Data Processing

RECORD OF PROCESSING ACTIVITIES

INTRODUCTION

Cirtec Group Ltd (UK company number 14949623) recognise that Article 30 of the retained EU law version of the General Data Protection Regulation ((EU) 2016/679) (also known as “UK GDPR”) imposes an obligation to maintain a record of processing activities.

This record of processing activities sets out Cirtec’s data processing activities as a data controller and as a data processor.

This record is confidential but Cirtec Group Ltd will provide it to the Information Commissioner’s Office (the ICO, being the UK data protection regulator) on request. Cirtec Group Ltd may also provide a copy of this record to EU data protection regulators (known as ‘supervisory authorities’) on request. For the avoidance of doubt, this record does not need to be disclosed to a data subject following a data subject access request (also known as a ‘DSAR’).

CONTENTS

____________________________________________________________ 1. CONTROLLER DETAILS ………………………………………………………………………………………………………………. 1 2. CATEGORIES OF DATA SUBJECTS ………………………………………………………………………………………………. 1 3. CATEGORIES OF PERSONAL DATA ……………………………………………………………………………………………… 1 4. PURPOSES OF PROCESSING ……………………………………………………………………………………………………… 2 5. CATEGORIES OF RECIPIENTS OF PERSONAL DATA………………………………………………………………………. 3 6. RETENTION PERIODS ………………………………………………………………………………………………………………… 4 7. TECHNICAL AND ORGANISATIONAL SECURITY MEASURES …………………………………………………………… 4 8. LAST UPDATE……………………………………………………………………………………………………………………………. 4 1. PROCESSOR DETAILS ……………………………………………………………………………………………………………….. 5

2. CATEGORIES OF PROCESSING …………………………………………………………………………………………………… 5 3. TRANSFERS OF PERSONAL DATA TO THIRD COUNTRIES OR INTERNATIONAL ORGANISATIONS ………. 5 4. TECHNICAL AND ORGANISATIONAL SECURITY MEASURES …………………………………………………………… 5 5. LAST UPDATE……………………………………………………………………………………………………………………………. 5

1. CONTROLLER DETAILS

Name: Cirtec Group Limited

Company number: 14949623

Address: 85 Great Portland, First Floor, London, W1W 7LT

Telephone Number: 01264 535025

Website: https://www.cirtecgroup.co.uk/

2. CATEGORIES OF DATA SUBJECTS

Cirtec collects personal data from the following categories of data subjects:

(a) Cirtec website users, prospective customers (and their staff) and customers (and their staff).

(b) Cirtec employees, job applicants and contractors.

3. CATEGORIES OF PERSONAL DATA

3.1 Cirtec collects the following categories of personal data about website users, prospective customers (and their staff) and customers (and their staff):

(a) Name, job title and contact information.

(b) Location details and electronic identification data including IP address and information collected through cookies.

(d) Contractual details including details of the goods and services provided to the customer or, in the case of prospective customers, the good and services they are enquiring about.

3.2 Cirtec collects the following categories of personal data about employees, job applicants, and contractors:

(a) Personal details including name and contact information.

(b) Date of birth.

(d) Marital status.

(e) Beneficiary and emergency contact information.

(f) Government identification numbers.

(g) Education and training details.

(h) Bank account details and payroll information.

(i) Salary and benefit information.

(j) Performance information.

(k) Employment details.

(l) Special categories of personal data, including data relating to an employee’s:

(i) racial or ethnic origin;

(ii) political opinions;

(iii) religious or philosophical beliefs;

(iv) trade-union membership;

(v) genetics, biometrics, or health; and

(vi) sex life or sexual orientation.

3.3 Cirtec collects the following categories of personal data about suppliers and the staff and representatives of suppliers:

(a) Name, job title and contact information.

(b) Financial and payment details.

4. PURPOSES OF PROCESSING

4.1 Cirtec collects and processes personal data of website users, prospective customers (and their staff) and customers (and their staff) for the following purposes:

(a) Maintaining and enhancing Cirtec’s products and services.

(b) Providing products and services and customer management.

(d) Direct marketing.

(e) Supporting network and system security.

(f) Auditing.

(g) Detecting and preventing fraud.

(h) Complying with legal obligations.

(i) Conducting web analytics.

(j) Dealing with disputes.

