Privacy Policy

Overview – the key information you should be aware of

(A) Who we are: We are Converge-IT.Net Limited, a provider of cloud technology and hosted and managed IT support services based in England. , Our company number is 05874862 and our registered head office is at 7450 Daresbury Park, Daresbury, Warrington, Cheshire, WA4 4BS.

All references in this policy to “CTS”, “our”, “us” or “we” refer to Converge-IT.Net Limited, or our group companies and suppliers which provide services to us, as appropriate.  All references in this policy to “our website”, are a reference to the website owned by Converge-IT.Net Limited at cts.co.uk.

(B) Our values and what this policy is for: We value your privacy and want to be accountable and fair to you as well as transparent with you in the way that we collect and use your personal information.  We also want you to know your rights in relation to your information which you can find in section 6

In line with these values, this privacy policy tells you what to expect when we collect and use personal information about you.  We have tried to make it easy for you to navigate so you can find the information that is most relevant to you and our relationship with you.

We are always looking to improve the information we provide to our clients and contacts so if you have any feedback on this privacy policy, please let us know using our contact details in section 12

(C) Who this policy applies to:  This policy applies to:

  1. Visitors to our website in section 2.1
  2. Employees/contractors of our clients in section 2.2
  3. Prospective clients (who we send marketing communications to) in section 2.3
  4. Subscribers to our newsletters, event updates, emails, blog posts, resources and other published materials or communications in section 2.4
  5. People who contact us with enquiries in section 2.5 and
  6. Employees/contractors of our suppliers in section 2.6

Depending on our relationship, we will collect and use your information in different ways.  Please click on the links above to find out the information that we collect about you and how we use this information.

In respect of our provision of our products and/or services, we mainly use personal information collected through use of such products and/or services in accordance with the instructions of the employing/engaging corporate organisation providing you with access to and use of our products and/or services. Where not specified in this privacy policy, details of how your personal information will be used in these circumstances will be contained in your corporate organisation’s privacy policy. Please also refer to such policy as appropriate.

(D) What this policy contains: This privacy policy describes the following important topics relating to your information (you can click on the links to find out more):

  1. How we obtain your personal information in section 1
  2. Collection of your personal information and how we use it in section 2
  3. Our legal basis for using your personal information in section 3
  4. How and why, we share your personal information in section 4
  5. How long we store your personal information in section 5
  6. Your rights in section 6
  7. Marketing in section 7
  8. Where we may transfer your personal information in section 8
  9. Risks and how we keep your personal information secure in section 9
  10. Links to other websites in section 10
  11. Changes to this privacy policy in section 11 and
  12. Further questions and how to make a complaint in section 12

(E) Your rights to object: You have various rights in respect of our use of your personal information as set out in section 6. Two of the fundamental rights to be aware of are that you may:

  1. Ask us to stop using your personal information for direct-marketing purposes.  If you exercise this right, we will stop using your personal information for this purpose.
  2. Ask us to consider any valid objections which you have to our use of your personal information where we process your personal information on the basis of our, or another person’s, legitimate interest.

You can find out more information in section 6

(F) What you need to do and your confirmation to us: Please read this privacy policy carefully to understand how we handle your personal information. By engaging with us in the ways set out in this privacy policy, you confirm that you have read and understood the entirety of this privacy policy, as it applies to you.

 The detail – the key information you should be aware of

  1. 1. How we obtain your personal information
    You may provide us with your personal information voluntarily.  However, we may also receive information about you from third parties such as marketing agencies, market research companies, our clients, our suppliers, contractors and consultants at our sites, group companies, public websites and public agencies, which we refer to as “third party sources” or “suppliers” throughout this policy.  For example, if you are a user of our website, we utilise HubSpot (whose details are HubSpot Inc., 25 First Street, 2nd Floor, Cambridge, MA 02141 USA) for marketing automation services in respect of our website which involves tracking visitors’ interaction with our website through cookies.1.2 You may give us personal information about yourself by using the online forms or chat provided on our website, setting up an account with us, or by contacting us by phone, email or other means. This includes, for example, where you provide your personal information to us in order to receive information or services from us. If you are an employee/contractor of one of our clients or suppliers, your personal information may also be provided to us by such client or supplier of ours that acts as your employer/engager.
  2. 2. Collection of your personal information and how we use it
    Please go to the section or sections below that best describes our relationship with you to find out the information that we collect about you and how we use this information.  We refer to this as “personal information” throughout this policy.2.1 Visitors to our website(a) What personal information we collect about you

