Privacy and Cookies

v1.2 April 2019

At claireLOGIC we take your privacy seriously and this privacy statement explains what personal data or information we collect from you and from people who visit our website and how we use it. We would encourage you to read the information below.

Who are we?
claireLOGIC Corporate Ltd is a registered company 07604951 and our registered office address is: 11 The Chambers Vineyard, Abingdon, OX14 3PX. claireLOGIC Corporate Ltd is a registered data controller (ICO registration number ZA483162)

claireLOGIC Oxford LLP is a registered company OC378044 and our registered office is: 11 The Chambers, Vineyard, Abingdon, OX14 3PX. claireLOGIC Oxford LLP is a registered data controller (ICO registration number ZA483166)

What personal data or information do we collect?
We may collect personal data about clients, prospective clients, job applicants, our current and former employees, contractors and suppliers. The personal information we collect may include your name, address, email address, IP address, and information regarding what pages you access on this website and when.

How do we collect data or information from you?
We collect personal information about you when you:

• Discuss a proposal or quote with us or commission us to deliver IT services for you.
• Make an enquiry via our website or via the telephone
• Use our website
• Enquire about or apply for a job opportunity
• Work for or with the business
• Exchange business cards with a member of the business

How is your information used?
We collect your personal data or information to operate the business effectively and provide you with a high-quality service. We may use your information:

• To deliver IT services to you, as agreed with you.
• To answer enquiries that you make prior to any agreement or contract.
• To provide you with information relating to the services you receive from us
• To monitor and respond to your queries and issues
• To keep you informed about our services, our insight into industry trends and best practice, if you have opted in to receive such communications.
• To process a job application

• To fulfil our obligations as an employer
• To provide benefits to you as an employee
• To maintain security of our office and IT infrastructure
• To invoice you, and to track payments you make or payments made to you

We believe that all these purposes are justified on the basis of our legitimate interests in running and promoting the company, our contractual requirements to deliver the agreed IT services to you, and our legal obligations, both as a limited company and responsible employer. If you would like to know more, please read below:

• Clients
• Prospective Clients
• Job Applicants
• Our Current and Former Employees
• Suppliers

Clients
As a business client, we may hold the following information about you:

• Name, job title and business contact information
• Information relation to your business activities
• Company financial details
• Demographic information such as postcode, preferences and interests
• Information and documents relating to the services we are providing, including communications with you
• Analytics and usage data, including login/password details where you have shared these with us and require us to store them
• Billing and payment information.

As a residential client, we may hold the following information about you:

• Name and contact information
• Financial details
• Demographic information such as postcode, preferences and interests
• Information and documents relating to the services we are providing, including communications with you
• Analytics and usage data, including login/passwords details where you have shared these with us and require us to store them
• Billing and payment information.

We store your information in our customer relationship management (CRM) system, which uses secure servers based in Ireland and the US, and on our own secure servers based in the UK. We use an issue tracking system to help us provide IT support services to you, which has servers based in the UK and Iceland (EEA). The proposal builder we use has servers based in Canada, which the UK and EU have recognised as a country which protects data in line with our own regulations. We also use an online accounting system to manage billing and

payments, which uses secure servers based in the USA. This means your data is transferred outside of the EEA; we always review the privacy policy to ensure that the software provider is signed up to the EU-US Privacy Shield Agreement, which helps to ensure the security of your data. Communications with you will be stored in our email system, which has servers located in the EU.

We will retain your information for the duration of our relationship with you, then for a minimum of 2 years after; at this point we will undertake a review to determine whether we have any reason to continue retaining the data or whether we securely destroy it. We will retain financial records for 6 years, following the end of the current financial year.

claireLOGIC also acts as a data processor; where we have provided infrastructure services which store client data (and may include personal data those clients are responsible for), we will retain this for the duration of the contract and a maximum of 6 months after the contract end, unless otherwise agreed at the outset of the contract.

Prospective Clients
As a prospective client, we may hold the following information about you:

• Name, job title and business contact information
• Brief information relating to your business and your IT support requirements
• Demographic information such as postcode, preferences and interests
• Communications with you

We store your information in our customer relationship management (CRM) system, which uses secure servers based in Ireland and the US, and on our own secure servers based in the UK. Details relating to any proposal we provide you with will be stored in our online system, which uses secure servers in Canada.

