Disclaimer | Privacy Statement
The protection and privacy of the personal data that we process is of utmost importance and we are constantly striving to maintain and improve our commitment to data security and privacy. We have also committed to meeting the requirements of the EU’s General Data Protection Regulations (GDPR).
2. How we collect and process personal data
CTL collects and is the controller for:
- Emails sent from our web site;
- Personal contact information of employees of companies and other third parties with whom we are working;
- Personal contact information of other people to whom we send marketing information, collected through a variety of means.
For each type of information that we collect, we identify the lawful basis for its collection and processing and have described these in the sections below.
Where we say that we have a legitimate interest, this means that it is in the interest of our business, to enable us to give you the best service. We make sure that we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests.
Where we say that we collect the data with your consent, we rely on you providing consent for us to process your information. When we ask for your consent, we will be clear about what you are consenting to and ask you to make a positive choice to opt in. You have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of our processing based on consent before its withdrawal.
CTL will not share personal data with any other third parties without your separate permission.
2.1 Visitors to our website
By sending us an electronic mail message, you may be sending us personal information (e.g. – name, address, email address). We may store this information from the sender in order to respond to any query or to otherwise resolve the subject matter of the email.
2.2 Personal contact information of employees of companies and other third parties with which we are working
CTL collects business contact information including name, telephone and email addresses of business contacts.
CTL collects this data with legitimate interest as part of its business operations, for instance as part of the sales process, CTL implementations projects, and interactions with suppliers and other partners. Information will be used to deliver our products and services to you. We may also use this information to send you marketing information. You can opt out of this at any time by contacting us at the address below.
2.3 Personal contact information of other people that we send marketing information to
CTL collects personal contact information including name, telephone and email addresses of business contacts. Typically, these will be business contact details.
We may collect this personal contact information from third party websites such as industry forums and conference attendee lists and may use this to send you information about our products and services. We will ask for your consent for this. You can opt out of this at any time by contacting us at the address below.
3. Your rights as a data subject
The General Data Protection Regulations (GDPR) applies to the processing of personal data of data subjects who are in the European Union and grants them the following rights:
- Right of access to your personal data;
- The right to have inaccurate personal data rectified or completed if it is incomplete;
- The right to have your personal data erased in certain circumstances;
- The right to restrict our processing of your data in certain circumstances;
- The right to obtain and reuse your personal data for your own purposes in certain circumstances;
- The right to object to our processing of your data in certain circumstances;
- The right not to be subject to a decision based solely on automated processing, including profiling, which CTL does not do.
3.1 Accessing your personal information
Any individual who wishes to access the personal information CTL hold on him or her is able to make a Subject Access Request (SAR).
If we do hold information about you in a relevant filing system, we will:
- Give you a description of it;
- Tell you why we are holding it;
- Tell you who it could be disclosed to; and
- Let you have a copy of the information in an intelligible form.
If you wish to make a request for any personal information we may hold please contact us by email at email@example.com.
3.2 Your right to object
Where we are using a legitimate interest to process your data, you have a right to object to our processing at any time, on grounds relating to your particular situation. In this instance, we will no longer process your data unless:
- We are able to demonstrate our compelling legitimate grounds for the processing which override your interests, rights and freedoms; or
- Your data is necessary for our establishment, exercise or defence of legal claims
Above exceptions will not be applied if the purpose of our processing is direct marketing based on legitimate interest. This means that we will stop processing your data immediately without any conditions.
You can object in writing to the Data Protection Officer at the above address. We will provide you with information on action taken on your request without undue delay and in any event within one month of receipt of your request.
3.3 Your other rights
If we do hold information about you, you can ask us to correct any mistakes by, once again, contacting the Data Protection Officer at the same address. You can also ask to exercise your other rights. If we cannot comply with your request, we will tell you why.
4. Complaints or queries
We take the collection and processing of personal data very seriously and encourage individuals and/or organisations to bring to our attention any aspect of our operations that they feel collects or processes personal data in an unfair, misleading or inappropriate way.
This privacy notice is written to provide clarity and ensure our key processing activities are clear and understood. It does not provide all aspects of processing and use of personal data.
For any complaints, queries or requests for information please contact us by email at firstname.lastname@example.org.
You also have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (https://ico.org.uk). Please read: https://ico.org.uk/for-the-public/raising-concerns/ for details of how to do this. We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
5. Data locations
We may store, process or access data using Microsoft OneDrive and these may be outside of the local jurisdiction in which it was collected. For EU citizens, this means data may be transferred outside of the European Economic Area (EEA). Microsoft Corporation states, in its Privacy Statement, that it complies with the EU-US Privacy Shield Framework, the purpose of which is to protect the fundamental rights of anyone in the EU whose personal data is transferred to the United States for commercial purposes. For further details, see European Commission: EU-US Privacy Shield.
6. Data retention: how long we keep your personal data
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
We periodically review the data that we hold to ensure that we are not holding any information for any longer than necessary for its purpose.