Your privacy is important
Curatrix Holdings Ltd is committed to protecting and respecting your privacy. Our organisation is committed to its promises to safely process and store your personal data. This document explains in detail the type of personal data we may collect about you when you interact with us and also how we store and handle that data, and keep it safe. We strive to ensure that our paperwork and forms are clear about how we will use the data we collect.
This privacy notice explains how Curatrix processes your personal information (‘data’). In this notice, “processes” means collects, stores, shares and otherwise uses for lawful purposes. “We” and “our” means Curatrix Holdings Ltd. and it covers all the instances where we might process personal information of clients, customers and other relevant parties of the business.
This notice was updated in May 2018 to reflect the new data protection legislation called the General Data Protection Regulation (GDPR) and the Privacy and Electronic Communications Regulation (PECR). Curatrix Holdings may change this notice from time to time and any such changes will be published on our website. Notwithstanding any change to this notice, we will continue to process your personal data in accordance with your rights and our obligations in law.
When you are using the Curatrix website, Curatrix Holdings is the Data Controller.
If you have any questions about this notice or how we use your personal information, please contact us using the contact details given below.
Who we are
Curatrix Holdings Limited Registration No.10107528, Building 6000, Langstone Technology Park, Havant, PO9 1SA and its subsidiary Curatrix Technologies Limited Registration No.09889757, VAT No.GB 231 8719 07 is a company limited by guarantee registered in England and Wales at Portsmouth Technopole, Kingston Crescent, Portsmouth, PO2 8FA.
Why do we collect your personal data?
Organisations are permitted to process data if they have a legal basis for doing so. Curatrix processes data on the basis that in furtherance of our business objectives:
- We have express and informed consent has been given by the person whose data is being processed; and/or
- We have a legitimate interest in processing the data; and/or
- It is necessary in relation to a contract or agreement which the person has entered into or because the person has asked for something to be done so they can enter into a contract or agreement; and/or
- There is a legal obligation on Curatrix Holdings to process data.
Where Curatrix Holdings is relying solely on consent as the basis for processing data, we are required to obtain your expressed consent and you can modify or withdraw this consent at any time by notifying us in writing, although this may affect the extent to which we are able to provide services to or interact with you in future.
What personal data do we collect?
The personal information we collect about you will depend on whether you are a prospective client, applying for a job, an existing customer, a helpdesk customer or have been one in the past. This includes (but is not limited to):
- Your name, address, geographical location, social media and email contact details, telephone number, date of birth, gender, religion, next of kin, marital status, details of children, health information, other circumstantial information you may give us as part of an employment application;
- Your name, contact information, geographical location, IP or MAC address, software versions, hardware information, other circumstantial information you may give us or that we require for administering support in our Helpdesk ticketing system
- Your name, address and contact information relating to request for newsletters and marketing materials;
- Your name, address and contact information relating to invitations and registration for events;
- Your name, address, contact details and information relating to your potential customer status;
- Debit or credit card information, your bank account number, sort code and other banking information, information required to validate your identity and prevent fraud;
- Your preferences and interests, we may utilise your preferences to ensure we send you the most relevant communication in the future;
- Other information you provide to us from time to time which is relevant and necessary for us to collect and process
- Your activity online concerning your visit/s to our website and when we send you an email
- Information on your business and its current or former circumstances, specifically so that we can assist you further or benefit from your support in future;
You, as the data subject, may change your preferences or request deletion of your data at any time by either ‘Unsubscribing’ on our website, emailing to firstname.lastname@example.org or writing to us, subject to any overriding legal obligation that we may have for its retention. We may keep such data on a ‘suppression list’ so we know not to contact you or process your data in future until further notice.
Profiling is an automated process which uses publicly available information to reach conclusions about supporters and then marketing to them accordingly. We will not profile your information in this way.
We do however use profiling and screening techniques to ensure communications are relevant and timely and to provide an improved experience for our customers. Profiling allows us to target our resources effectively, which we know will be important to our customers. We do this because it allows us to understand the background of the businesses we work with, and it helps us to make appropriate communications regarding potential products and services. Importantly, it enables us to deliver our business objectives, sooner and more cost-effectively than we otherwise would.
When building a profile, we may analyse geographic, demographic and other information relating to you to better understand your interests, preferences and motivation for accessing our services, to contact you with the most relevant communications. In doing this, we may use additional information from third party sources or publicly available sources. This could be, for example, addresses, education history, listed job titles, public social media information or typical earnings in a given area.
We would never sell your information to a third party.
How do we use your personal information?
