Centigo (Centigo UK Limited, CRN: 11307917 with registered office 24 Old Queen Street, London, United Kingdom, SW1H 9HP) (“Company” “we” or “us”) cares about your privacy and personal information. We want to make you feel safe with our processing of your information.
This Privacy Policy (“Policy”) provides important information about how we handle personal information. It also describes your rights and how you may contact us. This Policy applies to personal information which we process in the course of doing business including information processed through the Company’s website and the services we provide (collectively, our “Services”).
Please read this Policy carefully and contact us if you have any questions about our privacy practices or your personal information choices. It is important that you check back often for updates to this Policy.
Purpose, legal basis and duration of the processing
We may process personal information about you in different ways depending on our relationship with you.
1. You are our client
We will collect and store personal information including the name and contact details of our clients, so that we can provide our Services in accordance with our contract with you. The type of data we hold will depend on the type of contract or your interaction with us. On all forms on our website there is an option which enables you to choose how we contact you in relation to marketing communications.
We will retain your personal information and any information relating to the contract between us for as long as we deem it necessary to fulfil our obligation to you, including the review of our performance if any complaints or issues arise after completion of our contract with you.
Client activity is traced and any inactive clients who no longer interact with our Services and/or website will be reviewed every 12 – 24 months, at which stage your details will be removed from our marketing lists.
We may use your information for analysis, where it is in our legitimate interests, to improve or develop our Services.
We may from time to time send you information which we think might be of interest to you. This contact may be made by telephone, e-mail, or text. We will contact you in this way where it is in our legitimate interests to market our Services to you or where you have consented to being contacted in this way. Where you have consented to being included in a marketing campaign, we may send, your consent can be withdrawn at any time.
2. You are a supplier
We will collect and store personal information including contact details of our suppliers so that we can receive your goods or services in accordance with our contract with you. We will retain information relating to the contract between us for as long as we deem it necessary so that we can review your performance if any issues arise after completion of the contract.
We may also contact you about new business opportunities for us to work together with you and to keep you informed of our activities. This contact may be made by telephone, e-mail, or text. We will do this where it is in our legitimate interests to develop our business and we will only do this if we believe that you would reasonably expect us to contact you in this way and that such processing does not have an impact on you in a way that would make this processing unfair. We will not send
you general marketing information as part of a group e-mailing campaign unless you have consented to be contacted in this way.
3. You are a third party with whom we are in contact during the delivery of services to our clients or the possible delivery of services to prospective clients
We will collect and store personal information including contact details of third parties with whom we are in contact during the delivery of Services to our clients or discussions relating to Services to prospective clients. We process that information because it is in our legitimate interests to do so for us to be able to perform our contracts for our clients or pursuing business development opportunities with prospective clients. We believe that you would reasonably expect us to process your personal information in this way and that such processing does not impact on you in a way that would make this processing unfair.
Where your personal information is kept as part of a file relating to the performance of a contract with one of our clients, we will also retain that information and any information relating to that contract for as long as we retain the client file.
Where your information is stored in our cloud-based storage or internal systems, we will endeavour to review this at 12 to 24 months intervals and consider whether or not we still have a legitimate interest to keep your contact information. Where we consider that we no longer have a legitimate interest to keep your contact information we will delete it.
We may also contact you about new business opportunities for us to work together with you and to keep you informed of our activities. We will do this where it is in our legitimate interest to develop our business and we will only do this if we believe that you would reasonably expect us to contact you in this way and that such processing does not have an impact on you in a way that would make this processing unfair.
We will not send you general marketing information as part of a group mailing, e-mailing or telephone campaign unless you have consented to be contacted in this way.
4. You are a prospective client or a prospective supplier.
We will collect and store personal information including contact details of people with whom we might do business as a supplier or a client. We may collect this information from you, when youcontact us (including through our website and through Hubspot).
We may contact you about new business opportunities for us to work together with you and to keep you informed of our activities. We do this where we have a legitimate interest to direct market to you and develop our business. We will only contact you in this way if we believe that you would reasonably expect us to process your personal information in this way and that such processing does not impact on you in a way that would make this processing unfair.
