Privacy Statement
The privacy of prospective clients and existing clients is important to us and this privacy statement explains what personal data OpenContact Services Limited (OpenContact) collects and how we use that data.
Definitions
Data Controller
OpenContact is the data controller.
The point of contact for privacy is info@opencontact.co.uk.
OpenContact may collect and hold information about a prospective, current or former client. The terms shall also include any individual agent, employee or representative of our clients where OpenContact has obtained his or her Personal Data from such person as part of its business relationship with our clients.
OpenContact may also collect and hold information about those applying for jobs within the organisation.
We are registered with the ICO, and we are responsible for protecting this information in accordance with this policy.
Data Subject
The data subjects are the individuals whose personal information we deal with such as clients, their employees, prospective clients and those applying for jobs within our organisation.
We also collect customer information on behalf of our clients.
Personal Data
Personal information means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, from the information.
Sensitive Data
Sensitive information such as medical records, race, religion, sexuality, political or trade union membership is a special category of data that requires sensitive handling.
Third Party
Means any individual or entity that is neither OpenContact, nor an employee, agent, contractor or representative.
Data Processing
Processing means any action performed on personal information, which includes collection, recording, organising, storing, sharing and transmitting. This includes electronic and paper documents containing personal information.
Legislation
OpenContact Services Limited must comply with the Data Protection Act (DPA) 2018 and the EU General Data Protection Regulation (GDPR).
Personal data we collect
OpenContact collects data to operate effectively and provide on-going contractual support to our clients. We also collect data to communicate with prospective employees. We will only collect the minimum personal information needed to complete a task and will not collect information just in case. The data we collect can may include the following:-
- Email address
- Name
- Home or work address
- Mobile or landline telephone number
- Billing information for clients
Information on client computer hardware and software may also be collected and stored. This information can include an IP address, browser type, domain names, access times and website address. This information is used by OpenContact for the operation of our service and to maintain the quality of our service.
We also collect business contact information of our clients and potential clients.
How we use Personal Data
We only process our clients’ customer information in accordance with their written instructions to fulfil the contract between ourselves and the client.
When we market to business clients we do this as a legitimate business interest of growing and maintaining our client base. We will always offer our clients the right to opt-out of further communications. Where a business customer opts-out we will record this and ensure we do not market to that customer again.
When we communicate with prospective employees we do this as a legitimate business interest of increasing our staff numbers. We will always offer individuals the right to opt-out of further communications and should the individual choose not to be contacted by OpenContact again, we will record this and ensure we do not communicate with that individual again.
We will not send marketing material to an individual’s personal email address or home address without their consent.
Sensitive Data will not be used without express consent.
Security of Personal Data
All Personal Data is stored on computers in a controlled, secure environment, protected from unauthorised access, use or disclosure.
Use of Cookies
We may use any of the following cookies on our website:
- Analytical or performance cookies: they allow us to recognise and count the number of visitors and to see how visitors move around the website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.
- Functionality cookies: These are used to recognise when you return to the website. This enables us to personalise our content for you.
- Targeting cookies: These cookies record your visit to the website, the pages you have visited and the links you have followed. We will use this information to make our website and the advertising displayed more relevant to your interests.
Sharing data with Third Parties
OpenContact does not sell, rent or lease client lists to third parties.
We may, from time to time, share your data with contractors who perform tasks required to complete a service. All such contractors are required to maintain the confidentiality of your information by agreeing to provide adequate protections for Personal Data.
We may disclose your Personal Data to Third Parties in the event that we sell or buy any business or assets, in which case we may disclose your Personal Data to the prospective seller or buyer of such business or assets.
Some data may be transferred to or accessed from outside the EEA as instructed by our clients and in accordance with our contract.
How to access and control your Personal Data
Clients and individuals have the right to access information held about them to ensure that such Personal Data is accurate and relevant for the business purposes for which it was collected.
To understand what personal information we hold you will need to place a Subject Access Request via info@opencontact.co.uk. We have 28 days in which to provide the information you request.
Where we store and process personal data
OpenContact adheres to applicable data protection laws in the European Economic Area and only stores data within the EU area.
Personal Data is only stored and processed within the European Economic Area.
Retention of Personal Data
OpenContact retains personal data for as long as necessary to provide the support requested in our contracts. Because these needs can vary for different clients and prospects, actual retention periods can vary significantly.
Incident Handling
We will report all serious data breaches to the ICO within 72 hours which result in the loss, release or corruption of Personal Data.
The definition of a serious breach is where OpenContact’s data security has been compromised resulting in the loss or disclosure of a client’s Personal or Sensitive Data which could prove detrimental to the individual’s financial, physical or emotional well-being. Detrimental effect would include information leading to;
- Identify theft
- Financial hardship
- Insurance exclusion
- Volume affected – 10 individuals
A non-reportable breach will be the compromise of OpenContact’s data security resulting in the loss or disclosure of staff members’ Personal Data where there is no particular sensitivity and would not result in an individual being adversely affected.
Your Rights
You have the right to ask us not to process your Personal Data for marketing purposes. We will usually inform you, before collecting your data, if we intend to use your data for such purposes. You can exercise your right to prevent such processing by ticking certain boxes on the forms we use to collect your data. Furthermore:
- If the processing of personal data is based on your consent, you have a right to withdraw consent at any time for future processing;
- You have a right to request from us, a “data controller” as defined in the law, access to and rectification of your personal data;
- You have a right to object to the processing of your personal data
- You have a right to lodge a complaint with a data protection authority which is the Information Commissioner’s Office (ICO)
You can also exercise your right at any time by contacting us at the email address of info@opencontact.co.uk.
Changes to this Privacy Statement
We will update this privacy statement when necessary to reflect prospect and client feedback as well as regulatory changes. Individuals should visit this website from time to time to review the latest version.
Registered company
OpenContact Services Limited
Registered Office:
Norfolk Tower
48-52 Surrey Street
Norwich
NR1 3PA
Registered in England no: 4064781