We, or third parties on our behalf, may collect and use any of the following information about you:

(i) your name;

(ii) your postal address;

(iii) your email address;

(iv) company and job title;

(v) your telephone number;

(vi) information provided when you correspond with us;

(vii) any updates to information provided to us;

(viii) personal information we collect about you or that we obtain from our third party sources;

(ix) the following information created and recorded automatically when you visit our website:

(A) Technical information. This includes: the Internet protocol (IP) address used to connect your computer to the internet address; the website address and country from which you access information; the files requested; browser type and version; browser plug-in types and versions; operating system; and platform. We use this personal information to administer our website, to measure the efficiency of our systems and to undertake an analysis on the locations from which people access our webpages.

We automatically collect certain data relating to the performance and configuration of our Service and our Customers’ and Authorized Users’ consumption, use of, and interaction with the Service (collectively, “Service Data“). While Service Data usually does not involve personal information, it may include such data in the following instances:

      1. technical information, or data obtained from APIs, software or systems hosting the products and services and devices accessing these products and services, log files generated during such use;
      2. data and metadata about an Authorized Users, such as user ID, email, IP address, other data about the user’s computer or other device, browser and connecting software (e.g., OS and software versions); and
  • data and metadata about an Authorized Users’ activities and behaviour within our Service, such as click-patterns and feature utilization.

Service Data is used by Snowflake, a third party of Hubspot for (a) providing, supporting and operating their products and services, (b) network and information security and (c) to analyse, develop and improve their products and services.

(B) Information about your visit and your behaviour on our website (for example, the pages that you click on).  This may include the website you visit before and after visiting our website (including date and time), time and length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page, traffic data, location data, weblogs and other communication data and information provided when requesting further services or downloads.

(b) How we use your personal information

We will collect, use and store the personal information listed above for the following reasons:

(i) to allow you to access and use our website;

(ii) to receive and respond to enquiries and any other communications from you through the website;

(iii) for improvement and maintenance of our website and to provide technical support for our website;

(iv) to ensure the security of our website;

(v) to recognise you when you return to our website, to store information about your preferences, and to allow us to customise the website according to your individual interests; and

(vi) to evaluate your visit to the website and prepare reports or compile statistics to understand the type of people who use our website, how they use our website and to make our website more intuitive. Such details will be anonymised as far as reasonably possible and you will not be identifiable from the information collected.

Please see sections 2.7 and 2.8 for more details about how we use your personal information.

(c) A word about cookies

(i) Some pages on our website use cookies, which are small files placed on your internet browser when you visit our website. We use cookies in order to offer you a more tailored experience in the future, by understanding and remembering your particular browsing preferences.

(ii) Where we use cookies on our website, you may block these at any time. To do so, you can activate the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies), you may not be able to access all or parts of our website or to use all the functionality provided through our website.

(iii) For detailed information on the cookies we use and the purposes for which we use them, please refer to our cookies policy

2.2 Employees / contractors of our clients

(a) What personal information we collect about you

We, or third parties on our behalf, may collect and use any of the following information about you:

(i) your name;

(ii) work contact information (phone number, postal address, mailing address, email address);

(iii) account username and password;

(iv) your job title, position and/or reference number;

(v) your gender;

(vi) personal information we collect about you from third party sources, such as LinkedIn, Twitter, Facebook etc.;

(vii) information in respect of interests, preferences, feedback or survey responses that you provide;

(viii) information provided when you correspond with us (including in respect of your support experience or our products and services);

(ix) any updates to information provided to us;

(x) next of kin details (phone number, postal address, relationship of contact); and

(xi) bank account details and details on payment transactions relating to our products/services.

 

(b) How we use your personal information

We will collect, use and store the personal information listed above for the following reasons where you have consented, if applicable, or, otherwise, if it is in our legitimate interests:

(i) for providing you with certain communications (including by email or post) about our services such as service announcements and administrative messages (for example, setting out changes to our terms and conditions, letting you know about new services or changes to current services, or keeping you informed about our fees and charges);

(ii) to deal with any enquiries or issues you have about our products and services;

(iii) for the purposes of entering you into and administering any competition or contest you have chosen to participate in;

(iv) so as to undertake contract administration activities in respect of a contract for services that is in place between us and your employer/engager;

(v) to assist us in evaluating and improving the provision of our products and services; and

(vi) for business development and marketing purposes, to contact you (including by email, telephone or post) with information about our products and services which either you request, or which we feel will be of interest to you (including newsletters, company updates and information on events).

