WHO WE ARE
Ablyss Systems Ltd is committed to protecting and respecting the personal data that we hold. This privacy notice describes why and how we collect and use personal data and provides information about individuals’ rights. It applies to personal data provided to us, both by individuals themselves and by others. We may use personal data provided to us for the purposes described in this privacy notice or as made clear before collecting personal data.
WHAT IS PERSONAL DATA
Personal data is any information relating to an identified or identifiable living person. When collecting and using personal data, we are transparent about why and how we process personal data. We process personal data for a number or purposes, and the means of collection, lawful basis of processing, use, disclosure, and retention periods for each purpose are set out in the relevant sections below.
The personal data that is provided to us is provided either directly from the individual concerned or from a third party acting on behalf of an individual. Where we receive personal data that relates to an individual from a third party, the third party should be aware that the individual may be informed of the necessary information regarding the use of their data. Where necessary, reference may be made to this privacy notice.
TYPES OF PERSONAL DATA WE PROCESS
We collect and process the following types of personal data:
- email addresses and other contact information;
- records of your correspondence with us;
- details of your visit to the website;
- information about your experiences with our work;
- personal information you provide when you apply to work for us; and
- any other information provided to us.
HOW WE COLLECT PERSONAL DATA
We collect personal data:
- Through your request for publications and other materials;
- Through your applications for jobs with us;
- Through your request for information about our work and events;
- Through your registration for events;
- Through your contacting us with enquiries, product support issues and comments;
- Through our use of Google Analytics cookies; and
- Through your purchases.
WHY DO WE PROCESS PERSONAL DATA AND THE LAWFUL BASIS?
There are several reasons why we will process the personal data that you may provide to us:
- To provide advice and ongoing support
- To undertake recruitment exercises
- To manage an ongoing relationship such as attendance at events
- For marketing purposes
Under the UK GDPR, the lawful bases we rely on to process personal data are:
- Your consent
- We have a contract with you
- Legitimate interests.
HOW LONG DO WE KEEP PERSONAL DATA FOR?
Any personal data will not be retained for any longer than is necessary for the lawful purposes for which it was collected and processed. We may, in some cases, keep personal data for longer to establish, exercise, or defend our legal rights and the legal rights of our clients. In addition, personal data may be securely archived with restricted access and other appropriate safeguards where there is a need to continue to retain it. While we retain your personal data, we will ensure that it is kept securely and protected from loss, misuse or unauthorised access and disclosure. Once the retention period is reached, we will delete your personal data.
SHARING PERSONAL DATA
We will only share personal data with others when we are legally permitted to do so. When we share data with others, we put arrangements and security mechanisms (a contract or a data sharing agreement) in place to protect the data and to comply with our data protection, confidentiality and security standards.
Occasionally, we may receive requests from third parties with authority to obtain disclosure of personal data, such as to check that we are complying with applicable law and regulation, to investigate an alleged crime, to establish, exercise or defend legal rights. We will only fulfil requests for personal data where we are permitted to do so in accordance with applicable data protection legislation.
We may contract with data processors to provide email, system administration, document management and IT storage services. Any personal data shared with a data processor for this purpose will be governed by appropriate safeguards and contracts under data protection law. All data is stored within the Microsoft 365 and Azure Infrastructure.
LOCATIONS OF PROCESSING
The personal data that we collect from you will be processed within the UK. It may be necessary, in some cases, to transfer personal data to the EEA and any such transfers will be fully compliant with the requirements of the legislation. If personal data is to be transferred outside the UK or EEA to a country which is not designated as ‘adequate’ then, if we are not relying on consent, we will ensure that appropriate safeguards are in place such as Standard Contractual Clauses to ensure that we comply with the UK GDPR. We will take all reasonable steps to ensure that your personal data is treated securely, in accordance with this privacy notice.
Individuals have certain rights over their personal data and data controllers are responsible for fulfilling these rights as follows:
- Individuals may request access to their personal data held by us as a data controller.
- Individuals may ask us to rectify personal data submitted to us.
- Individuals may request that we erase their personal data.
- Individuals may have other rights to restrict or object to our processing of personal data and the right to data portability.
- Individuals may request information about, or human intervention into, any automated data processing that we may undertake.
Where we process personal data based on consent, individuals may withdraw their consent at any time by contacting us.
If you wish to exercise any of these rights, please contact us using any of the methods stated in our contact details below.
We hope that you won’t ever need to, but if you do want to complain about our use of personal data, please contact us using one of our contact methods below. We will investigate and respond to any complaints we receive.
You also have the right to lodge a complaint with the UK data protection regulator, the Information Commissioner’s Office (“ICO”). For further information on your rights and how to complain to the ICO, please refer to the ICO website ICO Make a Complaint.
DATA CONTROLLER AND CONTACT INFORMATION
If you have any questions about this ‘Privacy Notice’ or how and why we process personal data, please contact us in any of the following ways:
- Email: firstname.lastname@example.org
- Phone: 01625 535685
- Post: 5 The Courtyard, 2 Finney Lane, Heald Green, Cheshire SK8 3GZ
CHANGES TO OUR PRIVACY NOTICE
Updates to this Privacy Notice will appear on this website.
This Privacy Notice was last updated in June 2023.