This notice gives you information about who Citation are, our approach to data protection and provides you with information about how we manage your personal data and the importance data protection plays in how we operate as a company.
Our data protection approach is supported from the top of the business and is a core competence of how we operate, it is a fundamental which we continually strive to improve on. You can read more about our approach here.
For the purposes of this notice Citation is the data controller unless it has been specifically noted otherwise.
This notice relates to the collection and processing of personal data for Citation, it does not cover processing we do in relation to the service we provide to our clients, in that regard Citation are the data processor acting on the instruction of our clients. To that end, as a data processor we offer broadly the following services: (1) a SaaS platform to enable the management of HR and Health and Safety for clients, (2) On-site HR and Health and Safety support, (3) Fire and Electrical risk assessments and follow up services. There are also elements of these services where we also operate as a data controller.
This notice applies to the processing of personal data collected by us when you:
Where we use social media or where you click a social media icon on our website, be aware that these companies are independent to Citation, they manage their own affairs and they will be a data controller in their own right. If you have any questions pertaining to how they process your personal data, you should review their privacy notices which will be available on their websites.
Finally, our websites may contain links to other websites for your ease and convenience, we are not responsible for them, how they operate or their security provision.
We collect personal data directly from you when:
We will also gain personal information from other sources, this includes third parties we purchase data from to help us identify and grow our business which could include a greater degree of personalisation. Additionally, we may combine these records with other publicly available information to ensure that our records are accurate and up to date.
We also obtain information from other companies within the Citation Group in order to provide a greater level of service and service offering or to better understand clients and industries we operate in or where synergies apply to our business and to yours. We also obtain information from services to help us comply with data protection laws.
Typically, the personal information we get from third parties includes name, phone number, email address, company name, job title, contact preferences.
Data from your device, usage of our website and applications
When you access our website or use our SaaS products we use tools such as cookies, beacons and similar technologies to automatically collect information which may contain personal data from your device and usage of our site and services. The nature of what these tools collect differ between website and SaaS product but still fall into similar categories.
This information may include IP address, application or system identification number, browser you are using, pages you have searched, files you have looked at and actions you have taken. There is also the time and date that these actions were taken or association with your browsing. We use this information to help us improve our service or your experience, to improve how you and others view the site or locations within our applications, to improve functionality, engagement and performance, to help us identify opportunities to develop our services further, our compliance with applicable usage terms and for overall security of Citation products, services and applications. The collection of this type if data may either on its own, or when combined with other data we have become personal data. It will be used primarily to identify the uniqueness of each user for security and identification of user purposes.
Cookies, beacons and similar technologies on our website and in email communications
Our use of cookies, beacons and similar technologies is to better understand how you interact with our website and email communications.
We use cookies on our websites for a variety of reasons including remembering your settings, load balancing, marketing and analytics. These will be either our cookies or third-party cookies, all of which can be configured by you using the cookie preference centre to configure the settings you are most comfortable with.
We use session cookies which expire after the session is closed, we also use persistent cookies which remain on your computer when you close the browser or turn your computer off. We also use beacons and pixels in our email communications and on our website, this enables us to understand if our communications are useful to you or not and how you then interact with the website or our service as a result of those email communications.
Where we use 3rd party cookies such as Google Analytics or third parties we use for advertising purposes we are joint controllers with them, if you do not wish for Google to have your IP address and understand your browsing actions please do decline cookies
The cookies we use fall into four basic categories, they are:
Type of Cookie | Description |
---|---|
Strictly necessary cookies | These cookies are necessary for the website to function and cannot be switched off. They are usually only set in response to actions made by you which amount to a request in service, such as setting privacy preferences, logging, or completing a form. You can set your browser to block or alert you about these cookies, but some parts of the site may not work. |
Functional cookies | These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose service we may have added to these pages. If you do not allow these cookies, then some or all of these services may be function properly. |
Performance cookies | These cookies allow us to count visits and traffic sources so we can measure and improve our site. This helps us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies, we will not know you have visited our site, and will not be able to monitor its performance. |
Targeting cookies | Targeting cookies may be set through our site by advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information but are based on unique identifiers in your browser and device. If you do not allow these cookies, you will experience less targeted advertising. |
In our Atlas application we also use cookies to identify users against their profiles, to attribute a users’ actions and for session authentication purposes. We also use analytics to understand how many users we have in Atlas at any given time and to see how long they interact with Atlas. We may also use a website recording service which may record mouse clicks, mouse movements and page scrolling. This is used to improve our website usability and to discover what works for users and what doesn’t. The information collected isn’t attributed to an individual user but is aggregated and used for statistical reporting. There is no personal data recorded or retained in this process, However, if you prefer, you can switch this off by following this link https://sessioncam.com/choose-not-to-be-recorded/
Social Media
Our website uses social media icons such as Facebook and Twitter logos and other social sharing widgets. By using these features you will be connecting to and sharing information from your browsing session with these organisations. If you are logged into your social media account it is also possible that they will connect your activity on our site to your social media account.
