As a company with a global presence, we are subject to the varying requirements of data protection and privacy legislation in jurisdictions where we operate. Our aim is to be as consistent as possible and obey all applicable laws operating with a high standard in our approach. For example, if you are a resident of the EU, we are bound by EU local laws including the General Data Protection Regulation (“GDPR”) or if you are a resident of California, we also respect the local laws of California, The Californian Consumer Privacy Act (“CCPA”).
Categories of personal data we process or collect
We collect and process the personal data that you provide when interacting with us, either online or via email, mobile, phone or post. Such personal data may include the following:
Source and categories of personal data
The source of the above information is received from your payment card issuer (such as a bank.) The category of information is Personal data. The information is only used for business purposes to supply the Service.
What we use your personal data for, and our legal basis for doing so We must have a legal basis to process your personal data. In most cases, that will be for us to provide the contracted Service. The table below sets out the purposes for which we use your personal data and our legal basis for doing so:
|What we use your information for||Our legal basis for doing so|
|Provide you with access to our website and or our mobile app.||To provide the contracted Service.|
|Provide you with information you have requested, including without limitation, quotations, Service documentation, brochures, and responses to applications.||Where we have your consent.|
|Respond to any enquiries from you regarding our products and Services.||To provide the contracted Service.|
|Where you have agreed, provide you with information about certain other goods and services which we believe may be of interest to you.||Where we have your consent.|
|Meet our legal and regulatory obligations, for example, to investigate and prevent fraudulent activities.||To comply with our legal obligations.|
Personal data sharing and transferring
We will not share your personal data with anyone else unless you agree to this, or such sharing is necessary to fulfil our contract with you, or we are legally allowed or required to do so. Moreover, your personal data will only be shared with selected organisations which comply with our security procedures and policies. Organisations we may share your personal data with include:
Some of those organisations may be based in a country outside the European Economic Area or where different data privacy laws apply. We will only transfer your personal data to that country if they ensure an adequate level of protection of your rights and freedoms, or you have given us your consent, or that organisation is contractually bound to meet European Economic Area data protection law.
We will not sell your personal data to anyone.
Personal data protection and storage
Personal data collected and processed in accordance with this Privacy notice is stored on secure servers currently located in the European Economic Area.
We handle your personal data in accordance with adequate and reasonable procedures and technologies in order to maintain and protect its security, availability, confidentiality and integrity, and prevent its unlawful or unauthorised processing, accidental loss or damage, from its collection until its destruction.
Where personal data is transmitted across the internet, it will be encrypted.
Where we have given you (or where you have chosen) a password which enables you to access certain parts of your personal data, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Where personal data is transmitted across the internet, it will be encrypted.
Where we have given you (or where you have chosen) a password which enables you to access certain parts of your personal data, you are responsible for keeping this password confidential. We require you not to share a password with anyone.
Personal data disposal and retention
We will only keep your personal data for as long as it is needed for the purposes for which it was collected and we will remove from our systems all personal data which is no longer required.
We will only retain your personal data for only as long as it is necessary and for a specified and limited purpose, where we are required to do so and in line with our retention policies, in order to meet a regulatory or legal obligation.
Cookies and Do Not Track Disclosure (“DNT”)
Currently, various browsers (including internet explorer, Firefox and Safari) offer a DNT option that relies on a technology known as a DNT header, that sends a signal to a website visited by the browser user about the user’s DNT preference. You can usually access your browser’s DNT option in your browser preferences.
A “Do Not Track” standard is not available today therefore our website does not currently respond to DNT signals from browsers.
You can block or opt-out of non-essential cookies either using our cookie management tool or using your browser.
If you would like to access, review, update, rectify, and delete any personal data we hold about you, or exercise any other data subject right you can email us at Data.Protection@Collinsongroup.com Our privacy team will review your request and respond to you as quickly as possible.