Communications with you relating to your initial enquiry may also be stored in our email system for a period of 12 months. We will hold your information for as long as we are responding to your enquiry, and for a period of up to 12 months if you choose not to work with us.

Job Applicants
When you apply for a job with us, we may hold the following information about you:

• Name, date of birth, and contact information
• Information relating to your qualifications and experience
• Demographic information such as postcode
• References where we take them up
• Information and documents relating to the review, interview and selection process, including communications with you.

We store your information on our file server, which uses secure servers based in the EU, and on our email system, which has servers based in the EEA. We will retain your personal data

relating to the review, interview and selection process for a period of 6 months after the interview date.

Current and Former Employees
When you work for us, we may hold the following information about you:

• Name, date of birth, and contact information
• National insurance number and Unique Tax Reference (UTR)
• Information relating to your qualifications and experience
• Demographic information such as postcode
• Information and documents relating to your performance and supervision as an employee of the business, including communications with you
• Your photograph, including Passport and Driving Licence
• Financial information, such as bank details, pension scheme and salary details
• Information about your next of kin
• Health information

We store your information on our file server, which uses secure servers based in the EU. We will also store communications with you on our email system, which uses secure servers based in the EEA. A limited amount of your personal data will also be included on systems we use to support our customers, for example our issue-tracking system, which uses secure servers in the UK and Iceland, our customer feedback system and accounting system, both of which use servers based in the USA. This means your data is transferred outside of the EEA; we always review the privacy policy to ensure that the software provider is signed up to the EU-US Privacy Shield Agreement, which helps to ensure the security of your data. Communications with you will be stored in our email system, which has servers located in the EU.

We will retain your personal data for the duration of your employment and for a period of 7 years after you leave the business. Beyond this point, we only retain minimal information about you to confirm the period of time you were employed by the business for reference purposes. We share your information with HMRC, and our chosen pension / benefits providers.

Suppliers
When you work with the business as a supplier, we may hold the following information about you:

• Name and business contact information
• Information relating to your qualifications and experience, if relevant
• Demographic information such as postcode
• Information relating to your business activities
• Information and documents relating to the services or products you offer, including our communications with you
• Financial information.

We store your information on our file server, which uses secure servers based in the EU. We will also store communications with you on our email system, based in the EEA. We will retain your information for the duration of our relationship with you and for 2 years after the last purchase we made with you. Details of financial transactions, which may include your personal data, will be retained for 6 years, plus the current financial year.

Who has access to your information?
We do not sell or rent your personal data or information to any third party or share your information with third parties for their marketing purposes.

We will disclose your data or information if required by law, for example by a court order or for the prevention of fraud or other crime.

We may pass your information on to third party service providers for the purposes of completing a task or providing services to you on our behalf. However, we disclose only the personal information necessary to deliver that service and have a contract in place that requires them to keep your information secure and not to use it for other purposes.

Transfers outside of the European Economic Area
Your personal information in the European Economic Area (EEA) is protected by data protection laws, but other countries do not necessarily protect your personal information in the same way. The EEA covers all countries in the EU plus Norway, Liechtenstein and Iceland. As outlined above, we do use systems where servers are based in non-EEA countries. We make appropriate checks to ensure that your data will remain secure when transferred to non-EEA countries. The UK & EU Commission have determined that a limited number of countries worldwide have a comparable data protection framework to secure and protect personal data: Canada is included on this list. Where your personal data is transferred to the USA, we always review the privacy policy to ensure that the software provider is signed up to the EU-US Privacy Shield Agreement, which helps to ensure the security of your data.

Your rights
You have certain rights over the processing of your personal information by Pebble Bay Consulting. These are:

• The right to be informed, which is what this privacy policy is for
• The right to access the data we hold about you
• The right to object to direct marketing
• The right to object to processing carried out on the basis of legitimate interests
• The right to erasure (in some circumstances)
• The right to data portability
• The right to have your data rectified if it is inaccurate
• The right to have your data restricted or blocked from processing

We do not undertake direct marketing activities, so you will not receive such information from us.

