Network DNA telephone contact 01224 515160

Cloud Managed Networking

Cloud Managed Networking is here! Cisco Meraki delivers simplified management and configuration of wireless devices, switches and security products through a single interface.

  • 100% Cloud Managed with Advanced Security and Performance
  • Deploy new devices in minutes
  • Deploy devices at remote sites with ease
  • Provide simple and secure remote access for home workers
  • Monitor traffic on your network in detail with built-in tools
Cloud Managed Networking

Contact our experienced engineers at Network DNA to discuss and advise on cloud managed network solutions, providing ease of management in a cost effective environment.



Want ease of communication, using whatever device available? Collaboration is the way to go, unified communications to connect to the network, anywhere, anytime with any device in a secure environment.

  • Unified Communications – Voice & Video
  • Total mobility, anytime, anywhere, any device
  • Mobile applications, content & collaboration services
  • Secure mobile devices with BYOD solutions
  • Telepresence – HD video conferencing
  • Collaborate anywhere on any device with Cisco Jabber
  • Cloud Hosted or On-Premise solutions available

Contact our experienced engineers at Network DNA for advice and solutions to enable a seamless collaboration platform available whenever it’s required, allowing your company to innovate, be more productive and grow profitability.


Data Centre

The Cisco Unified Computing System is an integrated architecture comprising of storage, networking, virtualisation and management in one platform providing efficiency and flexibility for growth.

  • Cisco UCS is the smart, innovative, unified fabric computing infrastructure that simplifies operations and speeds deployment. It runs applications faster in bare-metal, virtualized, and cloud computing environments
  • Increase innovation & growth
  • Efficiency & Flexibility – networking/security
  • Reduced complexity & cost by simplifying management
  • New servers are automatically configured and ready for use in minutes
  • Cisco Nexus series switches designed for the DataCentre
  • EMC, XIO and Cisco Storage Solutions
Data Centre

Contact our experienced engineers at Network DNA for DataCentre design solutions that will enable your company to increase their systems’ performance and flexibility, whilst achieving a reduction on infrastructure and power costs.


Enterprise Data Networking

Take control and simplify your network using smarter routers and switches to easily identify devices and traffic bottlenecks. Network Solutions are available for provision of video access, mobility and cloud computing with easy management and security in mind.

  • Cisco Catalyst Switches for the ultimate in flexibility and performance
  • Cisco ISR G2 modular routers can provide a host of functions within a single high performance router chassis
  • Enterprise grade wireless Networking providing the latest 802.11 a/g/n technology for maximum performance and reliability
Enterprise Data Networking

Contact our experienced engineers at Network DNA to discuss solutions that enables simplification and optimization of your IT resources. Deliver an uncompromised application experience to your customers and employee’s today


Managed Services

Managing your Infrastructure can take up valuable time. Here at Network DNA, we can assist with all aspects of your network, from support and design, to fully managed services. Using our own customized management tools we can monitor, detect and resolve network problems before you are aware of them.

  • Bespoke Network design, installation & support services
  • Project Management and Peer Review Services
  • Proactive monitoring and reporting of network infrastructure components
  • Engineers available for Onsite, Offshore & Overseas works
  • Remote problem solving and telephone support
  • Monthly support contracts tailored to suit requirements
  • Hardware and Software Maintenance contracts
Managed Services

Contact our experienced engineers at Network DNA to assist with the design, installation, monitoring and reporting of your company network infrastructure. Use our specialist knowledge to help you get the most from your business.



In today’s highly connected and increasingly mobile world, companies need to ensure that their company data is secure. Solutions need to deliver seamless layered defenses, along with complete control to ensure continuous protection.

  • Strong protection: Users are protected everywhere, using Cisco’s unparalleled global threat intelligence database in real time
  • Complete control: Deliver global control through policies that provide dynamic security for your web or email content
  • Investment value: Minimize costs with flexible deployment, best-in-class uptime, faster integration, and simplified management
  • Firewall: Cisco’s Next Generation ASA Firewalls provide unmatched performance and security
  • Protection: Sourcefire Anti Malware Protection and Intrusion Security Prevention protects against malware and quickly remediates infections in minutes
  • Cisco Cloud Web Security: Ensures that all web traffic is filtered before reaching the internal network, mobile users are protected as well

Contact our experienced engineers at Network DNA to assist with security solutions that can provide network visibility, a clearer understanding of users and applications and guards against any emerging threats, therefore protecting your corporate network.


