Credo Digital Services Limited Privacy Notice
This Privacy Notice is for Credo Digital Services Limited company incorporated in England and Wales with registered number 13874126 whose registered address is 17 Erdington Way, Toton, Nottingham, NG9 6JY (the Business).
The Business’s contact details
Name: Robert Deans (director and data protection officer)
Address: 17 Erdington Way, Toton, Nottingham, NG9 6JY.
The type of personal information the Business collects
The Business may collect and use the following personal information about you:
- name, home address, contact details;
- telephone, email, internet, fax or instant messenger use;
- card number, expiry date and CVV (for clients paying by card);
- information provided by clients and respondents in forms, questionnaires, video recordings or similar documents;
- Business’s product/service selection and order history;
- records of communication with the business and information contained in these records;
- contact details for their next of kin (for employees);
- recruitment (including your application form or curriculum vitae, references received and details of your qualifications);
- pay records, national insurance number and details of taxes and any employment benefits such as pension and health insurance (including details of any claims made);
- performance and any disciplinary matters, grievances, complaints or concerns in which you are involved;
- bank account details (for clients paying by bank transfer)
- IP addresses gathered through Google Analytics including those gathered during testing.
- pseudonymous data such as user IDs, hashed / encrypted data and transaction IDs gathered through Google Analytics.
- Information from Cookies used on the website. Please see below for more information.
The Business may also collect the information revealing or concerning the following matters (“Sensitive information”)
- personal data revealing racial or ethnic origin;
- personal data revealing political opinions;
- personal data revealing religious or philosophical beliefs;
- personal data revealing trade union membership;
- genetic data;
- biometric data (where used for identification purposes);
- data concerning health;
- data concerning a person’s sex life; and
- data concerning a person’s sexual orientation.
The Business may only process your Sensitive information if it has one of the lawful bases listed below and one of the following conditions also applies:
(a) You have given the Business an explicit consent;
(b) Processing is required for the purposes of employment, social security and social protection (if authorised by law)
(c) The information was made public by you
(d) Processing is required in connection with a legal claim or judicial acts
(e) There is substantial public interest with a basis in law
How the Business gets the personal information and why it has it
Most of the personal information the Business processes is provided to it directly by you for one of the following reasons:
- To order its services;
- To take part in surveys or research carried out by the Business;
- To take up employment with the Business;
- To make a payment to the Business;
- To facilitate working with the Business.
The Business may also receive personal information indirectly, from the following sources in the following scenarios:
- The Business’s clients.
The Business uses the information that you have given it or one of its counter-agents have given it in order to:
- Perform its contractual undertakings to you or a third party to whom you have provided your personal information, keep records of contracts, payments and consent;
- Contact you to provide marketing information, ask for your feedback, respond to your queries and facilitate working relationships;
- Research and studies including to develop the business;
- Address any claims against the Business;
- Carry out security checks;
- Managing employment matters;
- To comply with the Business’s legal obligations.
Please note that if the Business needs your information to perform a contract with you, the Business will not be able to perform it unless you provide the required information.
The Business may share this information with its clients, consultants and professional advisers. They will agree to the terms of the Business’s Data Protection and Data Security Policy or the Business will make sure that they have appropriate policy in place as well as appropriate measures to keep your information safe and secure.
For processing your information, the Business relies on one or a combination of several of the following bases:
(a) Your consent. You are able to remove your consent at any time. You can do this by contacting Robert Deans (director and data protection officer) at: firstname.lastname@example.org.
(b) The Business has a contractual obligation.
(c) The Business has a legal obligation.
(d) The Business has a legitimate interest.
How the Business stores your personal information
The Business has appropriate security measures in place to prevent personal information from being accidentally lost, used, or accessed in an unauthorised way. The Business will limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
The Business also has procedures in place to deal with any suspected data security breach. The Business will notify you and any applicable regulator of a suspected data security breach where it is legally required to do so.
Information may be held at the Business’s registered business address, third-party agencies, service providers, representatives and agents as described above. The information may also be stored in the appropriate cloud solution.
Keeping your information
The Business is required by law to keep your personal information only for as long as is necessary for the purposes for which it is using it. The period for which the Business keeps your personal information will be determined by a number of criteria, including the purposes for which it is using the information, the amount and sensitivity of the information, the potential risk from any unauthorised use or disclosure of the information, and its legal and regulatory obligations.
The Business will then dispose your information by physically destroying any carrier of personal information such as paper or any physical storage device. Paper documents should be shredded and CDs or similar must be rendered permanently unreadable.
Any files will be destroyed beyond recovery.
Your data protection rights
Under data protection law, you have rights including:
Your right of access – You have the right to ask the Business for copies of your personal information.
Your right to rectification – You have the right to ask the Business to rectify personal information you think is inaccurate. You also have the right to ask the Business to complete information you think is incomplete.
Your right to erasure – You have the right to ask the Business to erase your personal information in certain circumstances.
Your right to restriction of processing – You have the right to ask the Business to restrict the processing of your personal information in certain circumstances.
Your right to object to processing – You have the the right to object to the processing of your personal information in certain circumstances.
Your right to data portability – You have the right to ask that the Business transfer the personal information you gave it to another organisation, or to you, in certain circumstances.
Homeworking and Remote working
All staff comply with duties and obligations with regard to confidentiality, data protection.
All staff are responsible for maintaining the security and confidentiality of any business-
related resources, equipment or information. In particular:
- Staff must ensure that appropriate technical and practical measures are in place within
the home to maintain the continued security and confidentiality of that information.
- Personal and confidential information must be kept in a secure or locked environment, where it cannot be accessed by family members or visitors in order to:
- avoid damage or loss, and
- maintain business confidentiality.
You are not required to pay any charge for exercising your rights. If you make a request, the Business will aim to respond to you within one month.
Please contact Robert Deans (director and data protection officer) at: email@example.com if you wish to make a request.
The business uses necessary cookies to make our site work. Cookies are small text files placed on your device (e.g., computer, smartphone or other electronic device) when you use our website. They enable core functionality such as security, network management, and accessibility. You may disable these by changing your browser settings, but this may affect how the website functions.
How to complain
If you have any concerns about the Business’s use of your personal information, you can make a complaint to us at firstname.lastname@example.org.
You can also complain to the ICO if you are unhappy with how the Business has used your data.
The ICO’s address:
Information Commissioner’s Office
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk