For IT Innovations and Innovators
Csi10 Limited Privacy notice
Introduction
Privacy matters to you
The services notice applies to are the csi10 Limited (“csi10”) website, communication, marketing and services.
- Corporate Responsibility
- Social Responsibility
- Legal Responsibilities
We take the storing and processing of your data very seriously. Please read the following carefully to understand our views and practices.
This document has been written to provide you with a clear and detailed explanation of how your data will be handled by us and outlines your rights in relation to your data, under the General Data Protection Regulation (GDPR).
Who we are?
Csi10 Limited is a small management consultancy organisation. We offer business development / management consulting / talent hunting services to small and medium sized innovative organisations that operate in and around the SAP market place.
In order for us to provide you with a proposal of services, deliver the services and deal with any claims or complaints that might arise, we need to collect and process data about you. This makes csi10 Limited a “data controller” and should be contacted for all issues relating to Data Protection and GDPR.
- Csi10 Limited, company number 5091289, registered address 26-28 Molesey Road, Hersham, Surrey KT12 4RQ , or
If you are unsure can also contact us at:
- 07795 668450
- Dataprotectionofficer@csi10.co.uk
In this notice we use the terms “we” or “us” or “csi10” to identify the company.
What information do we collect?
We generally only collect contact details
- Directly from you, or
- From publically available sources such as internet search engines, news articles and social media sites
And may share details with
- Third parties who provide sanctions checking services;
- Government agencies such as the police, the National Crime Agency, the DVLA or HMRC;
- Insurance industry bodies (including the Employers’ Liability Tracing Office and the Association of British Insurers);
- Third parties who provide us with details of individuals who have expressed an interest in hearing about csi10 Limited services;
- In limited circumstances, private investigators;
- Third party administrators and suppliers we appoint to help us carry out our everyday business activities including IT suppliers, actuaries, auditors, lawyers, document management providers, outsourced business process management providers, our subcontractors and tax advisers;
- Our own website; and
- Selected third parties in connection with any sale, transfer or disposal of our business.
In addition to contact details we may hold a CV/Resume/Biography for individuals we are looking to place in new roles. These CV’s are generally sent to us by the candidate via email and stored on our secured hard-drive.
How do we use personal information?
Personal Contact data may be used in things like:
- personalisation of content, business information or user experience
- account set up and administration
- delivering marketing and events communication
- carrying out polls and surveys
- internal research and development purposes
- providing goods and services especially in the placement of people into new roles
- legal obligations (eg prevention of fraud)
- meeting internal audit requirements
The Information Notice has two principal purposes:
- First, it is designed to assist the market participant or its client with the interface with the data subject, to describe how the data subject’s personal data may be disclosed and used by other market participants for core activities during the business lifecycle. It is envisaged that market participants link to this Information Notice from the csi10 Limited website.
- Secondly, it may be cross-referred in contractual documentation governing the receipt of such personal data when one market participant is relying on other market participants to provide notice or obtain consent on their behalf, for example in a binding agreement.
The personal information that we collect will depend upon your relationship with us. We will collect different personal information depending on whether you are customer, supplier or candidate. For example we may need access to information about your employment track record for the purposes of determining:
- your skills, experience and suitability for a client project,
- eligibility to work in the UK for purposes of determining whether a UK citizen or a foreign national requiring a work visa or
- Sensitive personal information for the purposes such as preventing, detecting and investigating fraud (including offences and alleged offences and any court sentence or unspent criminal conviction).
If you provide personal information to us about other individuals (for example other colleagues) you agree that you will inform them about the contents of this notice and obtain any required consent in accordance with this notice.
What legal basis do we have for processing your personal data?
There are six possible legal grounds which are:
- consent
- contract
- legitimate interests
- vital interests
- public task
- legal obligation
The legal grounds on which we collect this data will be based upon the relationship you have with the organisation.
