Privacy Policy
This fair processing notice is provided by C.D.S Computer Design Systems Limited, a company registered in England with registration number 01092135 and whose registered office address is: The Mill, South Hall Street, Salford, Manchester, M5 4TP (referred to as “we” or “us” in this notice).
From time to time, as part of running our business, we collect and use certain personal information about individuals who work within certain sectors addressed by our software products and services, including but not limited to: oil and gas distribution, construction, and occupational health and safety (we refer to such individuals in this notice as “contacts” or “you”).
Where we collect personal information and decide what it is used for and how it is used, then under data protection law, we are categorised as a data controller. This means that we have certain legal responsibilities about how we use your personal information.
This policy explains our privacy practices and covers the following:
• What personal information we collect about you
• Where we get such personal information from
• How we use your personal information
• Who we share your personal information with
• How long we keep your personal information for
• Any transfers involving your personal information
• How we legally justify using and sharing your personal information
• How to contact us and your legal rights regarding your personal information
• Other relevant information
1. What personal information we collect about you
We collect information about contacts who work for:
• Our existing customers – we collect and use certain personal information about contacts who work at organisations who are our existing customers, for example we may need to collect details about a contact who works in a customer’s accounts’ or sales’ team.
• Our existing suppliers – we collect and use certain personal information about contacts who work at organisations who provide goods and services to us, i.e. our suppliers.
• Other third parties – from time to time we may also collect information about contacts at other third party organisations, such as potential customers, suppliers to our customers, contacts who work for trade bodies or for other organisations in the industries mentioned above.
Regardless of which organisation listed above you may be associated with, the information which we collect about you will only include (as a maximum) your name, work email, work phone number, place of work and a job title. Therefore, all information which we collect about you will be in a “business to business” context and will not contain any sensitive information or information relating to your home life.
2. Where we get such personal information from
We collect personal information from a variety of sources, including:
• from your employer;
• from a third party organisation, for instance another organisation involved in the relevant industry;
• from publicly available information such as Companies House or trade body publications;
• from a telemarketing organisation (including a company called Toucan Telemarketing Ltd);
• from you directly, for instance prospective customers can provide contact details through our website, or where we otherwise have direct contact with you in a business context.
3. How we use your personal information
(a) Providing and receiving services – As a supplier of software and related services across a number of industries, we need to communicate effectively and efficiently with various parties in the supply chain, in order to facilitate our provision of high quality and timely communications and services. Similarly, where your organisation provides services to us, we will need to know which individuals at your organisation we need to communicate with and keep details of your personal information. Therefore, our main use of your personal information will be in relation to projects which we are involved in and services which we provide and receive, to enable us to liaise effectively with our customers, suppliers and other third parties.
(b) Business Development – as a business, we want to make organisations in the industry aware of the range of products and services which we can offer, including new solutions, thought leadership and special offers. We keep lists of contacts on our client relationship management (CRM) system and from time to time we may send marketing information to you. However, we will only send you marketing emails and other communications where we have your consent to our doing so. Please see paragraph 7 below regarding your right to object at any time to receiving direct marketing information.
4. Who we share your personal information with
We will keep your information within our organisation, and will not share it except where described below or where disclosure is required or permitted by law.
• Existing customers and suppliers – we may share your information with your employer and other organisations who are involved in the supply chain in the relevant industry in relation to our provision of our products and services.
• Individuals at potential customers – we have a supplier called Mailchimp, to whom we may transfer your personal information. Please see paragraph 6 below for further details of this transfer.
5. How long we keep your personal information for
• Existing Customers and Existing Suppliers – if you work at an existing customer or supplier of ours, then we will retain your personal information for the period set out in the relevant contract between us and the relevant customer / supplier. Where no such period is stipulated in the contract, then we will keep your personal information for a period of 7 years following expiry or termination of the contract.
• Other third party contacts – generally, we will hold personal information about you whilst we have reasonable expectation of an ongoing or imminent future relationship with you, and we will review such personal information on an annual basis to determine whether it should be deleted.