Where your information is stored in our cloud-based storage or internal systems, we will endeavour to review this at 12-24 months intervals and consider whether we still have a legitimate interest to keep your contact information. Where we consider that we no longer have a legitimate interest to keep your contact information we will delete it.
We will not send you general marketing information as part of a group mailing, e-mailing or telephone campaign unless you have consented to be contacted in this way.
5. You are an employee or a relative of an employee
Employees should refer to the Employee Privacy Policy for further information about our privacy policy in respect of employees.
Where an employee has provided us with personal information about a spouse, civil partner or other family member/friend), it is the employee’s responsibility to inform that person that the employee has provided us with their details and that we will be processing it as an emergency contact or in connection with the relevant benefit and/or policy in accordance with this privacy policy.
6. You are a prospective employee
If we have received your details in response to a recruitment initiative, we will store the personal information that has been provided to us either by you, your LinkedIn profile or other third party. We process that information because it is in our legitimate interests to do so in order for us to be able to make an informed decision about whether to interview you and, ultimately, recruit you. We believe that you would reasonably expect us to process your personal information in this way and
that such processing does not have an impact on you in a way that would make this processing unfair.
Where your personal information is kept as part of a file relating to prospective employees of the Company, we will retain that information and any information relating to that matter. This is so that we can review the file if any complaints or issues arise after the recruitment process. The length of time that we keep prospective employee files is usually 6 months after conclusion of the relevant recruitment process.
We use a recruitment tool called Workable which involves automatic decision making and profiling.
7. We have received your information from a third party
If we have received your personal information from a third party, for example your employer or service provider, that third party will normally be the controller in relation to that personal information and we will be processing it on their behalf. You should therefore contact that third party to review their privacy policy.
Where we have received your personal information from a client, we will be holding this information because it is in our legitimate interests to hold that information on behalf of the client for the purpose of our obligation to them.
We use the following tools which may process your personal data and/or provide information to us:
Hojtar | This is a script which tracks visitors to our website. |
Google Analytics | This is a script which tracks visitors to our website. |
Youtube | We use this to track what videos are played from our site |
Herocu | This is basic tracking of our customers. This can include the logging of IP addresses for those who visit our website. However, this is only used to detect technical problems. |
Contenful/Nuxt Code | Please see our separate cookies notice. |
HubSpot Tracker | Please see our separate cookies notice. |
MyEPayWindow |
This is a payroll service which does not contain any personal data. |
Where you provide us with personal information about another person
If you give us personal information about another person, you must ensure that:
(a) you are legally entitled to give us that information;
(b) the disclosure is in accordance with any applicable data protection or privacy laws; and
(c) such other person has also read this privacy policy.
Personal information we hold
We will store contact information, identity of clients and the contents of any correspondence between us. We may also record or take notes during telephone calls and meetings and retain any email communications.
For prospective employees and candidates, we will also hold information regarding your student status, including what university you attended and your graduation/future graduation details, your previous employment history and work experience, your pictures, CV and LinkedIn profile.
Information which we receive from our clients may contain a variety personal information. Any information stored by or on behalf of our clients is controlled and managed by us and only made accessible to Company staff, the relevant employees managing and running the tools we use (as listed above) or others our clients may authorise from time to time.
When we share personal information
The Company shares or discloses personal information when necessary to provide Services or conduct our business operations as described below. When we share personal information, we do so in accordance with data privacy and security requirements. Below are the parties with whom we may share personal information and why.
Within the Centigo Group: Centigo is made up of different legal entities (the “Centigo Group”), details of which can be found in a footer here: www.centigo.co.uk. Our business is supported by a variety of people who are part of the Centigo Group’s teams and functions, and personal information will be made available to them, if necessary, for the provision of Services, account administration, sales and marketing, customer and technical support, and business development (non-exhaustive list). All our employees are required to follow our data privacy and security policies when handling personal information.
