Everyone has rights with regard to the way in which their personal data is handled. During the course of our activities we will collect, store and process personal data about our customers, suppliers and other third parties, and we recognise that the correct and lawful treatment of this data will maintain confidence in the organisation and will provide for successful business operations.
This policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. You can download a PDF copy of this policy HERE
For the purpose of UK data protection laws, the data controller is Cortex Limited of Bridge House, The Waterfront, Brierley Hill, West Midlands, DY5 1XR.
DATA PROTECTION PRINCIPLES
When processing your information, we must comply with the six enforceable principles of good practice. These provide that your personal data must be:
- processed lawfully, fairly and in a transparent manner
- processed for specified, explicit and legitimate purposes
- adequate, relevant and limited to what is necessary
- accurate and kept up-to-date
- kept for no longer than is necessary, and
- processed in a manner that ensures appropriate security
INFORMATION YOU GIVE TO US
You may give us information (such as your name, address, email address(es), phone number(s), social media contact details, details of previous employment, professional and personal references, information on software, services and/or technology of interest) by:
- using and/or filling in forms on our website, including e-chat services
- by providing information to a Cortex employee who is completing these forms in front of you, about you
- entering into a contract with us, or representing a business that enters into a contract with us
- participating in discussion boards or other social media functions with our employees
- advertising you (personally) are open to be contacted by us through a public profile or advert
- giving us your business card, or by allowing us to scan an identifying badge
- sending us marketing information which includes personal information
- entering a competition, promotion or survey organised by us, or
- corresponding with us by phone, email, letters or otherwise
We may use the information you give to us for a number of different purposes. For each purpose, we are required to confirm the ‘legal basis’ that allows us to use your information, as follows:
|PURPOSES FOR WHICH WE WILL USE THE INFORMATION YOU GIVE US||LEGAL BASIS|
|To notify you and the organisation you represent about products and services we offer, or changes to existing products and services you may be considering buying.||It will be necessary for our legitimate business interest for the performance of the contract between your organisation and Cortex to record this information, as well to ensure your organisation is correctly notified of changes which affect the relationship or potential relationship between the parties.|
|To monitor both Cortex and your organisations effectiveness in the delivery of services.||It will be necessary for our legitimate business interest to measure the performance, the relationship and other factors or elements of the service(s) and the contract between the parties.|
|If your organisation enters into a contract with us, we will process your organisations information in order to perform our obligations under that contract.||It will be necessary for our legitimate business interest for the performance of the contract between your employer and us.|
|We will hold details relating to your role, responsibility, engagement with us. We will also hold contact details; telephone number(s), email address(es), postal address, social contact(s), known associates, email replies, messages and other correspondence.||It will be necessary for our legitimate business interests, namely to ensure that both Cortex and the organisation you represent, have a responsibility for, or are engaged by, are fulfilling our mutual obligations in respect of the contracts between them.|
|If you represent a business that enters into a contract with us, we may process your information in order to perform our obligations under this contract||It will be necessary for our legitimate business interests, namely to perform our contractual obligations.|
|To invite you to engage socially and network with us where you may be exposed to other individuals representing themselves or organisation we do, or may potentially do business with.||We will only do this if you give us your consent by some specific, informed and unambiguous method.|
|To provide you with information about special offers and other products we sell that are similar to those that you have already received from us||We will only do this if you give us your consent by some specific, informed and unambiguous method.|
|To invite you to corporate hospitality events, seminars, workshops and other similar events||We will only do this if you give us your consent by some specific, informed and unambiguous method.|
As stated in the table above, it is a legal obligation for you to provide us with certain information. If you do not provide us with that information, we may be prohibited from delivering you a true and fair experience of Cortex, or we may have our judgement about you and your interests impaired.
It is also a contractual requirement for you to provide us with certain information. If you do not provide us with that information, we may not be able to fulfil our obligations under our current or future contracts with you.
INFORMATION WE COLLECT ABOUT YOU FROM OTHER SOURCES
When you visit our website, we may collect information about you (such as the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, the device type you use to access our website, location/geography, the size of your business, the frequency of visits to our website, the pages you visited on our website, the website and/or referring site you arrived at our website from, the words or search terms you used to find our website, the navigation you take through our website, the experience including trace details of engagement with our webpages).
