This policy describes how Spartan Global Services aims to repay the trust you have shown by sharing your personal data with us.
1.1 About us
Spartan Global Services is a provider of IT Asset management and disposal services, reverse logistics, repair and refurbishment and wholesaler of computers, computer peripheral equipment, mobile/wireless and software (company number 08446765) with registered office at 36 Rumer Hill Business Estate, Rumer Hill Road, Cannock, Staffordshire, WS11 0ET, United Kingdom.
1.2 Registration with the Information Commissioner’s Office
For the purpose of the Data Protection Act (2018) Spartan Global Services is registered as a data controller with the Information Commissioner’s Office with registration number ZA305461
1.3 Data Protection Officer
Spartan Global Services Data Protection Officer is:
Unit 36, Rumer Hill Business Estate, Rumer Hill Road, Cannock, Staffordshire, WS11 0ET
(t) 0330 058 9991
1.4 Personal Data Processed by [Spartan Global Services]
Spartan Global Services collects, stores and processes personal data for several purposes, :personnel administration, financial accounts, customer interaction, marketing and for the fulfilment of our services to our customers, including financial transactions. The detail of this is described in the table below.
When we process on the lawful basis of legitimate interest, we apply the following test to determine whether it is appropriate:
The purpose test – is there a legitimate interest behind the processing?
Necessity test – is the processing necessary for that purpose?
Balancing test – is the legitimate interest overridden, or not, by the individual’s interests, rights or freedoms?
1.5 Data Sharing
Spartan Global Services may share data with the following organisations and for the lawful reasons shown.
HMRC - Legal Obligation
Accountants - CJM Associates - Legal Obligation
Payroll - CJM Associates - Contract
I.T. Support Services - Headway Technology Ltd - Contract
HR - Peninsula Business Services Ltd.
Merchant Services - Stripe and PayPal
1.6 Sub-contract Processing
Spartan Global Services uses sub-contact organisations to process personal data under a written contract which defines that they must comply with stringent data privacy requirements. Spartan Global Services only employs organisations that comply with the provisions of the General Data Protection Regulation. These organisations are audited to ensure compliance. Spartan Global Services processors include:
Logistic Companies for the delivery of post and goods,
Card Merchant Services, for the secure processing of credit card payments,
Cloud based services for the secure hosting of:
telecoms (VOIP) and internet services ,
Spartan Global Services does not carry out profiling.
1.8 International Transfers
Spartan Global Services does transfer personal data outside of the United Kingdom when engaging with some Data Processors. We may send information outside of the UK where we use a service provider or technology provider based overseas. Where we send personal data outside the European Economic Area ("EEA") we will ensure that suitable safeguards are in place to protect the information. For example, these safeguards might include:
Model contractual clauses provided by the European Commission
The European Commission will decide that the country or international organisation has an adequate level of personal data protection
The information will be handled by an organisation that is providing a level of protection that’s approved by the European Commission. For example, the Privacy Shield scheme for organisations based in the USA
1.9 Secure storage of data.
Our information security management system (ISMS) is certified to ISO/IEC 27001. All our payment card processing is in compliance with PCI DSS. Our data storage is either hosted internally or via G Suite of which we have confirmed and contractual affirmation to required levels of security. Our email is facilitated by either Outlook (via a local server) or G Suite both of which are secured via our ISMS , and contractual affirmation respectively.
We do not, however, have any control over what happens between your device and the boundary of our information infrastructure. You should be aware of the many information security risks that exist and take appropriate steps to safeguard your own information. We accept no liability in respect of breaches that occur beyond our sphere of control.
1.10 Your Rights
You have the following rights concerning your personal data:
1.11 Your right to lodge a complaint with a supervisory authority
If you wish to exercise any of your rights concerning your personal data, you should contact [ORGANISATION NAME]’s Data Protection Officer at the address shown above. If you are not satisfied with the response you receive you have the right to lodge a complaint with the supervisory authority. In the United Kingdom this is:
Information Commissioner's Office
(t) 0303 123 1113