Please see sections 2.7 and 2.8 for more details about how we use your personal information.

(c) Source of personal information.  We may receive some of your personal information from third parties, such as the relevant corporate entity that employs or engages you and with whom we have a contract or arrangement for the provision of services.  We may also collect this personal information from publicly-available sources, such as LinkedIn

 

2.3 Prospective clients who we send marketing communications to

(a) We, or third parties on our behalf, may collect and use any of the following information about you:

(i) your name;

(ii) your postal address;

(iii) your email address;

(iv) your telephone number(s);

(v) your job title, position and/or reference number;

(vi) personal information we collect about you from third party sources, such as LinkedIn, Twitter, Facebook etc.;

(vii) information about your preferences; and

(viii) any updates to information provided to us.

(b) How we use your personal information

We will collect, use and store the personal information listed above, if you have consented or, otherwise, if it is in our legitimate interests, for business development and marketing purposes, to contact you (including by email, telephone or post) with information about our products and services which either you request, or which we feel will be of interest to you (including newsletters, company updates and information on or registration for events/webinars). This may include contacting you with regards to items discussed with you previously or in respect of similar products and solutions you have expressed an interest in.

Please see sections 2.7 and 2.8 for more details about how we use your personal information.

(c) Source of personal information.  We may receive some of your personal information from third parties, such as marketing agencies.

2.4 Subscribers to our newsletters and other communications

(a) We, or third parties on our behalf, may collect and use any of the following information about you:

(i) your name;

(ii) your postal address;

(iii) your email address;

(iv) your telephone number(s);

(v) your job title, position and/or reference number;

(vi) personal information we collect about you from third party sources, such as LinkedIn, Twitter, Facebook etc.;

(vii) information about your preferences; and

(viii) any updates to information provided to us.

(b) How we will use your personal information

We will collect, use and store the personal information listed above to provide you with the newsletters, event updates and information, emails, blog posts resources or other published materials or communications that you have requested from us. We need certain types of personal information to be able to provide you with such requested resources or communications. If you do not provide us with such personal information, or if you ask us to delete it, you may no longer be able to receive certain of our resources or communications.

2.5 People who contact us with enquiries

(a) We, or third parties on our behalf, may collect and use any of the following information about you:

(i) your name;

(ii) your postal address;

(iii) your email address;

(iv) your telephone number(s);

(v) your job title, position and/or reference number;

(vi) personal information we collect about you from third party sources, such as LinkedIn, Twitter, Facebook etc.;

(vii) information provided when you correspond with us; and

(viii) any updates to information provided to us.

(b) How we use your personal information

We will collect, use and store the personal information listed above to deal with any enquiries you have about us or our services, including any questions you may have about how we collect, store and use your personal information, or any requests made by you for a copy of the information we hold about you.  We may process your personal information for these purposes where it is in our legitimate interests for business and client services purposes.

Please see sections 2.7 and 2.8 for more details about how we use your personal information.

2.6 Employees/contractors of our suppliers who work for us

(a) We, or third parties on our behalf, may collect and use any of the following information about you:

(i) your name;

(ii) work contact information (phone number, postal address, mailing address, email address);

(iii) your job title, position and/or reference number;

(iv) your gender;

(v) information provided when you correspond with us;

(vi) any updates to information provided to us;

(vii) personal information we collect about you from third party sources such as LinkedIn, Twitter, Facebook etc.;

(viii) information required to access company systems and applications (such as system ID);

(ix) bank account details and details on payment transactions relating to products and/or services you provide to us; and

(x) if you attend our sites, CCTV recordings.

(b) How we use your personal information

We will collect, use and store the personal information listed above for the following reasons where you have consented, if applicable, or, otherwise, if it is in our legitimate interests:

(i) so as to undertake contract administration activities in respect of a contract for services that is in place between us and your employer/engager;

(ii) for CCTV monitoring and other security of company facilities; and

(iii) for business development and marketing purposes, to contact you (including by email, telephone or post) with information about our products and services which either you request, or which we feel will be of interest to you (including newsletters, company updates and information on events).

Please see sections 2.7 and 2.8 for more details about how we use your personal information.

(c) Source of personal information.  We may receive some of your personal information from third party sources, such as your employer/engager or your employer’s/engager’s company website. We may also collect this personal information from publicly-available sources, such as LinkedIn.

