How digitally mature is your NHS digital frontdoor? | Take the free assessment
📢 New from Silicon Practice - Patient Digital Assistant, Referral Flow & Online Booking. Read our latest newsletter.
đź’ˇ Cancer care technology in action - join our Healthcare and Digital Transformation webinar.

Schappit Privacy Notice

Our contact details

ICO – Registration Number ZA074234


Name: Schappit Ltd


Address: Schappit Ltd
Unit 26 Oak Business Centre
79-93 Ratcliffe Rd
Sileby
Leicester
LE12 7PU


Phone Number: 01793 710500


E-mail: gdpr@siliconpractice.co.uk

For all enquiries regarding data protection please address your correspondence to our Risk and Compliance Officer (gdpr@siliconpractice.co.uk) who will liaise with our Data Protection
Officer as needed.

Important Information

This notice is provided for visitors to our website, potential customers, current customers,
suppliers, and any other persons whose information is processed by Schappit as a data
controller. This notice explains how and why we collect and process your personal data.

In addition, privacy information is provided to Schappit staff via an Internal Privacy Notice
and to job applicants via the Job Applicant Privacy Notice which is accessed via the Schappit
Website.

The provision of privacy information is primarily the responsibility of data controllers.
Patients of our customers should refer to the privacy notice on their Practice’s website. They
may also find the information within our Data Protection Agreement which details how we comply with data protection requirements when delivering our services to Practices.

Leaving our site

Our website may contain links to other websites of interest. We do regular audits to ensure
the sites we link to meet our privacy requirements along with conducting checks to ensure
security of these websites, but we cannot guarantee their content or security, as we don’t
have any control over the other website. Therefore, we cannot be responsible for the
protection and privacy of any information which you provide whilst visiting these sites.

What types of information do we collect and process?

We currently collect and process the following information:

  • Personal identifiers- first name, surname, title, contact address, email address, telephone number
  • Transactional data- invoicing information, order forms and other information relating to products/services you have purchased from us and correspondence relevant to the delivery of a contract
  • Technical Data- IP address

How do we collect the information and why do we have it?

All the information we process is provided to us directly by you for one of the following
reasons:

  • So that you can make a general enquiry
  • So that you can request more information about our products/services
  • So that you can enter into a contract with us for our products/services


Under the UK General Data Protection Regulation (GDPR), the lawful bases we rely on for
processing this information are:

  • The data subject has given consent to the processing of his or her personal data for one
    or more specific purposes
  • The processing is necessary for the performance of a contract to which the data subject is
    party or in order to take steps at the request of the data subject prior to entering into a
    contract
  • The processing is necessary for compliance with a legal obligation to which the controller
    is subject

What do we do with the information we have?

We use the information you have given us to:

  • Respond to a general enquiry that you have made
  • Respond to a request for more information about our products/services
  • Enter into a contract with you
  • Fulfil our contractual and/or legal obligations


We may share your personal data with the following third parties to support the performance
of a contract or to fulfil a legal obligation:

  • Professional advisors acting a sub-processors or controllers e.g. lawyers, accountants
  • Government agencies such as HMRC
  • Service providers acting as sub-processors that provide IT and admin support e.g. Google
    Drive, Atlassian, Amazon Web Services

These third parties are subject to the same data protection requirements as Schappit and as
part of our duty to you we regularly review our terms and conditions with third parties to
ensure ongoing compliance.

How do we store your information?

Your information is securely stored within our CRM System, Zoho CRM, our Microsoft Email, and Microsoft OneDrive. Customer invoices are securely stored within Zoho Books and Helpdesk correspondence is securely stored within a system called Zoho Desk and Zoho
CRM.

We retain personal information only for as long as necessary to fulfil the purposes that we collected it for. Once we have entered into a contract with a customer, we will retain all information relevant to that contract, including invoicing records and identifiable data for a period of six years from the end of the year to which it relates, in line with legal requirements. Once the retention period has expired your information will be deleted from our systems and any paper records physically destroyed using confidential shredding.

We backup all our data for a period of 90 days. Backup data is encrypted and stored off site in a secure UK data centre before being automatically destroyed.

Your data protection rights

Under data protection law, you have rights including:

Your right of access– You have the right to ask for copies of your personal information

Your right to rectification– You have the right to ask to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is complete

Your right to erasure– You have the right to ask us to erase your personal information in
certain circumstances

Your right to restriction of processing– You have the right to ask us to restrict the processing
of your information in certain circumstances

Your right to object to processing– You have the right to object to the processing of your
personal data in certain circumstances

Your right to data portability– You have the right to ask that we transfer the information you
gave us to another organisation, or to you, in certain circumstances. This covers data that is
processed by automated means (paper documents are not included)

You are not required to pay any charge for exercising your rights. However, we can charge you a “reasonable fee” for the administrative costs of complying with your request if:

  • it is manifestly unfounded or excessive; or
  • you request further copies of your data following an initial request.

If you make a request, we have within one month to respond to you. If the request is complex
or you have submitted a number of requests, we may inform you that we have extended this
time period up to a maximum of a further two months.

If you wish to make a request, please contact us at:

Risk and Compliance Manager

Address: Schappit Ltd
Unit 26, Oak Business Centre
79-93 Ratcliffe Rd
Sileby
Leicester
LE12 7PU

Phone Number: 01793 710500

E-mail: gdpr@siliconpractice.co.uk

How to complain

We encourage you to bring concerns to our attention if you think that our collection or use of information is unfair, unlawful, or misleading. If you wish to make a complaint, please contact us in the first instance using the contact details referred to above.

You can also complain to the ICO if you are unhappy with how we have used your data.

The ICO’s address is:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline number: 0303 123 1113

Review and monitoring

We regularly review and, where necessary, update this notice. As a minimum this notice is reviewed annually.

If we plan to use personal data for a new purpose, we will update our privacy information, communicate the changes to affected individuals and where necessary identify a new legal basis for processing before the new purpose is pursued.

 v1.3