1. Background to this notice
Cassini Systems Limited is a company registered in England and Wales (company number 08682150).
Cassini, together with the other members of its group (“we/us/our”), are committed to safeguarding the privacy of third parties with whom we interact, including our clients, third parties who visit our websites (“websites”) and/or to who we provide services to or otherwise engage with (“you/your”).
(a) What personal information about you we may collect
(b) How we may use your personal information
(c) Who we may disclose your personal information to
(d) How we protect your personal information
(e) Contacting us & your rights to prevent marketing and to access and update your personal information
(f) Our Cookies Policy
2. Information we may collect about you
2.1 We may collect personal data about you from the following sources:
(a) Our correspondence: if you contact us by post, telephone, email or other electronic means we may keep a record of that correspondence;
(b) Information you provide to us: personal information that you provide to us, such as during the registration process to access and use the websites or otherwise interact with us, including your name, title, position and contact details;
(c) Your transactions: details of transactions you carry out through our websites or through other channels and of the fulfilment of the services we provide;
(d) Website and communication usage: details of your visits to the websites and information collected through cookies and other tracking technologies including, but not limited to, your IP address and domain name, your browser version and operating system, traffic data, location data, web logs and other communication data, and the resources that you access; and
(e) Survey information: we may also ask you to complete surveys that we use for research purposes. In such circumstances we shall collect the information provided in the completed survey.
Clients and prospective clients
2.2 Service provision data: if you are a Client (or a prospective client), in addition to the information referred to in paragraph 2.1, we may collect personal data on you in the ordinary course of our business relationship with you ie the promotion or provision of our services to you.
3. Uses made of your personal information
We may use your personal information in the following ways. For each use, we note the grounds we use to justify each use of your personal information – please see paragraph 3.4 for a more detailed explanation of these grounds.
(a) For research and development purposes: to analyse it in order to better understand your and our customers’ service requirements, to better understand our business and develop our products and services.
Use justification: legitimate interests (to allow us to improve our services).
(b) To monitor certain activities: to monitor calls and transactions to ensure service quality, compliance with procedures and to combat fraud.
Use justifications: legal obligations, legal claims, legitimate interests (to ensure the quality and legality of our services).
(c) To inform you of changes: to notify you about changes to our services and products.
Use justification: legitimate interests (to notify you about changes to our service).
(d) To ensure website content is relevant: to ensure that content from our websites is presented in the most effective manner for you and for your device.
Use justification: consent, contract performance, legitimate interests (to allow us to provide you with the content and services on the websites).
(e) To reorganise or make changes to our business: In the event that we are (i) subject to negotiations for the sale of our business or part thereof to a third party, (ii) sold to a third party or (iii) undergo a re-organisation, we may need to transfer some or all of your personal information to the relevant third party (or its advisors) as part of any due diligence process or transfer it to that re-organised entity or third party and use it for the same purposes as set out in this policy or for the purpose of analysing any proposed sale or re-organisation.
Use justification: legitimate interests (in order to allow us to change our business).
(f) In connection with legal or regulatory obligations: Law enforcement, regulators and the court service. We may process your personal information to comply with our regulatory requirements or dialogue with regulators as applicable which may include disclosing your personal information to third parties, the court service and/or regulators or law enforcement agencies in connection with enquiries, proceedings or investigations by such parties anywhere in the world or where compelled to do so. Where permitted, we will direct any such request to you or notify you before responding unless to do so would prejudice the prevention or detection of a crime.
Use justification: legal obligations, legal claims, legitimate interests (to cooperate with law enforcement and regulatory authorities).
3.2 Clients and Prospective Clients
If you are a Client or a Prospective Client:
(a) To provide our services effectively to you and conduct our business: to administer our services, including to carry out our obligations arising from any agreements entered into between you and us, which may include passing your data to third parties such as agents or contractors or to our advisors (e.g. legal, financial, business or other advisors) and identifying other products and services which may be of interest to you.
Use justification: consent, contract performance, legitimate interests (to enable us to perform our obligations and provide our services to you).
(b) To provide you with marketing materials: to provide you with updates, where you have chosen to receive these. We may also use your information for marketing our products and services to you by post, email, phone and other electronic means and, where required by law, we will ask for your consent at the time we collect your data to conduct any of these types of marketing. We will provide an option to unsubscribe or opt-out of further communication on any electronic marketing communication sent to you or you may opt out by contacting us as set out in paragraph 5.6 below.
Use justification: consent.
(c) To ensure that we are paid: to recover any payments due to us and where necessary to enforce such recovery through the engagement of debt collection agencies or taking other legal action (including the commencement and carrying out of legal and court proceedings).
