CORPORATE PRIVACY STATEMENT OF CTRL HUB LIMITED
REVIEWED IN MAY 2021
We, Ctrl Hub Limited (also referred to as we, us our in this document), are committed to protecting and respecting your privacy. For the purposes of this policy ‘you’ are our customers or individuals who supply personal information to us in order to communicate with us.
- through our website www.ctrl-hub.com (our “Site”);
- when you communicate with us by email or telephone;
- when you enter into contracts with us to use our Platform (the “Platform”).
For the purposes of data protection legislation (the Data Protection Act 2018), we are the controller of this personal information. This means that we determine the purposes and means of the processing of this personal data.
Please note that when you enter into a contract with us for the use of the Platform, you and your employees will upload personal data during day to day use of the application. We simply process this personal information on your behalf and you remain the controller of this data. The full terms on which we process the information uploaded to the Platform are contained in our Platform privacy statement (available on the platform) and in your service agreement with us. When you become a client we also hold some personal data about your employees so that we can administer the contract. In relation to that data we act as a controller and perform the activities set out in this policy.
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact the Information Commissioner’s Office on 03031231113 or via the complaints mechanism on their website www.ico.org.uk.
WHAT IS PERSONAL INFORMATION?
We consider the following to be personal information: name, identification number, phone number, job title and e-mail address. It may also include less obvious information such as location data, an online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of a natural person. We treat personal information is confidentially.
COLLECTION OF PERSONAL INFORMATION THROUGH OUR SITES
Personal Information We Collect
Our Site does not collect personal information about you except for information that you voluntarily provide when you request a demo of the Platform or submit an email to us with comments or questions about our Site or product. We may set cookies from time to time to better gauge our readership level, please see our cookie information for further details.
COLLECTION OF PERSONAL INFORMATION FROM YOU WHEN YOU COMMUNICATE WITH US
We may collect personal information from you when you communicate with us by email, telephone or post. This could be to obtain some further information about any of our product or services or for another reason. Where it is appropriate to do so, this information may added to our marketing database (see MARKETING COMMUNICATIONS).
COLLECTION OF PERSONAL INFORMATION FROM OUR CUSTOMERS
We also collect personal data from you when you enter into a contract with us to use our Platform. In these circumstances we collect and process the following information about you:
Information you give us:
- when you, your company or your employer enters into a contract with us for the Platform;
- by corresponding with us by email or otherwise; and
- when a user account is created by you, or on your behalf, to access the Platform.
The information you give us may include your name, address, job title and organisation you work for, email address and phone number.
We use this information to:
- carry out our obligations arising from contracts entered into between you or your company and us and respond to customer service requests;
- administer your account;
- notify you about changes to our services; and
- send you a newsletter or information about other products we offer that are similar to those you have already purchased, provided you have agreed to receive such communications (see MARKETING COMMUNICATIONS).
We provide a support function to our clients through which you log any service issues associated with the Platform. To enable our helpdesk to respond quickly and efficiently, personal data will be collected from the individual logging the problem. Where necessary the helpdesk engineer will use this personal data logged to communicate with the individual in order to reach a resolution of the service issue.
DISCLOSURE OF YOUR PERSONAL INFORMATION
We use other third parties to process personal data on our behalf, for example we use Amazon Web Services to host the Platform (within the EEA). We will share your personal information only as necessary for the third party to provide us with that service.
We will ensure that our agreements with any such third parties contain appropriate data protection provisions so that personal information is processed only in accordance with our instructions and within the boundaries of the legal framework for data protection.
Other third parties
If we sell our business, or it undergoes a business transition, your personal information may be transferred to a third party as part of the process. Where this is likely to occur, we will endeavour to inform you in advance. If you are a customer, please see the terms on which we provide your service for further information.
You have the right to ask us not to process your personal data for marketing purposes. We will inform you (at the point of collecting your data or as soon as possible thereafter) if we intend to use your data for direct marketing purposes (i.e. providing you with details of other products and services which we feel may interest you) and you will have the option to refuse permission for us to do this. You can opt out of receiving any marketing communications from us at any time by clicking to ‘unsubscribe’ on any communication we send to you.
ACCESS TO PERSONAL INFORMATION
Your rights in connection with personal information
Under certain circumstances, by law you have the right to:
Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
Request the transfer of your personal information to another party.
If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact our client support team at email@example.com. If you are a client, you may also choose to deactivate your membership account.
No fee usually required
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
Right to Withdraw Consent
In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact our client support team at firstname.lastname@example.org. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
We have put in place measures to protect the security of your information. Details of these measures are available upon request. Third parties will only process your personal information on our instructions and where they have agreed to treat the information confidentially and to keep it secure.
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
How long will we use your information for?
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you. Once you are no longer a customer, of the company we will retain and securely destroy your personal information in accordance with applicable laws and regulations.
WHERE WE STORE YOUR PERSONAL DATA
Ctrl-Hub used Amazon Web Services to host the Platform on its secure servers in its data centre in the United Kingdom, consequently your personal data is never transferred outside of the European Economic Area (EEA). If you require more information about where we store your personal data, please contact us at email@example.com.
LINKS TO OTHER SITES
Our Site may, from time to time, contain links to and from other websites that are not owned or controlled by us. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
We use session ID cookies and persistent cookies. We use session ID cookies to make it easier for you to navigate our Sites. A session ID cookie expires when you close your browser. A persistent cookie remains on your hard drive for an extended period of time and enable us to track and target your interests to enhance your experience on our Sites. You can remove persistent cookies by following directions provided in your Internet browser’s “help” file.
If you reject cookies, you may still use our Sites, but your ability to use some areas of our Sites will be limited.
Clear Gifs (Web Beacons/Web Bugs)
Clear gifs are tiny graphics with a unique identifier, similar in function to cookies, and are used to track the online movements of web users. We use clear gifs in our HTML-based emails to let us know which emails have been opened by recipients. This allows us to gauge the effectiveness of certain communications and the effectiveness of our marketing campaigns. If you have elected not to receive marketing emails from us, clear gifs will not be used in any other communications with you.
Links to Other Sites
Our Sites may, from time to time, contain links to and from other websites that are not owned or controlled by us. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
We may update this privacy statement to reflect changes to our information practices or changes in applicable law. If we make any material changes we will notify you by email (sent to the e-mail address specified in your account) or by means of a prominent notice on this Site prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices.