Skip navigation

PRIVACY POLICY

Our Privacy Notice informs you how we collect, use and share your personal information, the rights of the individual and how to exercise them.

The Privacy Policy contains four parts:

  1. The Introduction
  2. Important information about the Rights of the Individual (In relation to Consent and to Object to our use of your Personal Information)
  3. Key information required by the UK Data Protection Act 2018
  4. Cookies and Similar Technologies

INTRODUCTION

By “Personal Data” we mean Personal Data, as defined in the UK Data Protection legislation. In general, it means any information relating to you, which identifies you or allows you to be identified. That may be your name, an ID number, location, an online identifier or factors specific to you (e.g., physical, physiology (thoughts, feelings), genetic, mental, economic, cultural or social factors).

By “Sensitive Personal Data” we mean two things: 1. What is technically known as “Special Categories of Personal Data” (Personal Information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for the purpose of uniquely identifying an individual, data concerning health or data concerning an individual’s sex life or sexual orientation) and 2. Criminal Data (Criminal offences or related security measures, including the alleged commission of offences, proceedings for an offence committed or alleged to have been committed or the disposal of those proceedings, including sentencing).

This Privacy Policy is focused on our externally facing activities. If you would like to understand how Communisis collects, uses and shares data about individuals in an employment context or you have any queries regarding this Privacy Policy, then please contact us via email: data.protection@communisis.com.

IMPORTANT INFORMATION ABOUT THE RIGHTS OF THE INDIVIDUAL, IN RELATION TO CONSENT AND TO OBJECT TO OUR USE OF YOUR PERSONAL INFORMATION

Consent of the Data Subject

We will in certain circumstances with your consent, send you direct marketing by email. You may at any time withdraw your consent to us using your personal information for that purpose.

We will rely on your browser settings to indicate your consent to the use of Cookies on our website. To withdraw your consent, please adjust your browser settings. Please see our Cookies Policy for instructions.

To withdraw your consent (in all cases other than Cookies), please contact our Data Protection Office via email: data.protection@communisis.com.

Your Right to Object to our use of the “Legitimate Interests” as a Legal Basis for Processing and to Direct Marketing: We consider that our use of your personal information to reach out to business about the goods and services we can offer is in our legitimate interests.

You may object to our use on that basis. To exercise your right, please contact us via email: data.protection@communisis.com.

KEY INFORMATION REQUIRED BY THE UK DATA PROTECTION ACT 2018

Here are important details about us and our use of your personal information.

A – Our Identity and Data Protection Officer Contact Details

Data Protection Officer Contact Details:

Address: Data Protection Office
Communisis
Manston Lane
Cross Gates
Leeds
LS15 8AH
Tel: 0113 225 5000

Email: data.protection@communisis.com

We are registered as a Data Controller with the UK’s Information Commissioner’s Office. Our Registration Number is: Z8978351.

It would be very helpful, if you would tell us exactly why you are contacting us.

For example, to exercise a right, please put the name of the right in the subject line of the email i.e., Subject Access Request. Please see the Rights of the Individual (Section H) for further information. Thank you.

B – Purposes and Legal Basis

Here is a summary of the purposes for which we use personal information and the legal bases for our use. You can find more details on the ICO website at https://ico.org.uk

 

Our Purposes Legal Basis for Personal Information:

·      Consent of the Data Subject

·      Contractual Necessity

·      Compliance with a Legal Obligation

·      Legitimate Interests

·      Vital Interests

·      Public Interests

Legal Basis for Sensitive Personal Information:

·      Explicit Consent

·      Legal Claims

·      Vital Interests

·      Employment Law

·      Data Manifestly made public by the Data Subject

·      Processing for New Purposes

·      Reason of Substantial Public Interest

·      Charity or Not-for-Profit Bodies

·      Medical Diagnosis or Treatment

·      Public Health

·      Historical, Statistical and Scientific Purposes.

Advertising, Marketing and Public Relations · Consent of the Data Subject

· Legitimate Interests

· N/A
Accounts and Records · Compliance with a Legal Obligation

· Legitimate Interests

· Contractual Necessity

· Legal Claims

· Reason of Substantial Public Interest: Prevention/Detection of Unlawful Acts

Administration of Membership Records · Legitimate Interests

· Contractual Necessity

· Consent of the Data Subject

· Explicit Consent

· Legal Claims

Consultancy and Advisory Services · Contractual Necessity

· Legitimate Interests

· Explicit Consent

· Legal Claims

Crime Prevention and Prosecution of Offenders · Legitimate Interests

· Compliance with a Legal Obligation

· Reason of Substantial Public Interest: Prevention/Detection of Unlawful Acts
Research · Legitimate Interests

· Contractual Necessity

· Historical, Statistical and Scientific Purposes

C – Legitimate Interests

Our Legitimate Interests include:

  • Client Relationship Management
  • Fraud Prevention
  • Direct Marketing
  • Internal administration of client and supplier personal information within our Group.
  • Network and Information Security
  • Reporting possible criminal acts/threats to the relevant authorities.
  • Non-repetitive transfers of a limited number of individuals’ personal information (See Section Transfers outside the EEA).