About Network DNA Ltd

At Network DNA , we are focused on providing network design, installation and support services with the highest levels of customer satisfaction – we will do everything we can to meet your expectations.

We were founded in 2008, by Managing Director Bill Anderson, and Operations Director Ross MacGregor, both experienced in networking and communications.

We wanted to create a fully focused specialist consultancy with a no compromise strategy to provide you with the best possible service.

For professional IT services call

01224 51 51 60

Meet the Team

Bill Anderson
Ross MacGregor
Tony Smith
Alice Robertson
Bill Laing
Chris Booker

Who are you?

Bill Anderson - Managing Director

What do you do?

My role is to lead the team both technically and from a business perspective. I led the implementation of our own ERP system in between customer meetings and doing system design work. I love a challenge.

What's your background?

I started out as an apprentice sparky and soon moved into IT to escape the electric shocks. I've worked in most areas of IT from PC Support, Servers and storage but eventually found my calling in comms. I can remember being one of the first in Aberdeen to install a cisco router back when they were beige. The early part of my networking career was spent in the routing arena, when multiprotocol routers really meant it! IP, IPX, Appletalk, DECNet, Vines, OSI, you name it, we routed it. I was then heavily involved in the deployment of early switching solutions, and then moved into Voice and Callmanager. I have deployed routing, switching and voice solutions all over the world.

When your not here what do you do?

I play guitar and love my music. I'm a keen film buff, as long as its not to difficult to follow, and has at least one explosion in it. When it comes to sports I can only be described as a huge petrol head. Oh and I'm partial to the odd Lager and a game of darts now and then.

Favourite Music and why?

Rock, more rock and maybe a bit of rock when it's quiet. With the exception of really elaborate Prog Rock. I don't have the attention span for 30 minute keyboard solos. My favourite album of all time is Back in Black by AC/DC which I remember (faintly) buying at the tender age of 11.

Who are you?

Ross MacGregor - Operations Director

What do you do?

A little bit of everything. I oversee the daily operations of the business and try to ensure the business is running as smoothly and efficiently as possible.

What's your background?

I started out in IT at the age of 18 as a Computer operator for RGIT then moved to Vetco Gray for 19 years. I've worked with various systems including IBM Mainframes, UNIX, Novell, Windows and had various roles from PC Support, Server Support, UNIX admin, Network admin, voice admin to project management, you name it I've done it. I've worked on Projects all over the world with experience of deployments in the UK, Scandinavia, ASPAC, Africa and America. Setting up Network DNA in 2008 was the next logical step.

When your not here what do you do?

If the sun is shining I'm on the golf course, if it's cold and wet i'll have my nose in a book with music playing in the background. And if the Dons are at home I can be found at Pittodrie.

Favourite Music and why?

Mostly Indie and Alternative stuff from the 80's or 90's. My Favorite single was Waterfront by Simple Minds, before they went all stadium as it reminds me of growing up in Glasgow, it rained a lot!

Who are you?

Tony Smith - Technical Manager

What do you do?

Technically I design solutions and lead projects. Operationally I act as escalation for technical issues and I also oversee the internal sales operations.

What's your background?

I started work in fisheries research, moving into instrumentation and telemetry, where I had my first experience with microprocessor based systems. Following from there I worked mainly in software development for industrial and energy management controls, before getting involved in networking. I've worked with Cisco kit since the early ‘90s and have been involved in voice and data center products as well as routing and switching for a long time.

When your not here what do you do?

Away from work I like to go sailing when we get the chance, and also enjoy most types of DIY.

Favourite Music and why?

My favourite piece is Beethoven's violin concerto.

Who are you?

Alice Robertson - Sales Support

What do you do?

I provide sales support to the engineers, dealing with quotations and ordering from suppliers, controlling maintenance schedules. Assisting with accounts. Liaising with customers and suppliers.

What's your background?

I have been working in I.T for the past 7 years in a sales support capacity.

When your not here what do you do?

