This privacy notice describes how and why we process your personal information. Your privacy is very important to us, and we are committed to using your personal information lawfully and protecting your privacy.
Cyferd LTD (“we”, “our”, “us”, or “Cyferd”) is committed to protecting your personal information when you are using Cyferd services, Cyferd products or Cyferd software. Cyferd Ltd. is a private limited company (with company number 12184449) registered at 128 City Road, London, United Kingdom, EC1V 2NX.
02. Who are we?
Cyferd is a UK company with offices in the UK only. Whilst we do have clients from all over the world, this policy is intended to comply with UK/EU requirements only. If you are outside of the UK and/or EU, and you have any concerns, please do not hesitate to contact us for more information about how we can help you.
03. What information will Cyferd collect about me?
When you participate in, access or sign up to any of Cyferd services, activities or online content, such as newsletters, competitions, live chats, message boards, telephone or text Cyferd, vote, donate money to a Cyferd charity appeal, register to attend for a Cyferd event or create an account using Cyferd online registration systems we may receive personal information about you.
This can consist of information such as your name, email address, postal address, telephone or mobile number, confirmation of adult age, or date of birth, depending on the activity.
By submitting your details, you enable Cyferd (and where applicable its contractors) to provide you with the services, activities, or online content you select.
Please note that sometimes we will require you to provide additional personal information, and sometimes sensitive personal information (e.g., if you’re sending in an application to be a contractor for a secure site we may need to know and collect data your political leanings and personal circumstances). When we do this, we will provide further information as to why we are collecting your information and how we will use it.
We will only collect, hold, use and/or process (together “process”) your personal information where we are legally allowed to do so. Cyferd will keep an inventory of all personal data that the Company processes. We will ensure that your personal information is:
We may rely on the following lawful reasons when we collect and use personal data to operate our business and provide our products and services:
Where we process your personal information for contractual performance. This includes:
We may rely on legitimate interests based on our evaluation that the processing is fair, reasonable and balanced. These include:
Where we rely solely on your consent to process your personal information
There may be circumstances where we need to, or are required to, obtain and/or rely upon your consent to process your personal information. If this is the case, we will give you:
04. How will Cyferd use the information it collects about me?
Cyferd will use your personal information for a number of purposes including the following:
05. When will Cyferd contact me?
Cyferd may contact you:
Relevant webpages will give you detailed information about how Cyferd will contact you in relation to specific services, activities, or on-line content.
06. Will I be contacted for marketing purposes?
Cyferd will only use your non-business, personal information provided by you for marketing purposes, or to promote new services, activities, or on-line content where you have agreed to this.
07. Will Cyferd share my personal information with anyone else?
We will keep your information confidential except where disclosure is required or permitted by law (for example to government bodies and law enforcement agencies) or as described in section 8 below. Generally, we will only use your information within, however, sometimes Cyferd uses third parties to process your information on our behalf. Cyferd requires these third parties to comply strictly with its instructions and Cyferd requires that they do not use your personal information for their own business purposes, unless you have explicitly consented to the use of your personal information in this way. We will never sell your information to a third party.
We will only share your information with a third party or transfer your data outside of the UK / EU if we need to. Where we do this, we will comply with all of our legal obligations, and we ensure that there are adequate protections in place to protect your information.
If we need your consent, we will:
You will be able to easily withdraw your consent in the same way in which you gave it.
Where we rely on a different lawful basis, such as ‘legitimate interests’ or ‘contractual’, we will do so only to the extent permitted by such lawful basis.
If you access our service using your NHS Care Identity credentials, the identity access and management services are managed solely by NHS Digital. NHS Digital is the controller for any information (personal or otherwise) that you have provided to NHS Digital in order to receive a national digital identity and to authenticate your claim to that identity. NHS Digital uses that personal information solely for that single purpose. For any personal information, Cyferd’s role is simply that of a processor only and we must act under the instructions as provided by NHS Digital (as the controller) when verifying your identity. To see NHS Digital’s Privacy notice and Terms and Conditions, please click [https://digital.nhs.uk/services/nhs-care-identity-service-2].
08. Offensive or inappropriate content on Cyferd websites
If you post or send offensive, inappropriate, or objectionable content anywhere on or to Cyferd websites or otherwise engage in any disruptive behaviour on any Cyferd service, Cyferd may use your personal information to stop such behaviour.
Where Cyferd reasonably believes that you are, or may be, in breach of any applicable laws (e.g., because content you have posted may be defamatory), Cyferd may use your personal information to inform relevant third parties such as your employer, school email/internet provider or law enforcement agencies about the content and your behaviour.
09. What if I am a user aged 16 or under?
Cyferd’s policy is not to engage with, nor keep information on persons under 16 years of age. If you are aged 16 or under, please ensure your parent or guardian provides any personal information to Cyferd on your behalf, clearly stating the purpose for sharing such information. Only where it is necessary to comply with the law will such information be recorded and kept.
10. How long will Cyferd keep my personal information?
We will hold your personal information on our systems for as long as is necessary for the relevant activity, or as long as is set out in any relevant contract you hold with Cyferd, or Cyferd corporate retention schedule (a database that defines which documents should be kept and for how long). If your circumstances change, a flag goes on the database and, while Cyferd cannot use the personal information, it stays on the system for a period of one year for administrative purposes before being deleted automatically.
Where you contribute material to Cyferd, we will generally only keep your content for as long as is reasonably required for the purpose(s) for which it was submitted.
Cyferd, as brokers of contemporary thought, also has an obligation to record snapshots of history which may include some User Generated Content i.e., content provided by the public. Therefore, some content submitted to, or shared with Cyferd, may be retained for prolonged periods of time or potentially indefinitely in Cyferd Archives, which is true of news contributions which are published. There may also be rare instances where we will share your contribution with third parties in the interests of maintaining archives. Where possible, we will endeavour to inform you as soon as possible, or let you know at a later date where we are likely to keep content indefinitely.
11. Can I find out what personal information Cyferd holds about me?
12. What if I am accessing Cyferd websites outside the UK?
14. How do we secure your personal data?
We place a great deal of importance on the security of all personal information. We have in place appropriate technical and security measures which are reviewed routinely. Our approach to information security is validated by our internal security audit performed by the Head of Technology.
15. Your rights; including your right to object and right to withdraw consent
We respect and place significant importance on your rights. The recently adopted EU General Data Protection Regulations outline your rights, and provide further information in relation to those rights and details what we must and will do, and/or when you wish to exercise your rights. In summary, your rights include the right to:
If you wish to object or to withdraw consent, you may contact us through one of the methods detailed below in section 16. In addition, where we have sent you a marketing email, we will have provided an ‘unsubscribe’, ‘set your preferences’ or ‘opt-out’ link which you can use to stop any future marketing communications.