< Back to Privacy Policy

What data do we collect? 

In order to contact you to provide our services we will record names, email addresses and phone numbers for people working with our associated with our clients.  In addition we record technical information required to provide IT services which may include IP addresses and credential information. 

We will have access to personal data hosted in your systems as part of our agreement. 

We record phone calls for training and quality purposes. 


How we use your data 

We use personal details and technical information stored on our systems to supply consultancy or support services to our clients.  This data is not shared outside our organisation. 

We may also process your personal data in order to provide services via third parties such as email hygiene, antivirus, backups, data storage, software as a service or platform as a service (such as Office 365 or Microsoft Azure) at your request. 


Our Legal basis 

Our contract with you as a client provides the legal basis for processing. 


Third Parties 

We may process your data via transferring it to third parties in order to provide additional services to you as described in the ‘How we use your data’ section above.  A list of the third parties that we use can be found at www.doherty.co.uk/sub-processors


Data Location 

Personal data held about you is held either at our offices in London, Microsoft Office 365 and Microsoft Azure.  EU locations are used for Microsoft services.  Data locations for our sub-processors can be found in the link above. 


Is the data transferred abroad? 

In addition to staff located at our office in Richmond we provide our 24/7 support service from a solely owned office in Malaysia.  Our fully vetted staff in the office access our systems in London remotely and do not process any data locally except for data held in cloud services that may be synced to local desktops. 


How long we keep the data for? 

Technical and personal information for staff that are not the main contracts will be removed if you cease to be an active client (that is, if you have not purchased anything from us in 2 years).


How we safeguard your data 

We use appropriate technical and organisational measures to safeguard your data including: 

- Multi-factor authentication on all systems that allow access to personal data 
- Staff have access to only data appropriate to perform their roles 
- Access audit logging for systems containing personal data 
- DBS checks 
- Strong data encryption at rest 
- Where appropriate, encryption of data in use 
- Closed-circuit television 
- 24/7 Security guards 
- Strong physical access controls to systems containing personal data.