(d) Information we need to for services to be provided to us.  Please note that we need certain types of personal information so that your employer/engager can provide services to us. If you do not provide us with such personal information, or if you or your employer/engager ask us to delete it, you may no longer be able to provide services to us.

2.7 Whatever our relationship with you is, we may also collect, use and store your personal information for the following additional reasons:

(a) to deal with any enquiries or issues you have about how we collect, store and use your personal information, or any requests made by you for a copy of the information we hold about you.  If we do not have a contract with you, we may process your personal information for these purposes where it is in our legitimate interests for business and client services purposes;

(b) for internal corporate reporting, business administration, ensuring adequate insurance coverage for our business, ensuring the security of company facilities, research and development, and to identify and implement business efficiencies.  We may process your personal information for these purposes where it is in our legitimate interests to do so;

(c) to comply with any procedures, laws and regulations which apply to us – this may include where we reasonably consider it is in our legitimate interests or the legitimate interests of others to comply, as well as where we are legally required to do so;

(d) to establish, exercise or defend our legal rights – this may include where we reasonably consider it is in our legitimate interests or the legitimate interests of others, as well as where we are legally required to do so; and

2.8 Further processing

Before using your personal information for any purposes which fall outside those set out in this section 2, we will undertake an analysis to establish if our new use of your personal information is compatible with the purposes set out in this section 2. Please contact us using the details in section 12, if you want further information on the analysis we will undertake.

  1. 3. Legal basis for use of your personal information3.1 We consider that the legal bases for using your personal information as set out in this privacy policy are as follows:(a) our use of your personal information is necessary to perform our obligations under any contract with you (for example, to comply with the terms of use of our website which you accept by browsing our website);(b) where you are a subscriber to any of our newsletters, event updates, emails, blog posts, resources and other published materials or communications, you have consented to our use of your personal information for the purposes of providing you with the content you have requested from us;

(c) our use of your personal information is necessary for complying with our legal obligations (for example, for health and safety purposes);

(d) where neither (a), (b) nor (c) apply, use of your personal information is necessary for our legitimate interests or the legitimate interests of others (for example, to ensure the security of our website). Our legitimate interests are to:

(i) run, grow and develop our business;

(ii) operate our website;

(iii) undertake contract administration in respect of a contract for services that is in place between us and your employer/engager;

(iv) select appropriately skilled and qualified suppliers;

(v) undertake marketing, market research and business development;

(vi) provide cloud technology and associated services to our clients, make and receive payment and provide clients services; and

(vii) for internal group administrative purposes.

If we rely on our (or another person’s) legitimate interests for using your personal information, we will undertake a balancing test to ensure that our (or the other person’s) legitimate interests are not outweighed by your interests or fundamental rights and freedoms which require protection of the personal information.  You can ask us for information on this balancing test by using the contact details at section 12.

3.2 We may process your personal information in some cases for marketing purposes on the basis of your consent (which you may withdraw at any time after giving it, as described below).

3.3 If we rely on your consent for us to use your personal information in a particular way, but you later change your mind, you may withdraw your consent by contacting us at dataprotection@cts.co.uk and we will stop doing so. However, if you withdraw your consent, this may impact the ability for us to be able to provide the information, resources, materials or services that you have requested from us or to comply with certain of our obligations.

  1. 4. How and why we share your personal information with others4.1 We may share your personal information with our group companies where it is in our legitimate interests to do so for internal administrative purposes (for example, ensuring consistent and coherent delivery of our services to our clients, corporate strategy, compliance, auditing and monitoring, research and development and quality assurance).4.2 We will share your personal information with the following third parties or categories of third parties:(a) HubSpot (whose details are HubSpot Inc., 25 First Street, 2nd Floor, Cambridge, MA 02141 USA) for marketing automation services in respect of our website which involves tracking visitors’ interaction with our website through cookies;

(b) Big Brand Ideas (whose details are: Big Brand Ideas Ltd., King Edward House, 1 Jordangate, Macclesfield, SK10 1EE) for email marketing communication and online marketing services;

(c) Hatters Print (whose details are: Hatters Promotions, Regent House, Heaton Lane, Stockport, Cheshire, SK4 1BS) for postal marketing communication services;

(d) our other service providers and sub-contractors, including but not limited to payment processors, utility providers, suppliers of technical and support services, insurers, and cloud service providers;

(e) companies that assist us in our marketing, advertising and promotional activities; and

(f) analytics and search engine providers that assist us in the improvement and optimisation of our website.

