Cormeton Electronics Ltd General Data Protection Policy
At Cormeton, we are committed to maintaining the trust and confidence of our visitors to our web site, subscribers to our newsletter, our current and potential customers, employees and any individual who we contact or they have been in touch with us. This policy document details how we process, control and securely manage the data related to the individuals.
1. Our Commitment to GDPR
As part of the commitment to protect our customers, staff and any business contacts data; we follow the GDPR guidelines as follows:
1.1. Personal Data
We ensure we have a record of the personal data we hold (if any) and have a reason to store it
- The personal data we hold – e.g. names, emails, and individuals’ financial information
- How we got this information – e.g. a customer form, bought-in marketing lists, staff application forms
- Why we have this information
- How long we’ve had it
- Whether we still need it – if not, this is an opportunity to delete it
- If we share this information with other organisations, or
- If the information we have is ‘special category data’. Examples include health records or information about someone’s race, religion or sexual orientation.
- Identify why we have personal data and how we use it
1.2. Right to Personal Data
- We have a policy in case people ask about their rights regarding the personal information we hold about them.
- The right to be informed: Individuals have the right to know why and how their personal data is being processed. The right of access under current data protection law (subject access request) we’ll provide the information within one month. A copy of the requested information will be provided to the individual free of charge unless the request is what the law calls ‘manifestly unfounded or excessive’, in particular if it is repetitive. If we decide to charge a fee, it will be based on the administrative cost of providing the information. If we refuse, we will tell you why and let you know and you can complain to the ICO or seek a judicial remedy.
- The right to data portability: This allows people get hold of and re-use their personal data for their own benefit across different services. It applies:
- To personal data a person has given us, and
- When we are processing that data on the basis of consent or for the performance of a contract
- When the data is being processed by automated means
People have the following 7 rights over the personal data we hold about them. We have a plan for how to deal with any requests.
1. Right to be informed
2. Right of access
3. Right to rectification
4. Right to erasure
5. Right to restriction of processing
6. Right to data portability
7. Right to object
1.3. Self-Assessment and Communication
- Before we collect the data, we carry out self-assessment and identify:
- Do we clearly tell people why we need it and how we will use it?
- Provide them with certain information, including the identity of their business and how we plan to use their information
- We do this so our customers, employees and other individuals understand what we will do with the personal data we collect
- We tell people about their rights and their ability to complain to the ICO if they are concerned about how we handle their information.
1.4. Our Data Security
We check our security. This includes locking filing cabinets and password-protecting any of our devices and cloud storage that hold our staff or customers’ personal data.
- We ensure that personal data is held securely. This includes protecting data against unauthorised or illegal use and against accidental loss, destruction or damage. Some of the steps we take to protect the personal data we hold include:
- Password-protecting and encrypting our electronic devices
- Pseudonymisation (the use of made-up names)
- Setting up firewalls
- Installing anti-virus software
- Securing our business premises, and
- Using securely locked storage for paper records
More details given in Our Data Security Policy section
1.5. Data Breach Procedure and Policy
We developed a process to make sure we know what to do if we breach data protection rules.
- If the breach is likely to result in damage to a person’s reputation, financial loss, loss of confidentiality, or major financial or social disadvantage, we will notify the ICO. If the breach is likely to result in a high risk to the rights and freedoms of individuals, we will also contact them directly and without undue delay.
- We have already got a policy in place that deal with the situations should a data breach occurs in our business, for example:
- Paperwork or IT devices are lost or stolen
- Malware is used to gain access to our computer systems
- Personal data is sent to the wrong person by email, post or fax, or
- Documents are not disposed off properly, e.g. not shredded
More details given in Our Data Security Policy section
2. Types of data we collect
2.1. Website Cookies
We use a system of classifying the different types of cookies which we use on the Website, or which may be used by third parties through our websites. The classification was developed by the International Chamber of Commerce UK and explains more about which cookies we use, why we use them, and the functionality you will lose if you decide you don’t want to have them on your device.
2.1.1. Cookies Policy
What are cookies?