Consent to use personal data can be removed simply by sending an email to unsubscribe@csi10.co.uk with subject as Personal Data and making your request plain and obvious in the body of the email.
We collect information where the provision of information is for the purposes of business development or legally or contractually required.
You have provided your explicit consent to our use of your sensitive personal information.
You will find further details of our "legal grounds" for each of our processing purposes set out below.
|
Purpose for processing |
Legal grounds for using your personal information |
Legal grounds for using your sensitive personal information |
|
To carry out fraud, credit and anti-money laundering checks |
It is necessary to enter into or perform your contract. We have a relevant legal or regulatory obligation. We have an appropriate business need (to prevent fraud and other financial crime). |
Such use is necessary for contract purposes. It is necessary to prevent or detect crime. Such use is necessary to comply with regulatory requirements relating to unlawful acts and dishonesty. We need to establish, exercise or defend legal rights. You have given us your explicit consent. |
|
To administer your contract including taking payments and making changes where requested or necessary. |
It is necessary to enter into or perform your contract. We have a relevant legal or regulatory obligation. We have an appropriate business need (administer your insurance contract). |
Such use is necessary for contract purposes. You have given us your explicit consent. |
|
To prevent and investigate fraud and other crime. |
It is necessary to enter into or perform your contract. We have a relevant legal or regulatory obligation. We have an appropriate business need (to prevent and detect fraud and other financial crime). |
Such use is necessary for contract purposes. It is necessary to prevent or detect crime. Such use is necessary to comply with regulatory requirements relating to unlawful acts and dishonesty. We need to use your information in order to establish, exercise or defend our legal rights. You have given us your explicit consent. |
|
To communicate with you (including assessing whether you are a vulnerable person) and resolve any complaints that you might have. |
It is necessary to enter into or perform your contract. We have a relevant legal or regulatory obligation. We have an appropriate business need (to send you communications, record and investigate complaints and ensure that future complaints are handled appropriately). |
Such use is necessary for contract purposes. We need to use your information in order to establish, exercise or defend our legal rights. You have given us your explicit consent. |
|
To comply with our legal or regulatory obligations. |
We have a relevant legal or regulatory obligation. |
Such use is necessary for contract purposes. Such use is necessary to comply with regulatory requirements relating to unlawful acts and dishonesty. We need to use your information in order to establish, exercise or defend our legal rights. You have given us your explicit consent. |
|
To provide improved quality, training and security (for example, through recorded or monitored phone calls to our contact numbers, or carrying out customer satisfaction surveys) |
We have an appropriate business need (to develop and improve the products and services we offer). |
You have given us your explicit consent. |
|
To enable us to manage our business operations, such as by maintaining accounting records, carrying out analysis of financial results, using information to meet internal audit requirements, and receiving professional advice (e.g. tax or legal advice) |
We have an appropriate business need (to effectively manage our business). We have a relevant legal or regulatory obligation. |
We need to use your information in order to establish, exercise or defend our legal rights. You have given us your explicit consent. |
|
To apply for and claim on our insurance. |
We have an appropriate business need (to ensure that we have appropriate insurance in place). |
Such use is necessary for insurance purposes. We need to use your information in order to establish, exercise or defend legal rights. You have given us your explicit consent |
|
To carry out marketing analysis, customer segmentation and campaign planning. |
You have given us your explicit consent. We have an appropriate business need (to plan our marketing activities). |
Not applicable. |
|
To provide marketing information to you in accordance with preferences you have expressed. |
You have given us your explicit consent. We have an appropriate business need (to send you selected communications about other products and services we offer). |
Not applicable |
|
To buy or sell group companies or to restructure our business. |
We have an appropriate business need (to buy or sell group companies or to restructure our business). We have a relevant legal or regulatory obligation. |
You have given us your explicit consent. |
What Personal Information will we collect?
General information such as your name and contact details will be collected.
