This privacy notice relates to Communisis UK. For information related to Communisis Data Intelligence, please click here.
Purpose
Communisis is committed to protecting the personal data of all individuals that we interact with. This notice details the ways in which we collect and use your personal data, as well as the rights you have over its use. It also allows us to provide you with key transparency information about why we collect certain personal data and who it may be shared with.
If you have any questions about how we process your personal data, please contact our Head of Data Protection or Data Protection Officer at:
Communisis UK
Communisis House
Manston Lane
Leeds
LS15 8AH
data.protection@communisis.com
Scope
This privacy notice applies to the activities of Communisis Limited, a legal entity operating in the UK. This notice applies to activities where Communisis acts as the ‘controller’ of your personal data. This is applicable in situations where we alone (or jointly) determine the purposes for processing your personal data. For example, this may be for our own recruitment purposes, or where we need to process personal data of our clients’ employees to maintain our business relationship with them.
Where we act as a ‘processor’ on behalf of another company we are acting under their instruction, and do not determine any of the ‘purposes’ of processing. Therefore, the contents of this notice wouldn’t apply. For example, this would be applicable where we process transactional account information related to customers of our banking clients. In these situations, it is our clients that would act as controller of your information. You should contact them if have any questions relating to how your data is processed, or should you wish to exercise any of your data protection rights.
Communisis Limited is registered with the Information Commissioner’s Office under registration Z6067816.
How do we collect personal data?
We may process your personal data when we collect it directly from you. This is likely to be:
- When you apply for a job with us
- When you make an enquiry (via post, email, phone or via our website)
- When you subscribe to any of our newsletters
- When you visit our website and interact with our cookie banner
- When you place an order through us
We also process personal data when we collect it indirectly from another source. Examples of this include:
- When one of our clients shares your personal data with us (such as your business contact details)
- When it is included in a report from one of our marketing partners
- When we are sent your CV by one of our recruitment partners
- When we receive complaints or reports through our Whistleblowing process
- When one of our employees includes your details as part of their emergency contact
- When you visit one of our sites and are captured on CCTV
What personal data do we process about you?
We process the following personal data:
- Contact details – your name, email address, postal address, and telephone number.
- Login/Credentials – your username and password.
- Financial – your payment card details, including card number, expiry date and security number (for example, if you place an order through us directly or apply for a job with us).
- Device details – information that helps identify the type of device used to access our website, such as model, age, and operating system.
- IP address – this is a unique address assigned to your device. We obtain this when you visit our website, however we cannot identify you from this information alone.
- CCTV images – your image may be captured on our CCTV should you visit any of our sites.
Our purposes for the processing of your personal data
Purpose | Our lawful basis | Our legitimate interests (if applicable) |
Direct marketing | Article 6 (1) (f) – legitimate interest | To support our clients in reaching their target audience, and ensuring people receive content of interest and appropriate to them. We may also promote our own products and services to B2B customers. |
Detection and prevention of fraud or other unlawful activity | Article 6 (1) (f) – legitimate interest | To protect us and our clients against any suspicious or potentially fraudulent activity, as well as situations where we may need to defend our legal rights. |
Client relationship management | Article 6 (1) (f) – legitimate interest | To set up and manage client accounts so that both Communisis and our clients can interact efficiently. |
Network and information security | Article 6 (1) (f) – legitimate interest | To protect the confidentiality and integrity of information (including personal data) on the Communisis network. |
Crime prevention | Article 6 (1) (f) – legitimate interest | To assist with any lawful request received from a law enforcement organisation. |
Responding to and managing Subject Access Requests | Article 6 (1) (c) – legal obligation | N/A |
Arranging the shipment of a client order (including payment details) | Article 6 (1) (b) – performance of a contract. | N/A |
Improving our products and services | Article 6 (1) (f) – legitimate interest. | To better understand our clients’ needs and to help tailor our product offering in the future. |
Arranging access to our sites | Article 6 (1) (f) – legitimate interest. | To ensure the security and safety of our sites. |
To assist with auditing requirements | Article 6 (1) (f) – legitimate interest | To help us maintain our certifications and relationship with our clients. |
Social media | Article 6 (1) (f) – legitimate interest | To allow us to correspond with users should they ask questions or include us in a post entry. |
Market research | Article 6 (1) (f) – legitimate interest | To help us to better understand how we can improve our service offering and gain key insights from our clients. |
Maintaining our website (necessary cookies) | Article 6 (1) (f) – legitimate interest | To help us maintain the security and performance of our website and to give you the best possible browsing experience. |
Maintaining our website (all other types of cookies) | Article 6 (1) (a) – consent | N/A |
Please note that the information above isn’t necessarily an exhaustive list and we may from time-to-time process different types of personal data, depending on the circumstances. We will, however, always aim to ensure you are aware of the personal data we are processing and the reasons why.
In addition to the above, there may be occasions where we need to rely on one of the following lawful bases. These may be applicable where we process sensitive information (known as ‘special category’):
- processing is necessary for the establishment, exercise or defence of legal claims.
- processing is necessary to protect your vital interests (for example, where there is a medical emergency).
- processing is necessary for reasons of substantial public interest (for example, for the purposes of equality monitoring).
Who do we share your personal data with?
As a principle, we only share your personal data where it is necessary and where there is a business reason to do so. We will share your personal data internally within Communisis as well as external third parties, only where necessary.
For us to provide some of our products and services, we may share your personal data with our third-party suppliers. For example, this may include suppliers of our marketing and financial record-keeping systems. When we engage a third-party supplier to process personal data on our behalf, we put in place contracts that ensure that they can only process the data as we instruct and not use it for any other purpose.
In certain circumstances, it may be necessary to share your personal data with law enforcement organisations, or when we need to exercise or defend any of our legal rights.
Where is my personal data shared?
Most of our core processing activities take place within the UK and the EEA. There are occasions where we may need to transfer your data overseas to either one of our overseas group companies, or to one of our third-party suppliers. Where we do transfer your personal data overseas, it will only be for the same purposes as stated in this notice.
We only transfer your personal data overseas where we are satisfied that appropriate safeguards are in place. These ensure that your personal data is processed to a similar standard to what it would be in the UK. Where Standard Contractual Clauses are used, we undertake an assessment of the recipient country to satisfy ourselves that there would be no impingement on your data protection rights.
How long do we keep your personal data?
We only retain personal data for as long as it is required. If we no longer have a purpose for it, or that purpose has been fulfilled, we will no longer process your personal data. We’ll only process your data for the purposes set out in this privacy notice unless we are required by law or process it for a different purpose or to retain it for longer than usual.
What data protection rights do you have?
You have the following rights in relation to the processing of your personal data:
- To be informed of how and why we process your personal data. This privacy notice covers our core processing activities.
- Ask that we amend any inaccurate (or incomplete) data about you.
- Object to certain uses of your personal data.
- Ask that we temporarily restrict the processing of your personal data. We would generally apply this when we need to investigate further.
- Ask that we provide you a copy of your personal data.
- Ask that we erase or delete certain personal data. This is context specific, and we may not always be required to comply.
- Withdraw any consent that you have given us.
- Ask that we provide a copy of your personal data in common machine-readable format (such as CSV).
Please note that we don’t conduct any ‘automated decision making’ as defined by the UK GDPR, so rights in relation to this type of processing wouldn’t apply.
How to complain
If you have any questions or concerns about how your personal data is being processed, please contact the Head of Data Protection, or alternatively you can email your concerns to data.protection@communisis.com.
If you are not satisfied with the response we give you, you have the right to make a complaint to the Information Commissioner’s Office, the UK regulator. Further details can be found here: https://ico.org.uk/.