How long are cookies stored for?
Persistent cookies – these cookies remain on a user’s device for the period of time specified in the cookie. They are activated each time that the user visits the website that created that particular cookie.
Session cookies – these cookies allow website operators to link the actions of a user during a browser session. A browser session starts when a user opens the browser window and finishes when they close the browser window. Session cookies are created temporarily. Once you close the browser, all session cookies are deleted.
Cookies do lots of different jobs, like letting you navigate between pages efficiently, remembering your preferences, and generally improve the user experience. You can find more information about cookies at www.allaboutcookies.org and www.youronlinechoices.eu
How are cookies managed?
The cookies stored on your computer or other devices when you access our websites are designed by:
- Us, or on our behalf, and are necessary to enable you to a make purchases or make enquiry on our website
- Third parties who participate with us in marketing programmes; and
- Third parties who broadcast web banner advertisements on behalf of us.
What are cookies used for?
The main purposes for which cookies are used are:
- For technical purposes essential to effective operation of our websites, particularly in relation to on-line transactions and site navigation.
- For us to market to you, particularly web banner advertisements and targeted updates.
- To enable us to collect information about your browsing and shopping patterns, including to monitor the success of campaigns, competitions etc.
- To enable us meet our contractual obligations to make payments to third parties (where applicable) or when a product is purchased or enquiry is made by someone who has visited our website from a site operated by those parties.
How do I disable cookies?
If you want to disable cookies you need to change your website browser settings to reject cookies. Further details on how to disable cookies for the most popular browsers are set out below:
Microsoft Internet Explorer https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies
Apple Safari https://support.apple.com/kb/ph21411?locale=en_US
What happens if I disable cookies?
This depends on which cookies you disable, but in general the website may not operate properly if cookies are switched off. If you only disable third party cookies, you will not be prevented from making purchases on our sites. If you disable all cookies, you will be unable to complete a purchase or make enquiry on our sites.
Cookies used on the Website
A list of all the cookies used on the Website by category is set out below.
Strictly necessary cookies: These cookies enable services you have specifically asked for. These cookies are essential in order to enable you to move around the Website and use its features, such as accessing secure areas of the Website.
Performance cookies: These cookies collect anonymous information on the pages visited. By using the Website, you agree that we can place these types of cookies on your device. These cookies collect information about how visitors use the Website, for instance which pages visitors go to most often, and if they get error messages from web pages. These cookies don’t collect information that identifies a visitor. All information these cookies collect is aggregated and therefore anonymous. It is only used to improve how the Website works.
Functionality cookies: These cookies remember choices you make to improve your experience. By using the Website, you agree that we can place these types of cookies on your device. These cookies allow the Website to remember choices you make (such as your user name, language or the region you are in) and provide enhanced, more personal features. These cookies can also be used to remember changes you have made to text size, fonts and other parts of web pages that you can customise. They may also be used to provide services you have asked for such as watching a video or commenting on a blog. The information these cookies collect may be anonymised and they cannot track your browsing activity on other websites.
Third party cookies: These cookies allow third parties to track the success of their application or customise the application for you. Because of how cookies work we cannot access these cookies, nor can the third parties access the data in cookies used on our site. For example, if you choose to ‘share’ content through Twitter or other social networks you might be sent cookies from these websites. We don’t control the setting of these cookies, so please check those websites for more information about their cookies and how to manage them.
2.2. Analytics & Tracking
2.2.1. Google Analytics
When someone visits our website, we use a third party service such as Google Analytics or similar, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is sometimes processed in a way that helps to identify the potential customer or their browsing behaviour. The data is safeguarded in accordance with this document and for more information on Safeguarding your Data stored on Google Analytics, visit the following page
For Google Analytics Data Retention, more information can be found here
To find information relating to other browsers, visit the browser developer’s website.