In the case of consultancy recruits we will collect:
- Corporate Bank details
- Personal Passport or driving licence number
- Employment Visa details if relevant
- Information about your job including
- Job title
- Status as a director or partner
- Employment history
- Education history
- Professional accreditations
- Professional Indemnity Insurance
Information relevant to any claim or complaint you make will depend on the type of claim or complaint you make.
When do we share personal data?
Personal data will only be shared with the express consent of the individuals involved. This is mainly in very specific 2 situations including :-
- Connecting
- people or
- businesses
- Recruitment purposes
The csi10 process ensures that all parties are aware and have consented to being connected or have given express consent to pass CV details to a prospective employer.
Where do we store and process personal data?
Personal data is stored on our UK based secured systems and protected by level of password protection.
How do we secure personal data?
Csi10 make all reasonable endeavours to ensure any personal data remains secure at all times, including :-
- to protect data against accidental loss
- to prevent unauthorised access, use, destruction or disclosure
- to ensure business continuity and disaster recovery
- to restrict access to personal information
- to conduct privacy impact assessments in accordance with the law and your business policies
- to train staff and contractors on data security
- to manage third party risks, through use of contracts and security reviews
How long do we keep your personal data for?
Personal contact records are kept for as long as necessary to continue regular and consistent contact with individuals. Deletion or removal of personal data is made on request by the individual in the process clearly outlined above.
CV’s are retained for one-year only and will only be retained longer if they are subject to a related contract and hence needs to be retained for 7 years.
Your rights in relation to personal data
Under GDPR you have the right to :-
- access to personal information
- correction and deletion
- withdrawal of consent (if processing data on condition of consent)
- data portability
- restriction of processing and objection
- lodging a complaint with the Information Commissioner’s Office (ICO)
Any and all of the above can be made by sending a clearly articulated email as described above.
Use of automated decision-making and profiling
No Auto-profiling or decision making processes are used in our day-to-day activities.
What marketing activities do we carry out?
We may use your personal information to provide you with information about products or services which may be of interest to you where you are an existing customer or where you have provided your consent for us to do so. We may do this by post or email.
We are committed to only sending you marketing communications that you have clearly expressed an interest in receiving. If you wish to opt out of marketing, you may do so by clicking on the "unsubscribe" link that appears in all emails or telling us when we call you. Otherwise you can always contact us using the details set out in section 10 to update your contact preferences.
Please note that, even if you opt out of receiving marketing messages, we may still send you service related communications where necessary.
We will only keep your personal information for the minimum periods required in order to fulfil the relevant purposes set out in this notice.
We are also required to keep certain information in order to comply with our legal and regulatory obligations.
The exact time period will depend on your relationship with us and the type of personal information we hold. For example, if you take out an insurance policy with us, we will keep your personal information for longer than if you obtain a quote from us but do not take out a policy.
If you would like further information regarding the periods for which your personal information will be stored, please contact us using the details set out below.
We (or third parties acting on our behalf) may store or process information that we collect about you in countries outside the European Economic Area ("EEA"). Where we make a transfer of your personal information outside of the EEA we will take the required steps to ensure that your personal information is protected. Such steps may include placing the party we are transferring information to under contractual obligations to protect your personal information to adequate standards.
Where we transfer personal information within csi10 Limited, we do so in reliance on "Standard Contractual Clauses" which are set out clauses approved by the European Commission.
If you would like further information regarding the steps we take to safeguard your personal information, please contact us using the details set out below.
How do we protect your information?
We use a range of organisational and technical security measures to protect your information, including:
- physical security measures such as on-site security;
- network security measures such as intrusion detection systems;
- access controls such as password protection and user logging; and
- virus and malware controls on our systems.
We review our security measures periodically. We also ensure that our employees receive appropriate data security training.
Profiling
The provision of services is often based on profiling individuals and businesses to determine the relevance of our service to those members of a defined marketplace.
Fraud prevention
We may use profiling to assess the probability that your claims may be fraudulent or inaccurate. We use your personal information to evaluate and predict risks and outcomes. We do not make automated decisions based on these profiles.
