How we use your information
This privacy notice tells you what to expect when Cornwall IT LTD collects personal information. It applies to information we collect about:
In summary, we
- Wholeheartedly believe in the maximum protection of personal information and the fundamental concept of privacy. Cornwall IT Ltd are Cyber Essentials certified.
- Will only collect the bare minimum of your data for us to survive as a business.
- Strive to be fully transparent with you, the customer and the regulators when it comes to cyber attacks and or intrusion attempts on our business.
- Take all possible and sensible measures to protect the confidentiality and integrity of your personal information
- Do not directly sell or trade in your personal information. FULL Stop.
What information we collect
As a minimum we ask that you share with us your:
- First name, last name and or middle name
- Corporate email.
- We prefer you provide us with your corporate email but many provide personal emails
- Your mobile and or contact number.
- So that we may get in touch and discuss – sometimes a personal touch makes the difference.
- Your country where you work.
In addition, to help us target and better meet your areas of interest, it helps if you provide us with your
- Job Title & Company you work for.
- Your business, IT and Security requirements.
- Your ongoing projects
We do NOT collect and DO NOT require the following from you:
- Sexual orientation or Gender
- Health or fitness
- Political views
- Family data
- Credit /debit card
- Bank or other financial information. All payments sent to us by our clients are processed through 3rd parties which means we have no access to your bank or credit card details, nor we will ever ask for this information.
We need some data from you so that we can:
- Inform you and keep you updated on our:
- Cyber security, incident management and data privacy training courses and workshops.
- Webinars: Our webinars are recognised as highly informative and educational and we use your contact and location data to let you know when we are hosting the next webinar, in your time zone or otherwise.
- Cutting edge products and services that we think you deserve to know.
What we DO NOT Do with your information
- We do not directly SELL or trade in your personal information with any person or persons or commercial organisation.
How do you protect my Data?
At best, it would be naive for us to declare that your data is 100% safe from cyber criminals. 100% percent security is a fallacy.
We take several precautions to ensure to ensure your data is not subject to unauthorised access. Some of the steps we take include, but are not limited to:
- Encrypting, where possible, your personal information when it is NOT being transmitted (at rest)
- Encrypting your data during transmission (for example, when we use our CRM software in the cloud)
- Ensuring our staff are constantly made aware of their responsibilities towards protecting your personal information.
- We believe in transparency and are always prepared to own up when things go wrong. We will keep you and the regulators posted when things go wrong and also let you know what we did to recover from such incidents.
- Cornwall IT Ltd are Cyber Essentials certified.
When someone visits Cornwallit.com:
When someone visits cornwallit.com we use a 3rd party service, Google Analytics to collect standard internet log information and details about visitor behavior patterns. We do this to collect information on the number of visitors to the various parts of our website. This information is processed in a way where no one is identified. We do allow Google to make, any attempt to find out the identities of those visiting our website, neither do we make any attempts to identify visitors to our website. We are up front when we do want to collect personally identifiable information through our website. We will make it clear when we collect personal information and will explain what we intend to do with it.
We use a third party provider, to deliver our monthly e-newsletters. We gather statistics around email opening and clicks using industry standard technologies including clear gifs to help us monitor and improve our e-newsletter.
Online reporting tool
We collect information volunteered by members of the public about nuisance calls and texts using an online reporting tool hosted by Snap Surveys. This company is a data processor for the ICO and only processes personal information in line with our instructions.
Security and performance
Cornwallit.com use third party services to help maintain the security and performance of the our website. To deliver this service it processes the IP addresses of visitors to our website.
To publish our blog, we use a third-party service, WordPress.com. We use a standard WordPress service to collect information about users’ activity on the site which is anonymous. As an example the number of users viewing pages on the site, and report on the effectiveness of the site and help us improve it. WordPress requires visitors that want to post a comment to enter a name and email address. For more information about how WordPress processes data, please see Automattic’s privacy notice.