4.2 Cirtec collects and processes personal data about employees, job applicants, and contractors for the following purposes:

(a) Recruitment and selection of employees.

(b) Personnel management.

(d) Human resources administration including payroll and benefits.

(e) Complying with legal obligations.

(f) Education, training, and development activities.

(g) Dealing with disputes.

4.3 Cirtec collects and processes personal data about suppliers and the staff and representatives of suppliers for the following purposes:

(a) To obtain products and services (including scopes of work and costs estimates).

(b) Supplier administration, order management, and accounts payable.

(d) Dealing with disputes.

5. CATEGORIES OF RECIPIENTS OF PERSONAL DATA

5.1 Cirtec discloses personal data to the following categories of recipients, some of which may be located in third countries or may be international organisations as defined in Article 4(26) of the UK GDPR:

(a) Business partners.

(b) Auditors and professional advisors, such as lawyers, accountants and consultants.

(d) Third-party service providers, such as providers of:

(i) IT system management;

(ii) information security;

(iii) warehousing and logistics services;

(iv) human resources management;

(v) payroll administration; and

(vi) pension plan administration.

5.2 Cirtec transfers personal data to the following third countries and international organisations:

(a) Google. Google has incorporated the standard contractual clauses (SCCs) into its standard terms.

(b) [Other cookie providers] – see Cookies Policy

6. RETENTION PERIODS

6.1 Except as otherwise permitted or required by applicable law or regulation, Cirtec only retains personal data for as long as necessary to fulfil the purposes Cirtec collected it for, as required to satisfy any legal, accounting, or reporting obligations, or as necessary to resolve disputes. To determine the appropriate retention period for personal data, Cirtec considers the amount, nature, and sensitivity of personal data, the potential risk of harm from unauthorised use or disclosure of personal data, the purposes for processing the personal data, whether the employer can fulfil the purposes of processing by other means, and any applicable legal requirements.

6.2 Cirtec typically retains personal data for the periods set out below, subject to any exceptional circumstances or to comply with laws or regulations that require a specific retention period:

(a) Information about customers:

(i) general information including name and contact information: seven years from the end of the contract (or the date the software was purchased).

(ii) general enquiries: two years from receipt/being marked as actioned unless the data subject (or their organisation) enters into a contract with Cirtec.

(iii) analytics and other information collected through cookies: using googles own policy of 14 months before it is deleted

(iv) contractual details including the goods and services provided: approximately six years from the end of the contract (or date the software was purchased) unless a threatened or ongoing dispute requires Cirtec to keep the information for longer in order to resolve that dispute.

(b) Information about employees and contractors is broadly kept for 6 years from the date on which employment/engagement ceases.

(c) Information about unsuccessful job applicants is broadly kept for 6 months after notifying unsuccessful candidates unless Cirtec has a clearly communicated policy to keep candidates’ CVs for future reference or where retention is required to meet a legal obligation. Successful candidates’ details are kept in line with Cirtec’s policies for employees/contractors.

(d) Information about suppliers and the staff and representatives of suppliers for approximately six years from the end of the contract, unless a threatened or ongoing dispute requires us to keep the information for longer in order to resolve that dispute.

7. TECHNICAL AND ORGANISATIONAL SECURITY MEASURES

Cirtec has implemented the following technical and organisational security measures to protect personal data:

(a) Encryption of personal data.

(b) Segregation of personal data from other networks.

(d) Employee training on information security.

(e) Written information security policies and procedures.

8. LAST UPDATE

This record was last reviewed on 04 July 2023 and was last updated on 04 July 2023.

1. PROCESSOR DETAILS

Name: Cirtec Group Limited

Address: 14949623

Telephone Number: 01264 535025

Website: https://www.Cirtecgroup.co.uk/

2. TRANSFERS OF PERSONAL DATA TO THIRD COUNTRIES OR INTERNATIONAL ORGANISATIONS

As part of processing personal data on behalf of its customers, Cirtec does not transfer personal data to third countries or international organisations.

3. TECHNICAL AND ORGANISATIONAL SECURITY MEASURES

3.1 Cirtec has implemented the following technical and organisational security measures to protect personal data:

(a) Encryption of personal data.

(b) Segregation of personal data from other networks.

(d) Employee training on information security.

(e) Written information security policies and procedures.

4. LAST UPDATE

This record was last reviewed on 04 July 2023 and was last updated on 04 July 2023.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.