PRIVACY POLICY
We are committed to protecting the privacy and security of personal data. This policy tells you how we will collect anduse your personal data, and what you should expect in respect of the personalinformation about you that we have collected. We do not sell or trade yourpersonal data to third parties.
Personal data means any information about an individual from which that person can beidentified. It does not include data where the identity has been removed(anonymous data).
We are Conxtd Technologies Limited (Registeredin England & Wales with Company No: 11401871). Our office address is at 11 Kingfisher Court,Hambridge Road, Newbury RG 14 5SJ. OurRegistered Office address is C/O Business Control Limited, Red Lion Yard, OddDown, Bath, Somerset, England BA2 2PP.
The person with responsibility for our data protection compliance is Phil Hayes(CTO) (“the Data Protection Manager”), and he can be contacted via emailat gdpr@conxtd.com or by telephone on 01635 783 019.
Where we are the controller of the personal data that we keep and use, we areresponsible for making sure that our systems, processes and people comply withthe relevant data protection legislation in respect of that personal data. In certain cases, we may act as a processorof personal data on behalf of others; in those circumstances, we will tell youwho the controller is.
We will comply with applicable data protection legislation (including, before theUK leaves the EU, the General Data Protection Regulation (“GDPR”)). We will act in respect of personal data tocomply with the six principles of data protection legislation, which are:
· Lawfulness,fairness and transparency;
· Purposelimitation;
· Dataminimisation;
· Accuracy;
· Storagelimitation;
· Integrityand confidentiality.
You have rights in respect of how your personal data can be processed; theseinclude the right to request:
· acopy of your personal data;
· thatinaccurate data is rectified; and
· thatyour personal data is, in certain circumstances, erased or restricted.
You have the right to complain to the Information Commissioner, which you can do bycontacting the Information Commissioner’s Office (ICO) directly. Full contact details, including a helplinenumber, can be found on the ICO website (www.ico.org.uk). This website also has useful information on your rights and ourobligations. However, please raise any concerns or issueswith us first so that we may deal with this as quickly as possible for you.
Ourwebsite and services are not intended for children and we do not knowinglycollect data relating to children. Please do not submit or upload any personaldata if you are a child.
COLLECTION, USE ANDDISCLOSURE OF PERSONAL DATA
We collect and process data for the following reasons:
1. personal data collected and created inrelation to our provision or the potential provision of our services andproducts to you which would include customers and relevant contacts; and
2. personal data relating to people whohave asked to attend events run by us, receive our newsletters and otherinformation services or marketing materials; and
3. personal data relating to our people(which means those people working for our firm, or providing services to us, orpotentially working or providing services to us, including employees,consultants, temporary or casual workers and contractors).
All of our people are required to abide by our Privacy Policy when handlingpersonal data and are provided with appropriate data protection training. Any breach of data protection will be taken seriouslyand may result in disciplinary action. Our Data Protection Manager will provide the advice and guidance to ourpeople on data protection issues, as is required.
1. Providing our services
COLLECTION:
We will collect personal informationwhich may include names, addresses, contact details including email addresses, datesof birth, business information and required identification information and documentationfor our customers and customer contacts. This will be done for the management of the commercial relationship withour customers and to allow you access to protected and secure areas of ourwebsite. Additionally, we may collectand use additional personal data when a person is identified during the courseof our service provision.
We may collect this personal data fromyou directly, and also from third parties, including publicly available thirdparty sources. Additional personal datawill be collected as it is created by or supplied to us in the provision of ourservices to you.
We will also collect personalinformation, including name and contact information, for individuals with whomwe have a professional business relationship related to our provision of our servicesand products.
USE:
We will use the personal data in theprovision of our services and products, including for the necessaryadministration of the relationship with our customer, and to comply with requirementsthat we are required or recommended to undertake by law.
We will onlyuse your personal data when the law allows us to. Most commonly, we will use your personal datain the following circumstances:
· inperformance of a contract (the agreement to provide our services and products);and/or
· compliancewith a legal obligation; and/or
· vitalinterests of the data subject; and/or
· whereit is necessary for our legitimate interests (or those of a third party) andyour interests and fundamental rights do not override those interests.
We may also use your personal data in the following situations, which are likelyto be less common:
· wherewe need to protect your interests (or someone else’s interests);
· whereit is needed in the public interest or for official purposes.
