Customer FAQ – GDPR

  1. What personal data do we process?

The personal data we collect and process from you varies and depends on the equipment and service options you have selected. For a list of the personal data we may collect and process, please see our Privacy Statement.

  1. How do we use your personal data?

We use your personal data to provide you with goods and services in accordance with the service agreements you have in place with us. For a further list of how we use your personal data, please refer to our Privacy Statement.

  1. Do you have policies and procedures in place for detecting, reporting and dealing with breaches?

As a Kyocera Group Company, Annodata has implemented KYOCERA-Group Data Breach Notification Procedure which sets the procedure for handling a breach and the breach reporting procedure. This is available upon request from

  1. Do you offer staff training on Data Protection?

Yes, we conduct in-house data training via e-learning. The training is mandatory and monitored by our HR team.

  1. How do you check that there has been no internal unauthorized access to personal data? 

There are a variety of measures in place including:-

  • restricted access to data by user and user type;
  • secured personal log in details;
  • use of locks, security codes and passwords (changed frequently);
  • automatic systems screen lockout when not in use;
  • revocation of access upon employees leaving the company.

Annodata is ISO27001 accredited and is able to provide copies of its policies and procedures on information security if this is required.

  1. How do you destroy personal information?

We use a third party data destruction company and ensure that all employees comply with Annodata’s Data Retention Policy when handing and deleting personal data. All data in hard copies located within Annodata offices are shredded when reaching the end of an applicable retention period. Soft copy data is kept until the end of the applicable retention period for the specific goods and/or services provided and then deleted. Hard disk drives are destroyed via a third party data destruction company where this forms part of Annodata’s contract with a Customer.

  1. Are any of your processing activities carried out by third parties (sub-processors)? 

Any processing we conduct in order to deliver services to you will be covered under our service agreements with you or will be subject to a data processing agreement. Please also see our Privacy Statement.

  1. How do you deal with subject data requests?

Where we act as a data controller, we will ensure we meet subject data requests as per the regulations. Data subjects can make a request by emailing

  1. How is data transferred?

Via email, internal developed systems and/or secured external systems.

  1. In what countries are those people to whom you disclose the information?

Annodata uses UK sub-contractors or by exception local in-country sub-contractors within the EEA where service delivery is to Annodata customers based elsewhere in the EEA. We may also disclose information to our Kyocera Group Companies. Where we transfer personal data obtained from our customers outside of the EEA, we only do so on the basis of appropriate safeguards to protect that data. These may include contractual protections we have in place with those parties or transferring your data to countries or parties which are recognised as providing suitable protection by the European Commission.

  1. What technical and organisational measures do you have in place to ensure adequate security of the data you process?

Annodata is ISO27001 accredited with regard to information security – policies and procedures in relation to Information Security are available on request. Annodata’s personnel and sub-contractors are subject to a duty of confidence under their contracts.

If you have further questions or require further clarification, please contact