4.3 Any third parties with whom we share your personal information are limited (by law and by contract) in their ability to use your personal information for any purpose other than to provide services for us. We will always ensure that any third parties with whom we share your personal information are subject to privacy and security obligations consistent with this privacy policy and applicable laws.

4.4 We will also disclose your personal information to third parties (including our financial, legal or other professional advisers):

(a) where it is in our legitimate interests to do so to run, grow and develop our business:

(i) if we sell or buy any business or assets, we may disclose your personal information to the prospective seller or buyer of such business or assets;

(ii) if substantially all of CTS’s or any of CTS’s affiliates’ assets are acquired by a third party, in which case personal information held by CTS will be one of the transferred assets;

(b) if we are under a duty to disclose or share your personal information in order to comply with any legal obligation, any lawful request from government or law enforcement officials and as may be required to meet national security or law enforcement requirements or prevent illegal activity;

(c) in order to enforce or apply our terms and conditions or any other agreement or to respond to any claims, to protect our rights or the rights of a third party, to protect the safety of any person or to prevent any illegal activity; or

(d) to protect the rights, property, or safety of CTS, our staff, our clients or other persons. This may include exchanging personal information with other organisations for the purposes of fraud protection and credit risk reduction.

4.5 We may also disclose and use anonymised, aggregated reporting and statistics about users of our website or our goods and services for the purpose of internal reporting or reporting to our group or other third parties, and for our marketing and promotion purposes. None of these anonymised, aggregated reports or statistics will enable our users to be personally identified.

4.6 Save as expressly detailed above, we will never share, sell or rent any of your personal information to any third party without notifying you and, where necessary, obtaining your consent. If you have given your consent for us to use your personal information in a particular way, but later change your mind, you should contact us and we will stop doing so.

  1. 5. How long we store your personal informationWe keep your personal information for no longer than necessary for the purposes for which the personal information is processed.  The length of time we retain personal information for depends on the purposes for which we collect and use it and/or as required to comply with applicable laws and to establish, exercise or defend our legal rights, or until your request to be deleted.
  2. 6. Your rights6.1 You have certain rights in relation to your personal information. If you would like further information in relation to these or would like to exercise any of them, please contact us via email at dataprotection@cts.co.uk at any time. You have the following rights:

(a) Right of access.  You have a right of access to any personal information we hold about you.  You can ask us for a copy of your personal information; confirmation whether your personal information is being used by us; details about how and why it is being used; and details of what safeguards are in place if we transfer your information outside of the European Economic Area (“EEA“).(b) Right to update your information.  You have a right to request an update to any of your personal information which is out of date or incorrect.

(c) Right delete your information.  You have a right to ask us to delete any personal information which we are holding about you in certain specific circumstances.  You can ask us for further information on these specific circumstances by contacting us using the details in section 12

We will pass your request onto other recipients of your personal information unless that is impossible or involves disproportionate effort.  You can ask us who the recipients are using the contact details in section 12].

(d) Right to restrict use of your information: You have a right to ask us to restrict the way that we process your personal information in certain specific circumstances.  You can ask us for further information on these specific circumstances by contacting us using the details in section 12

We will pass your request onto other recipients of your personal information unless that is impossible or involves disproportionate effort.  You can ask us who the recipients are using the contract details in section 12

(e) Right to stop marketing: You have a right to ask us to stop using your personal information for direct-marketing purposes.  If you exercise this right, we will stop using your personal information for this purpose.

(f) Right to data portability: You have a right to ask us to provide your personal information to a third party provider of services.

This right only applies where we use your personal information on the basis of your consent or performance of a contract; and where our use of your information is carried out by automated means.

(g) Right to object.  You have a right to ask us to consider any valid objections which you have to our use of your personal information where we process your personal information on the basis of our or another person’s legitimate interest.

6.2 We will consider all such requests and provide our response within a reasonable period (and in any event within one month of your request unless we tell you we are entitled to a longer period allowed by applicable law). Please note, however, that certain personal information may be exempt from such requests in certain circumstances, for example if we need to keep using the information to comply with our own legal obligations or to establish, exercise or defend legal claims.

6.3 If an exception applies, we will tell you this when responding to your request.  We may request you provide us with information necessary to confirm your identity before responding to any request you make.