This is also the case if you access our social media pages on a social media platform. The respective social media company may add your interaction to any information they may already have about you or your interests.
In all cases, in that transfer of data the social media provider is a data controller in their own right and responsible for what they do with your personal data. If you want to find out more it is worth accessing their privacy notices.
We collect and process personal data for the following purposes and with the following legal bases engaged:
We may share your personal data in the following circumstances:
We retain your data for as long as necessary to fulfil the purpose for its collection and processing. In some instances, this may be a sort period of time, for instance, as an unsuccessful job applicant we may retain your records for only 6 months once the process has concluded. In other instances, and especially where there is a legal obligation to retain your information for a certain period of time, we will do so in order to comply with the legal requirement; this is typically 6 years.
Once your data is no longer required it shall be deleted or if it is technically not possible to delete, we shall ensure sufficient controls are in place to put it beyond future use.
Our data is typically hosted In the UK and other parts of the EEA, there are however some of our contracted technical service providers that process from the US and India. Where these transfers and any other transfer than may occur in the future are concerned, we ensure that there is a legal bases for the transfer and a lawful transfer mechanism in place prior to any transfers in place.
Any such transfers currently done are done using either a transfer to a country with an adequacy ruling, using European Commission Standard Contractual Terms.
Under data protection legislation, you have rights as an individual which you can exercise in relation to the information, we hold about you.
These rights include:
We take every reasonable and commercially viable precaution to protect personal and commercial data. These are organisational, technical, and physical measures to protect against unlawful or accidental access, disclosure, loss or alteration.
Whilst we taken a robust stance to security no method of storage and transmission is 100% secure and, in some instances, out of our control. For that reason, you are entirely responsible for password security, controlling access to your devices, access to your environment in our SaaS products and signing out and closing down web sessions once completed.
When you access our website or use our SaaS products we use tools such as cookies, beacons and similar technologies to automatically collect information which may contain personal data from your device and usage of our site and services. The nature of what these tools collect differ between website and SaaS product but still fall into similar categories.
This information may include IP address, application or system identification number, browser you are using, pages you have searched, files you have looked at and actions you have taken. There is also the time and date that these actions were taken or association with your browsing. We use this information to help us improve our service or your experience, to improve how you and others view the site or locations within our applications, to improve functionality, engagement and performance, to help us identify opportunities to develop our services further, our compliance with applicable usage terms and for overall security of Citaiton products, services and applications. The collection of this type if data may either on its own, or when combined with other data we have become personal data. It will be used primarily to identify the uniqueness of each user for security and identification of user purposes.
Where our SaaS applications are concerned, we have two other types of technologies which are not strictly functional. The first is for feedback if the user is having technical difficulties and need to provide feedback. The second to provide us with an understanding of how the site is used, how people navigate the site, which areas do and don’t get much use. This to help us ensure it is intuitive, user friendly and we deliver appropriate communications and servicers through the platform. In this regard the data is anonymised and you cannot be identified from it.
Citation tries to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading, or inappropriate. We would also welcome any suggestions for improving our procedures.
This privacy notice was drafted with brevity and clarity in mind. It may not provide exhaustive detail of all aspects of Citation’s collection and use of personal information. However, we are happy to provide any additional information or explanation needed. Any requests for this should be sent to the address below
Group Data Protection Officer
Kings Court
Water Lane
Wilmslow
SK9 5AR
Or you can email us
If you want to make a complaint about the way we have processed your personal information, you can contact the Information Commissioner’s Office in their capacity as the statutory body which oversees data protection law – www.ico.org.uk/concerns
We keep our privacy notice under regular review and would encourage you to do also. This privacy notice was last updated on 9th November 2020. Our old privacy policy can be found here.
Get more information
Our team of of HR experts are all highly qualified, so you can trus you’re always getting trustworthy advice and insights.
Plus, you’ll be covered by our advice guarantee for the duration of your contract.
From care to construction and nurseries to manufacturing, we’ve worked in all sectors, helping futureproof businesses with proactive compliance for over 25 years.
Our human resources consultants work up and down the country. Wherever you are, you’re never far from help and there’s always someone who can help.
50,000
Happy Clients Each Year
24/7
Support For Your Business
300,000+
Questions Answered