We may also collect information about you by conducting searches of public records (Companies House, electoral roll, DVLA database, Member’s registers of industry bodies we are entitled to search as another member, Lead analytics services, Experian, Social Media platforms, Mail Preference Services, Telephone Preference Services, Tender Announcement Services), or in the process of confirming your identity via our online ID verification provider.
We may use the information we collect about you for a number of different purposes. For each purpose, we are required to confirm the ‘legal basis’ that allows us to use your information, as follows:
|PURPOSES FOR WHICH WE WILL PROCESS THE INFORMATION||LEGAL BASIS FOR THE PROCESSING|
|To administer our website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes, to allow you to participate in interactive features of our service, when you choose to do so, to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you and to make suggestions and recommendations to you and other users of our site about goods or services that may interest you or them||It will be necessary for our legitimate business interests to ensure you receive the best experience possible when accessing and using our website|
|To obtain further information about you, any organisation you represent, with a view to us entering into a contract with you or the organisation you represent||It will be necessary for our legitimate business interests to ensure we are fully aware of all issues relating to the matter that is the subject of the services you have requested, or may request from us|
|To obtain further information about you, any organisation you represent, with a view to us monitoring potential changes which could affect the contract between the organisations.||It will be necessary for our legitimate business interests to ensure we are fully aware of all issues relating to the stability, credit worthiness, ownership and other similar factors about your organisation, which may impact our ability or willingness to deliver the service(s) you receive from us|
We use the following cookies:
- Strictly necessary cookies. These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website, use a shopping cart or make use of e-billing services.
- Analytical/performance cookies. They allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.
- Functionality cookies. These are used to recognise you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
- Targeting / Tracking cookies. These cookies record your visit to our website, the pages you have visited and the links you have followed. We will use this information to make our website and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose.
You can find more information about the individual cookies we use and the purposes for which we use them in the table below:
|cookieconsent_dismissed||Stops the cookie popup appearing||Cortex.co.uk|
|FB_cookie (2 items)||Facebook Tracking||Facebook.com|
You block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our website.
Cookies we directly control will don’t expire. You can clear any cookies by reviewing the Cookie setting on your browser at any time.
DISCLOSURE OF YOUR INFORMATION
You agree that we have the right to share your personal information with:
- other Innovise group companies;
- our auditors Hazlewoods LLP and quality assurance assessors NQA Certifications Ltd;
- Dropbox, OneDrive, Oracle (Specifically Netsuite), Microsoft (Specifically Dynamics, Office 365, Partner Assurance), Apple (Specifically iCloud), Google (Specifically Google Alerts, Chrome and Google Plug-ins), Cisco (Specifically Webex), LogMeIn and other online cloud providers of this nature;
- analytics and search engine providers (Google, Bing, Lead Lander, Hot Jar, Drupal) that assist us in the improvement, utilisation and optimisation of our website; and
- selected third parties to the extent we reasonably consider that it is in your best interests for us to do so, or it is necessary for our legitimate business interests.
We will disclose your personal information to third parties:
- in the event that we enter into negotiations to sell or buy any business or assets, in which case we will disclose your personal data to the prospective seller or buyer of such business or assets;
- if Cortex or substantially all of its assets are acquired by a third party, in which case personal data held by it about you will be one of the assets transferred to the third party; or
IDENTIFYING YOU AS A CUSTOMER
If you are a business client, we may identify you as a customer of the firm in our marketing material or in legal directories, although we will never publicly disclose any confidential information about your business without having obtained your prior consent. If you do not agree to us identifying you as a customer of the firm, please notify us by writing to the address at the top of this policy, or by emailing us at firstname.lastname@example.org
WHERE WE STORE YOUR PERSONAL DATA
All information you provide to us is stored securely in our servers or by our sub processors. Cortex uses sub processers which may not offer storage within the United Kingdom, or cannot guarantee storage is exclusively within the United Kingdom. A list of our Sub-processors can be found on our website: www.cortex.co.uk/sub-processors.