Normally running around after my kids but when I do get time to myself I love to go to the gym, read a good book and of course shop!

Favourite Music and why?

INXS, New Sensation as it reminds me of my first ever concert.

Who are you?

Bill Laing - Senior Network Engineer

What do you do?

I install equipment, diagnose problems and fix things. I mostly work in quadrant one, but I'd rather be in quadrant 2 - (Google it.)

What's your background?

It was once commented about me, in an entirely disrespectful manner, that I had been in the computer business since God's dog was a puppy. It's true that when I started in IT memory was £1 per byte, yes £1 per byte. Having cut my teeth on mainframes, I subsequently worked my way down to tills, but I drew the line at fixing Commodore 64s and Amigas. I have lived and worked in all the usual oil company locations worldwide, on a diverse range of defence, network, communications, server, and PC equipment.

When your not here what do you do?

When I am not at work, I am often at work at home because I enjoy computing and electronics as a hobby. I also dabble with creative writing and have recorded some of my experiences abroad. Dialogue between myself and a local truck driver. "God has spoken to me." "Oh yeah! What did He say?" He said, "You would buy me my dinner." For his cheek I did, it didn't cost much, but next day I offered the perfect response, a pure 24-carat gold winner. "Yes but God hasn't told ‘me' yet."

Favourite Music and why?

"Save the Last Dance for Me" by the Drifters. Why because it is one of the many records my older sister brought home when she had just left school and started work.

Who are you?

Chris Booker - Network Analyst

What do you do?

I monitor and manage all our customer networks. I also make site visits for installs and upgrades including offshore work. From a simple vlan change or phone update to configuring routing on a global network or a new build CUCM server, my work is certainly varied and interesting!

What's your background?

I was a BT engineer for 14 years. Starting as a line engineer climbing up poles in all weathers was quite a challenge, then moving into the business side working with Cisco, Nortel, Avaya and BT PBX systems. Highlight was a 3 month secondment to work at the London Olympics as a network engineer, a fantastic experience I'll never forget. Shortly after that I passed CCNA and started with the team here at Network DNA in 2013. Since then I have gained Meraki CMNA, Cisco Express Field Engineer certification and currently working towards CCNP.

When your not here what do you do?

In my workshop building or fixing off-roaders and rally cars, when they work I'm competing at events trying not to break them. I also enjoy exploring the Scottish mountains. The South Shiel Ridge with its 7 Munro's is a great days walk, especially the Cluanie Inn afterwards.

Favourite Music and why?

Firestarter by The Prodigy – If there's a wood burning stove in the room, I've already got it lit!!

Hosted Telephony

Network DNA - Hosted Telephony
Hosted Telephony services have become very popular over the last few years as the technology has matured. The benefits of hosted vs on premise are as follows:
  • Low implementation costs
  • Monthly payments spread over contract length
  • Services hosted in the cloud
  • Data managed and backed up remotely
  • Full unified communications solution
  • No annual maintenance costs

We offer a full Cisco hosted solution based on Unified Communications manager platform, this multi tenanted solution is great for any size of business who want a defined monthly cost and no management overhead of the telephone services.

Plans start from as little as £8 per user per month.


  • Call Recording
  • Call Reporting
  • Voice-mail
  • Ringing groups
  • Auto Attendants
  • Call Forwarding
  • Soft Phones
  • Call Waiting
  • Caller ID
  • Call Conferencing
Hosted Telephony
Guest WiFi
SMB Security Product
Cisco Energy Management Suite
Storage Solutions
Voice & Data Connectivity

some case studies

  • Proserv
    read more

    The challenge was to bring all the business units together, standardise their network infrastructure and implement a corporate WAN to connect sites in the UK, Norway, the Middle East and the US and to install a corporate telephony solution.

  • Proserv2
    read more

    Details of three new Proserv projects. New Corporate Office move, New Phone system in ASPAC and Upgrading the UK Call Manager system.

  • Enquest
    read more

    Enquest asked Network DNA to design a LAN upgrade that would provide increased performance, capacity and reliability.

  • Gamola Golf
    read more

    Wireless network coverage was required to cover all areas of the building to allow for the use of wireless barcode scanners for stock control and management.