6. Transfers of your personal information
We use a supplier called Mailchimp, to provide email marketing services to prospective customers. Mailchimp are based in the United States and under data protection law, we are required to ensure that where personal information is transferred to an entity outside of the European Economic Area, that adequate safeguards are put in place to protect the personal information. One way of ensuring that adequate safeguards are in place for a transfer to an entity based in the United States, is by sending the personal information to an entity who is signed up to the Privacy Shield framework. Privacy Shield is essentially a self-certification scheme, under which organisations can sign up to a compliance framework which has been approved by the European Commission as offering adequate protection for personal information – in effect, the US based entity is required to have internal standards in place relating to protecting and handling personal information that are similar to those in force under European data protection law.
You can find out more about Privacy Shield, and Mailchimp’s registration with the Privacy Shield framework, via the following link: https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&status=Active
Other than in relation to Mailchimp, we will not transfer your personal information outside of the United Kingdom – it is stored on servers based in the UK.
7. Legal grounds for processing your personal information.
Every use that we make of contact personal information must meet a legal ground in the list set out by data protection law. The grounds which we rely upon are as follows:
• Marketing – in relation to marketing activity which we perform using your personal information, we will only send you marketing communications where we have your consent to our doing so. If you withdraw your consent to receive marketing information at any time, or if you object to receiving direct marketing information, we will cease sending you any more marketing information. However, we will keep minimal personal information about you on a screening list, to ensure that we do not accidentally send you marketing information against your wishes in the future.
• General uses – the legal ground which is relevant to us processing contact personal information for all other purposes set out in this fair processing notice (including transfer of personal information outside of the EEA as set out at paragraph 6 above) is that such processing is necessary for us to achieve our legitimate interests, and where your rights are not jeopardised so as to override this legitimate interest. Our legitimate interests include ensuring that we can communicate effectively with the relevant personnel at our suppliers, customers and other third parties in the supply chain, in order for us to provide our services in a timely and professional manner and honour our commitments to the parties who we work with.
8. Your rights in relation to your personal information
If you have any questions in relation to our use of your personal information, you should first contact us using the contact details in paragraph 9 below. Under certain conditions, you may have the right to require us to:
(a) provide you with further details on the use we make of your personal information and/or transfer a copy of your personal information to another data controller;
(b) provide you with an electronic copy of personal information that we hold;
(c) update any inaccuracies in the personal information we hold, restrict processing of your personal information;
(d) delete any personal information that we no longer have a lawful ground to use;
(e) object to our use of your personal information which is based on the ‘legitimate interests’ legal ground. If our use of your personal information based only on this legal ground is causing you undue harm, then we must cease using your personal information for that purpose.
You also have the right to object to receiving direct marketing communications from us and where any other use of your personal information is based on consent, to withdraw that consent at any time.
Your exercise of most of these rights is subject to certain conditions and exemptions, for example to safeguard the public interest in investigating crimes, or protecting legal privilege. If you exercise any of these rights we will check your entitlement and respond in most cases within a month.
If you are not satisfied with our use of your personal information or our response to you, you can complain to the contact listed at paragraph 9 below. You also have the right to complain to the Information Commissioner’s Office (ICO) at any time.
9. Other Information
We will use reasonable endeavours to ensure that your personal information is accurate. In order to assist us with this, you should notify us of any changes to your personal information that we hold, by contacting us as set out below.
This fair processing notice may change at any time in the future and if it does we will use our reasonable endeavours to notify you in advance of any changes.
We are required to employ adequate technical and organisational security measures to protect your personal information from any loss, destruction, damage or unlawful disclosure.
If you have questions about this fair processing notice, please contact:
Graham Wilson Theaker
Finance Planning Director and Data Compliance Officer
C.D.S. Computer Design Systems Ltd
The Mill, South Hall Street
Salford
M5 4TP
Telephone: 0161 832 9251
Email: gwt@cds-systems.co.uk