All your COVID-19 essential updates in one place here – let’s get you back to business
This notice gives you information about who Citation are, our approach to data protection and provides you with information about how we manage your personal data and the importance data protection plays in how we operate as a company.
Our data protection approach is supported from the top of the business and is a core competence of how we operate, it is a fundamental which we continually strive to improve on. You can read more about our approach here
For the purposes of this notice Citation is the data controller unless it has been specifically noted otherwise.
This notice relates to the collection and processing of personal data for Citaiton, it does not cover processing we do in relation to the service we provide to our clients, in that regard Citation are the data processor acting on the instruction of our clients. To that end, as a data processor we offer broadly the following services: (1) a SaaS platform to enable the management of HR and Health and Safety for clients, (2) On-site HR and Health and Safety support, (3) Fire and Electrical risk assessments and follow up services. There are also elements of these services where we also operate as a data controller.
This notice applies to the processing of personal data collected by us when you:
We collect personal data directly from you when:
We will also gain personal information from other sources, this includes third parties we purchase data from to help us identify and grow our business which could include a greater degree of personalisation. Additionally, we may combine these records with other publicly available information to ensure that our records are accurate and up to date.
We also obtain information from other companies within the Citation Group in order to provide a greater level of service and service offering or to better understand the industries we operate in or where synergies apply to our business and to yours. We also obtain information from services to help us comply with data protection laws.
Typically, the personal information we get from third parties includes name, phone number, email address, company name, job title, contact preferences.
Data from your devise, usage of our website and applications
When you access our website or use our SaaS products we use tools such as cookies, beacons and similar technologies to automatically collect information which may contain personal data from your devise and usage of our site and services. The nature of what these tools collect differ between website and SaaS product but still fall into similar categories.
This information may include IP address, application or system identification number, browser you are using, pages you have searched, files you have looked at and actions you have taken. There is also the time and date that these actions were taken or association with your browsing. We use this information to help us improve our service or your experience, to improve how you and others view the site or locations within our applications, to improve functionality, engagement and performance, to help us identify opportunities to develop our services further, our compliance with applicable usage terms and for overall security of Citaiton products, services and applications. The collection of this type if data may either on its own, or when combined with other data we have become personal data. It will be used primarily to identify the uniqueness of each user for security and identification of user purposes.
Cookies, beacons and similar technologies on our website and in email communications
We use session cookies which expire after the session is closed, we also use persistent cookies which remain on your computer when you close the browser or turn your computer off. We also use beacons and pixels in our email communications and on our website, this enables us to understand if our communications are useful to you or not and how you then interact with the website or our service as a result of those email communications.
The cookies we use fall into four basic categories, they are:
|Type of Cookie||Description|
|Strictly necessary cookies||These cookies are necessary for the website to function and cannot be switched off. They are usually only set in response to actions made by you which amount to a request in service, such as setting privacy preferences, logging, or completing a form. You can set your browser to block or alert you about these cookies, but some parts of the site may not work.|
|Functional cookies||These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose service we may have added to these pages. If you do not allow these cookies, then some or all of these services may be function properly.|
|Performance cookies||These cookies allow us to count visits and traffic sources so we can measure and improve our site. This helps us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies, we will not know you have visited our site, and will not be able to monitor its performance.|
|Targeting cookies||Targeting cookies may be set through our site by advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information but are based on unique identifiers in your browser and devise. If you do not allow these cookies, you will experience less targeted advertising.|
We collect and process personal data for the following purposes and with the following legal bases engaged:
We may share your personal data in the following circumstances:
We retain your data for as long as necessary to fulfil the purpose for its collection and processing. In some instances, this may be a sort period of time, for instance, as an unsuccessful job applicant we may retain your records for only 6 months once the process has concluded. In other instances, and especially where there is a legal obligation to retain your information for a certain period of time, we will do so in order to comply with the legal requirement; this is typically 6 years.
Once your data is no longer required it shall be deleted or if it is technically not possible to delete, we shall ensure sufficient controls are in place to put it beyond future use.
Our data is typically hosted In the UK and other parts of the EEA, there are however some of our contracted technical service providers that process from the US. Where these transfers and any other transfer than may occur in the future are concerned, we ensure that there is a legal bases for the transfer and a lawful transfer mechanism in place prior to any transfers in place.
Any such transfers currently done are done using either a transfer to a country with an adequacy ruling, using the EU-US Privacy shield or European Commission Standard Contractual Terms.
Under data protection legislation, you have rights as an individual which you can exercise in relation to the information, we hold about you.
These rights include:
We take every reasonable and commercially viable precaution to protect personal and commercial data. These are organisational, technical, and physical measures to protect against unlawful or accidental access, disclosure, loss or alteration.
Whilst we taken a robust stance to security no method of storage and transmission is 100% secure and, in some instances, out of our control. For that reason, you are entirely responsible for password security, controlling access to your devices, access to your environment in our SaaS products and signing out and closing down web sessions once completed.
Citation tries to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading, or inappropriate. We would also welcome any suggestions for improving our procedures.
This privacy notice was drafted with brevity and clarity in mind. It may not provide exhaustive detail of all aspects of Citation’s collection and use of personal information. However, we are happy to provide any additional information or explanation needed. Any requests for this should be sent to the address below
Group Data Protection Officer
We keep our privacy notice under regular review and would encourage you to do also. This privacy notice was last updated on 9th July 2020
GET A FREE CONSULTATION
Get in touch to organise a free audit of your business.