Cidori Privacy Policy

At Cidori (trading name of Gateway Managed Services Ltd) we are committed to protecting and respecting your privacy. This privacy policy sets out how Cidori uses, protects and processes any information that we collect from you or that you provide to us.

Cidori is committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified when using our services, then you can be assured that it will only be used in accordance with this privacy statement.

The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a new regulation which replaces the Data Protection Regulation (Directive 95/46/EC). The Regulation aims to harmonise data protection legislation across EU member states, enhancing privacy rights for individuals and providing a strict framework within which commercial organisations can legally operate.

Even though the UK has expressed its intention to leave the EU in March 2019, the GDPR will be applicable in the UK from 25th May 2018. The Government intends for the GDPR to continue in UK law post-Brexit and has also introduced a Data Protection Bill to replace the current Data Protection Act in due course.

Your new rights under the GDPR are set out in this notice but will only apply once the GDPR becomes law on 25th May 2018.

Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

For the purposes of data protection legislation in force from time to time, the data controller is Gateway Managed Services of Sovereign Court, 230 Upper Fifth Street, Central Milton Keynes MK9 2HR.

Who we are and what we do

We are a managed learning and development service provider, working in the field of funded education. We collect the personal data of the following types of people to allow us to undertake our business;

We collect information about you solely for the purposes of carrying out our core business and ancillary activities.

What we collect from you

Cidori collects Personal Data directly from you (via email, website forms, phone, and email or otherwise) as well as from other available sources to the extent relevant and permitted under the GDPR legislation. Subject to this applicable law we may collect the following information:

Our Legitimate Business Interests

Our legitimate interests in collecting and retaining your personal data is described below:

Technical Information

When you access our services online, our web servers automatically create records of your visit. These records typically include IP-address, access times, the sites linked from, pages visited, the links and features used, the content viewed or requested, browser or application type, language and other such information. When you use our services or otherwise interact with us over telecommunications networks, certain additional information, such as your mobile telephone number, may be transmitted to Cidori by the telecommunications operator as a standard part of that communication.

Purposes of the processing and the legal basis for the processing

Cidori will collect, use, store and otherwise process your Personal Data for the purposes of Cidori’s core activities as already outlined. Additionally, your personal data may be processed for other purposes you have consented to such as marketing information or other information we think will be of legitimate interest to you. We may also use your personal data to carry out our obligations arising from any contracts we intend to enter into or have entered into between you and us.

Our legal basis for the processing of personal data is our legitimate business interests, described in more detail below, although we will also rely on contract, legal obligation and consent for specific uses of data.

We will rely on legal obligation if we are legally required to hold information on to you to fulfil our legal obligations.

We will in some circumstances rely on consent for particular uses of your data and you will be asked for your express consent, if legally required. Examples of when consent may be the lawful basis for processing include processing your data for internal marketing communications.

Should we want, need or rely on consent to lawfully process your data we will request your consent orally, by email, or by an online process for the specific activity that we require consent for and record your response on our system. Whenever necessary and subject to statutory record-keeping requirements, Cidori will delete and/or anonymise Personal Data that is no longer needed. If there has not been any recent activity between yourself and Cidori, we may delete your profile after a reasonable time in compliance with the GDPR legislation.

In further detail, Cidori will process your Personal Data for the following purposes:

Communicating with you, in context of training activities, such as:

Development of services:

We may use your Personal Data to develop and improve our website and other related services. Where feasible, we use aggregated anonymous information in context of the development activities.

Legal and regulatory compliance, including obtaining and releasing Personal Data as required by law, judicial organizations or practice in order to comply with legal obligations imposed on us.

Transfer of your Personal Data

Cidori will not sell, lease, rent or otherwise disclose your Personal Data unless you have given explicit consent. Cidori may share your Personal Data if you have given your informed consent for Cidori to do so.

We do not undertake automated decision making or profiling. We do however use our systems to search and identify personal data in accordance with the parameters set by a person. A person will always be involved in the decision-making process.

Security and controlling your personal information

We are committed to ensuring that your information is secure although unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, in order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.

We take reasonable steps to keep the personal data we possess accurate and to delete incorrect or unnecessary personal data. With respect to the processing of your Personal Data, you will always have the rights as provided by applicable local law. In addition, this Policy provides you the right to know what personal data we hold about you; to request incomplete, incorrect, unnecessary or outdated personal data deleted or updated as well as to object to Cidori’s processing of your Personal Data on compelling legitimate grounds. There may be certain categories of information prescribed by applicable local law that Cidori may lawfully withhold.

We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so. We may use your personal information to send you promotional information about courses and training opportunities which we think you may find interesting if you consent for Cidori to do so.

Retention of your data

We understand our legal duty to retain accurate data and only retain personal data for as long as we need it for our legitimate business interests and that you are happy for us to do so. Accordingly, upon GDPR legislation on the 25th May 2018 we will run data routines to remove data that we no longer have a legitimate business interest in maintaining.

We segregate our data so that we keep different types of data for different time periods. The criteria we use to determine whether we should retain your personal data includes:

We may archive part or all of your personal data or retain it on our financial systems only, deleting all or part of it from our main Customer Relationship Manager (CRM) system. We may pseudo-anonymise parts of your data, particularly following a request for suppression or deletion of your data, to ensure that we do not re-enter your personal data on to our database, unless requested to do so.

For your information, Pseudo-anonymised Data is created by taking identifying fields within a database and replacing them with artificial identifiers, or pseudonyms.

Your rights

You may choose to restrict the collection or use of your personal information.

If you have previously agreed to Cidori using and or storing your personal information you may change your mind at any time by writing/emailing us at info@cidori.co.uk or Gateway Managed Services, Sovereign Court, 230 Upper Fifth Street, Central Milton Keynes MK9 2HR.

The GDPR provides you with the following rights. To:

 

The Data Protection Act 1998 and the GDPR give you the right to access information held about you.

We also encourage you to contact us to ensure your data is accurate and complete.

For any of the above please write/email to Gateway Managed Services, Sovereign Court, 230 Upper Fifth Street, Central Milton Keynes MK9 2HR or email info@cidori.co.uk.

If you believe that any information we are holding on you is incorrect or incomplete, please write to or email us as soon as possible, at the above address. We will promptly correct any information found to be incorrect.

Cidori may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes. This policy is effective from 01/05/2018.