Please note that we may still use any aggregated and de-identified personal data that does not identify any individual. We may also retain and use your information as necessary, for example, to comply with our legal obligations, resolve disputes, and enforce our agreements.
We respect all applicable local laws for data subject rights. For example, under the CCPA, California residents have certain rights regarding the personal data that businesses have about them. This includes the rights to request access or deletion of your personal data, as well as the right to direct a business to stop selling your personal data. We also offer data subject rights as defined under the GDPR as an additional arrangement.
|The right to object to the processing||You have the right to object to the processing of your personal data in certain situations.|
|The right to information||You have the right to be informed whether and to what extent we process your data.|
|The right of access||Subject to certain exceptions you have the right to obtain a confirmation as to whether or not we process your personal data, and if we do, request access to your data.|
|The right to rectification||If the personal data that we process is incomplete or incorrect, you have the right to request their completion or correction at any time.|
|The right to deletion||Subject to certain exceptions, if you consider that we should stop processing some or all of your personal data, you have the right to request its deletion. However, there may well be reasons why an immediate deletion may not be possible (for example, where retention is required to meet legal or regulatory obligations).|
|The right to restrict the processing||You have the right to request that we restrict the processing of your personal data in certain situations:>/br>
|The right to data portability||Where the processing takes place on the basis of your consent or contract, and is carried out by automated means, you have the right to request that we provide your personal data to you in a machine-readable format.|
|Your rights in relation to automated decision making and profiling||You have the right to object to decisions based exclusively on the automated processing of your personal data.|
|The right to withdraw your consent||If your personal data is processed on basis of your consent, you have the right to withdraw your consent at any time. The withdrawal of your consent does not affect the lawfulness of processing based on consent before its withdrawal.|
|If you wish to exercise your rights, you can get in touch with us by contacting the Data Protection Office from the information on the “Contact Information” section of this Privacy Notice.
Once we receive your request, members of our Data Protection Team will endeavour to get back to as soon as possible to confirm receipt. Where we use Service providers to hold your personal data, a process exists to process the data subject right request also.
Our website may contain links to other sites
We may have links to other sites promoting our partners and clients. These links may take you to other companies who have their own privacy notice and our privacy notice will not cover their use of data. They may collect additional information therefore we encourage you to look at these linked site privacy notice.
We may choose to buy or sell assets and may share or transfer customer information in connection with the evaluation of these transactions. Also, if we, or our assets, are acquired, or if we go out of business, enter bankruptcy, or go through some other change of control, personal data could be one of the assets transferred to or acquired by a third party.
We use appropriate technical, organisational and administrative security measures to protect any information we hold in our records from loss, misuse, and unauthorised access, disclosure, alteration and destruction. We have written procedures and policies which are regularly audited, and the audits are reviewed at senior level.
To exercise any of your rights, or if you have any questions about our Privacy Notice, or if you wish to make a complaint about the use of your personal data, or want to report a security issue, please contact our Data Protection Officer via Data.Protection@Collinsongroup.com
For the purposes of data protection legislation, COLLINSON INTERNATIONAL LIMITED is a company registered in England and Wales with company number 2728518 and offices in Cutlers Exchange, 123 Houndsditch, London, EC3A 7BU, United Kingdom.
If you are unsatisfied with our response, you can contact the Information Commissioner’s Office (ICO). Further information can be found at https://ico.org.uk/.
Information pertaining to children
We do not knowingly collect or solicit personal data from anyone under the age of 18. If you are under 18, please do not attempt to register for our Services or send any personal data about yourself to us. If we learn that we have collected personal data from a child under age 18, we will delete that information as quickly as possible. If you believe that a child under 18 may have provided us personal data, please contact us a soon as possible.
Automated decision making or profiling
We do not engage in profiling or any processing related to automated decision-making activity.
Changes to our Privacy Notice
We keep our Privacy Notice under regular review, and we will make new versions available on our privacy notice page on our website. This Privacy Notice was last updated on 25 April 2020.