D – Personal Information Collected Indirectly from Third-Parties

We collect the following categories of personal information indirectly (e.g., from third-parties):

  • Name and Contact Details.
  • Basic Employment Details, including the Name of your Employer and Job Title.

E – Recipients

  • We may share personal data with your permission, so that we can perform services that you have requested. For example, we may use a third-party provider to deliver e-newsletters.
  • In order to meet our regulatory, contractual and legal duties, we may be required to share personal data with our external audit function.
  • We may need to share personal data with other recipients as permitted or required by an applicable law.

F – Transfers outside the EEA (European Economic Area) including EU Member States, Norway, Iceland and Liechtenstein

We do not transfer any personal information to third countries or international organisations.

G – Data Retention

The period for which we will store personal information is based on our need to fulfil our legitimate business needs, comply with applicable law, resolve disputes and enforce our agreements. To view a copy of our Data Retention Schedule, please contact us via email: data.protection@communisis.com.

H – Rights of the Individual

You have rights to make a request to us concerning:

  • The Right to be Informed
  • The Right to Access
  • The Right to Rectification
  • The Right to Erasure
  • The Right to Restrict Processing
  • The Right to Data Portability
  • The Right to Object
  • Rights concerning Automated Decision-Making and Profiling

To find out more about them, please visit the Information Commissioner’s website. To exercise your rights, please contact us via email: data.protection@communisis.com and state the right in the subject line of the correspondence.

Section I – Withdrawal of Consent

You have a right to withdraw any consent you give us at any time.

This will not affect the legality of our consent-based use before you withdrew the consent and it does not include our legal requirements to retain certain information such as financial records, etc.

To exercise your right to withdraw, please contact us via email: data.protection@communisis.com. Please make it clear you want to exercise this right, for example, with the subject line “Withdrawal of Consent”. Thank you.

Section J – Complaints

You have a right to complain to the UK’s Information Commissioner’s Office, whose contact details are:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire

United Kingdom
SK9 5AF

Telephone: 0303 123 1113 (Local Rate) or 01625 545 745 (National Rate).
Website: https://ico.org.uk (which also sets out email addresses and an email form).

Section K – Information Collected Directly – Legal or Contract Requirement

Not Applicable.

Section L – Sources of Information Collected Indirectly

The sources of the personal information we collect indirectly are:

  • Publicly accessible sources of Business-to-Business data.

Section M – Automated Decision-Making

We do not conduct Automated Decision-Making.

Section N – Users 16 and Under

We do not knowingly collect or solicit personal data from anyone aged 16 or under or knowingly allow such persons to provide us with their personal data without parental or guardian consent. If you are aged 16 or under, please do not provide us with your personal data without first asking your parent or guardian for permission. In the event, that we learn that we have collected personal data from anybody aged 16 or under and we do not have the consent of a parent or guardian, we will delete that personal data, as quickly as possible. If you believe that we might have any personal data from or about anyone aged 16 or under without the consent of a parent or guardian, please contact us via email: data.protection@communisis.com.

Section O – Legal Obligations

The statutory and/or regulatory directives and legislation on which this Policy is based upon is the current UK Data Protection legislation.

This is all applicable UK Data Protection and Privacy legislation in force from time-to-time, including the General Data Protection Regulation (EU) 2016/679, the UK Data Protection Act 2018 and the Privacy and Electronic Communications (EU Directive) Regulations 2003 (as amended) (PECR) and any superseding legislation and all other applicable laws, regulations, statutory instruments and/or any codes, practice or guidelines issued by the relevant data protection or supervisory authority in force from time to time and applicable to a Party, relating to the processing of personal data and/or governing individual’s rights to privacy.

From 28th June 2021, the UK has been granted an adequacy decision by the EU, which covers data transfers between the UK and the EU and this adequacy decision is due to be reviewed in four years’ time (on 28th June 2025) with a view to this safeguard remaining in place for UK/EU Data Transfers.

COOKIES OR SIMILAR TECHNOLOGIES

Please see our Cookies Policy for further information. FFICER