Cennox (the “Company”) is committed to protecting the privacy and security of your personal information. This notice applies to anyone who uses our website and to anyone who buys or uses any of our products and or services. This notice also applies to individuals to whom we might market our services or products. We are required under data protection legislation to notify you of the information contained in this notice.
Cennox is a data controller. This means that we are responsible for deciding how we hold and use personal information about you. Cennox may also, in some instances, be a data processor. This means that we process personal data on behalf of a controller (including ourselves).
This notice does not form part of any contract to provide services or any other contract. We may update this notice at any time.
The kind of information we collect or process about you.
The sort of information we hold includes:
Identity data: your name and job title
Contact Data: your email, physical and mailing address, your telephone number, your employer’s name, IP address, ISP provider.
Financial Data: bank account details, your debit or credit card information, credit reference information (which we acquire from credit reference agencies) and other banking information.
Transaction Data: your contract for services or products, if applicable, and any amendments to it; billing history and product and services you use and anything else related to your account.
Profile Data: including information you provide to us in your communications with us, and correspondence with or about you.
Marketing and Communications Data: including any information which will assist us in marketing our services and products to you. This information also includes your preferences in receiving marketing from us and our third parties and your communication preferences.
Technical Data: CCTV footage and other information obtained through electronic means such as telephone recordings, email, mobile phone and internet usage data, information about your use of our website, photographs.
How your information will be collected
We may collect personal information in a number of ways. Much of the information we hold will have been provided by you, but some may come from other sources, such as from third parties including credit reference agencies, our partners, or business directories. We may also collect personal data which is publicly available on websites such as job boards, LinkedIn, or similar business-related websites. We may use third-party applications which store their data from publicly available websites. We will collect additional personal information in the course of performing our contract with you and in providing our products and services to you.
How your information will be used
- As our customer, Cennox needs to keep and process information about you for normal business purposes. The information we hold, and process will be used for our management and administrative purposes only, to assist us in providing products or services to you. We will keep and use it to enable us to run the business and manage our relationship with you efficiently, lawfully and appropriately. This includes using information to enable us to comply with any contract, to comply with any legal requirements, pursue the legitimate interest of the Company and protect our legal position in the event of legal proceedings and any information we keep and process with your consent.
- If you fail to provide certain information when requested, we may not be able to perform the contract we have entered into with you (such as providing you with a product or service), or we may be unable in some circumstances to comply with our legal obligations (such as ensure the health and safety of our workers) and we will tell you about the implications of that decision.
- We do not collect any Special Categories of personal information about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
- As a company pursuing engaged in facilities services for a variety of industries, we may sometimes need to process your data to pursue our legitimate business interests, for example to prevent fraud, administrative purpose or reporting potential crimes. Examples of instances where we might keep and process your data include: to process and deliver your order or to perform services for you, to provide information to you, for billing purposes, to collect and recover any money owed to us, to validate you as a registered customer, to notify you about changes to our services and to make recommendations to you about goods and services which might be of interest to you, for the administration of files and records, business management and planning, accounting and auditing, to send certain communications to you, and to comply with applicable laws, regulations, and court orders.
- We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising. We have established the following personal data control mechanisms:
- We may use your personal information to form a view on what we think you may want or need or what might be of interest to you. This is how we decide which products, services and offers may be relevant to you.
- You will receive marketing communications from us if you have requested information from us or purchased products or services from us or if you provided us with your details including if you entered a competition, drawing or completed a survey, and, in any case, you have not opted out of receiving that marketing.
- We will get your express opt-in consent before we share your personal data with any company outside of the Cennox Group of companies for marketing purposes.
- You can ask us or third parties to stop sending you marketing messages at any time by contacting writing to us at firstname.lastname@example.org or by following any opt-out links on any marketing message you received.
- We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another purpose and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and will explain the legal basis which allows us to do so.
How your information will be shared
- Other than as mentioned below, we will only disclose information about you to third parties if we are legally obliged to do so or where we need to comply with our contractual duties to you, for instance we may need to pass on certain information to any subcontractors, any governmental authority or insurance schemes. In very rare instances, we may share your personal information with other third parties, for example, in the context of possible restructuring or sale of the business.
- Some data collected by the Company may be stored in secure hosting facilities provided by Microsoft Web Services. The Company’s contract with its hosting provider ensures that all hosting is performed in accordance with the highest security regulations.
- We may transfer information about you to other group companies for purposes connected with providing services or products to you or otherwise in conjunction with the needs of the efficacy of the business.
- All our third-party service providers and other entities in the group are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your data for their own purposes. We only permit them to process your personal data for specific purposes and in accordance with our instructions.
- In limited and necessary circumstances, your information may be transferred outside of the EEA or to an international organization to comply with our legal or contractual requirements and in some circumstances, there may not be an adequacy decision by the European Commission in respect of that country. This means that the country’s domestic law or international commitments have not been determined by the European Commission to provide an adequate level of protection for your personal information. Therefore, to ensure that your personal information does receive an adequate level of protection, we have put into place safeguards to ensure your personal information is treated by those third parties in a way consistent with an which respects the EU and UK laws on data protection: the organization(s) to which your personal data is sent outside of the EU have a legally binding contract with us; all personal data is kept strictly confidential and can be only disclosed as required by contract; and only those staff at those organization(s) who need to have access to personal data for the performance of their contractual obligations are permitted to have access to it. Furthermore, in circumstances where your data is transferred outside of the EEA to group companies, additional security measures including role-based security with limited access rights, logical separation of data, and encryption at rest and in transit ensure the security of your data. A copy of the safeguards can be obtained from email@example.com.
How your information will be protected
The Company has adopted reasonable physical, technical and organizational safeguards which substantially mirror the EU safeguards against accidental, unauthorized or unlawful destruction, loss, alteration, disclosure, access, use or processing of the User’s data in the Company’s possession. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They may only process your personal information on our instructions and they are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
How long your information will be retained
- The Company will not retain data longer than is necessary to fulfill the purposes for which it was collected or as required by applicable laws or regulations. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
- In some circumstances we may anonymize your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.
- After you no longer use our website, inquire about or purchase our products or services, or no longer receive our marketing material, the Company we will retain and securely destroy your personal information in accordance with applicable laws and regulations.
(Applicable to EU citizens. If you are a citizen of a country outside the EU, your rights depend upon the laws of that country.)
- Under the General Data Protection Regulation (GDPR) and the Data Protection Act 2018 (DPA) you have several rights about your personal data.
- You have the right to request from us access to and rectification or erasure of your personal data, the right to restrict processing, object to processing as well as in certain circumstances the right to data portability.
- If you have provided consent for the processing of your data, you have the right to withdraw that consent at any time which will not affect the lawfulness of the processing before your consent was withdrawn. To withdraw your consent, please write to us. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
- You have the right to lodge a complaint to the information commissioners’ Office if you believe that we have not complied with the requirements of the GDPR or GPA 18 about your personal data.
- You will not have to pay a fee for access to your personal information or to exercise any of the other rights. However, the Company may charge a reasonable fee if the request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
Changes to this Privacy Notice
Cennox reserves the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make updates. We may also notify you in other ways, from time to time, about the processing of your personal information.
Information requests or questions
If you have any concerns as to how your data is processed or if you would like to exercise any of your rights, you can contact:
Chris Cockett, Data Protection Officer, at firstname.lastname@example.org
Or you can email email@example.com