Privacy Notice 2018-05-23T11:55:18+00:00

Privacy notice

Last Update: 25th May 2018

This Privacy Statement of CIPHR Limited forms part of the terms and conditions for use of this site. Please read the Privacy Statement carefully. By using this site, you will be deemed to have accepted these terms of use. If you do not accept the terms of this Privacy Statement, please do not use this site.

Please select your option, for further assistance mail us privacy@ciphr.com.

Privacy Policy
We want you to feel secure when visiting our site and are committed to maintaining your privacy when doing so. This Privacy Statement outlines how we may obtain and use any personally identifiable information about you and the ways in which we protect and treat such information that we collect when you are on our site or when you use our services. This privacy policy also applies to any personally identifiable information about you that our business partners may share with us. This policy does not apply to the practices of companies that we do not own or control or to people that we do not employ or manage.
Information Collection and Use
We may collect personally identifiable information when you visit or use our website/other pages or documents. You will generally be asked first before you provide any personally identifiable information. We may also receive personally identifiable information from our business partners, but they will be responsible for ensuring that any transfer of such information is in accordance with your wishes. We may also collect personally identifiable information about you or your organisation from publicly available data sources including, but not limited to Companies House, company websites, social networks and news articles. We may also automatically receive and record information on our server logs from your browser including your IP address, cookie information and the page(s) you requested.

We may use this information to register your interest in any CIPHR Limited product or service, to customise the content you see on our website, to fulfil your requests for certain services and information and to contact you. In particular, we may use the information to determine what is most effective about our site, to help us identify ways to improve it, and eventually, to determine how we can develop products and services offered by CIPHR Limited on our websites to make them more valuable and effective for you.

The personal information we collect will depend on the nature of the service we are providing and what we are contracted to do for you. Typically, this might include the following:

  • Contact details (including your name, phone numbers, and email addresses)
  • Professional information (such as job title, previous positions, and professional experience)
  • Details of visits to our website (which enable our website to remember information about you and your preferences). Please read our ‘Cookies’ section below for further details.

We will use your contact details to reply to any requests you make or to contact you about outstanding orders or CIPHR Limited service issues. We may also use your contact details to keep you up to date with news about your current services, as well as anything you have indicated to CIPHR Limited that you have an interest in. We may also process your contact details to keep you informed about products, services, news events and other updates which we believe are likely to be of interest to you based on your role in an organisation. If you do not want to be contacted or kept informed by email or telephone, please contact privacy@ciphr.com.

Processing, Sharing and Disclosure
CIPHR Limited is registered under the data protection laws in the United Kingdom and takes all reasonable care to prevent any unauthorised access to your personal data. Other than as set out below we will not pass your personally identifiable information to anyone outside CIPHR Limited. We will only send personally identifiable information about you to other companies or individuals:

  • where we have your consent for the disclosure or
  • in order to share your information to provide a product or service you have requested or
  • in order to send the information to companies or individuals who work on behalf of CIPHR Limited or any subsidiary in connection with the provision of a product or service to you (unless we tell you differently. These companies or individuals will be instructed to not use the personally identifiable information we provide to them beyond what is necessary to assist us in this purpose).

The legal grounds for processing your personal data are as follows:

  • It is necessary for the performance of a contract to which you are a party, or to take steps prior to entering into a contract with you. The agreement between you and CIPHR, which is outlined in our Terms and Conditions, sets out the terms of the contract and the services we will provide.
  • It is necessary for the purposes of our legitimate interests, except where our interests are overridden by the interests, rights or freedoms of affected individuals (such as you). To determine this we shall consider a number of factors, such as what you were told at the time you provided your data, what your expectations are about the processing of the data, the nature of the data, and the impact of the processing on you.
  • It is necessary in order to comply with mandatory legal obligations to which we are subject under EU or UK law.

Security of your Personal Information
CIPHR Limited is committed to protecting the security of your personal information. We use a variety of security technologies, policies and procedures to help protect your personal information from unauthorised access, use or disclosure. For example, we store the personal information you provide in computer servers with limited access that are located in controlled facilities. When we transmit sensitive information over the internet, we protect it through the use of encryption, such as the Transport Layer Security (TLS) protocol. TLS is an industry standard to ensure internet messages are not intercepted. However, older browsers cannot use TLS and you will need to use Microsoft Internet Explorer browsers, version 11 or later or suitable alternatives.
Cookies
When someone visits the site, a cookie is placed on the customer’s machine (if the customer accepts cookies) or is read if the customer has visited the site previously. One use of cookies is to assist in the collection of the site visitation statistics. We also use cookies to collect information on which newsletter, page and site links are clicked by customers. This information is used to ensure we are sending information customers want to read.

