ComTech Solutions Limited, trading as CookieScan (referred to as “CookieScan”, “we” or “us”) for the purpose of this notice, are the data controllers and we are pleased to provide you with the following Privacy Notice. ComTech Solutions Limited trading as CookieScan is registered with the Jersey Office of the Information Commissioner, registration number 67708.
We are working hard to serve customers a little better every day. Looking after the personal data you share with us is a hugely important part of this. We want you to be confident that your data is safe and secure with us and understand how we use it to offer you a better and more personalised experience.
What this Notice covers
- sets out the types of personal data that we collect;
- explains how and why we collect and use your personal data;
- explains when and why we will share personal data within CookieScan and with other organisations; and
- explains the rights and choices you have when it comes to your personal data.
We want you to be clear about what this Policy covers. This Policy applies to you if you use our services (referred to in this Policy as “our Services”). Using our Services means:
- using our website (“our Website”) where this Policy is posted; or
- if you contact us or we contact you about our Services; and
- using our payment management system for your subscription level
Personal Data we Collect
This section tells you what personal data we may collect from you when you use our Services and what other personal data we may receive from other sources.
When you become an account customer, you may provide us with:
- your personal details, including your name, postal and billing addresses, email addresses, phone numbers, website domain, subscription level, card payment details.
When you browse our websites, we may collect:
- information about your online browsing behaviour on our Website.
- information about any devices you have used to access our Services (including the make, model and operating system, IP address, browser type and mobile device identifiers).
When you contact us or we contact you or you answer a query or complaint about our service, we may collect:
- personal data you provide about yourself anytime you contact us about our Services (for example, your name and contact details), including contacting us by phone, email or post or when you speak with us through a contact page on our website or social media;
- details of the emails and other digital communications we send to you that you open, including any links in them that you click on; and
- your feedback and contributions to customer surveys or reviews.
How and Why We Use Personal Data
This section explains in detail how and why we use personal data. In order to collect and process personal data about you we need to have a lawful basis. The main Lawful bases we rely on includes consent (where you have given permission to be sent updates about our services), contract (where processing is necessary for the performance of a contract with you) and our “legitimate interests” (where processing is in the interest of our company and we believe you would have a reasonable expectation for us to do this).
We use personal data to:
Make our Services available to you
We need to process your personal data so that we can manage your customer accounts, provide you with the services you want from us and help you with any subscriptions and refunds you may ask for.
Manage and improve our websites
Detect and prevent fraud or other crime
It is important for us to monitor how our Services are used to detect and prevent fraud, other crimes and the misuse of services. This helps us to make sure that you can safely use our Services.
Provide you with relevant marketing communications
We want to ensure that we provide you with marketing communications, including online advertising, that are relevant to your interests. To achieve this, we also measure your responses to marketing communications relating to products and services we offer, which also means we can offer you products and services that better meet your needs as a customer. You can change your marketing choices, both when you register with us, and at any time after that. You also have choices when it comes to online advertising.
Contact you about our services
We want to serve you better as a customer, so we use your personal data to provide clarification or assistance in response to your communications.
In order to resolve legal claims or disputes involving you or us.
For example, if you have any dispute about our service or there is disruption to your website.
If you are using one of our social media pages, please remember that our page is provided via social media platform sites, such as Facebook, which has its own functionality, terms and privacy policies. Please ensure you have read these carefully and have checked your own personal settings to ensure you are happy with how your information will be used by the social media site. Our social media pages may make use of these functions, but we do not control them and are not responsible for them. We will not assume responsibility for data shared or the responsibilities of a data controller, that responsibility will remain with the social media provider.
CookieScan will monitor the social media site on occasion and, as soon as practically possible, any inappropriate entries will be removed.
Sharing personal data with third parties
We may on occasions pass your Personal Information to third parties exclusively to process work on our behalf. CookieScan requires these parties to agree to process this information based on our instructions and requirements consistent with this Privacy Notice.
