PRIVACY POLICY
1. WHO WE ARE
Cymplify (referred to in this policy as “we”, “us” or “our”) is a trading name of:
Cymplify Limited
71 Shelton Street
London
WC2H 9JQ
Registered Company Number: 12366483
ICO Registration Number: ZB336942
We have a Data Protection Lead, who can be contacted in the following ways should you have any questions or feedback about the way your data is handled:
Email: hello@cymplify.co.uk
2. PERSONAL DATA WE COLLECT ABOUT YOU
We will collect, use, store and transfer different kinds of personal data about you which we have grouped together in the table below.
3. HOW WE COLLECT YOUR PERSONAL DATA
We will collect your personal data in the following ways:
· When you request, sign up to, or use the services we provide;
· When you talk with us either over the phone or through email;
· When you visit our website;
· When you fill out our forms or provide us with feedback;
· When you contact us via social media; and
· When you subscribe to our newsletters or marketing.
Failing to provide necessary personal data may mean that we are unable to fulfil your requirements.
4. HOW WE USE YOUR PERSONAL DATA
We are only allowed to use your personal data if we have a legal basis to do so, and we are required to inform you of what that legal basis is. We have set out in the table below: the purposes for processing your data, the categories of personal data affected, and the legal basis on which we rely on when we process your personal data.
In some circumstances we can use your personal data if it is in our legitimate interest to do so, provided that we have told you what that legitimate interest is. A legitimate interest is when we have a business or commercial reason to use your information which, when balanced against your rights, is justifiable. If we are relying on our legitimate interests, we have set that out in the table below:
5. WHO WE SHARE YOUR PERSONAL DATA WITH
In order to provide you with our services and meet our legal obligations, we only share your personal data with third parties in the following circumstances:
· To provide our services to you;
· To manage and store your personal data;
· To administer our website;
· To administer feedback forms;
· To administer marketing; and
· To meet legal obligations, for example, for the purposes of national security, taxation and criminal investigations.
We will never make your personal data available to anyone outside Cymplify for them to use for their own marketing purposes without your prior consent.
6. TRANSFERRING YOUR PERSONAL DATA OUTSIDE THE EEA
The European Economic Area (EEA) consists of the EU Member States, Iceland, Liechtenstein and Norway. If we transfer your personal data outside of the EEA, we must tell you and we will rely on one of the following:
· Adequacy Decision: The country we send your personal data to provides an adequate level of protection which has been approved by the European Commission.
· Standard Contractual Clauses: The recipient of your personal data has provided us with signed Standard Contractual Clauses (SCC’s) which has been approved by the European Commission. This holds the recipient accountable to safeguard the personal data.
Circumstances where your personal data may be transferred outside of the EEA are as follows:
Before we share your personal data with a third party, we will ensure that there is an appropriate Data Processing or Sharing Agreement in place to protect the sharing of data.
7. HOW LONG WE RETAIN YOUR PERSONAL DATA
We will keep your personal data for as long as necessary to allow us to carry out our business functions. This includes satisfying any legal, accounting, or reporting requirements. When we assess how long to retain your personal data, we will consider the following:
· Any statutory or legal obligations;
· The purposes for which we originally collected the personal data;
· The lawful grounds on which we based our processing;
· The types of personal data we have collected;
· The amount and categories of your personal data; and
· Whether the purpose of the processing could reasonably be fulfilled by other means.
Your personal data will be retained for a minimum of 6 years following the conclusion of the engagement.
At Cymplify we regularly review the retention of your personal data held within our care to ensure that we are not keeping your personal data for longer than is necessary.
2. HOW WE LOOK AFTER YOUR PERSONAL DATA
We will protect your personal data that you have provided to us via appropriate security measures and controls. This includes implementing technical and organisational measures to prevent the loss, misuse or alteration of your personal data. Cymplify limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instruction, and they are subject to a duty of confidentiality.
3. YOUR RIGHTS
Everyone in the scope of the UK GDPR has rights relating to the collection and use of their personal data. The rights that apply to your personal data that is held within Cymplify are listed below:
· Right to be Informed: We will always be transparent in the way we use your personal data. You will be informed about the processing through relevant privacy policies.
· Right to Access: You have a right to request access to the personal data that we hold about you.
· Right to Rectification: We want to make sure that the personal data we hold about you is accurate and up to date. If any of your details are incorrect, please let us know and we will amend them.
· Right to Erasure: You have the right to have your data ‘erased’ in the following situations:
Where the personal data is no longer necessary in relation to the purpose for which it was originally collected or processed;
When you withdraw consent;
When you object to the processing and there is no overriding legitimate interest for continuing the processing;
When the personal data was unlawfully processed; or
When the personal data has to be erased in order to comply with a legal obligation.
(Please note that each request will be reviewed on a case-by-case basis and where we have a lawful reason to retain the data or where exceptions exist within our retention policy, then it may not be erased.)
· Right to Restrict Processing: You have the right to restrict processing in the following situations:
Where you contest the accuracy of your personal data, we will restrict the processing until you have verified the accuracy of your personal data;
When processing is unlawful, and you oppose erasure and request restriction instead; or
Where we no longer need the personal data, but you require the information to establish, exercise or defend a legal claim.
· Right to Data Portability: In certain situations, you have the right to obtain and reuse your personal data for your own purposes via a machine-readable format, such as a .CSV file.
· Right to Object: You have the right to object to the processing of your personal data in the following circumstances:
You no longer want to receive direct marketing; or
Where processing is based on our legitimate interests.
If you want to exercise any of your rights listed above, please contact us.
4. NOT HAPPY?
If you feel that Cymplify have not upheld your rights, we ask that you contact us by emailing the Data Protection Lead.
If you are not satisfied with our response, or believe that we are not processing your personal data in accordance with the law, you have the right to lodge a complaint with the Information Commissioners Office (ICO) by using the details below. We would be grateful for the opportunity to manage your concerns directly before you approach the ICO so please contact us in the first instance.
Address: Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Telephone: 0303 123 1113
Website: https://ico.org.uk/make-a-complaint/