Data Protection Statement

Introduction

Ormonde Technologies (SurfBox) Ltd (the ‘Company’) needs to collect information (User Data) for limited purposes from a Customer (the ‘Customer’) using its services in public libraries, shopping centres, airports, hotels and other public venues (the ‘Location Provider’) hosting its services. The purpose of processing User Data is for the delivery of internet, print and copy services at these venues. Data Protection is the safeguarding of the privacy rights of the Customer in relation to the processing of User Data.
This is a statement of the Company’s commitment to protect the rights and privacy of the Customer in accordance with the General Data Protection Regulation (GDPR).

Data Protection Principles

The Company will administer its responsibilities under the regulation in accordance with the stated data protection principles as follows:

  1. Obtain and process information fairly

The Company will obtain and process User Data fairly and in accordance with the fulfilment of its functions. The User Data obtained during the fulfilment of its functions during a Customer session are as follows:

  • Printing: The Customer’s documents submitted for print purposes. Additionally, the Customer’s email address is required to be submitted for the purpose of submission of print jobs via email.
  • Scanning / Copying: The Customer’s documents submitted for scanning purposes. Additionally, the Customer’s email is required to be submitted for the purpose of scanning document to email.
  • Public Internet & PC Access: The Company does not obtain any User Data in the provision of public internet & PC access services. No usernames, email addresses or passwords are required to use these services.
  1. Keep it only for one or more specified, explicit and lawful purposes

The Company will keep data for purposes outlined in the previous section that are specific, lawful and clearly stated and the data will only be processed in a manner compatible with these purposes. The Company will not retain or disclose User Data for any purpose other than for delivery of its services.

  1. Keep it safe and secure

The Company will take appropriate security measures against unauthorised access to, or alteration, disclosure or destruction of, the data and against their accidental loss or destruction. The Company is aware that high standards of security are essential for all personal information.

  1. Retain it for no longer than is necessary for the purpose or purposes

The Company will only retain data for the duration of its service delivery and for any support purposes relating to the services. Specifically, data is retained temporarily for the purposes outlined in Section 1 as follows:

  • Documents for Printing: Documents submitted for printing are retained in electronic format for printing purposes up to a maximum of three days. Print jobs cannot be exported or duplicated for printing or viewing elsewhere. Physical print copies can only be obtained by the Customer by means of a one-time PIN code that has been returned to their email address, mobile app or desktop PC.
  • Documents for Scanning / Copying: Documents submitted for scanning or copying purposes are stored in a temporary folder for the duration of the Customer’s session. They are permanently deleted at the end of the session.
  • Documents on Public PCs: Documents may be downloaded during Customer sessions.on public internet PCs. These can be used for viewing, editing and printing purposes, but these documents are permanently deleted at the end of each Customer session.
  • User Email Addresses: User email addresses are retained for a period of ninety days for follow-up Customer Service, support and other operational reasons. Such data will not be used for other purposes, including marketing, either by the Company, or 3rd party companies.
  • Card Payments: The Company does not record or store Customers’ card details in the delivery of its services. Card details are forwarded to a PCI compliant payment gateway provider for payment processing.

Company Responsibilities

The Company has overall responsibility for ensuring compliance with the Data Protection regulation. However, all employees of the Company who collect and/or control the contents and use of User Data are also responsible for compliance with the Data Protection regulation. The Company will provide support, assistance, advice and training to all staff to ensure it is in a position to comply with the legislation. The Company has appointed a Data Protection Officer who will assist the Company and its staff in complying with the Data Protection legislation.

Customer Responsibilities

The Customer must take care to retrieve all documents at the end of their session, and to verify that such documents (printed, scanned, etc.) obtained from  their use of the Company’s services, are solely their own property. On occasion other documents may be obtained, which are the property of other Customers, either through system or Customer error, or other fault. In such instances the Location Provider staff and / or the Company must be notified immediately. All such documents must be securely disposed of. All such incidents will be investigated by the Company’s Customer Service team.
All system faults (e.g. no document received, paper out, paper jam, etc.) must be reported to the Location Provider staff and / or the Company for intervention. All documents obtained upon resolution of such faults, if the Customer is not present, must be securely disposed of, unless previously agreed otherwise with the Customer.

Procedures and Guidelines

Review

This Statement supports the provision of a structure to assist in the Company’s compliance with the Data Protection regulation, including the provision of best practice guidelines and procedures in relation to all aspects of Data Protection.

This Statement will be reviewed regularly in light of any legislative or other relevant indications.

Last Updated

This documents was last updated on Tuesday 9 January, 2024.