ALERTER GROUP PLC PRIVACY NOTICE
Alerter Group plc (“Alerter Group”) is a company registered in England and Wales under company number 4078512 and with our registered office at Enfield House, 303 Burton Road, Derby DE23 6AG. Alerter Group is committed to protecting and respecting your privacy and complying with the principles of applicable data protection laws. This notice sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us.
Collection of personal data
Alerter Group may collect and process the following data about you if you visit our website, apply for a job with us or do business with us. This may include your personal data, such as:
• Information about you that you provide by asking for further information on our products or services.
• Information about you as a result of being a supplier to us or making purchases/placing orders/contracts with us for our products and services.
• Information that you provide by applying for job vacancies with us.
• This could include your name (including as a contact point for an organisation), your job title, your email address, your telephone number, the organisation’s address and your IP address (if you complete a form on our website).
This includes information provided to Alerter Group, such as:
• Information from your social media accounts, but only where you have given us permission to use it. For example posts, pictures and video footage you share on site such as Facebook and Twitter.
• We may also ask you for information when you report a problem or make a company and, if you contact us, we may keep a record of that correspondence.
We do not collect any Special Categories of Personal Data (including details about race, ethnicity, religious beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data) nor do we collect any information about criminal convictions and offences.
Uses made of your information and the basis of processing
Alerter Group will use your personal information to:
• Carry out our obligations arising from any contracts entered into between you/your organisation and Alerter Group.
• Provide you with information, products or services that you request from Alerter Group or which we feel may interest you, where we are legally entitled to do so.
• To segment your personal data to make sure that you only receive information that is relevant to you. For example, if you are based in Glasgow, to make sure that you do not receive information about an event we’ll be at in Kent.
• Process personal information you submit as part of applying for a job with us.
If you email us for further information about our products or services, you will be providing us with your email address and any other information you include in the message. We only process this in order to pursue our legitimate interest in supplying you the products and services we offer.
Alerter Group will not use any of the personal information we collect from you to make automated business decisions.
The legal basis on which we collect and process the personal data described above depends on the personal information concerned and the specific context in which we collect it. However, we will only use your personal information where one or more of the following applies:
• When we have your consent to do so
• When we need the personal data to perform a contract with you
• When we need to process your personal information for our legitimate interest and only where our legitimate interests are not overridden by your data protection interests or fundamental rights and freedoms
• When we have a legal obligation to collect personal information form you
• When we need the personal information to protect your vital interests or those of another person
Please contact us at email@example.com if you need details about the specific legal ground that we are relying on to process your personal data.
If we ask you to provide personal information to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time, and advise you whether the provision of your personal information is mandatory or not.
We may use your identity, contact, technical and usage data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which services and offers may be relevant for you.
You may receive marketing communications from us if you have requested information from us or purchased services from us and, in each case, you have not opted out of receiving that marketing.
We will not share your information for marketing purposes with companies so that they may offer you their products or services.
If you wish to withdraw consent to receiving direct marketing from us, you can exercise your rights in this area by emailing firstname.lastname@example.org of by following the opt-out links on any marketing message sent to you.
Where you opt-out of receiving these marketing messages, this will not apply to personal data provided to us as a result of a product/service purchase or other transaction.
Alerter Group will take all steps reasonably necessary including policies, procedures and security features to ensure that your data is treated securely and protected from unauthorised and unlawful access and/or use, and in accordance with this notice. In addition, we limit access to your personal data to those employees and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
Unfortunately, the transmission of information via the internet is not completely secure and, although we will do our best to protect your personal data transmitter to us via the internet, we cannot guarantee the security of your data transmitted to our website from your device. Any transmission is at your own risk.
Where any payments are being collected on our behalf, we require our payment providers to be compliant with the Payment Card Industry’s Data Security standards (PCI-DSS).
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
International transfer of personal data
We do not envisage transferring any information about or relating to individuals to anyone who is located outside of the European Economic Area.
Data retention period
We will hold information about you in our data systems only for as long as we need it for the purpose for which we collected it. To determine the appropriate retention period we consider aspects such as the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
If you have any questions about our retention policy you can contact us to ask about how it affects your specific personal data.
The data subject’s rights
Data protection laws grant you, as a Data Subject, certain ‘information rights’, which are summarised below. We aim to comply without undue delay, and within one month at the latest (unless we inform you of a need to extend this timescale for a specific allowable reason).
• Right of access – You have the right to obtain a copy of information we hold about you.
• Right of rectification or erasure – If you feel that any data that we hold about you is inaccurate, you have the right to ask us to correct or rectify it.
You also have a right to ask us to erase information about you where you can demonstrate that the data we hold is no longer needed by us, or if you withdraw the consent upon which our processing is based, or if you feel that we are unlawfully processing your data. Please note that we may be entitled to retain your personal data despite your request, for example if we are under a separate legal obligation to retain it. Your right of rectification and erasure extends to anyone we have disclosed your personal information to and we will take all reasonable steps to inform those with whom we have shared their data about your request for erasure.
• Right to restriction of processing – You have a right to request that we refrain from processing your data where you contest its accuracy, or the processing is unlawful and you have opposed its erasure, or where we do not need to hold you data any longer but you need us to in order to establish, exercise or defend any legal claims, or we are in dispute about the legality of our processing your personal data.
• Right to Portability – You have a right to receive any personal data that you have provided to us in order to transfer it onto another data controller where the processing is based on consent and is carried out by automated means. This is called a data portability request.
• Right to Object – You have a right to object to our processing your personal data where the basis of the processing is our legitimate interested including but not limited to direct marketing and profiling.
• Right to Withdraw Consent – You have the right to withdraw your consent for the processing of your personal data where the processing is based on consent.
• Right of Complaint – You also the right to lodge a complaint about any aspect of how we are handling your data with the UK Information Commissioner’s Office, which can be contacted at www.ico.org.uk
• Right to Opt-out of Marketing Communications – You have the right to opt-out of marketing communications we send to you at any time. You can exercise this right by clicking on the “unsubscribe” or “opt-out” link in any marketing emails we send you. To opt-out of other forms of marketing then please contact us using the contact details provided below.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up your response.
Time limit to respond
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request if particularly complex or you have made a number of requests. In this case we will notify you and keep you updated.
Any changes we make to our Privacy Notice in the future will be posted on this page.
How to contact us
If you wish to contact us about your personal data or exercise any of the rights described above please contact: email@example.com
Quality, Legal and Compliance Team, Alerter Group plc, Enfield House, 303 Burton Road, Derby DE23 6AG
Alerter Group plc, Privacy Notice, 24th May 2018, Version 1.1