Click CMS Ltd are committed to protecting your privacy and complying with the General Data Protection Regulation 2018. The main aim of the legislation is to provide a set of standardised data protection laws across EU member countries. It affects all companies collecting, processing and storing personal information.
Click CMS Ltd needs to collect and use certain information about individuals. These can include associates, employees, suppliers, and other people the organisation has a relationship with or may need to contact for such purposes in the conduct of its legitimate business interests. This notice describes how personal information is collected, processed and stored to comply with legal requirements.
Click CMS Ltd will adhere to the Principles of the Data Protection as stated by the Information Commissioner’s Office (ICO). Specifically, the Principles require that personal information must be:
- processed lawfully, fairly and in a transparent manner
- obtained only for specified, explicit and legitimate purposes
- adequate, relevant and not excessive
- accurate and kept up to date
- not be held for longer than is necessary
- processed in line with the rights and freedoms of the individual
- processed and stored securely
The Principles for Transfer confirm that Personal Information should not be transferred outside the EU Area unless the organisation receiving the information has provided adequate safeguards and the individual can enforce their rights following the transfer of information.
We collect personal information from you that is given voluntarily when you wish to use our Services. We do not consider personal information to include information that has been anonymised or aggregated so that it can no longer be used to identify a specific person. Information collected can include;
- Names of individuals
- Postal addresses
- Email addresses
- Telephone numbers
- Other information relating to individuals according to the relationship e.g. Curriculum Vitae, DBS information, date of birth, bank details, accountant name and contact information, passport and NI numbers.
We use your personal information to provide you with our Services and fulfil contracts in pursuit of our legitimate business interests where your rights and freedoms do not outweigh these interests. We also use it to comply with our legal obligations, to protect your vital interests, or as may be required for the public good. Therefore, we do not require additional consent to continue with processing your information. We have implemented controls to ensure we balance our interests with your rights.
We will process your information;
- To provide our services (and sector updates such as Newsletters) that you require as described when we collect information from you and as you would expect on an on-going basis as an Associate or business entity working with Click.
- To carry out any payment processing and financial management.
- To operate, measure and improve our Services and keep them current, safe, secure and operational.
- To contact you regarding your information in order to make any updates, troubleshoot any problems and generally provide you with customer service.
- When contacting you for such purposes as outlined above, we may contact you via email, telephone, SMS/text messages, postal mail, and other media options such as Skype.
The lawful bases for processing are set out in Article 6 of the GDPR. At least one of these must apply whenever personal data is processed:
(a) Consent: the individual has given clear consent for you to process their personal data for a specific purpose.
(b) Contract: the processing is necessary for a contract you have with the individual, or because they have asked you to take specific steps before entering into a contract.
(c) Legal obligation: the processing is necessary for you to comply with the law (not including contractual obligations).
(d) Vital interests: the processing is necessary to protect someone’s life.
(e) Public task: the processing is necessary for you to perform a task in the public interest or for your official functions, and the task or function has a clear basis in law.
(f) Legitimate interests: the processing is necessary for your legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests. (This cannot apply if you are a public authority processing data to perform your official tasks.)
We protect your personal information using technical and administrative security measures to reduce the risks of loss, misuse, unauthorised access, disclosure and alteration. Some of the safeguards we use include firewalls and passwords to access data, also physical access controls and information access authorisation controls.
When stored electronically:
- Data will be kept securely
- Data will only be stored on designated devices/servers
- Data will be backed up frequently and the backups kept securely
- Devices connected to the internet and containing data will be protected by approved security software and a firewall
When data is stored on paper:
- The paper or files will be kept securely when not in use.
- When no longer required, papers will be disposed of securely.
Part of the obligation under the GDPR include ‘Confidentiality, integrity and availability’ to ensure;
- the data can be accessed, altered, disclosed or deleted only by those you have authorised to do so (and that those people only act within the scope of the authority you give them);
- the data you hold is accurate and complete in relation to why you are processing it; and
- the data remains accessible and usable, ie, if personal data is accidentally lost, altered or destroyed, you should be able to recover it and therefore prevent any damage or distress to the individuals concerned.
4. Choice, Access & Control
You have choices about how we use your personal information.
- The right to be informed about how we use your data
- The right of access to your personal information
- The right to rectification of the Personal Information we hold on you
- The right to erasure of your Personal Information other than that which we are required by contract, law and accounting purposes to hold
- The right to restrict processing of Personal Information other than that which we required by contract, law and accounting purposes to process
- The right to data portability by advising us of what Personal Information you would like in order to copy/move elsewhere
- The right to object to the processing of Personal Information as is legally possible
- Rights in relation to automated decision making and profiling – where automated systems make decisions regarding things about an individual without human intervention.
