1. Our Commitment to Privacy
2. What kinds of personal information do we collect?
2.1) We collect information about individuals who work at organisations with whom we have a business relationship, in particular our existing customers, potential customers and also other organisations with whom we work from time to time, including our partners, suppliers and sub-contractors.
2.2) The types of personal information which we may collect, and hold include about you are typically limited to:
(a) your name;
(b) email address, mobile phone number; and
(c) other business contact details, such as your job title and place of work.
We will not collect sensitive information about you (such as health-related or medical information, details of your race or ethnic origin, political beliefs or religion etc.).
3. How we collect personal information
3.1) Collecting information from you
In most instances, we will collect personal information directly from you or from your organisation – for instance if you get in touch with us regarding a particular project or opportunity.
Depending on how you choose to interact with us, we may collect your personal information when you contact us or our service providers, by telephone, by email, in person, through our website or when you complete a form or document and provide it us.
3.2) Collecting information from third parties
We may also collect information about you from other people (e.g. a third-party administrator) or through networking, including from social media, such as LinkedIn, or referrals from other customers and contacts. We also receive personal data through referrals, for instance if an existing customer recommends your services, they might pass on your contact details to us.
3.3) Collecting information from visits to our website – Cookies
We use the following types of cookies on our website:
|Name of cookie and what it is used for||Provider of the cookie||Type of cookie||Persistent / session|
|Traffic Log: Used to identify which website pages are visited and direct users based on region to the appropriate page.||Native to Alcidion website||Server / Traffic Log||Session|
No attempt is made by us to use this information to personally identify you. We record a variety of information from interactions with our online services including IP address, locations data (where available and not disabled by the user), dates, times, and other user activity. In most cases we will not be able to reasonably identify an individual from the information collected. However, if cookie information is linked with personal information we hold about you as set out above, this cookie information becomes personal information and will be treated in the same manner as the personal information to which it has been linked.
3.4) Unsolicited information
If we receive personal information about you that we have requested, or we determine that the personal information received is not reasonably necessary to provide our services, we will take reasonable steps to anonymise or delete that personal information.
4. How we hold your personal information
4.1) The security of your personal information is of paramount importance to us and we take reasonable steps to protect the personal information we hold about you from misuse, loss, unauthorised access, modification or disclosure.
4.2) We have a number of safeguards in place to protect the personal information we hold, including password protected databases, staff training and system firewalls.
4.3) We maintain password security and restricted access to all electronic documents containing personal information and store hard copy documents in secured locations. We will take reasonable steps to delete or permanently anonymise personal information if it is no longer needed for the purpose for which the information was used or disclosed.
5. How do we use your personal information and our lawful basis for doing so
5.1) We use personal information for the following purposes:
|Type of individual||What we (and Alcidion AUS Pty Limited and Alcidion NZ Limited where applicable) use your personal information for / our legitimate interest|
|Personal contact details of individuals at existing UK customers||Managing the relationship with our existing UK customers, communicating with you on day to day matters.|
|Personal contact details of individuals at potential UK customers and other parties who are interesting in hearing about our products and services|
- Sending direct marketing information to you about our products and services.
- Liaising with you about opportunities to work together.
- Responding to queries from you about our products and services.
|Personal contact details of individuals at our UK suppliers, partners, subcontractors and other third parties||Managing the relationship with such UK based parties, communicating with you on day to day matters.|
6. How is personal information disclosed to others?
6.1) We do not sell, rent or trade personal information to, or with, third parties.
6.2) Our website may contain links to other websites. We do not share your personal information with those websites, and we are not responsible for their privacy practices.
6.3) In some circumstances your personal information may be disclosed to service providers that perform a range of services on our behalf including:
(a) mailing houses and printing companies;
(b) auditors and solicitors;
(c) information technology vendors, including hosting service providers; and
(d) other consultants.
6.4) If we transmit your personal information over the internet (for example to the above third parties) we will take reasonable steps to maintain the security of any personal information to prevent misuse and unauthorised access. Despite these protection mechanisms, you should be aware there are inherent risks associated with the transmission of data over the internet and we cannot guarantee any transmission will be completely secure.
6.5) Where we disclose your personal information to our service providers, we will take steps to ensure that they are authorised to only use personal information in order to perform the functions required by us and in accordance with applicable data protection law, and we will ensure that we have a contract in place with them, limiting their use of the personal information to only using it for the purpose of delivering the services to us, having in place suitable security measures etc..
7. International transfers
7.1) Under UK data protection law, when personal information is being transferred outside the UK, we as a data controller, are under an obligation to ensure that such a transfer is performed in a manner that ensures that your personal information is adequately protected. We may from time to time, transfer information that we collect about you to our parent company Alcidion Group Limited, to Alcidion Aus Pty Limited in Australia and also to Alcidion NZ Limited in New Zealand. Our lawful basis for making such a transfer is that it is in our legitimate interests, to allow our Alcidion group companies to have visibility of our business relationships and to undertake corporate management functions.
