At Concilio Comms we operate in a data-driven world and are serious about respecting the personal data and privacy rights of everyone we come into contact with in running our business.
This policy explains:
We are Connilio Comms Limited (we, us or our), a limited liability company with registered number 07260886 having our registered office 84 Aldermans Hill, Palmers Green, London, N13 4PP.
You can contact us by writing to us at Concilio Comms Limited, 1 Fore Street, EC2Y 9DT or telephoning us on 020 3890 7306 or emailing firstname.lastname@example.org
For the purposes of applicable data protection law, we are a controller in relation to the personal data we collect and process. This means that we are responsible for deciding how and why we use personal data, and for keeping it safe. We are registered as a data controller with the Information Commissioner’s Office (ICO) with registration number ZA430553.
We contact potential clients and other business with news and promotional material. We obtain information about these persons from a variety of sources, these include:
When we do contact potential clients, we take great care to respect their privacy rights and comply with applicable marketing laws, including by doing the following:
If you don’t want to hear from us you can simply unsubscribe, or you can contact us to object to direct marketing and/or to ask to have your information deleted (see ‘Your rights as a data subject’, below, for details).
The types of personal data we collect will vary but usually include some or all of the following:
We may process other types of personal information and, if we do, then it will be protected to the same high standard.
We use personal data because we need to for one or more of the following reasons:
In limited circumstances, we may use personal data on the basis of your consent. If so, we will always clearly ask for your agreement to this. You are, of course, free to refuse this.
We collect, store and use personal data about individuals who apply to join us. This may include information:
The information we collect might include sensitive personal data, such as information about your health and sickness records. If we need to process sensitive personal data then we will ask for your explicit consent before doing so.
We only ask for references at the last stage of the application process, when making an offer of employment, and always act in accordance with the specific requirements of national laws.
We use the personal data we collect about you to:
We do all of this because either it is a necessary part of entering into a contract of employment with you or because we have a legitimate interest in ensuring that you are suitable for a particular role.
If you fail to provide personal data when requested, which is necessary for us to consider your application (such as evidence of qualifications or work history), we will not be able to process your application successfully.
We normally retain personal data about unsuccessful candidates for between 3 and 6 months from the time we inform them of our hiring decision. We retain personal data for this period so that we can demonstrate, in the event of a legal claim, we have not discriminated against an applicant and that the recruitment process was fair and transparent. After this period, we will securely destroy this applicant’s personal data. If we wish to retain personal data on file, in case future opportunities arise, we will contact the applicant and ask for his or her consent to do so.
If you are successful, the personal data you provided in the application process will be stored as part of your personnel file.
We do not normally collect personal data about visitors to our website unless they choose to provide such information when they contact us.
We collect anonymous information about visitors to our website in order to optimise and improve the website. This might include IP addresses, browser or device details and the connection type (for example, the Internet service provider used). However, none of this information will by itself directly identify any particular user.
Web browsers place cookies on hard drives for record-keeping purposes and sometimes to track information (such as repeat visits). Our website uses Google Analytics cookies to enable us to measure how users interact with our website. Further information on the cookies and how they work can be found here:
You can prevent these cookies by installing the Google Analytics opt-out browser extension by visiting https://support.google.com/analytics/answer/181881?hl=en or by adjusting your browser settings.
Personal data you provide to us will be kept private and confidential, and we will not disclose or share it with other data controllers without your permission or as set out in this policy.
We will disclose data when legally required to do so. For example, to comply with an order from a court or regulator (including the Information Commissioner’s Office).
We share personal data with some of the third parties who provide services to our firm. This includes software and cloud service providers Dropbox and IT support services. However, these third parties will only process personal data (which may include your information) on our behalf for specified purposes and in accordance with our strict instructions and a contract which protects the data and meets the requirements of data protection law.
We only retain personal data for as long as is necessary for the specific purpose(s) it was collected for (or for related compatible purposes such as complying with applicable legal, accounting, or record-keeping requirements).
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from its unauthorised use or disclosure, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, damaged or destroyed, altered or disclosed. This includes both physical security measures (such as keeping paper files in secure, access-controlled premises) and electronic security technology (such as digital back-ups and sophisticated anti-virus protection).
We limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to legal and contractual confidentiality obligations.
We have put in place reporting procedures to deal with any suspected personal data breach and will notify you and any applicable supervisory authority of a breach when we are legally required to do so.
We normally only store personal data within the European Economic Area (EEA). However, some of the technology and support services we use are provided by international organisations and/or companies which are based outside the EEA.
Before using such service providers, we take steps to make sure that any personal data they process is adequately
For example, we use Mailchimp’s email services, which are operated by the Rocket Science Group LLC in the USA; however, your information is protected thanks to the EU-US Privacy Shield and a data processing contract.
The law provides you with certain rights in relation to your personal data. These are as follows:
We try to respond to all personal data requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. Please also bear in mind that there are exceptions to the rights above and some situations where they do not apply.
We may need to request additional information from you to help us confirm your identity. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you to clarify your request.
You will not normally have to pay a fee to access your personal data (or to exercise any of your other rights). However, we may charge a reasonable fee if your request is unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
If you want to exercise any of the rights described above, please email email@example.com or write to Data Protection Requests, Concilio Comms Limited, 1 Fore Street, EC2Y 9DT.
You have the right to complain to a data protection supervisory authority (which, in the UK, is the ICO) if you are not satisfied with our response to a data protection request or if you think your personal data has been mishandled. For further information on how to make a complaint, please visit https://ico.org.uk.
We will update this policy from time to time. The current version will always be posted on our website. This policy was last updated on 2 July 2018.