  1. 7.  Marketing7.1 We may collect and use your personal information for undertaking marketing by email telephone and post.7.2 We may send you certain marketing communications (including electronic marketing communications to existing clients) if it is in our legitimate interests to do so for marketing and business development purposes.7.3 However, we will always obtain your consent to direct marketing communications where we are required to do so by law and if we intend to disclose your personal information to any third party for such marketing.

7.4 If you wish to stop receiving marketing communications, you can contact us by email at hello@cts.co.uk.

      1. Where we may transfer your personal information
  • Your personal information may be used, stored and/or accessed by staff operating outside the EEA working for us, other members of our group or suppliers. From time to time, the third parties we share data with may also be outside the EEA. Further details on to whom your personal information may be disclosed are set out in section 4.
  • If we provide any personal information about you to any such non-EEA members of our group, suppliers, or third parties we will take appropriate measures to ensure that the recipient protects your personal information adequately in accordance with this privacy policy and we will ensure that we have a contract in place for such purpose. These measures may include the following permitted in Articles 45 and 46 of the General Data Protection Regulation:
        • in the case of US based entities, entering into European Commission approved standard contractual arrangements with them
        • in the case of entities based in other countries outside the EEA, entering into European Commission approved standard contractual arrangements with them.
      • We will remain bound by our obligations under applicable data protection laws even when your personal information is processed outside the EEA. Further details on the steps we take to protect your personal information, in these cases is available from us on request by contacting us by email at dataprotection@cts.co.uk at any time.
  • 9. Risks and how we keep your personal information secure9.1 The main risk of our processing of your personal information is if it is lost, stolen or misused.  This could lead to your personal information being in the hands of someone else who may use it fraudulently or make public information that you would prefer to keep private.9.2 We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online. These include controls to premises, appropriate file locking systems, use of encryption and passwords, and anti-virus software. We are also on the Data Protection Register9.3 In the course of provision of your personal information to us, your personal information may be transferred over the internet.  Although we make every effort to protect the personal information which you provide to us, the transmission of information over the internet is not completely secure. As such, you acknowledge and accept that we cannot guarantee the security of your personal information transmitted to our website and that any such transmission is at your own risk. Once we have received your personal information, we will use strict procedures and security features to prevent unauthorised access to it.

9.4 Where we have given you (or where you have chosen) a password which enables you to access your online account or our website otherwise, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

  • 10. Links to other websites. Our website may contain hyperlinks to websites that are not operated by us. These hyperlinks are provided for your reference and convenience only and do not imply any endorsement of the activities of such third-party websites or any association with their operators. This privacy policy only applies to the personal information that we collect or which we receive from third party sources, and we cannot be responsible for personal information about you that is collected and stored by third parties. Third party websites have their own terms and conditions and privacy policies, and you should read these carefully before you submit any personal information to these websites. We do not endorse or otherwise accept any responsibility or liability for the content of such third party websites or third party terms and conditions or policies.
  • 11. Changes to our privacy policy. We may update our privacy policy from time to time. Any changes we make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by post or email. Please check back frequently to see any updates or changes to our privacy policy.
  • 12. Further questions and how to make a complaint12.1 If you have any queries or complaints about our collection, use or storage of your personal information, or if you wish to exercise any of your rights in relation to your personal information, please contact dataprotection@cts.co.uk. We will investigate and attempt to resolve any such complaint or dispute regarding the use or disclosure of your personal information.12.2        In accordance with Article 77 of the General Data Protection Regulation, you may also make a complaint to the Information Commissioner’s Office, or the data protection regulator in the country where you usually live or work, or where an alleged infringement of the General Data Protection Regulation has taken place.  Alternatively, you may seek a remedy through the courts if you believe your rights have been breached. For your information, the Information Commissioner’s Office can be contacted at:

The Information Commissioner’s Office

Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Tel: 01625 545 700

The practices described in this privacy policy statement are current as of April 2019.

 

Our Data Protection Officer (DPO) can be contacted directly here:

  • dpo@cts.co.uk

 

HR Privacy Notice

This Privacy Notice (this “HR Notice”) applies to personal data related to your employment or other work for CTS Ltd as referred to below.

CTS processes personal data in accordance with all applicable laws including the EU General Data Protection Regulation (GDPR) and applicable national laws, as further described in this Privacy Notice.

This HR Notice applies to full-time or part-time employees, permanent or temporary workers, and contractors and freelancers working in our offices, and the word “employment” includes whichever of those relationships applies to your situation.