You are able to request access, make changes or withdraw the Personal Information Click holds on you or make changes to the methods of communication we use to contact you. You can request to change, restrict or withdraw your information at any time by emailing Click at: firstname.lastname@example.org, however, you must note that this could affect the Services that Click are able to offer you according to the changes you request and that certain information is required for Click to comply with our contractual, accounting and legal obligations, protection of your vital interests, or as may be required for the public good.
All individuals who are the subject of personal data held by Click CMS Ltd are entitled to:
- Ask what information the company holds about them, why and how it is used.
- Be informed on how to keep it up to date.
- Be informed how the company is meeting its data protection obligations.
If an individual contacts the company requesting this information then:
- The data controller will always verify the identity of anyone making a subject access request before handing over any information.
- The first request will be supplied free of charge, subsequent requests may be charged at £10 per subject access request.
- The data controller will aim to provide the relevant data within 14 days.
Communications may frequently be made to you by Click CMS Ltd for such purposes as the processing of your Personal data and for the purposes outlined above in point 4. We may contact you via email, telephone, SMS/text messages, postal mail, and other media options such as Skype. Therefore, if you wish to restrict the methods we use to contact you then you should contact Click in writing by email to: email@example.com
Click CMS Ltd takes reasonable steps to ensure data is kept accurate and up to date by:
- Asking staff to take every opportunity to ensure data is accurate and updated
- Ensuring data is corrected as soon as inaccuracies are discovered
Disclosure of your Personal Information may be required for us to provide you access to our Services and to comply with our contractual, legal and accounting obligations. We attempt to minimise the amount of personal information we disclose to what is directly relevant and necessary to accomplish the specified purpose. We do not otherwise disclose your personal information to third parties without your consent.
We retain your personal information for as long as necessary to provide the Services you require, or for other essential purposes such as complying with our contractual, legal and accounting obligations, once it is no longer necessary for us to retain your personal information, we will dispose of it in a secure manner.
The GDPR introduces a duty on all organisations to report certain types of personal data breach to the relevant supervisory authority. This must be done within 72 hours of Click becoming aware of the breach, where feasible. If the breach is likely to result in a high risk of adversely affecting individuals’ rights and freedoms, then we must also inform those individuals without undue delay.
Everyone who works for Click CMS Ltd has some responsibility for ensuring data is collected, processed and stored appropriately.
However, these people have key areas of responsibility:
The Company Owner/Managing Director is ultimately responsible for:
- Ensuring that Click CMS Ltd meets its legal obligations.
- Appointing a Data Protection Officer
The Data Protection Officer is responsible for:
- Overseeing the whole of data and privacy operations and ensuring the business is always compliant. This includes staff, Associates, Clients, Suppliers, 3rd party Authorities and Regulatory bodies and any other relevant organisation associated with the GDPR compliance.
Data Processors (All staff who handle data) are responsible for:
- Learning the procedures that cover Data Protection.
- Keeping data secure, by following the data procedures.
- Making sure data is regularly reviewed and updated. If it is no longer required, it should be deleted and disposed of securely according to procedures.
- Requesting help if they are unsure about any aspect of data protection.
- Taking reasonable steps to ensure data is kept as accurate and up to date as possible.
Click also remain aware of Privacy by Design during their activities - The ICO encourages organisations to ensure that privacy and data protection is a key consideration in the early stages and development of:
- building new IT systems for storing or accessing personal data;
- developing legislation, policy or strategies that have privacy implications;
- embarking on a data sharing initiative; or
- using data for new purposes.
A cookie is a small file which asks permission to be placed on your computer's hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences. We use traffic log cookies to identify which pages are being used most often. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system. Overall, cookies help us provide you with a better website experience, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us. You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.
These cookies are used to collect information about how visitors use our site. We use the information to compile reports and to help us improve the site. The cookies collect information in an anonymous form, including the number of visitors to the site, how visitors arrived at the site, e.g. search engine, via links on another site, and the pages they visit while on this site. You can find out more about this cookie by visiting the relevant Google pages.
Click CMS Site Cookie Acceptance
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. We cannot be held responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
We reserve the right to update or alter this Notice at any time as it is found necessary in order to reflect best practice in data management, security and control and to ensure compliance with any changes or amendments made to the General Data Protection Regulation 2018. The update will be available on the website at the time of any change.
In case of any complaints, queries or questions in relation to this Notice please contact;
Click CMS Ltd at: firstname.lastname@example.org or call the office on: 0121 643 8988.