Data Controller Statement

This statement, which follows the UK Information Commissioner’s Office checklist, explains why we consider that we are an independent data controller of the personal data that we collect from customers and users of the Itarmi Platform.

1. WHY WE ARE A DATA CONTROLLER

1.1 We decided to collect or process the personal data

1.1.1 In defining the end-to-end architecture of the Itarmi Platform, we have decided that we need to collect specific personal data in order to provide our services through the Itarmi Platform.

1.1.2 We will develop the architecture of the Itarmi Platform and also our decision-making about the personal data we need to process.

1.2 We decided the purpose or outcome of processing

1.2.1 In collecting personal data, we have decided why it was collected and how we will use it in delivering our services (subject to having a lawful basis for processing), including, for example: (i) providing authentication methods (e.g. SSO, domain, IP registration), (ii) delivering personalisation features (iii) where and how the data is stored (i.e. on-premise and hosted servers/services), (iv) providing bespoke, time-sensitive services through the Itarmi Platform and making available suitable methods of communication.

1.3 We decided what personal data should be collected

1.3.1 We have determined the types and format of personal data to collect from users.

1.3.2 We will continue to develop our data collection over time, according to our policies and changes to the Itarmi Platform.

1.4 We obtain a commercial gain from the processing

1.4.1 In processing personal data, we gain insights into the usage of the Itarmi Platform, allowing us to determine our roadmaps for future development of features and content.

1.5 We make decisions about the individuals concerned as part of the processing

1.5.1 Based on individual usage of the Itarmi Platform, we determine what content is relevant to the user, what content we wish to make available or promote to individuals (e.g. information, reports, statistical data, notifications, blog posts, infographics).

1.5.2 We send out information on how to use the Itarmi Platform and to notify users of maintenance, updates and improvements.

1.5.3 We decide how to engage with users after periods of inactivity (e.g. to ascertain whether they are still current users and/or whether there are any issues with their usage).

1.6 We exercise professional judgement in the processing of personal data

1.6.1 We use the extensive collective professional experience within our leadership, commercial, product development and operations teams (especially experience within the IT, engineering and software sectors), as well as the data-led knowledge, to determine what, why and how to process personal data.

1.7 We have a direct relationship with data subjects

1.7.1 Beyond personalisation features, our account management, operations, resourcing, finance, legal and other teams engage with users of the system in order to support them in their use of the Itarmi Platform and our services. In relation to customers, we aim to have several stakeholder relationships in order enhance the user experience and the utility of our system.

1.8 We have autonomy as to how the personal data is processed

1.8.1 Subject to applicable laws, we determine how the personal data is processed.

1.9 We have appointed processors to process personal data on our behalf

1.9.1 In determining the architecture for the Itarmi Platform and the data processing activities, we contract with reputable service providers (including software, hosting and CRM service providers), which are critically important to supporting the Itarmi Platform. We continue to invest considerable strategic and operational time in tailoring the Itarmi Platform’s interaction with such platforms and services so as to provide a good user interface and experience.

1.9.2 We take steps to ensure that these companies are compliant with applicable laws, including confirming their commitment to implementing required technical and organisational measures to preserve the security and integrity of personal data.

2. WHY WE ARE NOT A JOINT CONTROLLER

2.1 We do not have a common objective with others regarding data processing

2.1.1 We value our commercial relationships; however, we determine our policy on how and why we process data. Customers engage with us to receive IT engineering services; as a commercial and practical reality, they do not determine how we process data or how our proprietary Platform operates. We decide these matters for the benefit of users as a whole.

2.2 We are not processing personal data for the same purpose as another controller

2.2.1 Customers process data for the purposes of advancing their own business and operations. We work with a wide range of customers across different sectors, each of which has its own purposes.

2.2.2 We are a distinct business with our own purpose: the delivery and development of the Itarmi Platform and our suite of services. The Itarmi Platform is key to making us a disruptive business within our sector and it is aligned with our own business mission and purposes.

2.3 We are not using the same personal data set for processing as another controller

2.3.1 We do not use a common database with customers.

2.4 We have not designed our process with another controller

2.4.1 We have designed the Itarmi Platform, systems and processes on our own. Customers are not involved in our design process for the Itarmi Platform or related back end functions.

2.4.2 We are actively engaged in a process of constant and dynamic development of the Itarmi Platform. Customers do not have a say in that process or its ultimate outcome.

2.5 We do not have common information management rules with another controller

2.5.1 Our information management systems are internal to our organisation and have been carefully developed by us. We are building our infrastructure with greater complexity and improved delivery all the time. We do not share these systems with customers.

3. WHY WE ARE NOT A DATA PROCESSOR

3.1 We do not follow data processing instructions from someone else

3.1.1 Whilst we are contracted to provide services to customers and other users, the Itarmi Platform development and our focus on software-enabled IT engineering service delivery informs our decision-making about how and why we process personal data.

3.1.2 Customers or third parties do not decide how we use personal data within the Itarmi Platform.

3.2 We are not given the personal data by a third party or told what data to collect

3.2.1 As the designers of the Itarmi Platform, we have established what information we need in relation to users. We request this data as part of the Itarmi Platform registration process.

3.2.2 Users cannot access the Itarmi Platform without providing the information we require.

3.3 We decide to collect personal data from individuals

3.3.1 We have decided to collect personal data from individuals.

3.4 We decide what personal data should be collected from individuals

3.4.1 We have decided what particular personal data we collect.

3.5 We decide the lawful basis for the use of that personal data

3.5.1 We have determined the lawful bases on which we process personal data. In most cases, we will rely on legitimate interests, but we will also seek explicit consent where required.

3.6 We decide what purposes the personal data will be used for

3.6.1 We have decided the purposes for which the data will be used. We will continue to develop these purposes in line with the requirements of the Itarmi Platform development and our business strategy.

3.7 We decide whether to disclose the personal data and to whom

3.7.1 We decide whether or not to disclose the personal data internally and/or to third parties.

3.7.2 In relation to third parties, disclosure is invariably required to support the Itarmi Platform’s efficiency and development and we try to minimise this, per data protection principles.

3.8 We decide how long to retain the personal data

3.8.1 We have decided how long we need to retain the data, based on our operational, business and legal requirements.

3.9 We do not implement data processing decisions under third party contracts

3.9.1 We make the decisions on how the data is processed, as set out in our Privacy Policy.

3.10. We are directly interested in the end result of the processing

3.10.1 We are very interested in the end result of the processing because this helps us to deliver high quality services as well as being a key element of our product and Platform development cycle.

HomeServicesEngineersThe PlatformAbout us
NewsCase studiesContact

Looking for IT Solutions?

Gain access to all the local IT expertise you need to deliver on your global objectives. Get up and running immediately.

Get in touch

Want to become an Itarmi engineer?

Gain resilience and strength with Itarmi, giving you the power to transform your working life. Get in touch today.

Join the pack

© 2024 Itarmi. All rights reserved.

Website design by Silverback®