It applies to Information collected by us or provided by you through our Website or in any other way (such as by email, over the telephone, by post or in meeting discussions). It is also intended to assist you in making informed decisions when using our Website and services. Please take a minute to read and understand the policy.
All your personal Information shall be held and used in accordance with the EU General Data Protection Regulation 2016/679 (“GDPR”) and national laws implementing GDPR and any legislation that replaces it in whole or in part and any other legislation relating to the protection of personal data. If you wish to know what information we collect and hold about you, or to exercise any of your rights as set out in Section 10 below, please write to us at the address on our contact page or via e-mail at firstname.lastname@example.org:
- a) Necessary for compliance with a legal obligation – we are subject to certain legal requirements which may require us to process your Information. We may also be obliged by law to disclose your Information to a regulatory body or law enforcement agency;
- b) Necessary for the purposes of legitimate interests – either we, or a third party, will need to process your Information for the purposes of our (or a third party’s) legitimate interests, provided we have established that those interests are not overridden by your rights and freedoms, including your right to have your Information protected. Our legitimate interests include responding to requests and enquiries from you or a third party, the delivery/implementation of our services, optimising our website and customer experience, informing you about our services and ensuring that our operations are conducted in an appropriate, fair and efficient manner;
- c) Consent – in some circumstances, we may ask for your consent to process your Information in a particular way.
2.2 We have a policy of limited usage or retention of paper-based materials. Most dates worked with are stored in electronic format, with the exception of hardcopy customer contracts, invoicing and company admin records (e.g. staff contracts, CV’s etc.).
2.3 We classify the data we hold under the following categories:
- a) Existing Paying CMLS Customers:
For paying customers of CMLS we may store any business/company or employee data submitted to us for use in the fulfilment or billing of our services. Data would typically be limited to contact full names, company name, email address(es), phone number(s), mobile number(s), materials, including but not limited to any communication emails, website/server login details, strategic business information, notes on phone calls or meetings, or contact details provided of other individuals involved in the quotation purposes.
CMLS may provide a range of logistics services, which allow a customer to provide a website, store database information, and host their email accounts on shared servers (Servers that share resources with other customers). The responsibility for securing the data is therefore shared between CMLS and the customer as detailed in Section 9.
Some CMLS customers may store personal information from their customers or website users on our web or server space. This customer data is processed by CMLS in a hosting only capacity or per the instructions of our customer. We accept no responsibility for our customers’ use of this data, how they request that we handle this data, nor do we monitor their usage of this data apart from a server resource capacity/performance point of view. The types of data customers collect varies greatly (including ……. ). We encourage customers who have specific questions or requests relating to GDPR compliance to contact us at email@example.com.
- b) Past CMLS Customers:
Following then end of a customer relationship, we may retain certain customer detail for a period of 6 years to ensure compliance with tax requirements. Customer website data will be fully deleted from our servers within 90 days of the customer leaving (or earlier if requested).
- c) Non-CMLS Customers Seeking Quotations: Where owners or employees of businesses seek quotes for our services, we request and securely store the person’s full name, company name, email address(es), phone number(s), mobile number(s), and details of the service request. For quotation purposes, we may also securely store materials, including but not limited to any subsequent communication emails, strategic business information, notes on phone calls or meetings, or contact details provided of other individuals involved in the quotation purposes.
- d) Subscribers to CMLS’s Email Newsletter:
Our email newsletter subscription asks for your first name, last name and email address. Typically our newsletters will only use your email address, but may be personalised with your name.
- a) by visiting CMLS.ie’s contact form you may provide us with personal information such as name, company name, email address, phone/ mobile phone number and possible additional information if you choose to do so in the comments box.
- b) by corresponding with us by email, in which case we may retain the content of your email messages together with your email address and our responses;
- c) in phone calls or meetings with CMLS staff where related notes may be securely stored;
- d) through our mailing list opt-in where we request your name and email address.
- a) answering or dealing with the purpose of the query, or implementation/quotation for the service(s) requested and any follow-on service or product dealings in the event of a customer.
- b) emails and postal communication related to billing of our services;
- c) direct marketing to keep you up to date about important changes to our business; product or service interruptions/outages/updates, product upgrades, or useful product, service, case study, or digital marketing information, research, tips or advice which may help our customers businesses. These communications may also include details of our services, advise you of news and industry, product or company updates, events, promotions or competitions. Before we do so, you will be given an option to opt-out of such communications and an option to unsubscribe will also be provided with each communication;
- d) to apply profiling technology which analyses our customers’ engagement with our direct marketing communications, activity and interests so that we can send you content that is relevant to you;
- e) to provide further services to you by sharing your Information trusted GDPR compliant third parties who we use in the provision of our services.