We do not broker or pass on information gained from your engagement with us without your consent. However, CookieScan may disclose your Personal Information to meet legal obligations, regulations or valid governmental request. We may also enforce our Terms and Conditions, including investigating potential violations of our Terms and Conditions to detect, prevent or mitigate fraud or security or technical issues.
How do we protect personal data?
- We know how important it is to protect and manage your personal data. This section sets out some of the measures we have in place.
- We apply physical, electronic and procedural safeguards in connection with the collection, storage and disclosure of personal data;
- We protect the security of your information while it is being transmitted by encrypting it;
- We use computer safeguards such as firewalls and data encryption to keep this data safe;
- We only authorise access to employees and trusted partners who need it to carry out their responsibilities;
- We regularly monitor our systems for possible vulnerabilities and attacks;
- We will ask for proof of identity before we share your personal data with you; and
- We will reveal only the last four digits of your payment card number when confirming an order.
The personal data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”). It may also be processed by companies operating outside the EEA who work for us or for one of our service providers. If we do this, we ensure that your privacy rights are respected in line with this Policy.
How long do we use personal data for?
- Why we collected it in the first place;
- Whether there is a legal/regulatory reason for us to keep it; or
- Whether we need it to protect you or us.
You can at any time ask us to provide you with the retention schedule relating to your own personal data. We will provide this information in accordance with our policy and procedure for Data Subject Access Requests.
Your rights as a data subject
At any point whilst we are in possession of, or processing your data, you have the following rights:
- Right of access – you have the right to request a copy of the information that we hold about you;
- Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete. If you believe we hold inaccurate or missing information, please let us know and we will correct it;
Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records. There are several situations when you can have us delete your personal data, this includes (but is not limited to):
- When we no longer need to keep your personal data;
- You have successfully made a general objection;
- You have withdrawn your consent to us using your personal data (and we do not have any other grounds to use it);
Right to restriction of processing – where certain conditions apply you have a right to restrict the processing. There are several situations when you can restrict our use of your personal data, this includes (but is not limited to):
- you have successfully made a general objection;
- you are challenging the accuracy of the personal data we hold;
- Right of portability – you have the right to have the data we hold about you transferred to another organisation;
- Right to object – you have the right to object to certain types of processing such as direct marketing. If on balance, your rights outweigh our interests in using your personal data, then we will at your request either restrict our use of it or delete it;
- Right to object to automated processing, including profiling – you also have the right not to be subject to the legal effects of automated processing or profiling;
In the event that we refuse your request under rights of access, we will provide you with a reason as to why, which you have the right to legally challenge.
Subject Access Rights
You have the right to see the personal data we hold about you. This is called a Data Subject Access Request (DSAR).
If you would like a copy of the personal data, we hold about you can use the on-line Data Subject Access Request Form on our websites or write to:Data Protection Officer
de Carteret House
7 Castle Street
To access what personal data is held, identification will be required
We will accept the following forms of ID when information on your personal data is requested: a copy of your national ID card, driving license or passport. A minimum of one piece of photographic ID listed above and a supporting document is required such as a utility bill not older than three months. If we are dissatisfied with the quality of ID provided, further information may be sought before personal data can be released.
All requests should be made to firstname.lastname@example.org or in writing to us at the address further above. We will respond to your request within a four-week period, once your identification has been verified.
We’d like the chance to resolve any complaints you have, however you also have the right to complain to the relevant data protection Commissioner about how we have used your personal data.
In the event that you wish to make a compliant about how your personal data is being processed by us, you have the right to complain to our CEO. If you do not get a response within 30 days or are dissatisfied with the response, you can complain to the relevant Data Protection Commissioner.
The details for each of these contacts are:CookieScan
de Carteret House
7 Castle Street
Email email@example.comOffice of the Information Commissioner – Jersey
5 Castle Street
Telephone +44 (0) 1534 716530 or Email: firstname.lastname@example.org