In all circumstances, we will take the steps reasonably necessary to ensure that your data is treated in accordance with our Information Security Management System policies and procedures (ISO/IEC 27001:2013 commonly known as “ISO27001” Certified Certificate number 70919 from NQA Certification Ltd Registration number 09351758) which includes the following safeguards for you:
Policies and Procedures include:
- Access Controls
- Back-up and Restore Procedures
- Change Control
- Clear Desks and Screens
- Documents Controls and Record Management
- Internet and Computer Use
- Laptop and Mobile Devices
- Media Handling and Disposal
- Information Security
- Incident Management
- Risk Assessment and Management Procedures
- Corrective Actions and Non-conformity
- Internal Audit procedures
- Management Reviews
- Network Security
- Physical Security
- Secure Development
- Secure System Engineering
Some of the data that we collect from you may be transferred to, and stored at, a destination outside the United Kingdom. It may also be processed by personnel operating outside the United Kingdom who work for us, our group companies or for one of our suppliers. By submitting your personal data, you agree to this transfer, storing or processing. If you are concerned about the levels of data security in any of those countries, please let us know and we will endeavour to advise what steps will be taken to protect your data when stored overseas.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
HOW LONG WE WILL STORE YOUR PERSONAL DATA
The length of time that we will store your data will depend on the applicable ‘legal basis’ in relation to that data, as follows:
|LEGAL BASIS||LENGTH OF TIME|
|Where we use/store your data because it is necessary for the performance of the contract between you and us||We will use/store your data for as long as it is necessary for the performance of the contract between you and us|
|Where we use/store your data because it is necessary for us to comply with a legal obligation to which we are subject||We will use/store your data for as long as it is necessary for us to comply with our legal obligations|
|Where we use/store your data because it is necessary for our legitimate business interests||We will use/store your data until you ask us to stop. However, if we can demonstrate the reason why we are using/storing your data overrides your interests, rights and freedoms, then we will continue to use and store your data for as long as it is necessary for the performance of the contract between you and us (or, if earlier, when we recognise we no longer have a legitimate interest in using/storing your data)|
|Where we use/store your data because you have given us your specific, informed and unambiguous consent||We will use/store your data until you ask us to stop|
You have various legal rights in relation to the information you give us, or which we collect about you, as follows:
- You have a right to access the information we hold about you free-of-charge, together with various information about why and how we are using your information, to whom we may have disclosed that information, from where we originally obtained the information and for how long we will use your information.
- You have the right to ask us to rectify any information we hold about you that is inaccurate or incomplete.
- You have the right to ask us to erase the information we hold about you (the ‘right to be forgotten’). Please note that this right can only be exercised in certain circumstances and, if you ask us to erase your information and we are unable to do so, we will explain why not.
- You have the right to ask us to stop using your information where: (i) the information we hold about you is inaccurate; (ii) we are unlawfully using your information; (iii) we no longer need to use the information; or (iv) we do not have a legitimate reason to use the information. Please note that we may continue to store your information, or use your information for the purpose of legal proceedings or for protecting the rights of any other person.
- You have the right to ask us to transmit the information we hold about you to another person or company in a structured, commonly-used and machine-readable format. Please note that this right can only be exercised in certain circumstances and, if you ask us to transmit your information and we are unable to do so, we will explain why not.
- Where we use/store your information because it is necessary for our legitimate business interests, you have the right to object to us using/storing your information. We will stop using/storing your information unless we can demonstrate why we believe we have a legitimate business interest which overrides your interests, rights and freedoms.
- Where we use/store your data because you have given us your specific, informed and unambiguous consent, you have the right to withdraw your consent at any time.
- You have the right to object to us using/storing your information for direct marketing purposes.
If you wish to exercise any of your legal rights, please contact us at the address above, or by emailing us email@example.com
You also have the right, at any time, to lodge a complaint with the Information Commissioner’s Office if you believe we are not complying with the laws and regulations relating to the use/storage of the information you give us, or that we collect about you.
We do not use automated decision-making processes other than in our Cortex Certification Examination where answers are scored against an objective reference set of answers or results.
CHANGES TO OUR POLICY
Any changes we make to our policy in the future will be posted on our website and, where appropriate, notified to you by email or via social media. Please check our website frequently to see any updates or changes to our policy.
Questions, comments and requests regarding this policy are welcomed and should be addressed to our Finance Director by writing to the address at the top of this policy, or by emailing us at firstname.lastname@example.org