To opt out of being tracked by Google Analytics across all websites, visit http://tools.google.com/dlpage/gaoptout
2.2.2. Tracking of Videos Embedded within the Website
Videos uploaded on the video sharing platforms and embedded within the website have some level of tracking in place; more details can be found on the following links for the most common video sharing platforms
2.2.3. Online Sales and Web Contact Form Enquiries
When customers, potential customers buy our online products and services or when anyone makes an enquiry from our website or over the phone, we retain the basic information about them in order to deliver the products they bought or the service they enquired about. We may have to contact them again in the future to offer similar product/service and of course they can request us exclusively to remove them from the future contact preferences. The same principle applies to anyone who contacts us in relation to job enquiry or general enquiry.
2.2.4. Phone Calls
Where you have opted-in to receive calls from us regarding our new products and services, we and our sales and marketing partners will be getting in touch to make you aware of our special offers, promotions and to demonstrate our new products and services.
For HelpDesk support and Ticketing requests, where you have contacted us and requested support, we will assume that you’ve given us permission to contact you over the phone unless of course you have exclusively asked for not to be contacted over the phone.
3. Our Data Security Policy
3.1. Our Security Principle to protect your Data
A key principle of the GDPR is that we process personal data securely by means of ‘appropriate technical and organisational measures’ – this is the ‘security principle’.
Doing this requires us to consider things like risk analysis, organisational policies, and physical and technical security measures.
We also ensure that we have appropriate processes in place to test the effectiveness of our measures, and undertake any required improvements by following checklists provided by ICO as a guideline. Some of the checklist items are:
- We undertake an analysis of the risks presented by our processing, and use this to assess the appropriate level of security we need to put in place.
- When deciding what measures to implement, we take account of the state of the art and costs of implementation.
- We follow this document in general as our information security policy and take steps to make sure the policy is implemented.
- Where necessary, we have additional policies and ensure that controls are in place to enforce them.
- We make sure that we regularly review our information security policies and measures and, where necessary, improve them.
- We have put in place basic technical controls such as those specified by established frameworks like Cyber Essentials.
- We understand that we may also need to put other technical measures in place depending on our circumstances and the type of personal data we process.
- We use encryption and/or pseudonymisation where it is appropriate to do so.
- We understand the requirements of confidentiality, integrity and availability for the personal data we process.
- In some cases, we can restore access to personal data in the event of any incidents, such as by establishing an appropriate backup process.
- We sometimes conduct testing and reviews of our measures to ensure they remain effective
- Where appropriate, we implement measures that adhere to an approved code of conduct or certification mechanism.
4. Data Access, Management, Assessment & Changes
4.1. Access to your personal information
You are entitled to view, amend, or delete the personal information that we hold. Email your request to our data protection officer at firstname.lastname@example.org
4.2. Management and Reporting of Data Breaches
In an unlikely event of data breach, depending on the nature of the data we will follow the ICO’s guidelines on reporting Data breaches. More details can be found here https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/personal-data-breaches/
We as a responsible business have a duty of care for the data that we hold for our customers, suppliers and staff and are committed to carry out regular self- assessments to ensure we are compliant with the ICO’s regulations as per the GDPR. Where the self- assessment exercise identifies need for us to change our policies and procedures, we will look to update our internal procedures and also ensure our staff and systems are updated accordingly.
4.4. Data Controller, Data Processor and Data Protection Officer
We will be the primary data controllers when it comes to handling your data, our partners and trusted third parties may be the data processors in some cases and if you would like to discuss what information we hold about you, we have a dedicated data protection officer who can be reached on email@example.com
4.5. Changes to this Policy
We have always prioritised the privacy and security of the content we protect with our applications and services. As part of our GDPR compliance efforts, we will continue to refine, improve and document our security measures to protect against unauthorised access, use or disclosure of the content we protect. GDPR compliance will be a responsibility of all data processors and data controllers, including those that administer and use our products. We are committed to making our products and services compliant, so our customers can continue to use our products and services with confidence, in a manner that supports their own compliance efforts.
Regulatory guidance on the GDPR from European data authorities is still evolving, and we are closely monitoring how the GDPR’s personal privacy rights will be interpreted in the context of the services we provide. As this evolves we will continue to follow the latest guidance in our policies, terms and processes.