This Privacy Notice explains how Core Ldn Limited collects and processes your information.
How does Core Ldn Limited collect and process information about you and who is responsible for it?
Core Ldn Limited may collect and process information about you from several sources which are outlined here.
When you enter your information on a contact form on our website. The data controller for this data is Core Ldn Limited.
When you enter your information into a newsletter subscription form. The data controller for this data is Core Ldn Limited.
When information is received through networking activity by a staff member from Core Ldn Limited with information about yourself or your company and where it is understood there is a legitimate interest in receiving production services from the Core Ldn Limited. The data controller for this information is Core Ldn Limited.
When your company or employing company enters into a client agreement with Core Ldn Limited and provides information about you to Core Ldn Limited for the purposes of receiving production services. In this case, only information about you that is relevant to the delivery of these services should be shared by your employer with Core Ldn Limited. The data controller for this information is your company or employing company. The business Core Ldn Limited is a sub-processor.
When you submit personal information, a CV or other application information to Core Ldn Limited for the purposes of recruitment, Core Ldn Limited is the data controller. Core Ldn Limited will process your information in accordance with the purpose for which it was submitted only. From time to time, Core Ldn Limited may use recruitment companies or similar third parties to support them with recruitment activity. In such circumstances, the data privacy notice for the third party recruitment company will be available through their own website.
What sort of information about you is being collected and processed by the Core Ldn Limited?
In line with the expectations of the Data Protection Act (2018) and the GDPR regulations, we only collect necessary information that is required to allow us to promote and deliver our services fairly and effectively.
How can you find out what information Core Ldn Limited holds about you?
Under the Data Protection Act (2018) and European GDPR regulations, any person about whom organisations hold data (a ‘data subject’) is allowed to request a copy of that information. This is called a Subject Access Request (‘SAR’).
There is guidance for individuals who want to make a Subject Access Request on the website of the regulator, the Information Commissioners Office (‘ICO’) (https://ico.org.uk) and it is strongly recommended that you review this guidance before submitting your request to avoid any delays.
There is also information on this site about requirements for SARs for both the requesting and responding parties, and who SARs should be sent to.
If you wish to make a subject access request to the Core Ldn Limited, these should be submitted to the Head of Operations by email to firstname.lastname@example.org or by post to:
The Head of Operations
Core Ldn Limited
215 – 223
Borough High Street
Why is Core Ldn Limited collecting and processing your information?
We collect and process information about you for several purposes depending on the context of the information and how it was collected:
to analyse website usage so we can determine how we can make improvements and if you subscribe to our newsletter, to email you about other directly related products and services we think may be of interest to you based on our understanding of your legitimate interest.
to personalise your repeat visits to our website. If you submit your information on a contact form with interest in accessing production Services through Core Ldn Limited then we will use that information to contact you to offer you products and services.
to survey contacts about activity directly related to Core Ldn Limited marketing activity, service delivery or directly related projects undertaken by Core Ldn Limited.
to provide outsourced production services to your company or employing company in line with client agreements made with the company.
to provide recruitment services to its client companies for which you have submitted your data for the purposes of/in relation to an application for employment.
If you provide your information to us through this website, we would consider this to mean you have a legitimate interest in our services, and that you are happy to be contacted in relation to those services, and that you are happy for us to share this with our relevant data sub-processors outlined below in order for our services to be delivered to you.
How long is your information kept, and can you make sure it is accurate?
Core Ldn Limited must retain some information for periods in line with regulatory or legislative requirements. If there is no regulatory or legal requirement to retain your information, then it will be kept until one of the following is true:
You request for your data to be erased (see section below) and this can be legally fulfilled.
The data is known to be or is suspected to be invalid/inaccurate by Core Ldn Limited.
The data is known to be or is suspected to be no longer appropriate for use for reasons of legitimate interest by Core Ldn Limited (as outlined above).
If you believe any information held by Core Ldn Limited is incorrect and wish to amend it, please contact us in writing. Please see the section at the end of this Privacy Notice about how to contact us by email or post.
Can you opt-out of marketing or request for your information to be erased?
Core Ldn Limited does not wish to undertake marketing activity towards those who do not wish to receive it, and we will always comply with a request from you to either opt-out of marketing. We will comply with a request from you for your information to be erased if it is appropriate to do so (a) in accordance with the Data Protection Act (2018) or the European GDPR requirements and (b) if there is no legitimate justification for retaining the information.
In some cases, we may not be able to agree, wholly or in part, to your request for your information to be erased if there is a legitimate requirement to keep it. An example of a legitimate requirement would be if you are an employee of a company using Core Ldn Limited for outsourced production services, and you are involved in some way with a production issue which is being delivered by Core Ldn limited. In such a case, there is a legitimate requirement to retain relevant information relating to that project in order for your employer to be able to use the final project. This may extend beyond the apparent lifespan of the project if there is a reasonable argument that the information may need to be revisited.
Use the ‘opt-out’ or ‘unsubscribe’ link in any marketing communication from Core Ldn Limited if you do not wish to be contacted with any marketing communications.
Request directly by email to email@example.com if you do not wish to be contacted with any marketing communications.
Request by email to firstname.lastname@example.org if you wish for your information to be erased (the right to be forgotten).
Contest our determination of a legitimate requirement to retain your information on a case-by-case basis. In the first instance, we ask that you contact Core Ldn Limited to obtain an explanation of that determination.
Who else is your information shared with?
In order to facilitate marketing and delivery of our services to those who have provided their information and who we believe have a legitimate interest in our business, we may share your information with specific ‘sub-processors’ with whom we have data sharing agreements. These sub processors are only involved in assisting in the delivery of projects, growing our businesses and we do not and will not sell or give away data to any third party.
Under these agreements, data may be transferred outside of the EEA but only where your rights and the rights of the data subject are protected and where that transfer is compliant with the requirements of the DPA and GDPR.
How is the data stored?
The information we collect is stored in secure cloud vaults that operate inside the EEA. This includes SugarCRM, Microsoft, Google & Act-On. All information is stored in an encrypted form. Information held by Microsoft on our behalf may be transferred outside of the EEA but only where there are appropriate protections in place and in line with GDPR guidance.
Cookies are text files placed on your computer to collect standard internet log information and visitor behaviour information. This information is used to track visitor use of the website and to compile statistical reports on website activity. You can set your browser not to accept cookies using the following instructions, although in a few cases some of our website features may not function as a result. You can configure cookie settings in your browser’s settings.
Detailed step by step guidance on how to control and delete cookies is also available from www.aboutcookies.org.
Changes to our Privacy Notice
We keep our Privacy Notice under regular review and we will place any updates on this web page.
How to contact Core Ldn Limited
If you would like to contact Core Ldn Limited in relation to any matter covered in this Privacy Notice or with queries about our website or marketing/survey activity, please email email@example.com or write to us at Core Ldn Limited, 215 – 223 Borough High Street, London, SE1 1JA