DISCLOSURE:
We may share personal data with thirdparties as is necessary in the provision of our services and products,including to third party providers who deliver services to support theoperation of our company or third parties with whom we need to deal in theprovision of our services and products. The third parties that we may share your personal data with includethose listed in Appendix One of this Privacy Policy. We may also need to shareyour personal data with a regulator or otherwise to comply with the law.
We may also disclose your personal datawith third parties to whom we may choose to sell, transfer or merge parts ofour business or our assets. Alternatively, we may seek to acquire otherbusinesses or merge with them. If a change happens to our business, then thenew owners may use your personal data in the same way as set out in thisprivacy policy.
In respect of all disclosures ofpersonal data, we will only share the personal information which is necessaryfor the particular purpose for which it is provided, or where we have anotherlegitimate interest in doing so, and we will ensure that the personal data isappropriately protected.
RETENTION PERIOD:
We will keep personaldata only for as long as is necessary to fulfil the purposes for which wecollected it, including for the purposes of satisfying any legal, accounting orreporting requirements. Normally, our retention period for personaldata collected for this purpose is 3 years (in line with the European Standard,EN50518 Monitoring and Alarm Receiving Centre).
Ourevents, newsletters, other information services & marketing materials (“ourInformation”)
COLLECTION:
We will collect information such asname, email address, IP address (or similar unique identifiers) job title andthe business that you work for together with the additional information thatyou provide to us, for example when you let us know those areas of our businessthat you are interested in receiving information about. In respect of events that we offer, thisinformation may include details of any access or dietary requirements that youhave, which may reveal information about the health or religious beliefs of adata subject.
We may collect this information from you(whether directly or via automated means such as our website) or from thirdparties (such as a client),
We will collect personal data when youtell us that you wish to receive all or part of our information, or otherwisegive us your personal details. You mayat any time tell us that you wish to stop receiving our Information.
USE:
Personal data will be used to provideyou with our information that you ask for, or that we think is relevant to thepreferences that you may have given to us. We may analyse what areas of information are of interest to you so thatwe can better target the Information that we provide.
We will only use your personal data whenthe law allows us to. Most commonly, wewill use your personal data in the following circumstances:
· withyour consent; and/or
· inperformance of a contract (the agreement to provide our services and products);and/or
· whereit is necessary for our legitimate interests (or those of a third party) andyour interests and fundamental rights do not override those interests.
DISCLOSURE:
We may share personal data with thirdparties in respect of the provision of our Information, including to thirdparties who provide services to us, including IT, website hosting, emaildelivery and other services. In respect of all disclosures of personal data, we willonly share the personal information which is necessary for the particularpurpose for which it is provided, or where we have another legitimate interestin doing so, and we will ensure that the personal data is appropriatelyprotected.
RETENTION PERIOD:
We will keep personal data only for aslong as is necessary to fulfil the purposes for which we collected it. Anypersonal data that we have from you solely for the purposes of your receiving ourInformation will not be used once you have asked us to stop providing these toyou (except to the extent that it is necessary to stop you receiving theInformation).
2. Our people
COLLECTION:
We will collect names, addresses, emailand other contact details, education and employment history, identity and otherbackground checks (which may include appropriate criminal and financial checksand confirmation of the right to work in the UK), marital status and informationon next of kin and dependents, financial information (such as bank details andNI numbers), date of birth, gender, a copy of your passport and drivinglicence, performance information and compensation history, recruitmentinformation (including references), salary, benefits, pension and annual leaveinformation, disciplinary and grievance information, photographs, informationabout your use of our information and communications systems and CCTV footageor other information obtained through electronic means.
We may collect and use specialcategories of personal data as required in the carrying out of obligations andexercising specific rights of us or the data subject in the field ofemployment. This may include informationrelating to matters such as health, racial origin, religious belief andoffences or alleged offences.
Personal data may be collected from youduring the selection process (for example via your application form and CV) andduring your employment (including holiday forms, expense claims, performancereviews, any disciplinary or grievance processes), or from third parties,including referees, health service providers, background check providers.
USE:
Personal data of our people will be usedfor HR administration and management, both in respect of the selection ofpeople to work for us (including suitability, eligibility and/or fitness towork), and those who do work for us, to include learning and development,disciplinary and security (of people, offices and data) requirements, providingand liaising with benefits providers, business management and planning(including accounting and auditing), paying you and dealing with tax and NIdeductions, assessing and deciding on salary reviews and compensation,conducting performance reviews and managing performance, dealing with legaldisputes involving you or others, preventing fraud, monitoring your use of ourinformation and communications systems, ensuring compliance with our policies,and equal opportunities monitoring.