Web beacons, also known as clear gif technology, or action tags, may be used to assist in delivering the cookie on our site. This technology tells us how many visitors clicked on key elements (such as links or graphics) on a web page. We do not use this technology to access your personally identifiable information, it is a tool we use to compile aggregated statistics about our web site usage. We may share aggregated site statistics with partner companies but do not allow other companies to place clear gifs on our sites.

If you choose to not have your browser accept cookies from our web site, you will be able to view the text on the screens, however you will not experience a personalised visit, nor will you be able to subscribe to the service offerings on the site.

Third Party Sites
Third party internet sites that you can link to through the CIPHR Limited site are not covered by this Privacy Statement, so please be careful when you enter any personal information online. CIPHR Limited accepts no responsibility or liability for these sites.
Changes to this Statement
CIPHR Limited will occasionally update this privacy statement. When we do, we will also revise the “last updated” date at the top of the privacy statement. For material changes to this statement, CIPHR Limited will notify you by placing prominent notice on the web site.
This website uses retargeting services from third party online ad networks:
This website uses remarketing services to advertise on third party websites. It could mean that we advertise to previous website visitors. This could be in the form of an advertisement on a search engine’s results page or as a display advert on a third party website within the ad network’s inventory. Third-party retargeting services use cookies to serve ads based on someone’s past visits to the CIPHR website. Of course, any data collected will be used in accordance with our own privacy policy and the ad network’s privacy policy.

You can usually opt out of receiving targeted ads served by us or on our behalf by clicking on the blue icon that typically appears in the corner of the ads we serve. Please note that, if you delete your cookies or upgrade your browser after having opted out, you will need to opt out again.
You can also opt out of cookie based advertising entirely by updating your browser’s cookie settings or permanently using a browser plugin

The retargeting services we may use are:

  • Adroll. You can view their privacy policy here and opt out of receiving ads from the Adroll network here
  • Bing. You can view their privacy policy here and opt out of receiving ads from the Bing network here
  • Facebook. You can view their privacy policy here. You can view instructions of how to influence the ads that Facebook displays to you here
  • Google. You can view their privacy policy here and opt out of seeing personalised ads from Google here
  • Instagram. You can view their privacy policy here and instructions of how to opt out of receiving certain ads from the Instagram network here
  • Linkedin. You can view their privacy policy here and manage your advertising preferences with Linkedin here
  • Quora. You can view their privacy policy here
  • Reddit. You can view their privacy policy here and opt out of receiving ads from the Reddit network here
  • Taboola. You can view their privacy policy here and opt out of receiving ads from the Taboola network here
  • Twitter. You can view their privacy policy here and update your personalisation preferences here

Reasons for Processing Your Data
We may process your personal information for our legitimate business interests. e.g. fraud prevention/direct marketing/network and information systems security/data analytics/enhancing, modifying or improving our services/identifying usage trends/determining the effectiveness of promotional campaigns and advertising.

“Legitimate Interests” means the interests of our company in conducting and managing our business. For example, we have an interest in making sure our marketing is relevant for you, so we may process your information to send you marketing that is tailored to your interests. It can also apply to processing that is in your interests as well. For example, we may process your information to protect you against fraud when transacting on our website, and to ensure our websites and systems are secure. When we process your personal information for our legitimate interests, we make sure to consider and balance any potential impact on you (both positive and negative), and your rights under data protection laws. Our legitimate business interests do not automatically override your interests – we will not use your Personal Data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).

We may also receive personally identifiable information from our business partners, but they will be responsible for ensuring that any transfer of such information is in accordance with your wishes. We may also automatically receive and record information on our server logs from your browser including your IP address, cookie information and the page(s) you requested.

We may use this information to register your interest in any CIPHR Limited product or service, to customise the content you see on our website, to fulfil your requests for certain services and information and to contact you about products, services, news and events that we believe could be of interest to you. In particular, we may use the information to determine what is most effective about our site, to help us identify ways to improve it, and eventually, to determine how we can develop products and services offered by CIPHR Limited on our websites to make them more valuable and effective for you.

In addition, CIPHR may collect personally identifiable information from other sources, company websites, social networks and articles.

