We are Corefinity (“Corefinity”, “we”, or “us”). We are the controller of the personal data collected.

About our Data Protection Officer

All data protection inquiries will be directed to an internally nominated Data Protection Officer. In order to ensure that the role of Data Protection Officer at Corefinity can effectively monitor internal compliance, they will:

• Receive professional training in order to develop expert knowledge of data protection;
• Report directly to our highest level of management and be given the independence to perform their duties;
• Be involved in all issues relating to the protection of personal data;
• Not be penalised for performing their duties; and
• Not perform other duties that may result in a conflict of interests with their role as a Data Protection Officer.

The duties of our Data Protection Officer include:

• Monitoring compliance with GDPR and other data protection laws, and our data protection policies;
• Ensuring that our employees have sufficient awareness of data protection;
• Advising and informing us about our data protection obligations;
• Making or confirming decisions regarding the lawful basis under which we control or process personal data; and
• Understanding the risk associated with data processing.

Our Data Protection Officer is easily accessible as a point of contact for employees, individuals and the Information Commissioner’s office using one of the contact methods described in (15) How can you contact us or make a complaint?

Personal data (“personal information”, or “your data”) can be any information relating to an identified or identifiable person. In other words, it can be any information that could allow us to identify you both directly and indirectly (like, for example: your name, email address, IP address or billing address).

We will only use and process your personal data if we have one of the following reasons for doing so:

• As a contractual or pre-contractual requirement (for example: to provide you with a quote);
• It is our legal duty (for example: for bookkeeping);
• It is in our legitimate interest (for example: to understand who visits our website); or
• You consent to it (for example: when you subscribe to our newsletter)

We collect personal data about you when you use our website or our services, including in the following situations:

• When you use our website contact form;
• When you call use to inquire about our services; or
• When you enter a contract with us.

When you contact us using our website contact form, call us, or enter a support or production contract with us, we collect the personal data that you explicitly provide to us:

• Name;
• Email address; and
• Phone number.

We may use your personal data to:

• Further our relationship with you;
• Process, evaluate and respond to your requests and inquiries;
• Fulfil support and development contracts with you;
• Determine the effectiveness of our marketing and advertising;
• Learn about who visits our website; or
• Comply with legal requirements.

If you have consented for us to do so, we may also use your personal data to communicate with you about our services or relevant, related opportunities.

We will not use your personal data for any other purpose than for the reason that it was originally collected.

Cookies

Cookies are bits of text that are placed on your computer’s hard drive or mobile device when you visit certain websites. Cookie technology holds information a site may need to personalise a visitor’s experience. Cookies may also be used for security purposes and to gather website statistical data, such as which pages are visited, what is downloaded, and the paths taken by visitors to our website as they move from page to page.

Online Tracking

We may also use third-party solutions to conduct web analytics, such as Google Analytics. Google Analytics is a web analytics service provided by Google, Inc., which uses cookies to help analyse how users use this website. The information generated by the cookie about your use of this website (such as your IP address, the URL visited, the date and time the page was viewed) will be transmitted and stored by Google on servers in the United States. Google will use this information to monitor your use of this website, compiling reports on website activity for website operators and providing other services related to website activity and internet usage. Google may transfer this information to third parties where required by law, or where such third parties process information on Google’s behalf. For more information about Google’s privacy policy in respect of Google Analytics, please refer to http://www.google.com/analytics/learn/privacy.html . You may opt out of Google Analytics by visiting https://tools.google.com/dlpage/gaoptout?hl+en=GB .

We do not sell or otherwise disclose personal data we collect about you, except as described in this policy or otherwise disclose to you at the time the data is collected.

To be able to provide you with high quality services, we will sometimes share your personal data with other organisations. We will only do so if our partners can demonstrate the same high level of security we provide ourselves, and can ensure that they comply with data protection regulations.

We may share your personal data with the following partners:

• Our sister companies, CoreFinity and Eralis;
• Software-as-a-Service providers that we use to operate our business (for example: cloud-based CRM, ticketing and project management providers);
• Advertising partners that we use to understand and improve the effectiveness of our marketing (for example: Google and Facebook); and
• Data security partners that we use to ensure we are lawfully processing personal data controlled by our clients

We may also disclose personal information about you under the following circumstances:

• If we are required to do so by law, regulation or legal process;
• In response to requests by government agencies, such as law enforcement authorities; or
• When we believe disclosure is necessary or appropriate to prevent physical harm or financial loss or in connection with an investigation of suspected or actual illegal activity.

