Last Update: 25th May 2018
Please select your option, for further assistance mail us firstname.lastname@example.org.
Information Collection and Use
We may collect personally identifiable information when you visit or use our website/other pages or documents. You will generally be asked first before you provide any personally identifiable information. We may also receive personally identifiable information from our business partners, but they will be responsible for ensuring that any transfer of such information is in accordance with your wishes. We may also collect personally identifiable information about you or your organisation from publicly available data sources including, but not limited to Companies House, company websites, social networks and news articles. We may also automatically receive and record information on our server logs from your browser including your IP address, cookie information and the page(s) you requested.
We may use this information to register your interest in any CIPHR Limited product or service, to customise the content you see on our website, to fulfil your requests for certain services and information and to contact you. In particular, we may use the information to determine what is most effective about our site, to help us identify ways to improve it, and eventually, to determine how we can develop products and services offered by CIPHR Limited on our websites to make them more valuable and effective for you.
The personal information we collect will depend on the nature of the service we are providing and what we are contracted to do for you. Typically, this might include the following:
- Contact details (including your name, phone numbers, and email addresses)
- Professional information (such as job title, previous positions, and professional experience)
- Details of visits to our website (which enable our website to remember information about you and your preferences). Please read our ‘Cookies’ section below for further details.
We will use your contact details to reply to any requests you make or to contact you about outstanding orders or CIPHR Limited service issues. We may also use your contact details to keep you up to date with news about your current services, as well as anything you have indicated to CIPHR Limited that you have an interest in. We may also process your contact details to keep you informed about products, services, news events and other updates which we believe are likely to be of interest to you based on your role in an organisation. If you do not want to be contacted or kept informed by email or telephone, please contact email@example.com.
Processing, Sharing and Disclosure
CIPHR Limited is registered under the data protection laws in the United Kingdom and takes all reasonable care to prevent any unauthorised access to your personal data. Other than as set out below we will not pass your personally identifiable information to anyone outside CIPHR Limited. We will only send personally identifiable information about you to other companies or individuals:
- where we have your consent for the disclosure or
- in order to share your information to provide a product or service you have requested or
- in order to send the information to companies or individuals who work on behalf of CIPHR Limited or any subsidiary in connection with the provision of a product or service to you (unless we tell you differently. These companies or individuals will be instructed to not use the personally identifiable information we provide to them beyond what is necessary to assist us in this purpose).
The legal grounds for processing your personal data are as follows:
Security of your Personal Information
- It is necessary for the performance of a contract to which you are a party, or to take steps prior to entering into a contract with you. The agreement between you and CIPHR, which is outlined in our Terms and Conditions, sets out the terms of the contract and the services we will provide.
- It is necessary for the purposes of our legitimate interests, except where our interests are overridden by the interests, rights or freedoms of affected individuals (such as you). To determine this we shall consider a number of factors, such as what you were told at the time you provided your data, what your expectations are about the processing of the data, the nature of the data, and the impact of the processing on you.
- It is necessary in order to comply with mandatory legal obligations to which we are subject under EU or UK law.
CIPHR Limited is committed to protecting the security of your personal information. We use a variety of security technologies, policies and procedures to help protect your personal information from unauthorised access, use or disclosure. For example, we store the personal information you provide in computer servers with limited access that are located in controlled facilities. When we transmit sensitive information over the internet, we protect it through the use of encryption, such as the Transport Layer Security (TLS) protocol. TLS is an industry standard to ensure internet messages are not intercepted. However, older browsers cannot use TLS and you will need to use Microsoft Internet Explorer browsers, version 11 or later or suitable alternatives.
Web beacons, also known as clear gif technology, or action tags, may be used to assist in delivering the cookie on our site. This technology tells us how many visitors clicked on key elements (such as links or graphics) on a web page. We do not use this technology to access your personally identifiable information, it is a tool we use to compile aggregated statistics about our web site usage. We may share aggregated site statistics with partner companies but do not allow other companies to place clear gifs on our sites.
If you choose to not have your browser accept cookies from our web site, you will be able to view the text on the screens, however you will not experience a personalised visit, nor will you be able to subscribe to the service offerings on the site.
Third Party Sites
Third party internet sites that you can link to through the CIPHR Limited site are not covered by this Privacy Statement, so please be careful when you enter any personal information online. CIPHR Limited accepts no responsibility or liability for these sites.
Changes to this Statement
CIPHR Limited will occasionally update this privacy statement. When we do, we will also revise the “last updated” date at the top of the privacy statement. For material changes to this statement, CIPHR Limited will notify you by placing prominent notice on the web site.
This website uses retargeting services from third party online ad networks:
You can usually opt out of receiving targeted ads served by us or on our behalf by clicking on the blue icon that typically appears in the corner of the ads we serve. Please note that, if you delete your cookies or upgrade your browser after having opted out, you will need to opt out again.
You can also opt out of cookie based advertising entirely by updating your browser’s cookie settings or permanently using a browser plugin
The retargeting services we may use are:
Reasons for Processing Your Data
We may process your personal information for our legitimate business interests. e.g. fraud prevention/direct marketing/network and information systems security/data analytics/enhancing, modifying or improving our services/identifying usage trends/determining the effectiveness of promotional campaigns and advertising.