  • Kinmuck
    read more

    Community Broadband project required Infrastructure design, support and network management.

  • Oil and Gas
    read more

    Network DNA Ltd. completed the rollout of a consolidated worldwide Cisco IP Telephony system for a major multinational Oil and Gas Service company. Servicing over 6000 users, across 5 continents, 9 countries and over 25 Sites.

  • Blaze
    read more

    Network DNA Ltd. have recently completed the rollout of a Unified Communications system and network for Blaze Manufacturing Solutions.

  • Ensco
    read more

    Network DNA have completed an upgrade of the IP Communications platform for Ensco Services Limited in Portlethen Aberdeen. This involved replacing the call processing hardware, and a migration from Cisco Callmanager 4.

  • Journeycall
    read more

    Journeycall recently relocated their operational personnel to a facility in Arbroath from two facilities in Laurencekirk and Brechin but there was also a short-term requirement to leave some services in Laurencekirk.

Our partners include:

  • Cisco

  • Arc Solutions

  • Solarwinds

  • Tiger Communications plc

  • Singlewire Software

  • Datalogic solutions

  • EMC

  • Kube Networks

  • Meraki

  • Purple wifi

  • Sip synergy

Please get in touch

Privacy Notice Policy

1. What we need

Our Data Protection Policy governs the use and storage of your data.

Network DNA Ltd is a Controller of the personal data you, as a customer or supplier provide us or our partner. We collect the following types of personal data from you:

2. Why we need it

We need your personal data in order to provide you with the following services:

3. What we do with it

Your personal data is processed in Aberdeen located in United Kingdom with storage located in compliant EU based data centers.

No third party providers have access to your data, unless specifically required by law.

4. How long we keep it

All data is kept as per detailed in our Data Retention Policy. After the set period, your personal data will be irreversibly destroyed.

Any personal data held by us for marketing and service update notifications will be kept by us until such time that you notify us that you no longer wish to receive this information.

Please see Data Retention Schedule for more information on our personal data retention schedule.

5. What are your rights?

Should you believe that any personal data we hold on you is incorrect or incomplete, you have the ability to request to see this information, rectify it or have it deleted.

Please contact us by post on:

Network DNA Ltd 12 Ruddiman Drive Laurencekirk AB30 1GB

Or by emailing

In the event that you wish to complain about how we have handled your personal data, please contact Data Protection Officer at or in writing at the address above. Our Data Protection Officer will then look into your complaint and work with you to resolve the matter.

If you still feel that your personal data has not been handled appropriately according to the law, you can contact Information Commisioner’s Officer and file a complaint with them.

Data Protection Policy

1. Purpose, Scope and Users

Network DNA Ltd hereinafter referred to as the “Company”, strives to comply with applicable laws and regulations related to Personal Data protection in countries where the Company operates.

This Policy sets forth the basic principles by which the Company processes the personal data of consumers, customers, suppliers, business partners, employees and other individuals, and indicates the responsibilities of its business departments and employees while processing personal data.

This Policy applies to the Company and its directly or indirectly controlled wholly-owned subsidiaries conducting business within the European Economic Area (EEA) or processing the personal data of data subjects within EEA.

The users of this document are all employees, permanent or temporary, and all contractors working on behalf of The Company.

2. Reference Documents

3. Definitions

The following definitions of terms used in this document are drawn from Article 4 of the European Union’s General Data Protection Regulation:

Personal Data: Any information relating to an identified or identifiable natural person ("Data Subject") who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Sensitive Personal Data: Personal data which are, by their nature, particularly sensitive in relation to fundamental rights and freedoms merit specific protection as the context of their processing could create significant risks to the fundamental rights and freedoms. Those personal data include personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation.

Data Controller: The natural or legal person, public authority, agency or any other body, which alone or jointly with others, determines the purposes and means of the processing of personal data.

Data Processor: A natural or legal person, public authority, agency or any other body which processes personal data on behalf of a Data Controller.

Processing: An operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of the data.

