Under the EU’s General Data Protection Regulation (GDPR) personal data is defined as:
“any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”.

We only collect personal information that you share with us when you contact us or interact with us through our website, email, phone, in person at our office, stands and events, or otherwise. If you give us information on behalf of someone else, you confirm to us that you have obtained their permission to do so and that they do not have any objection to us processing their information in accordance with this Privacy Policy.

We may collect different kinds of personal data about you, depending on our interaction with you, including the following:

• Personal Identification: Full name, date of birth, age, nationality, gender, phone number(s), postal address, email address
• Financial: Bank account information, transaction history, tax identification
• Transaction: Details of payments to and from you and any products/services you have purchased from us
• Employment: Office location, job title, description of role
• Online Identifiers: Geo location/tracking details, browser type, OS, browser name and version, IP addresses
• Usage Data: Support tickets, public social networking posts, click-stream data and other data collected via cookies and similar technologies. Please read our Cookie Policy below for more information.
• Marketing: including your preferences in receiving marketing from us
• Formal Identification (e.g. for employees): Tax ID number, passport number, driver’s license details, national identity card details, photograph identification cards, and/or visa information

For clarity, we do not process special categories of personal data (as defined by the GDPR), including information relating to racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric data, health, sex life, or sexual orientation; nor do we collect any information about criminal convictions and offences. We also do not provide or market our services to children and we do not knowingly collect data relating to children.

This is the most important part: we do not collect personally identifiable information that you do not voluntarily supply to us or allow us to access. There are instances where we collect some personally identifiable data (such as through our websites’ contact forms), but in all cases we will only use the data you have supplied for the specific purpose it was collected.

Your personal information may be used in the following ways:

• To provide you with the services you have purchased and to support you in their use
• To provide you with updates to our policies, terms and conditions, or other important changes you need to be aware of
• To communicate with you directly, or to respond to your queries or requests (if you contact us, we may keep a record of that correspondence)
• To verify your identity, for example, when requesting changes to services/products, relating to your employment, or exercising your rights under the GDPR
• To provide you with details of other products and services we provide where you have given us consent to do so
• When you visit our website(s) we may collect information about your device, including your IP address, operating system and browser type. This information is anonymised and is used purely for performance monitoring and identifying improvements for our website(s).
• To assess your suitability for employment and process your application
• To verify your identity, for example, when requesting changes to services/products, relating to your employment, or exercising your rights under the GDPR

Further, where you have consented, we might also use your information to let you know by post, telephone or email about other products and services which we offer which may be of interest to you. You can of course ask for us not to do this at any time by emailing privacy@contactpartners.com.

We will never provide your personal data to any third-party for the purposes of marketing to you, ever! We also do not use your personal data for automated decision making or profiling.

The lawful bases for processing your personal data may be one or more of the following:

• Where we need it to perform a contract we are about to enter into, or have entered into, with you
• Where we need to comply with a legal or regulatory obligation
• Where it is necessary for our legitimate interests, for example, maintaining our records, analysing use of our products/services/websites, to enable us to promote our goods and services, to support and manage our staff, to assess whether to enter into a contract with you
• Where you have given consent

We understand the importance of your privacy, which is why we apply (and require our service providers to apply) appropriate physical, technical and administrative safeguards to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We also limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to do so.

ContactPartners is also IS027001 accredited and audited annually as part of that Information Security framework.

We do not pass your details to third parties unless it is part of a service that we are providing to you which requires us to do so. Where we pass your personal data on to third-party service providers contracted to ContactPartners in the course of dealing with you, any third parties that we may share your data with are obliged to keep your details securely, and to use them only to provide the services we require. When they no longer need your data to fulfil this service, they will dispose of the details in line with our policies and procedures.

