Complete IT Systems Limited was established in 2007. Our highly experienced team have many years’
experience of advising customers on the best-fit software licensing, hardware, virtualization, data
protection, security, general IT services and solutions. Our team will help you make the right decisions
for you organisation.
Complete IT Systems Limited is a company registered in England and Wales, with company number
The EU General Data Protection Regulation (GDPR) is a significant piece of European legislation,
which came into force on the 25th May 2018. It builds on existing data protection laws,
strengthening the rights that EU individuals have over their personal data, and creating a single data
protection approach across Europe.
How will Complete IT Systems Limited comply with the GDPR?
Our GDPR preparation started in July 2017 and as part of this process we have reviewed (and
updated where necessary), all our internal processes, procedures, data systems and documentation
to ensure that we are ready when GDPR comes into force on the 25th May 2018.
Our GDPR Principles are:
- Data is processed fairly and lawfully
- Data is processed only for specified and lawful purposes
- Processed data is adequate, relevant and not excessive
- Processed data is accurate and, where necessary, kept up to date
- Data is not kept longer than necessary
- Data is processed in accordance with an individual’s consent and rights
- Data is kept secure
- Data is not transferred to countries outside of the European Economic Area (‘EEA’) without
Data Retention and Deletion – When we receive a deletion instruction from a data subject, we will
delete the relevant personal data from our systems unless retention obligations apply. Our Data
Retention and Destruction Policy clearly sets out such retention obligations.
Data Subject’s Rights – We will fulfil our obligations to respond to requests from data subjects to
exercise their rights under GDPR-specified timeframes.
For security purposes, any visitors to Complete IT Systems Limited at any of our office locations shall
be required to register personal data at the entrance.
Additionally, CCTV recordings are made at both the entrance of the buildings, and internally within
the buildings. This personal data is processed in compliance with the applicable GDPR principles.
Amongst other things, this means that personal data is not kept longer than strictly necessary.
Complete IT Systems Limited is a BSI ISO 9001 & 14001:2015 accredited company.
Certificate ID: 000289 & 000290 respectively.
Complete IT Systems Limited also processes personal data to comply with the eight principles of the
UK Data Protection Act 1998.
Under the GDPR, we must notify any data breach to the controller without undue delay.
Complete IT Systems Limited therefore has processes, systems and procedures in place for
identifying, reviewing and promptly reporting data breaches to the relevant controller.
We would provide the controller with:
- A description of the nature of the breach
- Contact details of the responsible data protection officer or any other contact person
- Likely consequences of the breach
- Proposed and imposed measures that were taken to limit harmful effects
Incident Notifications – We shall promptly inform data subjects of incidents involving their personal
data in line with any data breach notification terms in our current agreements and the updated
terms that will apply when GDPR comes into force.
Complete IT Systems Ltd have comprehensive technical and organisational security measures in
place to mitigate against a data breach.
Legitimate interest statement
As from 25 May 2018, under the General Data Protection Regulation, Complete IT Systems Ltd have relied on legitimate interest as per GDPR Article 6(1)(f) for some of its processing of data. This permits the organisation to contact its customers and prospects by email and phone. Individuals are free to opt out of this contact at any time.
Clear information about how individuals can opt out of contact or change their contact preferences is prominent on each outbound email. Our detailed rationale for claiming legitimate interest is as follows:
The purposes for which we will use individuals’ personal information will be to send email newsletters about technology and business services to people in relevant job roles with the goal of assisting their business IT objectives and knowledge.
Articles 47 and 48 of the GDPR say that direct marketing activity is a legitimate interest; in particular, in the context of a relevant and appropriate relationship between the PAV and the individual (the recipient), there would be a reasonable expectation that business contact details are used for these purposes.
Any GDPR related questions should be addressed to; Complete IT Systems Limited at firstname.lastname@example.org