This notice explains how information about you is used. References to ‘you’ means the person reading this policy.
The information we gather
CANCOM UK gathers certain information about you. Information about you is also used by our affiliated entities and group companies. In this notice, references to ‘we’ or ‘us’ means CANCOM UK and our group companies.
Information that we gather about you may include your name, contact details, job title, plus dietary requirements and CV submissions for example, depending on how you wish to engage with us. The provision of information by you is entirely voluntary.
We may also obtain information about you from third parties, such as our group companies and service providers.
Information about third parties
Information we process as described in this notice may also include information about third parties such as your employees, directors and other officers whose details you supply to us.
Systems used to process data
We gather information directly from you and via our website and other technical systems. These may include, for example, our:
- computer networks and connections
- CCTV and access control systems
- communications systems
- remote access systems
- email and instant messaging systems
- intranet and Internet facilities
- telephones, voicemail, mobile phone records
Some limited personal data may be collected from monitoring devices and systems such as closed-circuit TV and door entry systems.
When you use our website, we may gather information about you through Internet access logs, cookies and other technical means. ‘Cookies’ are text files placed on your computer to collect Internet log information and user behaviour information. These are used to track website usage and monitor website activity and for other data processing reasons set out below.
Reasons for processing
We process information about you for the following reasons:
- compliance with legal, regulatory and corporate governance obligations and good practice
- ensuring business policies are adhered to (such as policies covering security and Internet use)
- operational reasons, such as recording transactions, training and quality control
- ensuring the confidentiality of commercially sensitive information
- statistical analysis
- preventing unauthorised access and modifications to systems
- checking references
- ensuring safe working practices, monitoring and managing staff access to systems and facilities and staff absences
- staff administration and assessments, monitoring staff conduct, disciplinary matters
- processing customer or third-party data,
- marketing our business and those of our group companies
- analysing purchasing preferences and improving services
- providing customer services
Disclosures and exchange of information
We may disclose and exchange information with our group companies, credit reference agencies, service providers, representatives and agents for the above reasons.
Information may be held at our offices and those of our group companies, and third-party credit reference agencies, service providers, representatives and agents as described above.
For our UK based customers any data shared outside of the EU is covered under the Privacy Shield Agreement, apart from when some data is transferred to meet the needs of an international project. This is done with prior awareness of the customer.
We have security measures in place to seek to ensure that there is appropriate security for information we hold including those measures detailed in our information security and data protection or privacy policies. You can review these by contacting firstname.lastname@example.org.
We do not knowingly collect personal data relating to children under the age of 16. If you are a parent or guardian of a child under the age of 16 and think that we may have information relating to that child, please contact us at email@example.com. We will ask you to prove your relationship to the child but if you do so you may (subject to applicable law) request access to and deletion of that child’s personal data.
Sensitive personal data
You may also supply us with sensitive personal data, such as, racial or ethnic origin, religious or similar beliefs, physical or mental health, or criminal record which is gathered for the following purposes: recruitment, administering our health insurance scheme, equal opportunities monitoring.
We will usually only collect and record sensitive personal data with your prior consent. However, occasionally we may do so without consent where required or permitted to do so by applicable law (e.g. to comply with diversity reporting requirements). We may disclose your sensitive personal data to relevant parties to meet insurance or compliance requirements.
We retain your personal information for as long as necessary to provide the services and solutions to fulfill the transactions you have requested, and for other essential purposes such as complying with our legal obligations, maintaining business and financial records, resolving disputes, maintaining security, detecting and preventing fraud and abuse, and enforcing our agreements.
Information relating to you will be used to notify you by post, email or other electronic means of our relevant services and solutions and those of our group companies and third-party business partners, in which we believe you may be interested. You can withdraw your consent to use of personal data for marketing at any time by contacting us at firstname.lastname@example.org. We do not purchase or sell any data to or from third parties under any circumstances.
Please contact OCSL via the means below if you would like to correct, remove or request (in accordance with applicable law) information that we hold relating to you or if you have any questions in relation to the above. We will respond to any requests within one calendar month, in line with GDPR requirements.
Data Protection Officer
New Pound Common
Last updated: 15 April 2019