1. Introduction
This fair processing notice is provided by C.D.S Computer Design Systems Limited, a company registered in England with registration number 01092135 and whose registered office address is: Suite 5.2, 5th Floor, Building 8, Exchange Quay, Salford Quays, Manchester M5 3EJ (referred to as “we” or “us” in this notice).
From time to time, as part of running our business, we collect and use certain personal information about individuals who work within certain sectors addressed by our software products and services, including but not limited to: oil and gas distribution, construction, and occupational health and safety (we refer to such individuals in this notice as “contacts” or “you”).
Where we collect personal information and decide what it is used for and how it is used, then under data protection law, we are categorised as a data controller. This means that we have certain legal responsibilities about how we use your personal information.
2. Scope
This policy explains our privacy practices and covers the following:
What personal information we collect about you
Where we get such personal information from
How we use your personal information
Who we share your personal information with
How long we keep your personal information for
Any transfers involving your personal information
How we legally justify using and sharing your personal information
How to contact us and your legal rights regarding your personal information
Other relevant information
3. What personal information we collect about you
We collect information about contacts who work for:
Our existing customers – we collect and use certain personal information about contacts who work at organisations who are our existing customers, for example we may need to collect details about a contact who works in a customer’s accounts’ or sales’ team.
Our existing suppliers – we collect and use certain personal information about contacts who work at organisations who provide goods and services to us, i.e. our suppliers.
Other third parties – from time to time we may also collect information about contacts at other third party organisations, such as potential customers, suppliers to our customers, contacts who work for trade bodies or for other organisations in the industries mentioned above.
Regardless of which organisation listed above you may be associated with, the information which we collect about you will only include (as a maximum) your name, work email, work phone number, place of work and a job title. Therefore, all information which we collect about you will be in a “business to business” context and will not contain any sensitive information or information relating to your home life.
4. Where we get such personal information from
We collect personal information from a variety of sources, including:
from your employer;
from a third party organisation, for instance another organisation involved in the relevant industry;
from publicly available information such as Companies House or trade body publications;
from you directly, for instance prospective customers can provide contact details through our website, or where we otherwise have direct contact with you in a business context.
5. How we use your personal information
Providing and receiving services – As a supplier of software and related services across a number of industries, we need to communicate effectively and efficiently with various parties in the supply chain, in order to facilitate our provision of high quality and timely communications and services. Similarly, where your organisation provides services to us, we will need to know which individuals at your organisation we need to communicate with and keep details of their personal information. Therefore, our main use of your personal information will be in relation to projects which we are involved in and services which we provide and receive, to enable us to liaise effectively with our customers, suppliers and other third parties.
Business Development – as a business, we want to make organisations in the industry aware of the range of products and services which we can offer, including new solutions, thought leadership and special offers. We keep lists of contacts on our client relationship management (CRM) system and from time to time we may send marketing information to you. However, we will only send you marketing emails and other communications where we have your consent to our doing so. Please see paragraph 10 below regarding your right to object at any time to receiving direct marketing information.
6. Who we share your personal information with
We will keep your information within our organisation, and will not share it except where described below or where disclosure is required by law.
Existing customers and suppliers – we may share your information with your employer and other organisations who are involved in the supply chain in the relevant industry in relation to our provision of our products and services.
Individuals at potential customers – we have a supplier called Mailchimp, to whom we may transfer your personal information. Please see paragraph 8 below for further details of this transfer.
All individuals – we also use various IT suppliers from time to time, some of whom may receive your personal data in order to provide their IT services and solutions to us. We have in place agreements with our IT suppliers which impose GDPR compliant obligations on them.
7. How long we keep your information for
Existing Customers and Existing Suppliers – if you work at an existing customer or supplier of ours with whom we have a contract then generally speaking, we will keep your personal information for the duration of such contract plus a period of 7 years following expiry or termination of the contract.
Other third party contacts – generally, we will hold personal information about you whilst we have a reasonable expectation of an ongoing or imminent future relationship with you, and we will review such personal information on an annual basis to determine whether it should be deleted.
8. Transfers of your personal information
We use a supplier called Mailchimp, to provide email marketing services to prospective customers. Mailchimp are based in the United States and under UK data protection law, we are required to ensure that where personal information is transferred to an entity outside of the United Kingdom, that adequate safeguards are put in place to protect the personal information. One way of ensuring that adequate safeguards are in place for a transfer to an entity based in the United States, is by sending the personal information to an entity with whom we have in place an agreement incorporating the standard contractual clauses (SCCs), and by undertaking a transfer impact assessment (a risk assessment, which takes into account the protections contained in the SCCs and the legal framework of the destination country (including laws governing public authority access to the data), and taking additional security measures where applicable). The Mailchimp SCCs are available to view at https://mailchimp.com/en-gb/legal/data-processing-addendum/.
Other than in relation to Mailchimp, we will not transfer your personal information outside of the United Kingdom – it is stored on servers based in the UK.
9. Legal grounds for processing your personal information
Every use that we make of contact personal information must meet a legal ground in the list set out by data protection law. The grounds which we rely upon are as follows:
Marketing – in relation to marketing activity which we perform using your personal information, we will only send you marketing communications where we have your consent to our doing so. If you withdraw your consent to receive marketing information at any time, or if you object to receiving direct marketing information, we will cease sending you any more marketing information. However, we will keep minimal personal information about you on a screening list, to ensure that we do not accidentally send you marketing information against your wishes in the future.
General uses – the legal ground which is relevant to us processing contact personal information for all other purposes set out in this fair processing notice (including transfers of personal information outside of the UK to Mailchimp as set out at paragraph 8 above) is that such processing is necessary for us to achieve our legitimate interests, and where your rights are not jeopardised so as to override this legitimate interest. Our legitimate interests include ensuring that we can communicate effectively with the relevant personnel at our suppliers, customers and other third parties in the supply chain, in order for us to provide our services in a timely and professional manner and honour our commitments to the parties who we work with.
10. Your rights in relation to your personal information
If you have any questions in relation to our use of your personal information, you should first contact us using the contact details in paragraph 11 below. Under certain conditions, you may have the right to require us to:
(a) provide you with further details on the use we make of your personal information and/or transfer a copy of your personal information to another data controller;
(b) provide you with an electronic copy of personal information that we hold;
(c) update any inaccuracies in the personal information we hold, restrict processing of your personal information;
(d) delete any personal information that we no longer have a lawful ground to use;
(e) object to our use of your personal information which is based on the ‘legitimate interests’ legal ground. If our use of your personal information based only on this legal ground is causing you undue harm, then we must cease using your personal information for that purpose.
You also have the right to object to receiving direct marketing communications from us and where any use of your personal information is based on consent (including direct marketing), to withdraw that consent at any time. This is an absolute right – if you exercise it, we will promptly cease sending any further marketing information to you.
Your exercise of most of these rights is subject to certain conditions and exemptions, for example to safeguard the public interest in investigating crimes, or protecting legal privilege. If you exercise any of these rights we will check your entitlement and respond in most cases within a month.
If you are not satisfied with our use of your personal information or our response to you, you can complain to the contact listed at paragraph 11 below. You also have the right to complain to the Information Commissioner’s Office (ICO) at any time.
11. Website Information
Cookies
Cookies are small text files that are placed on your computer or mobile phone when you browse websites. Our cookies make our website work as you would expect and are removed when you close your browser.
We do not use cookies to: collect any personally identifiable information (without your express permission); pass data to advertising networks; or to pass personally identifiable data to third parties.
Links to other websites
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
12. Other Information
We will use reasonable endeavours to ensure that your personal information is accurate. In order to assist us with this, you should notify us of any changes to your personal information that we hold, by contacting us as set out below.
This fair processing notice may change at any time in the future and if it does we will use our reasonable endeavours to notify you of any changes.
We are required to employ adequate technical and organisational security measures to protect your personal information from any loss, destruction, damage or unlawful disclosure.
If you have questions about this fair processing notice, please contact:
Data Compliance Officer
C.D.S. Computer Design Systems Ltd
Suite 5.2, 5th Floor
Building 8
Exchange Quay
Salford Quays
Manchester
M5 3EJ
Telephone: 0161 832 9251
Email: please mark, “FAO DPO” in email title: cds@cds-systems.co.uk