Contacting us via Social Media
We use a twitter, facebook and Instagram to manage our online social media accounts.
If someone sends us a private direct messages, we will store this for three months. It will not be shared with any other organisation.
Calling our office number
When you call Cornwall IT Ltd’s phone number we do collect Calling Line Identification (CLI) information. We use this information to help improve its efficiency and effectiveness. We do not share any caller information with any other organisation.
People who email us
Cornwall IT use Transport Layer Security (TLS) to encrypt and protect all emails. If your email service does not support TLS, you should be aware that any emails we send or receive may not be protected in transit.
We monitor emails we receive, including file attachments, for viruses or malicious software. Please be aware that you have a responsibility to ensure that any email you send is within the bounds of the law.
People who use our Live chat service
We use a third party provider, tawk.to, to supply and support our LiveChat service, which we use to handle customer enquiries in real time.
If you use the LiveChat service we may ask you for your name and email address but these are optional, we will also collect the contents of your LiveChat session. This information will be retained for two years and we will not share this with any other organisation.
Anyone can request a transcript of your LiveChat session with us if you have provided your email address within the chat session.
If we receive a complaint, we add this information to a file containing the details of the complaint. This normally contains the identity of the complainant and any other individuals involved in the complaint.
We only use the personal information collected to process the complaint and to check the level of service we provide.
We usually need to disclose the complainant’s identity to whoever the complaint is about, we would always inform the complainant of this process before we proceed. If a complainant chooses not to have any information identifying him or her to be disclosed, we will try to respect that. However, this may mean a complaint cannot be handled properly on an anonymous basis.
In line with our retention policy, we will keep personal information contained in complaint files, information relating to a complaint will be retained for two years from resolution. In line with our secure environment, we will retain all information securely and access will only be a need to know basis.
If you wish to make a complaint about our policy and the way we handle your data, please raise a complaint with the ICO.
Under the Data Protection Act 1998, you have rights as an individual which you can exercise in relation to the information we hold about you.
You can read more about these rights here – https://ico.org.uk/for-the-public/is-my-information-being-handled-correctly/
Access to personal information
Cornwall IT Ltd try and be as open as possible in terms of giving people access to their personal information. Individuals can find out if we hold any personal information by submitting a ‘subject access request’ under the Data Protection Act 1998. If we do hold information about you we will:
- give you a description of the information
- Explain why we are holding it
- Explain who this information could be disclosed to
- Provide a copy of the information to you
To make a request to Cornwall IT for any of your personal information we may hold you need to put the request in writing addressing it to our Information Governance department, or writing to the address provided below.
If you agree, we will try to deal with your request informally, for example by providing you with the specific information you need over the telephone.
If we do hold information about you, you can ask us to correct any mistakes by.
Disclosing personal information
In many circumstances we will not disclose any personal data without consent. However when we investigate a complaint, we may need to share personal information with the organisation concerned and with other relevant bodies.
You can also get further information on:
- agreements we have with other organisations for sharing information;
- specific circumstances where we pass on personal data without consent for example, to prevent and detect crime and to produce anonymised statistics;
- how we check that the information we hold is accurate and up to date.
Links to other websites
This privacy notice does not cover the links within this site linking to other websites. We suggest you to read the privacy statements on the other websites you visit.
Complete Transparency – when attackers succeed.
When discussing a data breach – It’s not a matter of IF but WHEN a business is attacked and compromised. To that extent, we believe in being fully transparent with you and the ICO and any other regulators.
We are constantly on the lookout for criminal activity on our networks and systems. When discovered we invoke our cyber incident response plan and take the necessary steps to either stop the ongoing attack and or take sensible response measures to mitigate the impact to you and our business.
Data protection registration
We are registered as a data controller with the UK Information Commissioner’s Office.
Changes to this privacy notice
We keep our privacy notice under regular review. This privacy notice was last updated on 25 February 2018.
How to contact us
Cornwall IT Ltd
2 Estuary View