It applies to personal data that CTS, like any employer, needs to run our business and manage our relationship with you, at all stages:

  • During the recruitment process;
  • Whilst you are working for us;
  • At the time when your employment ends; and
  • After you have left.

If you have questions regarding how CTS processes data for that purpose, or want to manage your choices in relation to that type of data, please consult the Company’s specific Privacy Notice for that area

  1. Data Controller and Data Protection Officer Details

The entity that decides on the purposes for which and ways in which personal data relating to you is processed is:

  • CTS Ltd; (“Company”)

For any personal data-related issues you can contact:

  1. (a)  Your manager;
  2. (b)  The CTS HR Team; or
  3. (c)  The Company’s Data Protection Officer at:
  1. What types of personal data does the Company process?

This HR Notice covers the Company’s processing of “personal data”, which is defined as follows:

‘Personal data’ – means any information relating to you (or any other identified or identifiable person), which may include your name, address, telephone numbers (including mobile phone number), National Insurance Number, Tax Code, education, experience and qualifications, household, and details of or any change in your personal circumstances which affects, or may affect, your tax status or right to work in in the role for which you are employed.

‘Special categories of personal data’ – means personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership; genetic data or biometric data (for the purpose of uniquely identifying a person); data concerning health; or data concerning a person’s sex life or sexual orientation. This data will only be processed for certain narrowly defined purposes.

The personal data the Company holds includes:
a) Your CV, application letter, tests, samples, or application forms

  1. b)  References
  2. c)  Your employment contract and any amendments to it;
  3. d)  Correspondence with or about you, for example offer letters or communications to

you about a pay rise or benefits, or at your request, to a third party such as a bank or mortgage company regarding your salary;

  1. e) Personal data needed for payroll, benefits, pensions, insurance and expenses payments purposes;
  1. f)  Contact and emergency contact details;
  2. g)  Records of holiday, sickness, parental leave, and other absences;
  3. h)  Personal data needed for any equal opportunities monitoring policies; and
  4. i)  Records relating to your employment history, such as training, appraisals, other

performance measures and, where appropriate, disciplinary and grievance records;

  1. j) Criminal convictions data: CTS does not currently process such data and would do so only where this is expressly permitted by the law and in accordance with all applicable restrictions
  2. k) Special categories of personal data:

Health: Where necessary, we may keep personal data relating to your health, which could include reasons for absence, GP reports and notes, and data relating to accidents or insurance. This personal data will be used in order to comply with our health and safety and occupational health obligations – to consider how your health affects your ability to do your job and whether any adjustments to your job might be appropriate. We will also need this data to administer and manage statutory and company sick pay, pensions, insurance, holidays.

Other special categories: Where we process special categories of personal data relating to your racial or ethnic origin, political opinions, religious and philosophical beliefs, trade union membership, biometric data or sexual orientation, we will always obtain your explicit consent for its processing.

The only other times we would process special categories of personal data are where this information is:

  • Necessary for compliance with laws or carrying out employment-related rights and obligations;
  • Required to protect your health or safety in an emergency;
  • Something that you have made publicly available.

Much of the personal data we hold will have been provided by you, but some may come from other internal sources, such as your manager, or in some cases, external sources, such as referees or doctors.

  1. Why does the Company need to collect and process this personal data?

The Company keeps and processes personal data relating to you in order to:

  1. a) Enable us to comply with the employment contract (e.g. to ensure that you receive correct payments of wages, benefits, expenses and any bonuses, providing work for you to do)
  2. b) Comply with legal requirements to which we are subject (e.g. health, safety and welfare, tax, national insurance and pensions, working hours, parental leave, worker consultations and trade union rights, non-discrimination, disciplinary procedures and investigation of complaints, record-keeping, checking your right to work in the UK or the EU),
  3. c) Protect our legal position in the event of legal claims or proceedings (against the company or you, or between the company and you),
  1. d)  Protect your (or others’) safety and health in emergencies, and
  2. e)  Pursue the Company’s legitimate business interests, as described below.

The Company’s legitimate business interests for which we may need to process personal data are as follows:

  1. a) General: to refer to you and your role and work in Company documents and records that are produced by you and your colleagues in the course of carrying out your duties and the business of the Company;
  2. b) Internal collaboration: to put you in contact with colleagues (including in other Company offices in the EU or elsewhere);
  3. c) External collaboration: to put you in contact with current and potential clients, suppliers, candidates, consultants, or contractors;
  4. d) Security: to manage office security, network and IT access, and use of the Company’s property;
  5. e) IT policies: to monitor communications to ensure that employees only use Company equipment and systems, for example IT, e-mail and telecommunications in accordance with the Company’s policies and procedures. The Company may also use CCTV and recording equipment on its premises for security. When these systems are updated or maintained, others may have access to information stored on or accessible through them;
  6. f) Business continuity: to check your email and stored files if you are absent from work or after you leave the Company.