How you can update your information
The accuracy of your information is important to us. If you change your contact details or if you want to update any of the information we hold on you, please email us at: dataprotection@clairelogic.net or by post at: Data Protection Lead, claireLOGIC, 11 The Chambers, Vineyard, Abingdon, OX14 3PX.

How you can access your personal information
You have the right to ask for a copy of the personal information claireLOGIC hold relating to you. To do this please contact: dataprotection@clairelogic.net or by post at: Data Protection Lead, claireLOGIC, 11 The Chambers, Vineyard, Abingdon, OX14 3PX.

You also have the right to lodge a complaint about our processing of your personal data with the UK’s Information Commissioner’s Office

Keeping your data secure
When you give us personal information we take steps to ensure that it’s treated securely and strive to protect it on our internal systems. We closely control who can access the personal data we are responsible for, and the servers we use are encrypted.

Contacting us via email
We use Transport Layer Security (TLS) to encrypt and protect email traffic in line with government standards. If your email service does not support TLS, you should be aware that any emails we send or receive may not be protected in transit.

We will also monitor any emails sent to us, including file attachments, for viruses or malicious software. Please be aware that you have a responsibility to ensure that any email you send is within the bounds of the law.

Visitors to our Website – Cookies

Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site. Unless you have set your browser to block cookies, this site will place the following cookies on your computer.

 


 

Cookie Name Purpose
1P_JAR


.google.com


Google advertising cookie used for user tracking and ad targeting purposes.


APISID


.google.com


Google set a number of cookies on any page that includes a Google Map. While we have no control over the cookies set by Google, they appear to include a mixture of pieces of information to measure the number and behaviour of Google Maps users.


HSID


.google.com


 ‘SID’ and ‘HSID’ contain digitally signed and encrypted records of a user’s Google account ID and most recent sign-in time. The combination of these two cookies allows us to block many types of attack, such as attempts to steal the content of forms that you complete on web pages.


NID


.google.com


The NID cookie contains a unique ID Google uses to remember your preferences and other information, such as your preferred language (e.g. English), how many search results you wish to have shown per page (e.g. 10 or 20), and whether or not you wish to have Google’s SafeSearch filter turned on.


PHPSESSID


clairelogic.net


The PHPSESSID cookie is native to PHP and enables websites to store serialised state data. It is used to establish a user session and to pass state data via a temporary cookie, which is commonly referred to as a session cookie.


SAPISID


.google.com


Google set a number of cookies on any page that includes a Google Map. While we have no control over the cookies set by Google, they appear to include a mixture of pieces of information to measure the number and behaviour of Google Maps users.


SID


.google.com


‘SID’ and ‘HSID’ contain digitally signed and encrypted records of a user’s Google account ID and most recent sign-in time.

The combination of these two cookies allows us to block many types of attack, such as attempts to steal the content of forms that you complete on web pages.


SIDCC


.google.com


Security cookie to protect users data from unauthorised access.


SSID


.google.com


Google set a number of cookies on any page that includes a Youtube video. While we have no control over the cookies set by Google, they appear to include a mixture of pieces of information to measure the number and behaviour of Youtube users, including information that links your visits to our website with your Google account if you are signed in to one.

Information about your use of our website, including your IP address, may be transmitted to Google and stored on servers in the United States. This cookie does not identify you personally unless you are logged into Google, in which case it is linked to your Google account.


 


 

Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.aboutcookies.org or www.allaboutcookies.org.

Links to other websites
Our website may contain links to other websites run by other organisations. This privacy policy applies only to our website‚ so we encourage you to read the privacy statements on the other websites you visit. We cannot be responsible for the privacy policies and practices of other sites even if you access them using links from our website.

In addition, if you linked to our website from a third-party site, we cannot be responsible for the privacy policies and practices of the owners and operators of that third-party site and recommend that you check the policy of that third-party site.

More questions?
To contact claireLOGIC with a data protection query regarding the processing of your personal data, please email dataprotection@clairelogic.net

Changes to this privacy notice
We keep our privacy notice under regular review. This privacy notice was last updated on 18th March 2019