31st March 2020
For the purpose of the GDPR, the data controller is Aistemos Limited, whose principal place of business is 39-41 Charing Cross Road, London WC2H 0AR.
What kinds of information may we collect from you:
We may collect and process the following information about you in the course of your visit to the website:
- Basic personal information about you (such as your name, company, telephone number, address and email address) that you provide to us when subscribing to Cipher, registering as a user, or in the course of using our services.
- Information about your visit that is automatically collected by the website (such as technical information about your browser type and settings, your operating system, your internet protocol (IP) address, searches submitted and session length).
- Information received from other sources (such as our own service providers in technical, payment, delivery and analytics services).
WHAT USES DO WE MAKE OF THAT INFORMATION?
The information that we collect about you may be used for marketing purposes and for the purposes of communicating with you about Cipher and its offerings, events and services.
LAWFUL BASIS OF PROCESSING
The lawful basis of processing is that at least one of the following applies:
- the data subject has given consent to the processing of his or her personal data; and
- the processing is necessary for the purposes of the legitimate interests pursued by Cipher, including the conduct of direct marketing activities and/or the efficient management of Cipher’s relationships with its customers, prospective customers, suppliers, shareholders, staff or other stakeholders.
TO WHOM MAY WE DISCLOSE YOUR INFORMATION?
“Business as usual” disclosure to third parties. We may share your personal information with selected third parties including:
- Business partners, suppliers and sub-contractors for the performance of any contract we enter into with you.
- Analytics and search engine providers that assist us in the improvement and optimisation of Cipher systems.
Disclosure in the context of corporate transactions. We may share your personal information with third parties:
- If we sell or buy any business or assets, in which case we may disclose your personal information to the prospective seller or buyer of such business or assets.
- If Cipher or substantially all of its assets are acquired by a third party, in which case personal information held by it about its customers will be one of the transferred assets.
Disclosure required by law or for legal enforcement. We may share your personal information with third parties where:
- We are under a duty to do so in order to comply with any legal obligation.
WHERE DO WE HOLD AND PROCESS YOUR PERSONAL DATA?
The personal information that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (EEA). It may also be processed by staff operating outside the EEA, who work for us or for one of our service providers. Such staff may be engaged in, among other things, the fulfilment of your order, the processing of your payment details and the provision of support services.
HOW ARE COOKIES USED WITHIN CIPHER?
THE WEBSITES USE THE FOLLOWING KINDS OF COOKIE:
- Authentication cookies, used to secure your login, these are persistent
- Performance cookies, which are session cookies
- Functionality cookies, which are persistent
- Cookies that are essential in order to enable you to move around Cipher and use its features, such as accessing secure areas of the website. Without these cookies, we are unable to provide the search services you require.
- Cookies that collect information about how users make use of the website, for analytics purposes. These cookies do not collect information that identifies any individual user personally. Information from these cookies is aggregated (and accordingly anonymous), and is only used to improve how the website works.
- Cookies that allow the website to remember your choices (such as your user name and previous searches) and to improve your user experience. The information that these cookies collect cannot be used to track your browsing activity on other websites.
By using Cipher systems, you agree that we can place these types of cookie on your device.
If at any time you wish to disable our cookies, you are able to do so through the privacy settings on your browser. However, please note that doing so may result in the loss of certain features of Cipher or the website.
What are my rights in relation to the uses of my personal information?
You have the following rights as a data subject, by reason of the General Data Protection Regulation:
- The right to request access to the personal data that we hold about you (also known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
- The right to request rectification of the personal data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- The right to request erasure of the personal data that we hold about you (also known as “the right to be forgotten”). This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
- The right to request restriction of processing about you. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
- The right to object to processing. Where we are processing your personal data solely on the grounds that there is a legitimate interest to do so, and there is something about your particular situation which makes you want to object to processing on this ground, then this enables you to challenge the processing. You also have the right to object where we are processing your personal information for direct marketing purposes.
- The right to data portability. This enables you to ask us to transfer your personal information to another party in certain circumstances.
- Where our processing of personal data is based on your having given consent, you also have the right as a data subject to withdraw that consent at any time.
- You have the right to lodge a complaint with a supervisory authority. In the United Kingdom, the supervisory authority is the Office of the Information Commissioner, full contact details for which can be found on the ICO website.
If you wish to invoke any of the above rights, please contact our Privacy Manager using the details set out below.
The website may, from time to time, contain links to and from the websites of our data providers or other service providers. Please note that these third party websites have their own privacy policies, which you should check before submitting any personal information to them. Cipher does not accept any responsibility or liability for these third party websites or for compliance with their privacy policies.
DURATION OF PROCESSING
Cipher will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. The appropriate retention period for any given type of personal data depends on a range of factors, including the nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure, the purposes for which it was collected, and the applicable legal requirements.
AUTOMATED DECISION-MAKING (INCLUDING PROFILING)
Cipher undertakes no automated decision-making in respect of data subjects.
PLANS FOR FURTHER PROCESSING
Cipher has no plans to process personal data for reasons other than the reason for which the data was originally collected.
The contact details for the Cipher Privacy Manager are as follows:
39-41 Charing Cross Rd.
D: +44 (0) 20 3909 9200
It is the responsibility of the Privacy Manager to ensure that our organisation and our staff are kept informed and advised about their obligations to comply with data protection laws, to monitor compliance with those laws, to advise on data protection impact assessments, to train staff and conduct internal audits, and to be the first point of contact for supervisory authorities and for individuals whose personal data we are processing.
You can contact the Privacy Manager using the above details if you wish to invoke any of your rights as a data subject, or if you have any other questions or concerns about personal data and privacy matters. Please include the words DATA PRIVACY REQUEST in the subject line of your email, or at the top of your letter.