As these processes always relate to your professional life (work email, work telephone, company contracts etc.) there will normally be no negative impact on your privacy or rights, and such use is necessary for the business interests described and within what employees should reasonably expect. We ask that you bear in mind that Company systems e.g. email and phones may be reviewed by others.
If at any time we intend to process your personal data for a purpose other than that for which it was collected we will provide you with information on that purpose and any other relevant information.

The above uses of personal data are necessary for carrying on our business and for the other reasons set out in this HR Notice and so except where specified don’t require your consent. Occasionally, we may ask for your consent to process your data for additional purposes (for example, attendance at Company events or social activities), in which case you have an entirely free choice regarding whether you want to permit the Company to process your data or not. Where it applies, consent is entirely voluntary and can be withdrawn at any time by contacting the Company as set out in this HR Notice.

  1. Who receives your personal data?

Other than as mentioned below, we will only disclose personal data about you to third parties if we are legally obliged to do so or where we need to comply with our contractual duties to you, for instance we may need to pass on certain personal data to our external payroll providers, pension or health insurance schemes.

We may transfer personal data about you to other Company offices for purposes connected with your employment or the management of the Company’s business. At the date of this HR Notice, the Company has offices and staff in London, Wellington. Clients, suppliers or business partners may be located in other places and may also receive your data as described in this HR Notice.

Within the EU (and Norway, Iceland and Liechtenstein) EU personal data protection rules apply, and your data is treated in a similar way to the place where you work. Whenever your data is transferred to other places, we have in place safeguards to ensure the security of your data which may include:

  • the EU-US Privacy Shield for transfers to business partners in the US; and
  • European Commission approved standard contract clauses for other transfers outside the EU. Where this is required by law, we will provide a copy of the safeguards applicable to your personal data, if requested.
  1. How long do we keep your personal data?

Your personal data will be stored only for as long as it is needed for the purpose for which it was obtained.

In any event, we need to keep data for the longest of whichever of the following periods applies:

  1. For job applicants and candidates: not more than six months after the role has been filled (unless you ask or authorise us to keep it for longer)
  1. In general: for 6 years after the end of your employment
  2. If you were under 18 when employed: until you are 21
  3. If you were injured or became sick during or as a result of your employment: six years from the date that we became aware of the injury or sickness or that it related to your employment.
  4. If any legal claims or proceedings have arisen in relation to your employment or other relations with the Company: until such claims or proceedings are finally resolved.
  1. What are your rights?

You have a number of rights with regard to your personal data, i.e.:

  • To ask for access to it;
  • To ask for errors in it to be corrected;
  • To ask for it to be erased (the “right to be forgotten”);
  • If not erased (e.g. if it is required to be kept for legal reasons), then to ask us to restrict its processing;
  • To object to its processing for specific purposes;
  • To ask for a copy to take (or have us provide) to another data controller. Please note that this would relate only to information provided by you – information the Company has received from others or created internally would not be covered.

We are not required to ask for your consent for the processing of personal data, as it is necessary for the reasons set out in this HR Notice. However, where we do rely on any consent that you have given, then you are always allowed to withdraw your consent at any time (though the processing that took place before withdrawal will still be legal).

In certain circumstances it may not be possible for these rights to be exercised in full or at all as they are closely related to your employment contract and applicable employment laws. We will explain any actions we have taken or not taken in relation to any request you make.

We are always available through the contacts in Section 2 above to help resolve any issues or doubts you may have in relation to processing of your personal data. If you believe that your rights have not been respected at any time then you also have a right to complain to the Supervisory Authority in your country (in the UK, the Information Commissioner’s Office – “ICO”; to ask them for a resolution.

  1. Consequences of not providing (or updating) data

Other than where we have asked for your consent for data processing, processing of personal data is obligatory for the reasons set out in this HR Notice. If you wish to object to processing of personal data relating to you, or require us to delete it, this could lead to us being unable to comply with the employment contract or other legal obligations. If so we will tell you about the potential effects of our not having the proper data in those circumstances.