How Long we May Process your Data
For marketing purposes, CIPHR will not retain this information for longer than is necessary.
Your Rights Under GDPR:
Right of Access
Under the GDPR, you have the right to obtain confirmation that your data is being processed and, where it is, access to the personal data so you may verify its accuracy and lawfulness of processing. To register a subject access request please email privacy@ciphr.com and CIPHR will provide the necessary information within 1 month of your request and in most cases will provide the information free of charge. Where the request is unfounded or excessive CIPHR will charge a reasonable fee based on the administrative cost of providing this information.
Right to Rectification
Under the GDPR you are entitled to have personal data that we hold on you rectified if it is inaccurate or incomplete. If you are aware of inaccurate information held about you by CIPHR email privacy@ciphr.com and we will update the inaccurate information within 1 month. This can be extended by two months where the request for rectification is complex. Where CIPHR are not taking action in response to a request for rectification, we will explain why and will inform you of your right to complain to the supervisory authority and to a judicial remedy.
Right to Erasure
Under the GDPR you have the right to erasure, also known as the right to be forgotten.
The right to erasure does not provide an absolute ‘right to be forgotten’. Individuals have a right to have personal data erased and to prevent processing in specific circumstances:

  • Where the personal data is no longer necessary in relation to the purpose for which it was originally collected/processed.
  • When the individual withdraws consent.
  • When the individual objects to the processing and there is no overriding legitimate interest for continuing the processing.
  • The personal data was unlawfully processed (ie otherwise in breach of the GDPR).
  • The personal data has to be erased in order to comply with a legal obligation.
  • The personal data is processed in relation to the offer of information society services to a child.

To request that your personal data is erased by CIPHR email privacy@ciphr.com
CIPHR can refuse to comply with a request for erasure where the personal data is processed for the following reasons:

  • To exercise the right of freedom of expression and information;
  • To comply with a legal obligation for the performance of a public interest task or exercise of official authority.
  • For public health purposes in the public interest;
  • Archiving purposes in the public interest, scientific research historical research or statistical purposes; or
  • The exercise or defence of legal claims.

Right to Object
Under the GDPR you have a right to object to CIPHR processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling), direct marketing (including profiling); and processing for purposes of scientific/historical research and statistics.

To object to CIPHR processing your data based on legitimate interest email privacy@ciphr.com.

When we receive an objection from you about processing your personal data CIPHR will stop processing the personal data unless:

  • CIPHR can demonstrate compelling legitimate grounds for the processing, which override the interests, rights and freedoms of the individual; or
  • The processing is for the establishment, exercise or defence of legal claims.

This must be “explicitly brought to the attention of the data subject and shall be presented clearly and separately from any other information”.

Right to Restrict Processing
Article 18 of the GDPR gives you the right to restrict CIPHR processing your personal data in the following circumstances:

  • You contest the accuracy of your personal data and CIPHR are verifying the accuracy of the data;
  • Your data has been unlawfully processed (ie in breach of the lawfulness requirement of the first principle of the GDPR) and you oppose erasure and request restriction instead;
  • CIPHR no longer need the personal data but you need to keep it in order to establish, exercise or defend a legal claim; or
  • You have objected to CIPHR processing your data under Article 21(1), and CIPHR are considering whether your legitimate grounds override those of the individual.

To request that CIPHR restrict processing your personally identifiable information email privacy@ciphr.com.

Right to Data Portability
The right to data portability gives individuals the right to receive personal data they have provided to a controller in a structured, commonly used and machine-readable format. It also gives individuals the right to request that a controller transmits this data directly to another controller.

Information is only within the scope of the right to data portability if it is personal data that you have provided to CIPHR. If you would like to request a copy of your personal data which you have supplied to CIPHR please email privacy@ciphr.com detailing which information you wish to receive.

Rights Related to Automated Decision Making
The GDPR has provisions on:

  • automated individual decision-making (making a decision solely by automated means without any human involvement); and
  • profiling (automated processing of personal data to evaluate certain things about an individual). Profiling can be part of an automated decision-making process.

CIPHR may use automated decision-making to help target our marketing activity. This could include what products or blog posts we promote on our website to a particular visitor based on past browsing behaviour or what emails we send a contact in our marketing database depending on the actions they have taken with previous email campaigns. To object to CIPHR using your data for these purposes please email privacy@ciphr.com.

Additionally, some of CIPHR’s products enable our customers to create automated decision making rules such as screening questions during the recruitment process. Our customers are able to publish the relevant details to comply with the GDPR.