Our business partners: We occasionally partner with other organisations to deliver Services, provide content, or to host events. The Company will handle personal information in accordance with this Policy, and we encourage you to review the privacy policies of our partners to learn more about how they collect, use, and share personal information.
Our third-party service providers: We partner with and are supported by service providers around the UK and the European Economic Area (“EEA”). Personal information will be made available to these parties only when necessary to fulfil the services they provide to us, including (without limitation) software, system and platform support; direct marketing services; recruitment services, cloud hosting services; advertising; data analytics; accountancy; insurance; and order fulfilment and delivery. Our third-party service providers are not permitted to share or use personal information we make available to them for any other purpose than to provide services to us. Our third-party service providers include Hubspot, which is used for customer relationship management and Workable which is used for recruitment.
Third parties for legal reasons: We will share personal information when we believe it is required, such as:
(a) to comply with legal obligations and respond to requests from government agencies, including law enforcement and other public authorities,
(b) in the event of a merger, sale, restructure, acquisition, joint venture, assignment, transfer, or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceedings),
(c) to protect our rights, users, systems, and Services.
Where we store and process personal information
We take steps to ensure that the information we collect is processed according to this Policy and the requirements of applicable law wherever the data is located.
We store information in electronic format using cloud-based servers within the UK and EEA. We collaborate with third parties, such as cloud-based services, to serve the needs of our business. We take appropriate steps to ensure that personal information is processed, secured, and transferred according to applicable law. In some cases, we may need to disclose or transfer your personal information within the Company or to third parties in areas outside of your home country, but we
will not transfer your data outside of the UK and EEA unless we have your prior written consent or appropriate safeguards have been put in place in accordance with applicable data protection legislation.
Hotjar | This is a script which tracks visitors to our website. |
Google Analytics | This is a script which tracks visitors to our website. |
Youtube | We use this to track what videos are played from our site. |
Heroku | This is basic tracking of our customers. This can include the logging of IP addresses for those who visit our website. However, this is only used to detect technical problems. |
Contenful/Nuxt Code | Please see our separate cookies notice. |
HubSpot tracker | Please see our separate cookies notice. |
MyEPayWindow | This is a payroll service which does not contain any personal data. |
How we secure personal information
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
How long we keep personal information
We will only retain your personal data for as long as is deemed necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Your legal rights
We respect your right to access and control your information and we will respond to requests for information and, where applicable, will correct, amend, or delete your personal information. You have the right to:
Access to personal information: You have the right to request access to your personal data (known as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it. If you request access to your personal information, we will gladly comply, subject to any relevant legal requirements and exemptions.
Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your
personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see above), where we may have processed
your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:
(a) if you want us to establish the accuracy of the data;
(b) where our use of the data is unlawful, but you do not want us to erase it;
(c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or
(d) you have objected to our use of your data, but we need to verify whether we have overriding legitimate grounds to use it.
Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party chosen by you, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Correction of your data: You have the right to request that we correct your personal information if it is inaccurate or requires updating or complete your personal information if the information which we hold is incomplete.
Withdrawal of consent: If we are processing your personal information on the basis that you have given your consent to us processing that personal information, you have a right to withdraw your consent at any time by using the “Contact Us” option on our website or let us know in writing, by email or by telephone.
Marketing preferences: To opt out of email marketing you can contact us to let us know via the “Contact Us” page on our website.
Filing a complaint: If you are not satisfied with how the Company manages your personal data, you have the right to make a complaint to the Information Commissioner’s Office.
If you fail to provide personal data
Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with our Services). In this case, we may have to cancel your engagement with us, but we will notify you if this is the case at the time.
Change of purpose
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please let us know by using the “Contact Us” page on our website.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
Third-party links
This website has links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
How to contact us
You can contact us in relation to any aspect of this Privacy Policy by using the “Contact Us” page on our website and completing the appropriate form.
Alternatively, you can write to us at Centigo UK Limited, 24 Old Queen Street, London, SW1H 9HP.