Data Protection Statement

Introduction

Ormonde Technologies (SurfBox) Ltd (‘the Company’) needs to collect user data (information) for limited purposes from users of its services in public libraries, shopping centres, airports, hotels and other public venues hosting its services. The purpose of processing user data is for the delivery of internet, print and copy services at these venues. Data Protection is the safeguarding of the privacy rights of individuals in relation to the processing of user data.

This is a statement of the Company’s commitment to protect the rights and privacy of individuals in accordance with the General Data Protection Regulation (GDPR).

Data Protection Principles

The Company will administer its responsibilities under the regulation in accordance with the stated data protection principles as follows:

  1. Obtain and process information fairly

The Company will obtain and process user data fairly and in accordance with the fulfilment of its functions. The user data obtained during the fulfilment of its functions are as follows:

  • Printing: Individual’s documents submitted for print purposes. Additionally, the individual’s email address is required to be submitted for the purpose of submission of print jobs via email.
  • Scanning / Copying: Individual’s documents obtained for scanning purposes. Additionally, individual’s email is required to be submitted for the purpose of scanning document to email.
  • Public Internet & PC Access: The company does not obtain any user data in the provision of public internet & PC access services. No usernames, email addresses or passwords are required to use these services.
  1. Keep it only for one or more specified, explicit and lawful purposes

The Company will keep data for purposes outlined in the previous section that are specific, lawful and clearly stated and the data will only be processed in a manner compatible with these purposes. The Company will not retain or disclose user data for any purpose other than for delivery of its services.

  1. Keep it safe and secure

The Company will take appropriate security measures against unauthorised access to, or alteration, disclosure or destruction of, the data and against their accidental loss or destruction. The Company is aware that high standards of security are essential for all personal information.

  1. Retain it for no longer than is necessary for the purpose or purposes

The Company will only retain data for the duration of its service delivery and for any support purposes relating to the services. Specifically, data is retained temporarily for the purposes outlined in Section 1 as follows:

  • Printing: Jobs submitted for printing are retained in electronic format for printing purposes up to a maximum of three days. Print jobs cannot be exported or duplicated for printing or viewing elsewhere. Physical print copies can only be obtained by the user by means of a one-time PIN code that has been returned to their email address.
  • Scanning / Copying: Documents obtained for scanning or copying purposes are stored in a temporary folder for the duration of the user’s session. They are permanently deleted at the end of the session.
  • Public Internet & PC Access: Documents may be downloaded during user sessions.on public internet devices. These can be used for viewing, editing and printing purposes, but these documents are permanently deleted at the end of each user session.
  • Card Payments: The company does not record or store customers’ card details in the delivery of its services.  Card details are forwarded to a PCI compliant payment gateway provider for payment processing.

Company Responsibilities

The Company has overall responsibility for ensuring compliance with the Data Protection regulation. However, all employees of the Company who collect and/or control the contents and use of user data are also responsible for compliance with the Data Protection regulation. The Company will provide support, assistance, advice and training to all staff to ensure it is in a position to comply with the legislation. The Company has appointed a Data Protection Officer who will assist the Company and its staff in complying with the Data Protection legislation.

Customer Responsibilities

The Customer must take care to collect all documents at the end of their session, and to verify that such documents (printed, scanned, etc.) obtained from  their use of the Company’s services, are solely their own property. On occasion other documents may be obtained, which are the property of other Customers, either through system or user error, or other fault. In such instances the Location Provider staff and / or the Company must be notified immediately. All such documents must be securely disposed of. All such incidents will be investigated by the Company’s Customer Service team.
All system faults (e.g. no document received, paper out, paper jam, etc.) must be reported to the Location Provider staff and / or the Company for intervention. All documents obtained upon resolution of such faults when the Customer is not present, must be securely disposed of, unless otherwise agreed with the Customer.

Procedures and Guidelines

This Statement supports the provision of a structure to assist in the Company’s compliance with the Data Protection regulation, including the provision of best practice guidelines and procedures in relation to all aspects of Data Protection.

Review

This Statement will be reviewed regularly in light of any legislative or other relevant indications.

Last Updated

This documents was last updated on Monday 9 October 2023.