7.2) In respect of transfers of personal data to Alcidion Aus Pty Limited, we have put in place the standard contractual clauses (Controller to Controller version) which ensures that any such transfers are compliant with UK data protection law. In respect of transfers of personal data to Alcidion NZ Limited, New Zealand is a country which is recognised by the UK ICO (and European Commission) as offering adequate protection for personal data, so a transfer to this entity is automatically permitted under UK data protection law.
7.3) If you would like further details about the security measures we have in place in respect of transfers involving your personal information (including a copy of the signed standard contractual clauses) please contact us using the details in section 11.1.
8. Data Retention
8.1) We will take reasonable steps to protect the personal information we hold from misuse or loss and from unauthorised access, modification or disclosure.
8.2) We will only keep your personal information for as long as reasonably necessary to fulfil the relevant purposes set out in this Policy and in order to comply with our legal and regulatory obligations, following which the data will be deleted. Our retention periods are as follows:
- Personal data of individuals at existing customers – 7 years after the end of our contract with you/your organisation.
- Personal data of individuals at existing suppliers and other third parties – 7 years after the end of our contract with you/your organisation.
- Personal data of individuals at potential customers (for marketing purposes) – we will hold data used for direct marketing purposes for as long as we consider that there is a reasonable likelihood of you either: (i) becoming a customer of ours; or (ii) remaining interested in hearing about our products and services e.g. through receiving our newsletters. We will regularly review personal data held for such direct marketing purposes and will delete such data where we consider that neither of the above criteria apply.
If you opt out of receiving marketing communications, we will cease sending marketing communications to you, but we will need to retain your name and email address indefinitely, on a suppression list, to avoid us inadvertently marketing to you after you have opted out.
9. Ensuring your personal information is up to date
9.1) To help us comply with our obligation under UK data protection law around ensuring that personal information is accurate and up to date, during the course of our relationship with you, we will ask you from time to time to tell us of any changes to your personal information. However, you can contact us at any time to update your personal information or to tell us that the information we hold about you is inaccurate or incomplete.
10. Your rights and Further Information
10.1) If you have any questions in relation to our use of your personal information, or if you wish to exercise the rights set out below, you should first contact us using the contact details in section 11.1 of this Policy. There will not normally be a charge for this.
10.2) You have several data protection rights which entitle you to request information about your personal information, to dictate what we do with it or to stop us using it in certain ways (as set out below).
10.3) Please note:
- 10.3.1) in some cases we may not be able to comply with your request (e.g. we might not be able to delete your data) for reasons such as our own obligations to comply with other legal or regulatory requirements. However, we will always respond to any request you make and if we can’t comply with your request, we will tell you why; and
- 10.3.2) in some circumstances exercising some of these rights (including the right to request that we stop processing or otherwise delete your personal information, the right to request restriction of processing and the right to withdraw consent) will mean we are unable to continue providing you with certain services.
10.4) Under certain conditions, you may have the right to require us to:
- 10.4.1) Provide you with further details on the use we make of your personal information and/or transfer a copy of your personal information to another data controller;
- 10.4.2) Provide you with an electronic copy of personal information that we hold;
- 10.4.3) Update any inaccuracies in the personal information we hold and/or restrict processing of your personal information;
- 10.4.4) Stop processing or otherwise delete any personal information that we no longer have a lawful ground to use; and
- 10.4.5) Object to our use of your personal information which is based on the ‘legitimate interests’ legal ground. If our use of your personal information based only on this legal ground is causing you undue harm, then we must cease using your personal information for that purpose.
10.5) You also have the right at any time, to object to receiving direct marketing communications from us (which we will promptly comply with) and where any other use of your personal information is based on consent, to withdraw that consent at any time.
10.6) Your exercise of most of these rights is subject to certain conditions and exemptions, for example to safeguard the public interest in investigating crimes, or protecting legal privilege. If you exercise any of these rights we will check your entitlement and respond in most cases within a month.
10.7) f you are not satisfied with our use of your personal information or our response to you, you can complain to the contact listed at section 11.1 below. You also have the right to complain to the UK Information Commissioner’s Office (ICO) at any time. For more information visit the ICO’s website at https://ico.org.uk/. Please note that exercising this right and lodging a complaint will not affect any other legal rights or remedies that you have.
11. How to contact us
11.1) For UK-based individuals, all correspondence should be directed for the attention of our Data Protection Officer via the following contact:
12.1) From time to time, we may change our policy on how we handle personal information or the sort of personal information which we hold. Any changes to our policy will be published on, and can be viewed by accessing by checking our website www.alcidion.com/uk/. This Policy was last updated on 10 February 2022.