Privacy

We’re committed to protecting your personal data.

SignalCX is committed to protecting your personal data and this privacy policy states how we collect your personal data, how we store it and how we use it.

This privacy policy applies to our website, products and services which are offered by SignalCX.

The purpose of this policy is to give you a clear explanation about how SignalCX collects and uses the personal data you provide to us and that we collect. We ensure that we use your information in accordance with all applicable laws concerning the protection of your personal data.

If you have any queries about this policy or your personal data please contact:

Gary Coventry Coyle
Data Protection Officer
Signal CX
86 Commercial Quay
Edinburgh
EH6 6LX

Tel: 0131 561 8696

Email: privacy@signal.cx

Information Collected

  • We collect your contact information such as full name, company name, email address, postal address and telephone number when you email or call us with an enquiry. This helps us provide an effective response to you
  • We may also collect your details from publically available sources such as LinkedIn, TendersDirect, PublicContractsScotland in order to send you information about our services
  • In addition to the above, we collect information about your visit to our website. Please see our Cookies Policy for more details
  • Service Animals™. Please see Service Animals™ Data Processing for more details

The personal data we collect will be used for the following purposes:

  • Dealing with enquiries and requests about our services submitted to us via email or call
  • Sending you information about our services which are applicable to you in your role
  • Requesting information about your services which are applicable to you, your company, our company and our clients

Our legal basis for processing of your personal data is:

  • Processing is necessary to meet contractual obligations entered into by you
  • Processing is necessary for purposes of our legitimate interests in relation to goods and services that you use in your role

The legitimate interest pursued by us are as follows:

  • In response to an enquiry from you about our goods and services
  • For the purpose of promoting our goods and service via direct marketing which are relevant to you in your role. We will always confirm how your personal data was obtained and always offer an opt out of direct marketing communications
  • Enquiring about your goods and services which are applicable to our company or our clients.

How we protect your information

We adopt appropriate data collection, storage and processing practices and security measures to protect against unauthorised access, alteration, disclosure or destruction of your personal or transactional information stored on our website and systems.

The security measures we’ve put in place include:

  • the encryption of personal data;
  • the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
  • the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;
  • a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing

Marketing

We believe in being open, honest and transparent with our clients and suppliers and want you to feel comfortable about your decision to give us your personal data and how we use it.

We will use the details you provide to us to communicate with you about how we can help you in your role and help your company achieve its objectives.

We promise that we will only communicate with you in the way you wish us to and we will always respect your privacy. You can change your mind at any time and it’s quick and easy to let us know that you no longer want to hear from us by contacting the Data Protection Officer.

In certain instances, we collect and use your personal data by relying on the legitimate interest legal basis. This is because when you, for example, request to receive services or products from us, we have a legitimate organisational interest to use your personal data to respond to you and there is no overriding prejudice to you by using your personal data for this purpose. However, we will always provide you with the option to opt-out of hearing from us. This is the case, for example, where we seek to obtain your consent to receive email marketing from SignalCX.

We will only communicate to you in the way you have told us. For example:

Email/text marketing

If you actively provide your consent to us along with your email address and/or mobile phone number, we may contact you for marketing purposes by email or text message. By subscribing to SignalCX emails or opting in to email communication from SignalCX, you grant us the right to use the email for email marketing.

Post/telephone marketing

If you have provided us with your postal address or telephone number we may send you direct mail or telephone you about our work unless you have told us that you would prefer not to receive such information. We also actively check telephone numbers against the Corporate Telephone Preference Service (CTPS) and will only make telephone calls to you where your telephone number is listed on the CTPS if you have specifically told us that you do not object to such calls and have consented to receive them from SignalCX.

You can also change any of your contact preferences at any time, including telling us that you don’t want us to contact you for marketing purposes by contacting the Data Protection Officer.

Gary Coventry Coyle
Data Protection Officer
Signal CX
86 Commercial Quay
Edinburgh
EH6 6LX

Or email privacy@signal.cx

Call: 0131 561 8696

Disclosures

We will never pass your personal data on to other organisations for them to use for their own marketing purposes.

However, we may disclose your personal data in the following circumstances:

  • To third parties who provide a service to us. These are service providers, such as online survey tools. We work in compliance with data protection laws and we make sure that appropriate controls are in place.
  • Where we are under duty to disclose your personal data in order to comply with law or the disclosure is ‘necessary’ for purposes of national security, taxation and criminal investigation or we have your written consent. In all instances, we will notify before any disclosure is made.