We will only use your personal data whenthe law allows us to. Most commonly, wewill use your personal data in the following circumstances:
· Inperformance of a contract with you; and/or
· compliancewith a legal obligation; and/or
· vitalinterests of the data subject; and/or
· whereit is necessary for our legitimate interests (or those of a third party) andyour interests and fundamental rights do not override those interests.
We may also use your personal data inthe following situations, which are likely to be less common:
· wherewe need to protect your interests (or someone else’s interests);
· whereit is needed in the public interest or for official purposes.
In respect ofall disclosures of personal data, we will only share the personal informationwhich is necessary for the particular purpose for which it is provided, orwhere we have another legitimate interest in doing so, and we will ensure thatthe personal data is appropriately protected.
Inrespect of special categories of personal data, we may process this in thefollowing circumstances:
· inlimited circumstances with your explicit written consent; and/or
· wherewe need to carry out our legal obligations and in line with our policies;and/or
· whereit is needed in the public interest (such as for equal opportunities monitoringor in relation to our occupational pension scheme), and in line with ourpolicies; and/or
· whereit is needed to assess your working capacity on health grounds, subject toappropriate confidentiality safeguards.
Lesscommonly, we may process this type of information where it is needed inrelation to legal claims or where it is needed to protect your (or someoneelse’s) interests and you are not capable of giving your consent, or where youhave already made the information public. We may also process such information about our people (or former people)in the course of our legitimate business activities with the appropriatesafeguards.
Thespecial categories of personal data may be used in the following ways:
· inrelation to leaves of absence, to comply with employment and other laws;
· inrelation to your physical or mental health, or disability status, to ensureyour health and safety in the workplace and to assess your fitness to work, tomonitor, manage and administer benefits and absences;
· inrelation to your race, national or ethnic origin, religious, philosophical ormoral beliefs, or your sexual life or sexual orientation, to ensure meaningfulequal opportunity monitoring and reporting.
DISCLOSURE:
Personal data may be transferred toservice providers who support the operation of our business (such as payrollservice providers), to other third parties reasonably necessary in the conductof our business (including insurers, professional advisors, regulators). These third parties may be acting as our processor,or as a controller of personal data in their own right. Personal data may also be shared with ourclients in offering or in the provision of legal services.
In respect of all disclosures ofpersonal data, we will only share the personal information which is necessaryfor the particular purpose for which it is provided, or where we have anotherlegitimate interest in doing so, and we will ensure that the personal data isappropriately protected.
RETENTION PERIOD:
We will keep personal data only for aslong as is necessary to fulfil the purposes for which we collected it,including for the purposes of satisfying any legal, accounting or reportingrequirements. We will normally keep personal data of applicants who we do notemploy for six months after we receive it.
We will keep personal data of employeesthroughout your employment and normally for a minimum of six years after youremployment ends.
3. Changes to your personal data
It is very important that the personalinformation that we hold about you is accurate and current. Please tell us if your personal informationchanges during your relationship with us.
4. Data Security
We have put in place measures to preventyour personal data from being accidentally lost, used or accessed in anunauthorised way, altered or disclosed. In addition, we limit access to your personal data to those of ourpeople and other third parties who have a business need to know. They will onlyprocess your personal data on our instructions and where they have agreed totreat the information confidentially and to keep it secure. We have put in place procedures to dealwith any suspected data security breach and will notify you and the ICO of asuspected breach where we are legally required to do so.
5. Where we store your personal data
We principally store data, bothelectronically and on file. Files arenormally kept at our offices, with archive storage for historic fileslocally. The servers used for ourelectronic storage is London, UK.
Personal data may be transferred outsideof the EEA by us (for example to Intercom Inc in the United States) or byprocessors acting on our behalf. Fortransfers to countries not considered adequate by the EC, we will ensure that personaldata is adequately protected, as required by the data protection legislation. This would include by use of the StandardContractual Clauses adopted by the EC to protect personal data.
6. Your rights
Under certain circumstances, you havethe right by law to request:
· access to your personal data. This enables you to ask to receive a copy ofthe personal data that we hold about you and to check that we are lawfullyprocessing it.
· correction of the personal data that we hold aboutyou.
· erasure of your personal data.
· Object to processing of your personal data where we arerelying on our legitimate interest and there is something about your particularsituation which makes you want to object to processing on this ground. You also have the right to object where weare processing your personal information for direct marketing purposes.
