Criticalis Ltd understands that your privacy is important to you and that you care about how your personal data is used. We respect and value the privacy of all our customers and will only collect and use personal data in ways that are described here, and in a way that is consistent with our obligations and your rights under the law.
The Controller of personal data when you visit our website or communicate with us is: Criticalis Ltd registered in England under company number 09846789. Registered address: Chandos House, School Lane, Buckingham, United Kingdom, MK18 1HD.
What is Personal Data?
Personal data is defined by the General Data Protection Regulation (EU Regulation 2016/679) (the “GDPR”) as ‘any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier’.
What Are My Rights?
Under the GDPR, you have the following rights, which we will always work to uphold:
- The right to be informed about our collection and use of your personal data.
- The right to access the personal data we hold about you.
- The right to have your personal data rectified if any of your personal data held by us is inaccurate or incomplete.
- The right to be forgotten, i.e. the right to ask us to delete or otherwise dispose of any of your personal data that we have.
- The right to restrict (i.e. prevent) the processing of your personal data.
- The right to object to us using your personal data for a particular purpose or purposes.
- The right to data portability. This means that, if you have provided personal data to us, we are using it with your consent or for the performance of a contract, and that data is processed using automated means, you can ask us for a copy of that personal data to re-use with another service or business in many cases.
If you have any cause for complaint about our use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office.
What personal data do we collect?
We may collect some or all of the following personal data (this may vary according to your relationship with us):
Name, job title, business name & address, email address, telephone number,
Payment information;
Products or services that you have procured through us;
Information about your preferences and interests;
Analytics
We make use of analytics services to evaluate and improve our website’s performance, and to make sure it is working properly for our users. Our privacy-focused analytics solution does not store cookies on your device and is fully compliant with GDPR.
Cookies
Only logged in users (administrators) should have cookies stored on their device, therefore we do not have a separate cookie policy.
How do we use personal data?
Under the GDPR, we must always have a lawful basis for using personal data. This may be because the data is necessary for our performance of a contract with you, because you have consented to our use of your personal data, or because it is in our legitimate business interests to use it. Your personal data may be used for one of the following purposes: Providing our products and services, billing, marketing, communication and improving our services.
When you contact Criticalis we will store your communication in order to keep a history of your account and to allow us to improve our customer support services.
How is personal data shared?
We use third-party organisations and hosting partners to provide the necessary infrastructure and related technology required to run our services, plus supply vendor products to our clients. If any of your personal data is required by a third party, as described above, we will take steps to ensure that your personal data is handled safely, securely, and in accordance with your rights, our obligations, and the third party’s obligations under the law.
In some limited circumstances, we may be legally required to share certain personal data, which might include yours, if we are involved in legal proceedings or complying with legal obligations, a court order, or the instructions of a government authority.
Transfer of data
We may store or transfer some or all of your personal data in countries that are not part of the European Economic Area (the “EEA” consists of all EU member states, plus Norway, Iceland, and Liechtenstein). These are known as “third countries” and may not have data protection laws that are as strong as those in the UK and/or the EEA. This means that we will take additional steps in order to ensure that your personal data is treated just as safely and securely as it would be within the UK and under the GDPR as follows.
We will only transfer your personal data to countries that the European Commission has deemed to provide an adequate level of personal data protection. More information is available from the European Commission
We use specific contracts with external third parties that are approved by the European Commission for the transfer of personal data to third countries. These contracts ensure the same levels of personal data protection that would apply under the GDPR. More information is available from the European Commission
Where we transfer your data to a third party based in the US, this may be protected if they are part of the EU-US Privacy Shield. This requires that third party to provide data protection to standards similar levels of data protection to those in Europe. More information is available from the European Commission
How do I contact you / access my personal data?
To contact us about anything to do with your personal data and data protection, including to make a subject access request, please use the following details; subject “GDPR Information”: Email address: [email protected]
How long do we keep personal data?
We retain personal information we collect from you where we have an ongoing legitimate business requirement to do so (for example, to provide you with a service you have requested or to comply with applicable legal, tax, or accounting requirements).
When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it, or if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible. Backups of deleted data are stored for a maximum of 1 year.
Links to other websites
www.criticalis.net may contain links to other websites. This privacy policy only applies to www.criticalis.net and doesn’t cover other companies that we link to. These companies will have their own terms and conditions and privacy policies
Changes to this Privacy Notice
We may change this Privacy Notice from time to time. This may be necessary, for example, if the law changes, or if we change our business in a way that affects personal data protection. Any changes will be posted on this page.