based law and it is about restoring the rights of the individual and giving them more control over how their information is process. It is important that you are made aware of these rights.

1. Right to be informed – we are obligated to provide you with a privacy notice whenever we collect information from you. Each of our individual services will have a specific privacy notice which reflects the information processed for that service. There must be transparency at the point of collection on how the information will be used and there is an emphasis on providing you with a clear and concise notice. 

2. Right of access – individuals must be able to access their data to ensure that it is being processed lawfully. This is commonly referred to as a subject access request. If you wish access to your personal data you must submit a request in writing and we will respond within 28 days. Please make contact with the Manager / Data Protection Champion of your service to exercise this right or contact the Data Protection Officer above. We may seek clarification as to your identity and there is no fee for this service.  

3. Right of rectification – individuals have a right to have personal data corrected. The accuracy of you information is important to us. We would really appreciate if you let us know if your contact details change or if any other pieces of information that we hold on you is inaccurate.

4. Right to erasure or right to be forgotten (is not absolute and only applies in certain circumstances).

5. Right to restrict processing – you have the right to ask to restrict what we use your personal information for, for example we will stop processing your information where we have no legal reason to use the information. However, this is not an absolute right and will only apply in certain circumstances. 

6. Right to data portability – this is a new right enabling individuals to reuse and transfer their personal data (held in electronic form) for their personal use to another data controller without affecting its usability.

7. Right to object – where the processing of personal data is subject to consent, individuals can object to certain types of processing such as direct marketing or processing for research purposes.

8. Right not to be subject to a decision based solely on automated processing, including profiling that significantly affect the individual. 

We process personal data for specific purposes and these purposes will determine the legal basis for the processing.  This is addressed under Article 6 and Article 9 of GDPR. The legal bases (Article 6) are detailed below:

1. Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.

2. Processing is necessary for compliance with a legal obligation to which we are subject.

3. Processing is necessary in order to protect the vital interests of the data subject or of another natural person.

4. Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.

5. Processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject, which require protection of personal data, in particular where the data subject is a child.

6. Consent: the individual has given clear consent for you to process their personal data for a specific purpose.

Möbius-Internet has carefully selected the appropriate legal base for processing in relation to the information that we process for our service users and staff. For example, the information that we process to deliver our services will sometimes be based on the performance of a contract to which our service users have agreed, we may also use legitimate interest as there will be a reasonable expectation that we process certain pieces of information in order to deliver and monitor the success of our services. 

We collect the following types of personal data.  Every service or department will collect different information, specific information collected will be provided in the service or employee privacy notice. 

· First Name

· Family Name or Surname

· Address

· Email address

· Telephone Numbers

· To provide you with a Möbius-Internet service in compliance with our contracts

· By keeping your records up to date helps us make inform decisions about the service that we provide to you

· To monitor and review the service that it is provided to you regularly

· To work well with other organisations who may be involved in the service provided to you

· To be able to provide necessary training relevant to meet your needs

· To contact you for monitoring purposes in person, by telephone, post or email 

· To produce statistical reports which will be anonymised and may be made publicly available

· Where the processing is necessary to comply with legal obligations, for example, the prevention and/or detection of crime

· To assist us in responding to emergencies or major accidents related to the services we provide.

The following are examples of how we collect your personal data:

· When you sign up for services with us

· When you telephone us

· When you email us

· When we receive and investigate complaints

The personal data may be held in paper and electronic format, but will always be managed in a safe and secure manner in compliance with our information security policies.

Some of this personal data may uniquely identify you, such as your name, address, email address, phone number, but we will only collect the personal data it needs. 

Personal data may be gathered without you actively providing it, through the use of various technologies and methods such as Internet Protocol (IP) addresses and cookies. An IP address is a number assigned to your computer by your Internet Service Provider (ISP), so you can access the internet. We collect IP addresses for the purposes of system administration and to audit the use of our site. Each time you log onto our site and each time you request one of our pages, our server logs your IP address. 

Although we log your session, it will not normally link your IP address to anything that can enable us to identify you. However, we can and will use IP addresses to identify a user when we feel it is necessary to enforce compliance with our rules or terms of service or to protect our service, site, users or others.

· That you provide us with accurate and up to date personal data.

· That you inform us of any changes to your personal data.

· That you inform us if you find any error or inaccuracies.  

We will not disclose your personal data to any external organisation or person unless it is satisfied that it has a legal basis to do so and proper measures are in place to protect the data from unlawful and unauthorised access. 

However, we may be required to share your personal data with other departments within Möbius-Internet such as the Finance Department who may need to process a payment or to our HR Department to respond to a complaint. But this will be on a need to know basis and limited to the purpose of processing. We may also need to share your personal information with stakeholders who are part of the delivery, monitoring and funding of our services. But this will be explained through the privacy notices related to the service you are using.

We may also use external organisations to carry out services on its behalf and this requires providing them with access to personal data. Such as ‘downstream’ internet service provides who may require your details to provide support. These organisations will act as Data Processors for us and they are legally obliged to keep your personal data secure and only process it under the specific direct instructions of us and in line with the GDPR. 

In certain circumstances you information may have to be shared without your consent. This would be the case if there is a legal duty to provide personal information for example:

· We must give information to courts if there are legal proceedings or to another party under a court order.

· If there are serious concerns relating to a child or anyone else using our services which would present a risk to safety then we will share the relevant information without your agreement, this can include anything with reference to preventing risk and/ or detecting a crime.

We are required to keep personal data for specified time periods to meet statutory obligations, regulatory and business needs and to comply with GDPR.  We have developed a retention and disposal schedule which we use to record all of the retention periods relating to the records we store. Your personal data will only be held for three months upon cancellation of your contract and will be disposed of in a secure manner after that time.

You may request a copy of your personal data for genuine reasons by using the request form at the link below. Please highlight your request with ‘personal data request’ you will be asked to prove your identification prior to any information being passed

Contact Us (mobius-internet.com)

If you wish to make a complaint on how we have handled your personal data, you can contact the Data Protection Officer or Manager of the service you are using who will investigate the matter. If you are not satisfied with our response or believe we are not processing your information in accordance with the law, you can contact the Information Commissioners Office details below.

The Information Commissioner's Office (ICO) regulates compliance with GDPR within the UK.  If you consider us to have breached any of the requirements of the GDPR, you may contact the ICO who may carry out an assessment, audit or investigation to establish whether we are compliant with the GDPR.

The ICO can be contacted at:

Information Commissioner’s Office
Wycliffe House Water Lane
Wilmslow
Cheshire
SK9 5AF 

Telephone: 0303 123 1114

Email: icocasework@ico.org.uk

Web: www.ico.org.uk

If you require further information about the use of your data or wish to make a subject access request for copies of your personal data held by us, please contact the relevant department directly or the PMY Technologies UK Ltd Data Protection Officer.