Use justification: contract performance, legal claims, legitimate interests (to ensure that we are paid for our services).
3.4 Legal justifications for use of personal information
Use of personal information under EU data protection laws must be justified under one of a number of legal “grounds” and we are required to set out the grounds in respect of each use in this policy. An explanation of the scope of the grounds available can be found below. We note the grounds we use to justify each use of your information next to the use in paragraphs 3.1 and 3.2 above.
Consent: where you have consented to our use of your information (you will have been presented with a consent form in relation to any such use).
Contract performance: where your information is necessary to enter into or perform our contract with you. Legal obligation: where we need to use your information to comply with our legal obligations.
Legitimate interests: where we have a legitimate interest in using your data and our reasons for using it and this is not outweighed by any adverse impact on your interests, fundamental rights or freedoms. Legal claims: where your information is necessary for us to defend, prosecute or make a claim against you, us or a third party.
4. Transmission, storage and security of your personal information
Security over the internet
4.1 No data transmission over the Internet or website can be guaranteed to be secure from intrusion. However, we maintain commercially reasonable physical, electronic and procedural safeguards to protect your personal information in accordance with data protection legislative requirements.
4.2 All information you provide to us is stored on our or our subcontractors’ secure servers and accessed and used subject to our security policies and standards. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our websites, you are responsible for keeping this password confidential and for complying with any other security procedures that we notify you of. We ask you not to share a password with anyone.
Export outside the EEA
4.3 As our business is international we may need to transfer your personal information to third parties and also to other members of the Cassini group. Your data may be accessed by staff or suppliers in, transferred to, and/or stored at, a destination outside the European Economic Area (EEA) in which data protection laws may be of a lower standard than in the EEA.
Certain countries outside the EEA have been approved by the European Commission as providing essentially equivalent protections to EEA data protection laws and therefore no additional safeguards are required to export personal information to these jurisdictions. In respect of other countries we will transfer it subject to European Commission approved contractual terms that impose equivalent data protection obligations directly on the recipient unless we are permitted under applicable data protection law to make such transfers without such formalities (or if the information is already publicly accessible there). Please contact us as set out in paragraph 5.6 below if you would like to see a copy of the specific safeguards applied to the export of your personal information.
4.4 We will retain your personal information for as long as is necessary for the processing purpose(s) for which they were collected and any other permitted linked purpose (for example certain transaction details and correspondence may be retained until the time limit for claims in respect of the transaction has expired or in order to comply with regulatory requirements regarding the retention of such data). So, if information is used for two purposes we will retain it until the purpose with the latest period expires; but we will stop using it for the purpose with a shorter period once that period expires.
4.5 We restrict access to your personal information to those persons who need to use it for the relevant purpose(s). Our retention periods are based on business needs and your information that is no longer needed is either anonymised (and the anonymised information may be retained) or securely destroyed.
5. Your rights and contacting us
5.1 You have the right to ask us not to process your personal information for marketing purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your personal information. You can also exercise the right at any time by contacting us as set out in paragraph 5.6 below.
5.2 If you have any questions in relation to our use of your personal information, you should contact us as per paragraph 5.6 below. Under certain conditions, you may have the right to require us to:
(a) provide you with further details on the use we make of your information;
(b) provide you with a copy of information that you have provided to us;
(c) update any inaccuracies in the personal information we hold (please see paragraph 5.6);
(d) delete any personal information the we no longer have a lawful ground to use;
(e) where processing is based on consent, to withdraw your consent so that we stop that particular processing (see paragraph 5.1 for marketing);
(f) object to any processing based on the legitimate interests ground unless our reasons for undertaking that processing outweigh any prejudice to your data protection rights; and
(g) restrict how we use your information whilst a complaint is being investigated.
5.3 Your exercise of these rights is subject to certain exemptions to safeguard the public interest (e.g. the prevention or detection of crime) and our interests (e.g. the maintenance of legal privilege). If you exercise any of these rights we will check your entitlement and respond in most cases within a month.
5.4 If you are not satisfied with our use of your personal information or our response to any exercise of these rights you have the right to complain to the Information Commissioner’s Office.
5.5 We will use reasonable endeavours to ensure that your personal information is accurate. In order to assist us with this, you should notify us of any changes to the personal information that you have provided to us by contacting us as set out in paragraph 5.6 below.
5.6 If you have any questions in relation to this policy, please contact us by email to: firstname.lastname@example.org
6. Cookies policy
6.2 A browser cookie is a piece of information collected by the website being browsed and stored on the user’s computer. It can either be persistent, if it lasts after the browser is closed, or session-based, in which case it is destroyed when the browser is closed.
6.3 Cassini does not store any personal information in cookies collected.