Trusted third parties who assist us in providing our products and services may include partners such as service providers, data storage providers and other technical partners, for example:

• Customer relationship management and email software providers
• Web site hosting providers
• Our background check service providers
• Professional advisers including lawyers, bankers, auditors and insurers based in the UK and/or EEA
• HM Revenue & Customs, regulators and other authorities in the UK and/or EEA

The GDPR imposes restrictions on the transfer of personal data outside the European Union, to third countries or international organisations. It is our responsibility to ensure that the appropriate level of protection of your personal data guaranteed by the GDPR is not undermined. If a third party that we need to share your personal data with is based outside the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

• The country (or industry sector within that country) of the recipient is on the EU approved list of countries and has been deemed to provide an adequate level of protection for personal data by the European Commission (see European Commission: Adequacy of the protection of personal data in non-EU countries for more information)
• The country of the recipient has adequate data protection controls established by legal or self-regulatory regime
• We have a contract in place that uses existing or approved data protection clauses to ensure adequate protection
• We are making the transfer under approved binding corporate rules
• Where we use providers based in the US, we may transfer data to them if they are part of the EU-US Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US (see European Commission: EU-US Privacy Shield for more information)

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider:

• The amount, nature, and sensitivity of the personal data
• The potential risk of harm that unauthorised use or disclosure of your personal data could cause
• Whether we can achieve the purposes for which we process your personal data through other means
• Applicable legal requirements

At any point while we are in possession of or processing your personal data, you, the data subject, have the following rights:

• Right of access – you have the right to request a copy of the information that we hold about you (commonly referred to as a subject access request)
• Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete
• Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records
• Right to restriction of processing – where certain conditions apply to have a right to restrict the processing
• Right of portability – you have the right to have the data we hold about you transferred to another organisation
• Right to object – you have the right to object to certain types of processing such as direct marketing
• Right to object to automated processing, including profiling – you also have the right to be subject to the legal effects of automated processing or profiling
• Right to judicial review – in the event that we refuse your request under rights of access, we will provide you with a reason as to why. You have the right to complain as outlined below.

You also have the right to withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before withdrawal. If you withdraw your consent, we may not be able to provide certain products or services to you (we will advise you at the time if this is the case). We may however retain your personal data even if you remove your consent, where we can demonstrate that ContactPartners has a legal requirement to process or retain your data.

You may make these requests verbally (in person or over the phone), in writing, or by emailing privacy@contactpartners.com. We try to respond to all legitimate requests as soon as possible and within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated. We will not charge a fee (unless your request is clearly unfounded, repetitive or excessive). We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.

If you have questions or concerns regarding this Privacy Policy, or wish to make a complaint, you should first contact us at privacy@contactpartners.com, or by writing to us at:
ContactPartners Ltd
12 Ashurst Court
Wheatley
Oxford
OX33 1ER, UK

You also have the right to make a complaint with regard to our processing of your personal information to the relevant data protection authority in the EU member state where you live or work, or in the place where the alleged breach of data protection law has taken place. In the UK, the relevant data protection authority is the Information Commissioner’s Office. You can find out more about raising a concern on their website at: https://ico.org.uk/concerns/, or by contacting them directly:
Customer Contact
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
SK9 5AF
Tel: +44(0)303 123 1113
Email: casework@ico.org.uk

Cookies are small files containing non-identifiable data created by a website that you are visiting, and most websites create a cookie or multiple cookies in some form or another. None of the cookies that our websites create store personally identifiable information, and they are only used to analyse traffic and to allow us to improve the service the website provides to visitors.

Cookies created by this website collect anonymised data which cannot be used to identify any visitors to the website.

This website uses Google Analytics (GA) to help analyse how users interact with the website. GA collects standard Internet log information and visitor behaviour information in an anonymous form. This information can be used to evaluate visitors’ use of the website and to compile statistical reports on website activity. It does not collect any Personally Identifiable Information of visitors to the site, and the data is only available to authorised company staff. In turn Google will not aggregate IP addresses with any other data held by themselves.

Google Analytics cookies use the following prefixes:

• _ga
• _gid
• _gat

Wordfence is a security system we use specifically to ensure the integrity of the website and keep it secure from malicious entities. Cookies are created as part of the security monitoring, primarily to establish if the visitor is human or a potentially malicious automated system.

Wordfence cookies have the following prefixes:

• wfvt_{random code generated}
• wordfence_verifiedHuman

All modern web browsers allow you to control how your computer handles cookies. This includes the ability to block all or different types of cookies – and preventing them from being placed on your machine in the first place. You will also be able to delete the cookies that you have already had installed. The process for control and deletion of cookies varies from browser to browser, so you will need to determine which browser you have and then carry out some basic research.

If you want to learn more about cookies there are many websites setup to explain them in greater detail, such as http://www.allaboutcookies.org/.