Fair Processing Notice

This document describes the information collected by or processed by Tectrade Computers (company number 02589951 1st Floor River Court, Mill Lane, Godalming, Surrey, GU7 1EZ) and Tectrade Corp. (1460 Broadway, New York, NY 10036) how that information may be used, with whom it may be shared, and your choices about such uses and disclosures.

To contact us regarding anything to do with Privacy please contact info@tectrade.com addressed to the Data Protection Officer, or the switchboard 01483 861448.

Information Collected, Stored or Processed

Business Information

Tectrade will collect and store personal information required for the provision of our services and for Tectrade to function as a business, including marketing activities, in line with the current e-Privacy regulations.  This may include information such as your name, e-mail address, company name, mailing address, country, phone number, number of employees, industry, and/or support information (collectively, “Business Information”).

Tectrade will be the Data Controller for this Business Information.

Tectrade will use all reasonable steps to protect against the loss, misuse and alteration of Business Information. Your rights as a Data Subject are maintained including your right to access, rectification, erasure and data portability.

Our primary store for Business Information is on SalesForce.com (SFDC), it is stored in one of their European Data Centres. SFDC are a US Privacy Shield certified company further details can be found here: https://www.salesforce.com/uk/company/privacy/

Backup/Storage Meta Data

Tectrade’s Helix Protect range of services provide reporting, monitoring or management of backup data, both on premise and in the cloud.

Tectrade will automatically collect technical information when you use our Helix Protect/Storage Services. This information may include, but is not limited to, your server names, drive/file exclusions, backup schedule settings, data retention settings, access times, logs, file and folder names, backup success and failure, error codes, and the file sizes of your backup data, storage performance and capacity utilisation, IOPS, read and write metrics, and error conditions. This information is used to enable us to deliver our services. (Collectively “Backup/Storage Meta Data”).

Backup/Storage Meta Data does not include personal data.

This data is collected locally within your environment via a “Cloud Connector” or similar tool, which is usually a lightweight piece of software, commercially provided by the software vendor, installed on a server of your choice, with access to the backup/storage environment. The data collected is encrypted locally using 256-bit AES encryption prior to being sent to our reporting server.

The reporting server is located either within our infrastructure in the United Kingdom or hosted by a third party, either in the United Kingdom or the United States. Our third party provider is primarily IBM using the IBM Cloud Services. Amongst the reasons IBM were chosen is that they are a US Privacy Shield certified organization, whose approach to privacy can be found here:  https://www.ibm.com/privacy/details/us/en/privacy_shield.html.

Wherever the reporting server is located, industry standard and reasonable security steps have been taken to protect that data.

Tectrade will be the Data Controller for Backup/Storage Meta Data. Where IBM Cloud is used they will be a Data Processor. Backup/Storage Meta Data will be stored mainly in the United Kingdom. Where a Customer is based in the United States then IBM Cloud in the United States will be used to store the Backup/Storage Meta Data.

Backup Data

Currently Tectrade offer 3 levels of support services around backup and storage data:

  1. Helix Protect Report
  2. Helix Protect/Storage Base
  3. Helix Protect Enterprise/Cloud

For our Helix Protect Report and Helix Protect/Storage Base services we do not require access to any backup data or production data (which may contain personal data). These services will be centred around providing value and insight to Backup/Storage Meta Data.

With our Helix Protect Enterprise/Cloud services Tectrade will be a Data Processor of backup data, this backup data may contain Personal Data or even Sensitive Personal Data. Tectrade will be processing this data on the written instruction of our Customers who remain at all times the Data Controllers.

To deliver our services for the Helix Protect Enterprise, Tectrade may have access to backup data and to customer’s servers, however we do not need to access to any personal information within that backup data or on customer systems to provide our services. The customer will remain the Data Controller for all production and backup data and is responsible for making sure that any personal data processed by us has suitable safeguards to prevent unauthorized access. Options for such safeguards include encryption, server or file and folder level permissions or application permissions.

Tectrade will be responsible for ensuring that industry standard policies and processes are in place to prevent unauthorized access to the data we are processing. This will include maintaining our ISO27001 information security management system, suitable training and awareness, disciplinary processes and incident management reporting and breach processes.

Our Helix Protect Enterprise and Helix Protect Cloud backup services include the option of backup data being stored on Tectrade systems within the customer’s environment, within our environment or in the cloud.

Where backup data is transferred to Tectrade to be stored on systems within our environment or in the cloud the backup data may be transferred to a third party. The backup data will be encrypted before it is sent, segregated and retained in accordance with the customers instructions. The encrypted backup data will be deleted at the end of the services contract in a manner to make it unfeasible to recover.

Tectrade and the third party will be data processors of the encrypted backup data. Tectrade will consider privacy as a key component of choosing a third party. Our primary third-party supplier is IBM with their cloud services offerings further details on IBM’s approach to privacy can be found in the link in the section above.

Professional Services Privacy Policy

Tectrade’s professional services or consultancy services are normally delivered by Tectrade employees or occasionally third party sub-contractors. Where third party sub-contractors are used this will be made clear to the customer. Our professional services can be conducted remotely or onsite. We will be acting on the clear written instructions of the customer (or agreed scope of work). Our access to any data whether personal data or not is entirely governed by the customer who will remain the Data Controller.

Access to site and systems is at the direct request of the customer. There is currently no foreseen reason why Tectrade or its sub-contractors would require access to, or need to process customer’s personal data unless specifically requested to do so under the supervision of the Data Controller.

The Tectrade consultants or sub-contractors who attend site or access systems will follow any reasonable information security or access policies in place at the customer site.

Cookies in our Customer Community and Website

Like many services on the Internet, when you use access or reporting console or customer community portal, Tectrade may assign your computer one or more cookies to facilitate access to the Services and to personalize your experience. Through the use of a cookie, Tectrade also may automatically collect information about your activity while using Services. Tectrade may use this data to better understand how you interact with the Services, to monitor aggregate usage by our users, and to improve our Services. Most browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies.

Use and Transfer of Information

Tectrade’s services are provided by the teams based out of the United Kingdom, however, processing of Business Contact Information is also conducted by individuals in the United States.

Processing of backup-data is done through our teams in United Kingdom.

All employees are referenced, their identities confirmed and the right to work verified, all employees and contractors are subject to our information security policies and procedures. Anyone who has access to Backup Data additionally has a background security check which includes criminal, financial, education and employment history.

We have verified that our preferred cloud hosting company and our CRM system provider (as US entities operating out of the EEA) are both US Privacy Shield certified. If there are any other requirements for us to process or transfer personal data outside of the EEA, then these will be clearly communicated and the appropriate safeguards (Privacy Shield and/or EU Model Clauses) put in place.

Tectrade will disclose personal data to governmental or regulatory bodies as and when required to do so by law.

Changes to the Fair Processing Notice

Tectrade will occasionally update this Fair Processing Notice. The latest version of this Fair Processing Notice will be available through our website.