We will transfer any personal data we have about you in the event that we sell or transfer all or a portion of our business or assets (including in the event of a reorganisation, dissolution or liquidation).

We maintain administrative, technical and physical safeguards designed to protect the personal information you provide against accidental, unlawful or unauthorised destruction, loss, alteration, access, disclosure or use.

We have an internal data protection process to ensure that data controls are understood, updated and enforced. To request specific information about our data protection process please contact our Data Protection Officer using one of the contact methods described in (15) How can you contact us or make a complaint?

We may need to collect personal data to be able to fulfil our legal obligations or fulfil the terms of a contract we have with you or to be able to provide you with services. If you choose not to give us this data, it may prevent us from meeting our obligations. It may also mean that we cannot provide you with services. Any data collection that is optional will be clearly indicated as such at the point of collection.

Cookies

You have control over cookies, and can refuse the use of cookies by selecting the appropriate settings on your browser. Note, however, that by not accepting or removing the use of cookies, you may affect your website experience and you may not be able to take full advantage of all features of this site. Most browsers will tell you how to stop accepting cookies, how to be notified when you receive a new cookie, and how to disable existing cookies. Please consult the “Help” section of your browser for more information.

Google Analytics

You may opt out of Google Analytics by visiting https://tools.google.com/dlpage/gaoptout?hl+en=GB.

We will keep your personal data for as long as you are a client of Corefinity. We will delete all data that is no longer necessary after a reasonable period. For example, contact data for previous or prospective clients will be deleted after a period of two years unless contact is renewed within that period. We will also keep it for longer if we cannot delete it for legal or regulatory reasons.

We may keep your data for longer for research or statistical purposes. If we do, we will make sure your information is anonymised and non-traceable to you as a person.

We will also delete or provide a copy of your personal data on request.

You have certain rights regarding the personal data we collect about you and how we use that information or use it to communicate with you.

To enforce your rights you can contact our Data Protection Officer using one of the contact methods described in (15) How can you contact us or make a complaint?

We will do our best to answer your request in a timely manner but please note that it may take up to one week for us to respond. Please note that if we cannot identify and guarantee who you are, we might as you to provide us with additional information. We will not act on any of your rights if we are unable to verify that you are the rightful owner.

Right to rectification

You can request that we update inaccurate or incomplete personal data that we have collected. We will respond to let you know that your data has been updated within one calendar month.

Right to erasure

You can request that we erase personal data related to you. We will erase your data upon request provided that it is no longer necessary for the purpose for which it was collected or we have a legal obligation to store that personal information.

Right to restrict processing

You can ask us to restrict our processing of your personal data if you contest the accuracy of the data, if the processing is unlawful but you do still not want us to erase the data, if the data is no longer needed to fulfil the purpose it was collected for, or you have informed us that you do not consider us to have a legitimate interest for certain processing.

Right to object

You can object to the processing of your personal data on grounds related to your particular situation. Please note that if you object to us processing your personal data, it may restrict the services or the effectiveness of the services that we can provide to you.

You can unsubscribe to newsletters you have previously opted-in to by following the instructions in the footer of the newsletter you receive.

You can request a copy of the personal data collected by Core Finity by contacting our Data Protection Officer using one of the contact methods described in (15) How can you contact us or make a complaint?

In order to ensure that we clearly understand your request, please make it clear that you are making a “Subject Access Request” under your Right of Access.

If you request access to personal data that is being processed automatically and that data is in accordance with a contract between you and Core Finity, or based on your consent, you may request that the data is provided in a structured, commonly used and machine-readable format and you may also request that the personal data is transmitted to another controller, if this is technically feasible.

This Privacy Policy may change from time to time. Any changes to this Policy will be posted on this page, and if the changes are significant we will contact you by email to let you know.

We don't expect any impact on our ability to continue providing services to our customers as a result of the UK.’s decision to leave the EU. Corefinity does, and will, continue to comply with applicable laws in the provision of its services to all of its customers.

If you have any questions or want to know more about how we use your personal data, please contact us by completing our contact form using the subject “Request User Data”.

If you would like to contact us about your personal data using our physical address, please write to:

Data Protection
Corefinity
42 Call Lane
Leeds
West Yorkshire
LS1 6DT

Information about the privacy rights of EU residents can be found on: https://www.eugdpr.org.