Comms365 takes seriously the privacy and personal data of our clients, suppliers, visitors and employment applicants. As the data controller, Comms365 (referred to in this Policy as “we”, “our” or “us”) endeavours to ensure that we are open and honest about how we use individual’s personal information. It is our responsibility to safeguard this information in accordance with the GDPR and Data Protection Act 2018. This Policy is intended to provide detailed information on how we store and use your personal data, including your rights as a data subject when you visit our website or use any of our services.
WHAT PERSONAL DATA DO WE COLLECT AND WHY?
|Data Subject||Type of Data||Why we need it|
|Direct Customers and Partners (including web-shop customers and, potential customers and partners)||Name, job title and contact information||To manage our sales activities including order processing and onsite visits.
To market our products, services and events. To collect feedback and insight through a survey invite. To provide you with a CommsPortal account so that you can monitor your data usage.
To provide you with a Helpdesk account so that you can raise a support request.
To respond to and act on any queries about our services, our products or training.
|Billing information||To process payment for our products.|
|CommsPortal username and password, IoT hardware data (if you are a client, depending on the type of service you have with us, this may include data relating to your customers).
IP address (collected via Google Analytics).
|For the provision, maintenance and operation of CommsPortal.
To process and provide you with additional IoT analysis and statistics.
To monitor the use of our platform.
|Suppliers||Name, job title and contact information||For the provision and maintenance of relevant products and services to our customers.|
|Job Applicants||Full name, employment history, contact information||To recruit and hire potential employees.|
|Visitors to our offices||Face, appearance, name, signature, date and time of visit||To maintain the security of our premises.|
|Visitors to Comms365 website||IP address (collected via Google Analytics). Please see our Cookies Policy for information on the type of cookies we collect and how to turn this function off.||To maintain, monitor and improve the performance and use of our website.|
|Website ‘Contact’ form users||Name, contact number and any other personal information you choose to disclose.||To provide a response to your query|
|Webinar Registrations||Name, Job Title, Company, Email Address||To register you for any webinars you sign up to.|
|Newsletter Subscriptions||Name, Job Title, Company, Email Address||To register you to receive our e-newsletter|
We also collect information to determine potential customers, partners and suppliers from third party sources for lead generation. These include professional networking platforms, credit reference agencies and business directories.
WHAT IS OUR LAWFUL BASIS FOR PROCESSING PERSONAL DATA?
We rely on legitimate interests to process personal data for the reasons set out above and below:
- For the promotion of our services, products and events to develop and grow our business.
- For the management of our relationship and communication with you as a customer/supplier/partner/job applicant.
- To carry out due diligence checks on prospective clients and suppliers.
- For the safety and security of our employees and visitors.
When you sign up to a survey or webinar, we rely on your consent to process your personal data.
We will use your details to market and promote our services to you. In any written marketing communication, we will always give you the option to unsubscribe. You can also do this by contacting us using the details below.
WHO IS YOUR PERSONAL DATA SHARED WITH?
We will sometimes share personal information with the following third parties;
- Email application and marketing software providers
- File hosting service
- Hosted service management portal
If you agree to us contacting you for marketing purposes, your personal details may also be shared with other UK based companies that provide marketing consultancy services to us. Where this is the case, any marketing communication you receive will come directly from us.
We will only share information with companies who comply with the Data Protection Act 2018 and GDPR.
PERSONAL DATA TRANSFERS OUTSIDE THE EUROPEAN ECONOMIC AREA (EEA)
We are responsible for protecting the security of all personal information in our control including personal information which is transferred outside the EEA. Whilst most of our data-sharing parties process personal information within the EEA, some of these providers process information that is stored in back-up servers located in the United States. This information is safeguarded under their memberships of the EU-US Privacy Shield.
HOW LONG WILL WE KEEP YOUR PERSONAL DATA FOR?
Your data will be kept for six years after the end of our relationship with you / end of your order term.
If you have a CommsPortal account with us, any personal data stored on CommsPortal will be deleted as soon as your service has been cancelled.
If you have raised a CommsPortal Helpdesk ticket, these will be deleted six years after the tickets have been closed.
The information we use to bill you for our services will be deleted after a period of six years from the date of your last invoice.
Where we have identified you as a potential customer/partner/supplier, we will keep your data for a period of six months in the case of inactivity.
If unsuccessful, your personal data will be deleted immediately after review unless you agree to allow us to keep your personal data on file for consideration for future employment. Any recruitment records arising from the interview process will be deleted after a period of six months.
Visitors to our offices
The information collected from our CCTV at the time of your visit to our office is recorded for a 30-day period. Other information relating to the date and time of your visit is kept for a period of 12 months.
Website ‘Contact Us’ form users
Your data will be kept for six years after your query has been resolved.
YOUR RIGHTS AS A DATA SUBJECT
Your rights include:
- The right to access to a copy of the personal data we hold about you at any time (Subject Access Request, (SAR). A SAR can be made verbally or in writing. We will respond to you within one month of the date of your request. If you would like to make a SAR, please contact us via email, telephone or in writing using the details below.
- The right to have any of the personal data we hold about you rectified or completed if incomplete. Where relevant, any changes will be communicated to the parties with whom your data has been shared.
- The right to be forgotten, where the processing is no longer necessary for the purpose it was originally collected for; where there is no over-riding legitimate interest to continue processing the data; or where the processing is unlawful.
- The right to restrict processing; where the information is inaccurate; or where the processing is unlawful.
- The right to request a transfer of your personal information to another party.
- The right to object to the processing of your personal data where the processing is based on legitimate interests.
- Rights in relation to automated decision making and profiling.
HOW TO CONTACT US
South House 3
WHERE TO COMPLAIN
CHANGES TO THIS POLICY
We may change this policy from time to time. Please refer to our website for the most up to date version. If there are any significant changes, we will notify you by email or in writing.
15 April 2019