The GDPR compliance applies to all organisations within the UK and UCi2i is required to communicate how we will manage the limited personal information we hold on our customers and commercial contacts.
As a provider of video communication services the customer data we hold is limited to information relevant to this service and your contact information for those contacts with whom we hold contractual agreements with. We also maintain a database of prospective customers with whom we will communicate with about the services we can provide.
This data maintained to support the contractual and legitimate interests of our current and prospective customers and ourselves in the provision and delivery of our service to the UK and EU marketplace. Consent is in place within the GDP Regulations to hold and fairly process personal data where such legitimate interests exist.
As a business UCi2i takes the utmost care to protect the data we hold and to ensure that it is only used for its intended purpose of supporting our existing customers, delivery of service to them or to market our services to prospective new customers. UCi2i hold certification to ISO27001 to underline our security credentials and demonstrate the importance of information security to all interested parties. Access by unauthorised parties is strictly prohibited and prevented through the application of suitable and appropriate security restrictions.
UCi2i will not share this data with 3rd parties unless they are an authorised member of our supply chain who are required to process data on our behalf to enable the delivery of our services and support of UCi2i as a business function. UCi2i will not sell or share this data with 3rd parties seeking to provide other services or permit such activity to be undertaken regarding the information we share with our supply chain.
Your rights under the GDPR are not affected by our processing of this data however should you wish to contact us with any requests for information please address your communication to firstname.lastname@example.org.
Should the request be required to be handled by the organisation with whom the original consent was established we shall notify you of this.
Extract from UCi2i 27001:2013 - document, "ISMS Risk Assessment Methodology, Treatment & Acceptance v3"
Under the requirements of the GDPR UCi2i undertake risk assessment of their supply chain who have 3rd party access to personal data held by the business. This includes:
Commercial Contact Data – CRM content
Commercial data held by UCi2i is consented to either under the provision of being related to a contract or by legitimate interest. The data must be securely controlled and prevented from unauthorised access using the internal controls established within the ISMS.
Commercial Contract Provision – client data
The requirements for processing data as a 3rd party require formal contractual agreements to be in situ that provide the authorisation from the principal data collector or a partner thereof. It is vital that UCi2i holds details of the authorisation that covers these relationships in order to confirm that processing is lawful.
The configuration of our Video Application Environment (VAE) does not permit the retention and therefore processing of content communicated during video calls. The retention of data associated with this function is restricted to the details of the end point caller and recipient establishing a footprint of call structure and duration but NOT content.
To assess the capabilities of our supply chain to manage our GDPR obligations for the protection of this data and the prevention of unauthorised access, processing or corruption of the data sets we hold and process we have established an additional risk assessment mechanism.
UCi2i will determine whether the supplier has 3rd party access to our data sets and record this under a ‘GDPR’ field within the RA-RTP.
Should this field be ‘Yes’ then a risk value using our 1-5 matrix and the rating used for the Confidentiality risk to the data will be recorded. Resulting from this risk rating will be a description of the controls applied to determine suitable due diligence actions to address GDPR risk.
Internal HR Data
The requirements for holding and processing internal HR data are provided by the Consent Form all staff sign to freely provide consent. The controls provided by the ISMS establish suitable information security protection over this data set and its management within the business.
A Personal Data Inventory has been created to map the extent of the data we hold and process plus maintain as part of our obligations to staff under the GDPR.
The training requirements of GDPR are determined within the RA-RTP to demonstrate the application of controls related to staff functions within UCi2i.
Outcomes & Compliance
The expectation of UCi2i is to demonstrate compliance at all times with the requirements of the GDPR. The risk actions will determine the nature of the compliance actions and controls required.
These can include training, application of ISMS controls and suitable due diligence evidence to support the assurances provided by our authorised 3rd party data processors.
You may download a copy of the UCi2i ISMS Policy from here.
A cookie is a small file which asks permission to be placed on your computer's hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.
Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
Your Consent: By using this website, you consent to the terms of our Privacy Statement and to UCi2i's processing of Personal Information for the purposes given above as well as those explained where UCi2i collects Personal Information on the web. Should the Privacy Statement change, we intend to take every reasonable step to ensure that these changes are brought to your attention by posting all changes prominently on our website for a reasonable period of time.