Anonymization: Irreversibly de-identifying personal data such that the person cannot be identified by using reasonable time, cost, and technology either by the controller or by any other person to identify that individual. The personal data processing principles do not apply to anonymized data as it is no longer personal data. Pseudonymization: The processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person. Pseudonymization reduces, but does not completely eliminate, the ability to link personal data to a data subject. Because pseudonymized data is still personal data, the processing of pseudonymized data should comply with the Personal Data Processing principles. Cross-border processing of personal data: Processing of personal data which takes place in the context of the activities of establishments in more than one Member State of a controller or processor in the European Union where the controller or processor is established in more than one Member State; or processing of personal data which takes place in the context of the activities of a single establishment of a controller or processor in the Union but which substantially affects or is likely to substantially affect data subjects in more than one Member State;

Supervisory Authority: An independent public authority which is established by a Member State pursuant to Article 51 of the EU GDPR;

Lead supervisory authority: The supervisory authority with the primary responsibility for dealing with a cross-border data processing activity, for example when a data subject makes a complaint about the processing of his or her personal data; it is responsible, among others, for receiving the data breach notifications, to be notified on risky processing activity and will have full authority as regards to its duties to ensure compliance with the provisions of the EU GDPR;

Each “local supervisory authority” will still maintain in its own territory, and will monitor any local data processing that affects data subjects or that is carried out by an EU or non-EU controller or processor when their processing targets data subjects residing on its territory. Their tasks and powers includes conducting investigations and applying administrative measures and fines, promoting public awareness of the risks, rules, security, and rights in relation to the processing of personal data, as well as obtaining access to any premises of the controller and the processor, including any data processing equipment and means.

“Main establishment as regards a controller” with establishments in more than one Member State, the place of its central administration in the Union, unless the decisions on the purposes and means of the processing of personal data are taken in another establishment of the controller in the Union and the latter establishment has the power to have such decisions implemented, in which case the establishment having taken such decisions is to be considered to be the main establishment; “Main establishment as regards a processor” with establishments in more than one Member State, the place of its central administration in the Union, or, if the processor has no central administration in the Union, the establishment of the processor in the Union where the main processing activities in the context of the activities of an establishment of the processor take place to the extent that the processor is subject to specific obligations under this Regulation; Group Undertaking: Any holding company together with its subsidiary.

4. Basic Principles Regarding Personal Data Processing

The data protection principles outline the basic responsibilities for organisations handling personal data. Article 5(2) of the GDPR stipulates that “the controller shall be responsible for, and be able to demonstrate, compliance with the principles.”

4.1 Lawfulness, Fairness and Transparency

Personal data must be processed lawfully, fairly and in a transparent manner in relation to the data subject.

4.2 Purpose Limitation

Personal data must be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.

4.3 Data Minimization

Personal data must be adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed. The Company must apply anonymization or pseudonymization to personal data if possible to reduce the risks to the data subjects concerned.

4.4 Accuracy

Personal data must be accurate and, where necessary, kept up to date; reasonable steps must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified in a timely manner.

4.5 Storage Period Limitation

Personal data must be kept for no longer than is necessary for the purposes for which the personal data are processed.

4.6 Integrity and confidentiality

Taking into account the state of technology and other available security measures, the implementation cost, and likelihood and severity of personal data risks, the Company must use appropriate technical or organizational measures to process Personal Data in a manner that ensures appropriate security of personal data, including protection against accidental or unlawful destruction, loss, alternation, unauthorized access to, or disclosure.

4.7 Accountability

Data controllers must be responsible for and be able to demonstrate compliance with the principles outlined above.

5. Building Data Protection in Business Activities

In order to demonstrate compliance with the principles of data protection, an organisation should build data protection into its business activities.

5.1 Notification to Data Subjects

(See the Fair Processing Guidelines section.)

5.2 Data Subject’s Choice and Consent

(See the Fair Processing Guidelines section.)

5.3 Collection

The Company must strive to collect the least amount of personal data possible.

If personal data is collected from a third party, Data Protection Officer must ensure that the personal data is collected lawfully.

5.4 Use, Retention, and Disposal

The purposes, methods, storage limitation and retention period of personal data must be consistent with the information contained in the Privacy Notice.

The Company must maintain the accuracy, integrity, confidentiality and relevance of personal data based on the processing purpose. Adequate security mechanisms designed to protect personal data must be used to prevent personal data from being stolen, misused, or abused, and prevent personal data breaches. Company Directors are responsible for compliance with the requirements listed in this section.