Marketing
We may use profiling to provide you with information about our products and benefits that are most appropriate to you. We may also use your personal information and profile to help us to improve our marketing materials, targeting and customer journeys.
We analyse our customers to determine common characteristics and preferences. We do this by considering various types of information which may include: your location, demographic information (such as age or job title). These characteristics and preferences enable us to understand our customers as well as to send you appropriate communications, and information which is most relevant to you.
Under data protection law you have certain rights in relation to the personal information that we hold about you. There will not usually be a charge for dealing with these requests. You may exercise these rights at any time by contacting us using the details set out below.
Please note:
- the rights set out below do not apply in all circumstances;
- in some cases we may not be able to comply with your request (for example, where there is a conflict with our own obligations to comply with other legal or regulatory requirements). However, we will always respond to any request you make and if we can't comply with your request, we will tell you why.
- in some circumstances exercising some of these rights (such as the right to erasure or the right to restrict processing) will mean we are unable to continue providing you with services and may therefore result in premature contract termination. You will therefore lose the right to bring any claim or receive any benefit, including in relation to any event that occurred before you exercised your right of erasure, if our ability to handle the claim has been prejudiced. Your policy terms and conditions set out what will happen in the event a premature contract termination.
Your rights include:
You are entitled to a copy of the personal information we hold about you and certain details of how we use it.
Your information will usually be provided to you in writing, unless otherwise requested, or where you have made the request by electronic means, in which case the information will be provided to you by electronic means where possible.
We take reasonable steps to ensure that the information we hold about you is accurate and complete. However, if you do not believe this is the case, you can ask us to update or amend it.
In certain circumstances, you have the right to ask us to erase your personal information, for example where the personal information we collected is no longer necessary for the original purpose or, where we are relying on consent as our legal ground, you withdraw your consent. However this will need to be balanced against other factors. For example, we may have legal and regulatory obligations which mean we cannot comply with your request.
In certain circumstances, you are entitled to ask us to stop using your personal information, for example where you think that the personal information we hold about you may be inaccurate or where you think that we no longer need to use your personal information.
In certain circumstances, you have the right to ask that we transfer personal information that you have provided to us to another third party of your choice.
You can ask us to stop sending you marketing messages at any time. You can do this either by clicking on the "unsubscribe" button in any email that we send to you or you can contact us using the details set out below. Please note that even if you opt out of receiving marketing messages, we may still send you service related communications where necessary.
You have a right to object to an automated decision in certain circumstances.
Where we process your personal information based on our appropriate business needs, you can object to such processing. In such cases, we will assess your objection against our business needs.
For certain uses of your personal information, we will ask for your consent. Where we do this, you have the right to withdraw your consent to further use of your personal information.
Please note that for some purposes, we need your consent in order to provide services under contract. If you withdraw your consent, we may need to terminate the contract. The said premature termination of contract will not affect any other legal rights or remedies that either party has. We will advise you of this at the point you seek to withdraw your consent.
You have a right to complain to the Information Commissioner's Office (ICO) if you believe that any use of your personal information by us is in breach of applicable data protection laws and regulations. More information can be found on the Information Commissioner’s Office website: https://ico.org.uk/
Making a complaint will not affect any other legal rights or remedies that you have.
If you would like further information about any of the matters in this notice or have any other questions about how we collect, store or use your personal information, you may contact our data protection officer by telephoning 07795 668450 or by e-mailing us at dataprotectionofficer@csi10.co.uk or writing to us at 26-28 Molesey Road, Hersham, Surrey KT12 4RQ
From time to time we may need to make changes to this notice, for example, as the result of changes to law, technologies, or other developments. Where we make substantial changes to this notice we will provide you with an updated copy. You can also check our website www.csi10.co.uk/privacy periodically to view the most up-to-date notice.
This notice was last updated on: 22nd January 2019.
Print 