This policy summarises the key points about how Cerico collects, uses and discloses personal data.
Defined terms are listed in the appendix at the end of this document. Any reference to Cerico, our, we or us is referring to Complete Electronic Risk Compliance Limited.
2. What is Personal Data?
Personal data is information (including opinions) which relates to an individual and from which he or she can be identified either directly or indirectly through other data which the firm has or is likely to have in its possession. These individuals are referred to as data subjects.
3.1 Cerico is the data controller of the personal data it processes and therefore is responsible for ensuring its systems, processes, and suppliers comply with data protection laws in relation to the information we handle.
3.2 Our clients are the data controller of, and responsible for, the personal data which they collect and process in using our compliance services. Such data will include information relating to their contractors, suppliers and employees which is uploaded onto our website or otherwise provided to Cerico. Cerico will act as a data processor for our clients in relation to this data.
4. Principles of Data Protection
4.1 Cerico has adopted the following principles to govern our use, collection and disclosure of personal data when acting as data controller.
4.2 Cerico’s core principles provide that personal data must:
4.2.1 be processed fairly and lawfully and to the extent required under local law with valid and informed consent;
4.2.2 be obtained for specific and lawful purposes;
4.2.3 be kept accurate and up to date;
4.2.4 be adequate, relevant and not excessive in relation to the purposes for which it is used;
4.2.5 not be kept for longer than is necessary for the purposes for which it is used;
4.2.6 be processed in accordance with the rights of data subjects; (See section 6)
4.2.7 be kept secure to prevent unauthorised processing and accidental loss, damage or destruction; and
4.2.8 not be transferred to, or accessed from, another jurisdiction where these core principles cannot be met unless it is adequately protected. (See section 9).
5. Collection, Use and Disclosure of Personal Data
5.1 Cerico collects and processes data which falls into one of the following categories:-
- personal data about our contacts (including client contacts);
- personal data about clients' contractors, third parties and employees.
- personal data about our employees and other staff
5.2 The below table provides a summary of how we collect and use personal data:
|Types of data||Collection||Use||Disclosure|
|Contacts/ Clients||Information such as name and business information (email address, job title, who you work for). Additional information may be processed where it is provided by you, for example in correspondence, in connection with an event or in letting us know what areas you are interested in. This may include access or dietary requirements which may reveal information about your health or religious beliefs.||Data is collected when: – you contact us via phone, email or in writing - completing the form on our website – we receive your contact details through reputable third parties for marketing purposes. You may at any time request to not be contacted by advising us at firstname.lastname@example.org.||We will use your personal data to complete any request you may make and/or to contact you for promotional and marketing purposes, eg about updates, news, events and training. Where contacts are also clients, further information will be collected for the purpose of providing our compliance services, administration, commercial purposes (e.g. creditworthiness) and as required by law (e.g. anti money laundering)||Personal data may be transferred worldwide to Cerico affiliates and service providers, as processors, who support the operation of our business. Information which is shared will be limited to that which is required for providing the service and will be adequately protected.|
|Employees||Personal data such as name, address, contact details, education and employment history; information relating to next of kin/ dependents; financial information including bank details and National Insurance numbers. Also we may process information revealing sensitive information such as health details, racial origin, religious beliefs and information about offences/ alleged offences.||Personal data will be collected from a number of sources including your application form/CV; notes and records kept throughout your employment including absences, expenses claims, questionnaires, performance reviews and details of any grievances/ disciplinary action.||Any personal data will be used for human resources administration and management purposes. Photographs, education and career information may be used in marketing and promotional material for the Cerico including our website, brochures and tender bids.||Personal data may be transferred worldwide to Cerico affiliates and service providers, as processors, who support the operation of our business. Information which is shared will be limited to that which is required for providing the service and will be adequately protected.|
6. Data Subject Rights
Personal data must be processed in line with data subjects‘ rights, including the right to:
- request a copy of their personal data;
- request that their inaccurate personal data is corrected;
- request that their personal data is deleted and destroyed when causing damage or distress; and
- opt out of receiving electronic communications from Cerico.
Should you wish to make a request in relation to the data which we process as data controller, please forward your request to the contact details in section 10 below.
7. How to Make a Complaint
You should direct all complaints relating to how Cerico has processed your personal data to the contact details below in section 10.
Information security is a key element of data protection. Cerico takes appropriate measures to secure personal data and protect it from loss or unauthorised disclosure or damage.
9. Transfer of Data Between Jurisdictions
Personal data provided to Cerico may be transferred worldwide. We use a number of suppliers in connection with the operation of our business and they may have access to the personal data we process. For example, an IT supplier may see our personal data when providing software support, or a company which we use for a marketing campaign may process contacts’ personal data for us. When contracting with suppliers and/or transferring personal data to a different jurisdiction, Cerico takes appropriate steps to ensure that there is adequate protection in place and that the principles are adhered to.
10. Contact Details
Cerico Data Protection Officer, 5th floor 123 St Vincent Street, Glasgow, United Kingdom
In this policy, the following terms have the following meanings:-
|"client"||any person or organisation to whom Cerico provides a service and who is identified as a client or customer regardless of whether a fee is charged;|
|"Data Protection Officer"||the person designated as the Data Protection Officer for Cerico from time to time who can be contacted at email@example.com;|
|"data subject" or "you"||the person whose personal data is being collected, held or processed;|
|"personal data"||is defined in section 2|
|"principles"||the core data protection principles as set out in section 4;|
|"process" or "processing""||any activity that involves use of personal data. It includes obtaining, recording or holding the personal data, or carrying out any operation or set of operations on the data including organising, amending, retrieving, using, disclosing, erasing or destroying it. Processing also includes transferring personal data to third parties as a result of those third parties having access to it.|