5.5 Disclosure to Third Parties

Whenever the Company uses a third-party supplier or business partner to process personal data on its behalf Data Protection Office must ensure that this processor will provide security measures to safeguard personal data that are appropriate to the associated risks. For this purpose, the Processor GDPR Compliance Questionnaire and Supplier Security Policy must be used.

The Company must contractually require the supplier or business partner to provide the same level of data protection.

The supplier or business partner must only process personal data to carry out its contractual obligations towards the Company or upon the instructions of the Company and not for any other purposes.

When the Company processes personal data jointly with an independent third party, the Company must explicitly specify its respective responsibilities of and the third party in the relevant contract or any other legal binding document, such as the Supplier Data Processing Agreement.

5.6 Cross-border Transfer of Personal Data

Before transferring personal data out of the European Economic Area (EEA) must be used including the signing of a Data Transfer Agreement, as required by the European Union and, if required, authorization from the relevant Data Protection Authority must be obtained. The entity receiving the personal data must comply with the principles of personal data processing set forth in Cross Border Data Transfer Procedure.

5.7 Rights of Access by Data Subjects

When acting as a data controller, Data Protection Officer is responsible to provide data subjects with a reasonable access mechanism to enable them to access their personal data, and must allow them to update, rectify, erase, or transmit their Personal Data, if appropriate or required by law. The access mechanism will be further detailed in the Data Subject Access Request Procedure.

5.8 Data Portability

Data Subjects have the right to receive, upon request, a copy of the data they provided to us in a structured format and to transmit those data to another controller, for free. Data Protection Team are responsible to ensure that such requests are processed within one month, are not excessive and do not affect the rights to personal data of other individuals.

5.9 Right to be Forgotten

Upon request, Data Subjects have the right to obtain from the Company the erasure of its personal data. When the Company is acting as a Controller, Data Protection Team must take necessary actions (including technical measures) to inform the third-parties who use or process that data to comply with the request.

6. Fair Processing Guidelines

Personal data must only be processed when explicitly authorised by Data Protection Officer.

The Company must decide whether to perform the Data Protection Impact Assessment for each data processing activity according to the Data Protection Impact Assessment Guidelines.

6.1 Notices to Data Subjects

At the time of collection or before collecting personal data for any kind of processing activities including but not limited to selling products, services, or marketing activities, the Data Protection Officer is responsible to properly inform data subjects of the following: the types of personal data collected, the purposes of the processing, processing methods, the data subjects’ rights with respect to their personal data, the retention period, potential international data transfers, if data will be shared with third parties and the Company’s security measures to protect personal data.

This information is provided through Privacy Notice.

Where personal data is being shared with a third party, Data Protection Officer must ensure that data subjects have been notified of this through a Privacy Notice. Where personal data is being transferred to a third country according to Cross Border Data Transfer Policy, the Privacy Notice should reflect this and clearly state to where, and to which entity personal data is being transferred. Where sensitive personal data is being collected, the Data Protection Officer must make sure that the Privacy Notice explicitly states the purpose for which this sensitive personal data is being collected.

6.2 Obtaining Consents

Whenever personal data processing is based on the data subject's consent, or other lawful grounds, Data Protection Officer is responsible for retaining a record of such consent.

Data Protection Officer is responsible for providing data subjects with options to provide the consent and must inform and ensure that their consent (whenever consent is used as the lawful ground for processing) can be withdrawn at any time.

When requests to correct, amend or destroy personal data records, Data Protection Team must ensure that these requests are handled within a reasonable time frame.

The Data Protection Team must also record the requests and keep a log of these.

Personal data must only be processed for the purpose for which they were originally collected.

In the event that the Company wants to process collected personal data for another purpose, the Company must seek the consent of its data subjects in clear and concise writing. Any such request should include the original purpose for which data was collected, and also the new, or additional, purpose(s). The request must also include the reason for the change in purpose(s).

The Data Protection Officer is responsible for complying with the rules in this paragraph.

Now and in the future, Data Protection Officer must ensure that collection methods are compliant with relevant law, good practices and industry standards. Data Protection Officer is responsible for creating and maintaining a Register of the Privacy Notices.

