CNSintel is a limited liability company (10779548 Company Number) registered at Tower House, Fairfax Street, Bristol, United Kingdom, BS1 3BN. This policy sets out how CNSintel handles personal information.
What personal data we collect and how and why we collect it
Personal information means information that by itself identifies an individual (such as name, address or email address) as well as information that can be combined to identify an individual. CNSintel may collect and store personal information including title, name, business address, position held, telephone number, email address and payment details. This information can be collected in a number of ways:
- When you provide it directly to us
- From publicly available sources
CNSintel uses personal information for responding to and processing inquiries and service requests including registering our advisors and clients, and managing payments and business relationships. CNSintel also may use personal information for supporting your relationship with CNSintel by designing services that are suitable to your needs, general service support and updates, marketing, continuing existing service and support, and other similar purposes. This Information may also be used to provide you with notices about your use of a service, and to carry out CNSintel’s obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection.
We may use your comments and feedback obtained from email communications on our website with your approval.
Customers/users can use our website to contact us. We use their contact information to send them information about our company. We also use customer and prospect information to send occasional emails about our services. Users may opt-out of receiving future mailings at any time by contacting us at firstname.lastname@example.org.
Embedded content from other websites
CNSintel’s website may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
We may record certain information about your visit to our website. This information is generally anonymous and does not reveal your identity, and may include:
- your IP address or proxy server IP address’;
- the name of your internet service provider is sometimes captured depending on the configuration of your ISP connection;
- the date and time of your visit to the website;
- the length of your session;
- the pages which you have accessed;
- the number of times you access our site within any month;
- the file URL you look at and information relating to it; and
- the website which referred you to our Sites.
Lawful Reasons for Processing Personal Information
We have a number of lawful reasons that mean we can process your personal information, as summarized here:
|Purpose/Activity||Type of data||Lawful basis for processing including basis of legitimate interest|
|To register you as a new client or advisor||(a) identity||Performance of a contract with you|
|To provide the services to you including:|
(a) manage payments, fees and charges
(b) collect and recover money owed to us
|(a) performance of a contract with you
(b) necessary for our legitimate interests (to recover debts due to us)
(c) necessary for the legitimate interests of others (preventing fraud)
|To manage our relationship with you which will include:|
(b) ask you to leave a review or take a survey
|(a) performance of a contract with you
(b) necessary to comply with a legal obligation
(c) necessary for our legitimate interests (to keep our records updated, study how customers use the services and to improve the services into the future)
|To administer and protect our business and this website and services (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)||(a) identity|
|(a) necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganization or group restructuring exercise)
(b) necessary to comply with our legal obligations
Who we share your data with
We do not share any information with third party providers with the exception of sharing the identity (name and position held) of our selected advisors for any given project with our clients. If necessary, we may also share certain personal information of our clients and advisors (names) with our accounting firm for our tax purposes, or with our banks for payment purposes. We make sure any such information that we share will be used only for the purpose of providing their services to us, and in a manner consistent with our privacy practices.
How long we retain your data
What rights you have over your data under GDPR
If you have emailed us at email@example.com, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us.
You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
The right to be informed
Individuals have a right to understand when their personal data is being held and processed, even when this has been obtained indirectly.
The right of access
You can request access to your personal data at any time to be aware of and verify the lawfulness of the processing, this is via a Subject Access Request (see below).
The right to rectification
Personal data can be easily rectified if inaccurate, incomplete or out of date. This can be done by a written request (please see below for information).
The right to erasure
Under qualifying criteria, you can request your data to be deleted where there is no lawful reason for its continued processing. Please refer to the GDPR regulation or ico.org.uk for full details.
The right to restrict processing
Under qualifying criteria, you can request the processing of your data to be restricted. This means your data will still be held but not processed and may apply where information is inaccurate or if there is an objection over the lawfulness of the processing. Please refer to the GDPR regulation or ico.org.uk for full details. Please send your request in writing as per the below instructions. Where data is restricted, CNSintel shall, where applicable, also inform any involved 3rd parties of the restriction.
The right to object
Where processing of your data is taking place under certain purposes and no legitimate reason exists for this, you have the right to object. Please send your request in writing as per the below instructions.
The right to data portability
You may have the right to receive personal data CNSintel holds about you in a format that enables you to transfer such information to another data controller (e.g. such as another service provider).
The right to review by an independent authority
You will always have the right to lodge a complaint with a supervisory body, including the Information Commissioners Office.
Objecting to other uses of your information
You may also have the right to object to CNSintel’s use of your information in other circumstances. In particular, where you have consented to CNSintel’s use of your personal data, you have the right to withdraw such consent at any time.
Review and Opt Out
Accessing my Data – Subject Access Request
If you wish to make a request to access the personal data we hold, you must provide the following:
Application in writing – You will need to make a request in writing, or via email to firstname.lastname@example.org or post to CNSintel, Tower House, Fairfax Street, Bristol, United Kingdom, BS1 3BN.
Proof of identity – You will need to provide proof of identity as part of your collaboration with us. Please provide contact telephone numbers as identity is confirmed via a call back from a member of our team for data protection purposes.
What to include in your application – please state the specific data you wish to access.
If you wish to apply to restrict, rectify, object or request erasure of your data, please submit your request in writing as above.
How we protect your data
CNSintel is committed to protecting all personal information and content we collect and use. To that end, we have implemented commercially reasonable physical, administrative and technical safeguards to help us protect personal information and content under CNSintel’s direct control from unauthorised access, use and disclosure. However, no system of electronic data collection, storage and retrieval can be made entirely impenetrable and by continuing to use our website, products and services you acknowledge and accept that despite the reasonable measures we employ, we do not guarantee that our Websites, Products and procedures are invulnerable to all security breaches or immune from viruses, security threats or other risks.
We store personal information on secure servers that are managed by us and our service providers, and occasionally hard copy files that are kept in a secure location in the UK. Personal information that we store or transmit is protected by security and access controls, including username and password authentication, two-factor authentication, and data encryption where appropriate.
What data breach procedures we have in place
We implement a number of different procedures to optimise data security. This includes login notification alerts, intrusion protection monitoring, logging and alerting.
What third parties we receive data from
Updates to our Policy
Effective Date: August 2, 2018