“Legitimate Interests” means the interests of our company in conducting and managing our business. For example, we have an interest in making sure our marketing is relevant for you, so we may process your information to send you marketing that is tailored to your interests. It can also apply to processing that is in your interests as well. For example, we may process your information to protect you against fraud when transacting on our website, and to ensure our websites and systems are secure. When we process your personal information for our legitimate interests, we make sure to consider and balance any potential impact on you (both positive and negative), and your rights under data protection laws. Our legitimate business interests do not automatically override your interests – we will not use your Personal Data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
We may also receive personally identifiable information from our business partners, but they will be responsible for ensuring that any transfer of such information is in accordance with your wishes. We may also automatically receive and record information on our server logs from your browser including your IP address, cookie information and the page(s) you requested.
We may use this information to register your interest in any CIPHR Limited product or service, to customise the content you see on our website, to fulfil your requests for certain services and information and to contact you about products, services, news and events that we believe could be of interest to you. In particular, we may use the information to determine what is most effective about our site, to help us identify ways to improve it, and eventually, to determine how we can develop products and services offered by CIPHR Limited on our websites to make them more valuable and effective for you.
In addition, CIPHR may collect personally identifiable information from other sources, company websites, social networks and articles.
How Long we May Process your Data
For marketing purposes, CIPHR will not retain this information for longer than is necessary.
Your Rights Under GDPR:
Right of Access
Under the GDPR, you have the right to obtain confirmation that your data is being processed and, where it is, access to the personal data so you may verify its accuracy and lawfulness of processing. To register a subject access request please email firstname.lastname@example.org
and CIPHR will provide the necessary information within 1 month of your request and in most cases will provide the information free of charge. Where the request is unfounded or excessive CIPHR will charge a reasonable fee based on the administrative cost of providing this information.
Right to Rectification
Under the GDPR you are entitled to have personal data that we hold on you rectified if it is inaccurate or incomplete. If you are aware of inaccurate information held about you by CIPHR email email@example.com
and we will update the inaccurate information within 1 month. This can be extended by two months where the request for rectification is complex. Where CIPHR are not taking action in response to a request for rectification, we will explain why and will inform you of your right to complain to the supervisory authority and to a judicial remedy.
Right to Erasure
Under the GDPR you have the right to erasure, also known as the right to be forgotten.
The right to erasure does not provide an absolute ‘right to be forgotten’. Individuals have a right to have personal data erased and to prevent processing in specific circumstances:
- Where the personal data is no longer necessary in relation to the purpose for which it was originally collected/processed.
- When the individual withdraws consent.
- When the individual objects to the processing and there is no overriding legitimate interest for continuing the processing.
- The personal data was unlawfully processed (ie otherwise in breach of the GDPR).
- The personal data has to be erased in order to comply with a legal obligation.
- The personal data is processed in relation to the offer of information society services to a child.
To request that your personal data is erased by CIPHR email firstname.lastname@example.org
CIPHR can refuse to comply with a request for erasure where the personal data is processed for the following reasons:
Right to Object
- To exercise the right of freedom of expression and information;
- To comply with a legal obligation for the performance of a public interest task or exercise of official authority.
- For public health purposes in the public interest;
- Archiving purposes in the public interest, scientific research historical research or statistical purposes; or
- The exercise or defence of legal claims.
Under the GDPR you have a right to object to CIPHR processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling), direct marketing (including profiling); and processing for purposes of scientific/historical research and statistics.
To object to CIPHR processing your data based on legitimate interest email email@example.com.
When we receive an objection from you about processing your personal data CIPHR will stop processing the personal data unless:
- CIPHR can demonstrate compelling legitimate grounds for the processing, which override the interests, rights and freedoms of the individual; or
- The processing is for the establishment, exercise or defence of legal claims.
This must be “explicitly brought to the attention of the data subject and shall be presented clearly and separately from any other information”.
Right to Restrict Processing
Article 18 of the GDPR gives you the right to restrict CIPHR processing your personal data in the following circumstances:
- You contest the accuracy of your personal data and CIPHR are verifying the accuracy of the data;
- Your data has been unlawfully processed (ie in breach of the lawfulness requirement of the first principle of the GDPR) and you oppose erasure and request restriction instead;
- CIPHR no longer need the personal data but you need to keep it in order to establish, exercise or defend a legal claim; or
- You have objected to CIPHR processing your data under Article 21(1), and CIPHR are considering whether your legitimate grounds override those of the individual.
To request that CIPHR restrict processing your personally identifiable information email firstname.lastname@example.org.
Right to Data Portability
The right to data portability gives individuals the right to receive personal data they have provided to a controller in a structured, commonly used and machine-readable format. It also gives individuals the right to request that a controller transmits this data directly to another controller.
Information is only within the scope of the right to data portability if it is personal data that you have provided to CIPHR. If you would like to request a copy of your personal data which you have supplied to CIPHR please email email@example.com detailing which information you wish to receive.
Rights Related to Automated Decision Making
The GDPR has provisions on:
- automated individual decision-making (making a decision solely by automated means without any human involvement); and
- profiling (automated processing of personal data to evaluate certain things about an individual). Profiling can be part of an automated decision-making process.
CIPHR may use automated decision-making to help target our marketing activity. This could include what products or blog posts we promote on our website to a particular visitor based on past browsing behaviour or what emails we send a contact in our marketing database depending on the actions they have taken with previous email campaigns. To object to CIPHR using your data for these purposes please email firstname.lastname@example.org.
Additionally, some of CIPHR’s products enable our customers to create automated decision making rules such as screening questions during the recruitment process. Our customers are able to publish the relevant details to comply with the GDPR.