- f) to release Information to regulatory or law enforcement agencies if we are required or permitted to do so.
- a) Employees: We may disclose your personal data to our employees on a need to know basis. Our employees sign confidentiality agreements on commencement of employment.
- b) Trusted third party partners: In order to provide certain services, we may share your information with reputable and trusted third party business partners, suppliers and sub-contractors such as IT, hosting, backup, CRM, business productivity, security, billing, phone, network, email logistics providers or data centre infrastructure companies (e.g. Sungard Availability Services, Gmail). For security reasons, we will not publish a full list here to minimise targeting of data within these businesses. We can supply a list of such partners upon request. We will not share your data with any third party if it is not a necessity in providing services to you or where the third party does not clearly state their own GDPR compliance policies either publically or within a direct contract with CMLS.
- c) Regulatory and law enforcement agencies: As noted above, if we receive a request from a regulatory body or law enforcement agency, and if permitted under GDPR and other laws, we may disclose certain personal information to such bodies or agencies.
- d) New business owners: If we or our business merges with or is acquired by another business or company, we will share your personal information with the new owners of the business or company and their advisors. If this happens, you will be sent notice of such event and you will be afforded an opportunity to opt-out.
- e) Aggregated and De-Identified Information: We may share information that has been aggregated or reasonably de-identified so that the information could not reasonably be used to identify you. For instance, we may publish aggregate statistics about the use of our services.
Where personal data is transferred outside of the EEA, your rights as a data subject are protected by data transfer mechanisms such as Standard Contractual Clauses and EU/US Privacy Shield and we have only chosen suppliers who have stated their GDPR compliance.
Customer requests sent to CMLS will only be acted upon if the request is from an authorised customer contact listed in our CRM. For security reasons, customer requests must be submitted to firstname.lastname@example.org from an authorised email address. Requests will not be acted upon over the phone.
- a) Right of Access. You have the right at any time to ask us for a copy of the Information about you that we hold, and to confirm the nature of the Information and how it is used. Where we have good reason, and if the GDPR permits, we can refuse your request for a copy of your Information, or certain elements of the request. If we refuse your request or any element of it, we will provide you with our reasons for doing so.
- b) Right of Correction or Completion. If Information we hold about you is not accurate, or is out of date or incomplete, and requires amendment or correction you have a right to have the data rectified, updated or completed. You can let us know by contacting us at the address or email address set out above.
- c) Right of Erasure. In certain circumstances, you have the right to request that Information we hold about you is erased e.g. if the Information is no longer necessary for the purposes for which it was collected or processed or our processing of the Information is based on your consent and there are no other legal grounds on which we may process the Information.
- d) Right to Object to or Restrict Processing. In certain circumstances, you have the right to object to our processing of your Information by contacting us at the address or email address set out above. For example, if we are processing your Information on the basis of our legitimate interests and there are no compelling legitimate grounds for our processing which override your rights and interests. You also have the right to object to use of your Information for direct marketing purposes.
You may also have the right to restrict our use of your Information, such as in circumstances where you have challenged the accuracy of the Information and during the period where we are verifying its accuracy.
- e) Right of Data Portability. In certain instances, you have a right to receive any Information that we hold about you in a structured, commonly used and machine-readable format. You can ask us to transmit that Information to you or directly to a third party organisation.
This right exists in respect of Information that:
- you have provided to us previously; and
- is processed by us using automated means.
10.3 We must provide the data request for free unless the request is manifestly unfounded, excessive or repetitive. In these cases, we charge a reasonable fee not exceeding € 6.35 for handling your request. In certain cases, we may refuse your request and will advise you at the time if this is the case. We will respond to your query as quickly as possible and within 30 days of receipt of your request.
10.4 Most of the above rights are subject to limitations and exceptions. We will provide reasons if we are unable to comply with any request for the exercise of your rights.
12.2 Information gathered through cookies and web server logs may include the date and time of visits, the pages viewed, time spent at our Website, and the websites visited just before and just after our Website.
12.3 Cookies, in conjunction with our web server’s log files, allow us to calculate the aggregate number of people visiting our Website and which parts of the website are most popular. This helps us gather feedback so that we can improve our Website and better serve our customers. Cookies do not allow us to gather any Personal Information about you and we do not generally store any Personal Information that you provided to us in your cookies.
12.4 We use ‘session’ cookies which enable you to carry information across pages of the Website and avoid having to re-enter information. Session cookies enable us to compile statistics that help us to understand how the Website is being used and to improve its structure.
12.5 We also use ‘persistent’ cookies which remain in the cookies file of your browser for longer and help us to recognise you as a unique visitor to the Website, tailoring the content of certain areas of the Website to offer you content that matches your preferred interests.
Customers can update stored recorded billing contact or payment details by contacting us at email@example.com.