How Red Train IT Ltd uses your personal data

What types of data do we collect?

During the course of our relationship with you, we will potentially have access to and be processing (where relevant), usernames, passwords, IP addresses, and other personal information in the course of managing our clients’ systems and fulfilling our obligations to any services we are contracted to provide.  If you visit our website, we collect the data shown in any comments form you may fill in, and also record your IP address and browser user agent string to help spam detection.

What types of data do we store?

We will not store any of the above types of information in any form on our own systems, with the exception of client system access details, and names and addresses within contract documents, which are all held securely in a secure vault that is protected using multi-factor authentication and that has full audit logs enabled.  However, client systems that we support, or systems that belong to us that you connect to, may store access details that include dates and times, source IP address, user credentials, and other personal data (where this has been explicitly supplied by the connecting party).  We will not use this data for any purpose other than to provide any services we are contracted to provide to you, or where required for legal reasons, but we may store it for as long as necessary to fulfill our contractual obligations to you.

How do we collect the data we collect?

As part of managing our clients’ systems, we may install an agent on each computer and server to be supported.  This agent collects details about the computer on a regular basis, including who is currently logged onto it, the software installed on it, a list of IP addresses it is using (which may allow for approximate geolocation), and information about hard drive space, processor utilisation, and other machine health statistics.  We will not use this data for any purpose other than to fulfil our contractual obligations to our clients, however it may be stored for as long as necessary to fulfil our services under our contracts.  Where monitoring systems are not developed in-house, any third party system used is fully vetted prior to adoption, to ensure that the data collected will remain secure and is only accessible by us.

Cookies

If you leave a comment on our website you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.  If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.  When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Contact forms

If you use the contact form on our website to get in touch with us, an email is sent directly to our team.  No personal data is retained by the website however if the nature of the contact request requires it, we will retain a copy of the request within our internal systems such that we can respond to it as necessary.

How you can obtain a copy of the data we store about you

You can ask us for a copy of the information we hold about you if you wish, by emailing support@redtrain.it with the subject line of GDPR DATA REQUEST.

Is there anything else I need to be aware of?

Where we offer managed services, such as those via the Red Train Cloud where clients may store data on our servers, we only use recognised, GDPR-compliant datacentres and providers that conform to at least ISO 27001 standards.  Where Red Train Cloud services are being used, it is the client’s responsibility to ensure that they have permission to store and process the data on the platform as Red Train IT Limited has no control over the data being stored within its cloud by third parties or its clients.  We will not disclose any information held by us on behalf of a client unless required to do so by law or for the purposes of law enforcement or other similar investigation, but we may retain system access logs for up to ten years for audit purposes, in case these need to be presented to the authorities at a later date.