Keeping your personal data

We keep your personal data for up to 6 years and 1 month after the creation date to operate the service in accordance with legal requirements and tax and accounting rules. Where your information is no longer required or is no longer relevant, we will ensure it is disposed of in a secure manner.

Your rights

At any point while we are in possession of your personal data, you have the following rights:

  1. The right to access your personal data
  2. The right to rectification and update your personal data
  3. The right to request to have your personal data erased
  4. The right to restrict processing of your personal data
  5. The right to object
  6. The right to lodge a complaint with a supervisory authority

1. The right to access your personal data

You have a right to obtain confirmation that your personal data is being processed. You also have the right to request a copy of your personal data we hold.

We will provide a copy of your personal data within 30 days of receiving the written request. Should you wish to exercise these rights we require you to prove your identity with two pieces of approved identification (photo ID and proof of address such as utility bill). Please address requests to the DPO.

You can use this form: Subject Access Request Form. Alternatively, please ensure you provide us with all the requested information in an alternative format to help us locate your records.

We will respond within 28 days of your request.

2. The right to rectify and update your personal data

The accuracy of your personal data is important to us. You can rectify/update your personal data, including your address and contact details at any time. Please address requests to the Data Protection Officer.

Please provide as much information as possible about your request. We will investigate and confirm our decision within 28 days of the request.

3. The right to request to have your personal data erased

You have the right to request your personal data be erased. This is not an absolute right and we will review these on a case by case basis.

Should you wish to exercise these rights please address requests to the Data Protection Officer.

Please provide your reason for your request. We will consider this and advise you of our decision within 28 days of the request.

4. The right to restrict processing of your personal data

You have the right to ‘block’ or suppress processing of your personal data. However, we will retain just enough of your personal data to ensure that the restriction is respected in the future.

Should you wish to exercise these rights please address requests to the Data Protection Officer.

Please provide your reasons for us to restrict processing of your personal data. We will consider your request and respond with our decision within 28 days.

5. The right to object

You have the right to object to your personal data being processed, for marketing and for research purposes. From the very first communication from us and every marketing communication we send after you will have the right to object to marketing.

Alternatively, you can exercise this right by contacting the Data Protection Officer.

SignalCX will action your request within 28 days of receiving it.

6. Your right to lodge a complaint with a supervisory authority

If you wish to lodge a complaint or seek advice from a supervisory authority please contact the Information Commissioner’s Office (ICO).

The ICO is the UK’s independent body set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.

The ICO can be contacted at:

The Office of the Information Commissioner
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF

Tel: +44 (0) 303 123 1113 (local rate) or +44 (0)1625 545 745 (national rate)

Website: www.ico.org.uk

Other websites

Our website may contain links to other websites that are outside our control and are not covered by this Privacy Policy. If you access other sites using the links provided, the operators of these sites may collect information from you that will be used by them in accordance with their privacy policy, which may differ from ours. You should read other sites Privacy Policies before giving them your personal information.

Internet-based transfers

Given that the Internet is a global environment, using it to collect and process personal data necessarily involves the transmission of data on an international basis. Whilst SignalCX makes every effort to minimise instances, this means data you pass to us may be processed outside the European Economic Area, although the data will always be held securely and in line with the requirements of UK data protection legislation. By communicating electronically with us, you acknowledge and agree to our processing of personal data in this way.

Amendments Cookies Policy

A cookie is a small piece of information sent by a web server to a web browser, which enables the server to collect information from the browser. Find out more about cookies on www.allaboutcookies.org

Most browsers will allow you to turn off cookies. If you want to know how to do this please look at the menu on your browser, or look at the instructions on www.allaboutcookies.org. Please note however that turning off cookies may restrict your use of our website.

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site.

We use Google Analytics to provide this service, which uses first party cookies. The data collected is not shared with any other party.

The Analytics Tools we use are:

  • __Google Analytics to record how a site is performing through visitor analysing visitor statistics;

You can opt out of being tracked by Google Analytics using the Opt Out Browser Add-On from Google.

More information about Google Analytics

The information we get through the use of these cookies is anonymised and we make no attempt to identify you or influence your experience of the site while you are visiting it. If you do not allow these cookies we will not be able to include your visit in our statistics.

If you have used a Do Not Track browser setting, we take this as a sign that you do not want to allow these cookies, and they will be blocked.