· restriction of processing of your personal data.
· transfer of your personal data to another party.
7. Links from our website
Our website may, from time to time,contain links to and from the websites of third parties that we permit to makesuch links. If you follow a link to anyof these websites, please note that these websites have their own privacy policiesand that we do not accept any responsibility or liability for thesepolicies. We recommend that you checkthese policies before you submit any personal data to these websites.
CHANGES TO THIS PRIVACYPOLICY
Anychanges we may make to our privacy policy in the future will be posted on ourwebsite, so please ensure that you are viewing the correct version.
Pleasecontact us if you have any questions, comments or requests regarding thisPrivacy Policy.
COOKIES POLICY
(lastamended 20th January 2020)
Cookies are small textfiles stored on your computer or mobile device when you visit a website. Our website uses cookies for a number ofpurposes, including to improve your access to and use of this site. The law states that we can store cookies onyour device if they are strictly necessary for the operation of the site. For all other cookies, we need yourpermission.
We provide a link onour website describing all the cookies we use and how to disable the singleadvertising cookie running on our site. All cookies bar the You Tube cookies(for displaying video content) are Essential or Performance Cookies whichenable the User to submit Enquiries.
NECESSARYCOOKIES:
Necessary cookies areessential for our website to work. Necessary cookies enable the core functionality of the site, such assecurity, network management and accessibility. You can choose to disable our necessary cookies by changing your browsersettings, but this will affect how our website functions.
www.monday.comwho provide our web forms for the manual collection of data. Users choose touse these forms and consequently the cookie. The cookie is not used foranything other function. Disabling this cookie will stop the User fromsubmitting any Sales or Customer Service Enquiries.
PERFORMANCE/ANALYTICSCOOKIES:
We use aperformance/analytical cookie from Intercom Inc (“Intercom”) as detailed below.Technical crash data for logged in users is sent to Intercom when theapplication encounters an error that crashes the webpage. When a crash occurs,several actions leading up to the event are recorded including:
· the type of actions the user took;
· error codes and diagnostics;
· the webpage address and browser beingused.
We also use Intercom as a third-party analyticservice to help us understand your usage of our services. Intercom analysesyour use of our website and/or product and tracks our relationship by using intercom-id-[app_id]and intercom-session-[app_id] to determine unique annonymous vistorsto www.conxtd.comand how long their session was.
For more informationon Intercom’s use of cookies, please visit https://www.intercom.com/terms-and-policies#cookie-policy
FUNCTIONALCOOKIES:
Conxtd stores usersession details from its system (admin.conxtd.com) into a cookie (CONXTDSession Cookie) on the Conxtd platform (app.conxtd.com). This cookie is for thebenefit of users that are logged in to our system.
By default, the cookieis stored for the duration of the browser session and then destroyed. Users canconfigure cookies to be persistent at their own discretion.
The details stored bythe cookie are as follows:
· user email address;
· first name and surname;
· avatar URL;
· language;
· timezone;
· conxtd ID (our user identifier);
· user type
ADVERTISING/TARGETTINGCOOKIES:
We use You Tube(www.youtube.com) to display video on our website. You Tube has a sessioncookie associated to their embedded player. You Tube uses advertising withinthese videos which includes their cookie. Disabling this cookie will stop YouTube working on our site.
TURNINGCOOKIES OFF:
Users can switch mostcookies off by adjusting your browser settings to stop it from acceptingcookies. Switching off cookies willlikely limit the functionality of our and a large proportion of other websites. To find out more about cookies, including howto see what cookies have been stored and how to manage and delete them, visithttp://www.allaboutcookies.org/.
APPENDIXONE
THIRDPARTY PROVIDERS
System
Description
Personal data shared
One Signal
Notification service provider
Player ID associated with device
Send Grid
Email notification service provider
Email address
PostMarkApp
Transactional email service provider (Invite emails)
Email address
One Signal
Certifications/ standards
GDPR compliant
Signed DPA
Fullinformation available: https://onesignal.com/privacy_policy
SendGrid
Certifications/ standards
ServiceOrganizations Controls (Soc2)
Cloud SecurityAlliance
Fullinformation available: https://sendgrid.com/policies/security/
PostMarkApp
Certifications/ standards
EU-U.S. andSwiss-U.S. Privacy Shield compliance
Fullinformation available: https://postmarkapp.com/why/security