We use your personal information for the following purposes:
- To confirm that your purchases have been processed correctly or to validate your identity;
- For providing the relevant information to you regarding the work we do and the services we deliver, events or community activities and for invoicing purposes;
- To send you administrative notices, relating to our organisation and its activities, where relevant;
- For our internal purposes such as management, research, analytics, organisational reporting, and ways that will improve efficiencies;
- For use in our Helpdesk ticketing system, tracking metrics such as call data, risk and response times
- To check with you that you are content with regards the type of communications that you receive;
- To market our events, business opportunities, products and services, including occasionally third-party events or activities that may be of interest to you by the appropriate means and in accordance with GDPR and PECR.
- To create anonymous and aggregated reports about our clients, customers or suppliers to ensure our organisation is communicating with and delivering the best possible services.
- To help the emergency services if required;
- To prevent and detect criminal activity and fraud;
- To comply with applicable laws, regulations, court orders, government and law enforcement agencies’ requests, to operate our systems properly and to protect ourselves, our clients and our suppliers;
Who do we share your personal information with?
We do not sell or share personal details with third parties for the purposes of marketing. But, if we run an event or fundraising activity, it may require the service of a third party and then we might need to share your details with them. This would happen if your data was required to deliver the specific activity, for example, we would share your data with an outsourced mailing house provider, for us to send you a fundraising appeal.
If we share your data with colleagues or programme partners, including outside of the European Union, we will only do so if we are confident that they adhere to the same high standards that we do when processing data and protecting its privacy and security. If we share your information with other organisations or data processors we do not allow them to use your information for their own purposes and they have to follow our strict instructions whilst complying with appropriate security measures. We regularly assess their security measures and we continue to monitor their compliance throughout the time we use their services.
We may also share your data with law enforcement agencies, regulators, courts, public authorities or emergency services when required to do so.
Cookies and other similar technologies
Cookies are small text files placed on your device which uniquely identify your device. Cookies cannot be used to run programs or deliver viruses to your device.
Our website may contain links to other websites of interest. Once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy notice. You should exercise caution and look at the privacy notice applicable to the website in question.
How long do we keep your personal information?
The period for which we keep your information depends on the purpose for which your information was collected and the use. We will not keep your personal information for longer than necessary for those purposes or for any other legal requirements. If you would like more details in relation to your personal data, please contact us.
We review all data retention periods every two years. Data collected for accounts purposes are kept for seven years plus an additional period of six months..
Know your rights
Under GDPR you have the right to:
- Be informed about what data we hold on you, why we hold it and how we process it
- Have access to the personal data we hold about you, free of charge in most cases
- The correction of your personal data when incorrect, out of date or incomplete
- Restrict our processing of your data (either through specific channels or all channels)
- Request that your data be erased completely (where we are able to do so) from our files
- Expect your personal data to be available in a portable electronic format for ease of transfer
- Object to us holding and keeping specific types of personal data
- Expect adherence to best and transparent practice around automated decision making and
Withdrawing your Consent
You have the right to ask us not to process your personal data for marketing purposes. We will usually inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data or filling out and returning to us a Data Subject Withdrawal of Consent Form which you can request at any time by contacting us at email@example.com
Keeping your personal information up to date
We want to make sure that any personal information we hold about you is up to date. So if you think your personal information is inaccurate, you can ask us to correct or remove it at no charge to you. This is called your right to rectification. Please contact us at firstname.lastname@example.org or telephone us on 0333 241 2226 if you would like to change any information that we may hold on you.
If you do not want to receive information from us, please get in touch with us and we will change your preferences. Please contact us at email@example.com or telephone us on 0333 241 2226.
Accessing your data
Under the GDPR, you have a right to know what personal information we hold about you. If you wish to access any information we hold on you, you can complete a Subject Access Request Form and return by post to: The Data Controller, Curatrix Holdings Limited, Portsmouth Technopole, Kingston Crescent, Portsmouth, PO2 8FA. Alternatively, you can email the completed form to us at firstname.lastname@example.org
Once we confirm your identity, we will endeavour to respond to your enquiry within 30 days to uphold you ‘Right to Access’.
How we protect your personal information
We maintain the highest standards of data privacy and security to protect your personal details and other information about you because we want you to feel completely confident about the communications you receive from us. We regularly review our processes and procedures to protect your information from unauthorised access and use, accidental loss and/or destruction.
Contacting the Regulator
You also have the right to raise any issues of concern about us regarding data protection and our processing of your information to the data protection regulator, The Information Commissioner’s Office (ICO). Here is a helpful link to their website https://ico.org.uk/concerns/
Any more questions?
We hope this Privacy Notice has been helpful in setting out the way we handle your personal data and your rights to control it. If you have any more questions on how Curatrix will handle your personal data, you can request our full Data Protection policy by contacting us at the address below.
How to Contact Us
You can contact our Data Controller as follows:
By Email: email@example.com
By Post: The Data Controller
Curatrix Holdings Limited
By telephone: 0333 241 2226