We use the following first-party cookies on our site:

Cookies used

  • __utma stores the number of visits (for each visitor), the time of the first visit, the previous visit, and the current visit
  • __utmb and __utmc are used to check approximately how fast people leave: when a visit starts, and approximately ends
  • __utmz records whether the visitor came from a search engine (and if so, the search keyword used), a link, or from no previous page (e.g. a bookmark)
  • __utmt indicates the type of request, which is one of: event, transaction, item, or custom variable
  • __utmv is used for user-custom variables in Analytics

Please note that this privacy policy is subject to change from time to time. It was last reviewed in October 2021. If there are any major changes to our privacy policy then these will be communicated to you.

Service Animals™ Data Processing

Introduction

In the course of carrying out our business activities relating to Service Animals, we collect information from a range of sources and generate a substantial volume of data that is retained electronically. This is stored on Amazon Web Services (AWS) in a datacentre situated in London (UK). Appropriate retention of data is necessary for our operational performance and is required to fulfil our range of client services. However, the retention of data can lead to unnecessary and excessive use of electronic space, and indefinite retention of personal data can breach the EU General Data Protection Regulations (EU 2018), Data Protection Act (UK 2018) and UK General Data Protection Regulations (UK 2021). Failure to comply with regulations can lead to significant financial penalties from the Information Commissioner’s Office and other EU based regulatory authorities. It is therefore essential that SignalCX has appropriate systems and processes in place for the preservation and timely disposal of documents and records in line with business requirements and relevant legislation.

Purpose

This policy sets out SignalCX’s approach to managing its information to ensure that records and documents are preserved in line with business and legislative requirements and that data is not retained for periods of time that are longer than necessary.

Scope

This Data Retention Policy specifically applies to: all staff, volunteers, consultants, contractors, trustees and, as appropriate, partnership organisations, partner staff and third parties of SignalCX. All records that are created, handled, stored, or processed by SignalCX, electronically (soft copy) form or physically (hard copy) when the physical document forms part of a structured filing system. All those people or groups to whom this policy applies are, as appropriate, aware of this policy.

Data Storage

For the purpose of this document, the term ‘Data’ pertains to Company and Individual data. All company and individual customer data is stored on a secure AWS server to ensure that applicable security, backup, retention and disposal controls can be carried out. All said controls have been applied programmatically against pre-defined time periods for each type of data.

Access to all data will be available to the datas parent customers for a period of time outlined in the contract said company has in place with SignalCX. This period of time will only be as long as is reasonable to fulfil the contractual requirements with the client, will not be excessive and the data subject’s right to erasure will be recognised and actioned in accordance with appropriate data protection legislation regardless of any contractually stated periods of time. Data records may be extracted by SignalCX for analysis or processing purposes and also stored temporarily in a secure location for the period of time required to do so. Any extracted data will be erased immediately after use.

Data Archiving

Automated Electronic Records Archive – Individual participant data will be automatically transferred to an electronic archive after a period of 13 months and 1 day from which it has entered the SignalCX database. This data will remain in archive for 2 years and one day. Archived files may be accessed in read-only format by SignalCX and will no longer be directly accessible by customers. Data may be requested by customers upon written request during the period of time that it is held in archive.

Anonymisation & Disposal

SignalCX will maintain a record of non-personalised aggregated data on past individual participant customers in its CRM system to enable business planning and insight. To enable this, data will be ‘anonymised’, such that they cannot be identified within the dataset after a period of 2 years and one day after being transferred to the electronic archive. At this stage, the Personally Identifiable Information (PII) will be erased permanently without backup and as such, will not be retrievable by any means.

Right To Be Forgotten

As per EU and UK GDPR guidelines, participants have the right at any stage to be removed from the system. In an instance where a participant wishes their data to be removed, they can request this by email to serviceanimals@signal.cx. The removal request will be actioned in the quickest time possible and the participant will no longer receive communications from Labinah Management Training Ltd t/a SignalCX. Deleted profiles cannot be retrieved but individuals that have been removed can sign up to start a new profile at any time. Individual participants may be also readded to the system if requested by the Company with whom Labinah Management Training Ltd t/a SignalCX have a contract. Labinah Management Training Ltd t/a SignalCX cannot be held responsible should this situation occur.

Get in touch

Thank you. We’ll bee (see what we did there) in touch with you shortly