7. Organization and Responsibilities

The responsibility for ensuring appropriate personal data processing lies with everyone who works for or with the Company and has access to personal data processed by the Company.

The key areas of responsibilities for processing personal data lie with the following organisational roles:

The board of directors or other relevant decision making body makes decisions about, and approves the Company’s general strategies on personal data protection.

The Company Directors are responsible for:

The Data Protection Officer (DPO) or any other relevant employee, is responsible for:

The Security Officer, is responsible for:

The Sales manager, is responsible for:

The Service Delivery Manager is responsible for passing on personal data protection responsibilities to suppliers, and improving suppliers' awareness levels of personal data protection as well as flow down personal data requirements to any third party a supplier they are using.

8. Guidelines for Establishing the Lead Supervisory Authority

8.1 Necessity to Establish the Lead Supervisory Authority

Identifying a Lead supervisory authority is only relevant if the Company carries out the cross-border processing of personal data.

Cross border of personal data is carried out if:

  1. processing of personal data is carried out by subsidiaries of the Company which are based in other Member States;
  2. or

  3. b) processing of personal data which takes place in a single establishment of the Company in the European Union, but which substantially affects or is likely to substantially affect data subjects in more than one Member State.

If the Company only has establishments in one Member State and its processing activities are affecting only data subjects in that Member State than there is no need to establish a lead supervisory authority. The only competent authority will be the Supervisory Authority in the country where Company is lawfully established.

8.2 Main Establishment and the Lead Supervisory Authority

Main Establishment for the Data Controller

The board of director needs to identify the main establishment so that the lead supervisory authority can be determined.

If the Company is based in an EU Member State and it makes decisions related to cross-border processing activities in the place of its Headquarters, there will be a single lead supervisory authority for the data processing activities carried out by the Company.

If Company has multiple establishments that act independently and make decisions about the purposes and means of the processing of personal data, Board of Directors needs to acknowledge that more than one lead supervisory authority exists.

Main Establishment for the Data Processor

When the Company is acting as a data processor, then the main establishment will be the place of central administration. In case the place of central administration is not located in the EU, the main establishment will be the establishment in the EU where the main processing activities take place.

Main Establishment for Non-EU Companies for Data Controllers and Processors

If the Company does not have a main establishment in the EU, and it has subsidiarie(s) in the EU, then the competent supervisory authority is the local supervisory authority.

If the Company does not have a main establishment in the EU nor the subsidiaries in the EU, it must appoint a representative in the EU, and the competent supervisory authority will be the local supervisory authority where the representative is located.

9. Response to Personal Data Breach Incidents

When the Company learns of a suspected or actual personal data breach, Data Protection Officer must perform an internal investigation and take appropriate remedial measures in a timely manner, according to the Data Breach Policy.

Where there is any risk to the rights and freedoms of data subjects, the Company must notify the relevant data protection authorities without undue delay and, when possible, within 72 hours.

10. Audit and Accountability

The Board of Directors and all company managers are responsible for auditing how well business departments implement this Policy.

Any employee who violates this Policy will be subject to disciplinary action and the employee may also be subject to civil or criminal liabilities if his or her conduct violates laws or regulations.

11. Conflicts of Law

This Policy is intended to comply with the laws and regulations in the place of establishment and of the countries in which Network DNA Ltd operates.

In the event of any conflict between this Policy and applicable laws and regulations, the latter shall prevail.

12. Managing records kept on the basis of this document

Record name Storage location Person responsible for storage Controls for record protection Retention time
Data Subject Consent Forms Softcopy – In Finance locked filing cabinet
Hardcopy - Sales Platform
Data Protection Officer Only authorized persons may access the forms 10 years
Data Subject Consent Withdrawal Form Softcopy – In Finance locked filing cabinet
Hardcopy - Sales Platform
Data Protection Officer Only authorized persons may access the forms 10 years
Supplier Data Processing Agreements Softcopy – In Finance locked filing cabinet
Hardcopy - Sales Platform
Data Protection Officer Only authorized persons may access the forms 10 years
Register of Privacy Notices Company Drive – Data Register Folder Data Protection Officer Only authorized persons may access the folder Permanently