CC33 FS Limited trading as CC33 is an outsource services provider. The privacy of prospective and existing clients is important to us, and as a responsible company, we are committed to protecting it.
Data Controller - CC33 is the data controller where CC33 controls how that data is going to be used. Where CC33 processes data on behalf of its clients, it is the data processor. The point of contact for this privacy statement is email@example.com. CC33 may collect and hold information about a prospective, current, or former client. This shall also include any individual agent, employee, or representative of our clients where CC33 has obtained his or her Personal Data from such person as part of its business relationship with our clients.CC33 may also collect and hold information about those applying for employment with CC33. We are registered with the ICO and are responsible for protecting this information in accordance with this privacy statement.
Data Subject - Individuals whose personal information was provided by our clients, their employees, prospective clients, and those applying for employment with CC33.
Personal Data - Any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, from the information.
Sensitive Data - Information such as medical records, race, religion, sexuality, and political or trade union membership.
Third-Party - Any individual or entity that is neither CC33, nor an employee, agent, contractor, or representative.
Data Processing - Any action performed on personal information, which includes collection, recording, organising, storing, sharing, and transmitting. This includes electronic and paper documents containing personal information.
Legislation - CC33 must comply with the Data Protection Act (DPA) 2018 and the EU General Data Protection Regulation (GDPR).
Personal Data We Collect
CC33 collects data to operate effectively and provide ongoing contractual support to our clients. We also collect data in order to communicate with prospective employees. We will only collect the minimum personal information needed to complete a task and will not collect information unnecessarily. The data we collect can include the following:-
Home or Work address
Mobile or Landline Telephone Number
Information necessary for our clients to provide a service to their customers
Information on client computer hardware and software may also be collected and stored. This information can include an IP address, browser type, domain names, access times, and website address. This information is used by CC33 for the operation of our service and to maintain the quality of our service.
We also collect business contact information of our clients and potential clients.
Where We Obtain Data To Provide Our Services
Lloyd James Media
How We Use Personal Data
We only process our clients’ customer information in accordance with their written instructions to fulfil the contract between ourselves and the client.
When we market to business customers, we do this as a legitimate business interest of growing and maintaining our client base. We will always offer our clients the right to opt-out of further communications. Where a business customer opts out we will record this and ensure we do not market to that customer again.
When we communicate with prospective employees, we do this as a legitimate business interest of increasing our staff numbers. We will always offer individuals the right to opt-out of further communications and should the individual choose not to be contacted by CC33 again, we will record this and ensure we do not communicate with that individual again.
We will not send marketing material to an individual’s personal email address or home address without their consent.
Sensitive Data will not be used without express consent
Security of Personal Data
All Personal Data is stored in a controlled, secure environment, protected from unauthorised access, use or disclosure. The storage of electronic data is fully documented in our Information Security Management System (ISMS).
The information which we collect during normal use of our website is used for system administration, filtering traffic, looking up user domains, and reporting on and analysing how parts of the site are used. Such use does not result in any personally identifiable data being collected or stored.
We may use any of the following cookies:
Analytical or performance cookies: they allow us to recognise and count the number of visitors to our website and to see how visitors move around the website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.
Functionality cookies: These are used to recognise when you return to the website. This enables us to personalise our content for you.
Targeting cookies: These cookies record your visit to the website, the pages you have visited, and the links you have followed. We will use this information to make our website and the advertising displayed more relevant to your interests.
Links to other websites
Our website may contain links to other websites. However, once you have used these links to leave our website, we do not have any control over that website. Therefore, we are not responsible for the protection and privacy of any information which you provide whilst visiting such sites, and any such websites are not governed by this privacy statement.
Sharing Data With Third Parties
CC33 does not sell, rent or lease client lists to third parties.
We may, from time to time, share your data with contractors who perform tasks required to complete a service. All such contractors are required to maintain equivalent levels of security when processing your personal information as CC33 and, where required, are bound by a legal agreement to keep your personal information private, and secure and to process it only on our specific instruction.
How to Access And Control Your Personal Data
Clients and individuals have the right to access information held about them to ensure that such Personal Data is accurate and relevant for the business purposes for which it was collected.
To understand what personal information we hold you, you will need to submit a Subject Access Request to firstname.lastname@example.org. We have 28 days in which to provide the information you request.
You may also call us on 0114 399 0087 with your personal data enquiries or requests or alternatively you can write to us at our registered office address.
Where We Store And Process Personal Data
CC33 adheres to applicable data protection legislation and only processes and stores data within the UK.
Retention Of Personal Data
CC33 retains personal data in accordance with its data retention policy or for as long as necessary to provide the support requested in our contracts. Because these needs can vary for different clients and prospects, actual retention periods can vary significantly. However, our retention periods will generally align with statutory guidelines.
We will report all serious data breaches to the ICO within 72 hours which result in the loss, release, or corruption of Personal Data.
The definition of a serious breach is where CC33’s data security has been compromised resulting in the loss or disclosure of a client’s Personal or Sensitive Data which could prove detrimental to the individual’s financial, physical, or emotional well-being. The detrimental effect would include information leading to;
Volume affected – 10 individuals
A non-reportable breach will be the compromise of CC33’s data security resulting in the loss or disclosure of staff members’ Personal Data where there is no particular sensitivity and would not result in an individual being adversely affected.
You have the right to ask us not to process your Personal Data for marketing purposes. We will usually inform you, before collecting your data, if we intend to use your data for such purposes. You can exercise your right to prevent such processing by ticking certain boxes on the forms we use to collect your data.
Furthermore, if the processing of personal data is based on your consent, you have a right to withdraw consent at any time for future processing;
You have a right to request from us, when acting in the capacity as a “data controller” as defined in the law, access to and rectification of your personal data;
You have a right to object to the processing of your personal data
You have a right to lodge a complaint with a data protection authority which is the Information Commissioner’s Office (ICO) https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/documentation/.
You can also exercise your right at any time by contacting us at email@example.com.