POLICIES

This privacy notice describes how and why we process your personal information. Your privacy is very important to us, and we are committed to using your personal information lawfully and protecting your privacy.

Cyferd Ltd (“we”, “our”, “us”, or “Cyferd”) is committed to protecting your personal information when you are using Cyferd services, Cyferd products or Cyferd software. Cyferd Ltd. is a private limited company (with company number 12184449) registered at 128 City Road, London, United Kingdom, EC1V 2NX. 
We want our services to be safe and enjoyable environments for our clients. This Privacy Policy relates to our use of any personal information you provide, for example, via phone or text, by email, online, or in letters or correspondence. In order to provide you with the full range of Cyferd services, we sometimes need to collect information about you.

01. This Privacy Policy explains the following:

Cyferd is committed to safeguarding your personal information. Whenever you provide such information, we will use your information in line with the laws of England and Wales concerning the protection of personal information, including, but not limited to, the Data Protection Act 1998, Data Protection Act 2018, and General data Protection Regulations introduced on 25th May 2018, (these laws are referred to collectively in this Privacy Policy as the “data protection laws”).Where applicable, we will take into consideration the privacy laws of the relevant jurisdiction. Where applicable, we also maintain records of our processing activities, ensuring that our obligations under Article 30 of the GDPR and Schedule 1 of the Data Protection Act 2018 are met.

Cyferd websites may contain hyperlinks to websites owned and operated by third parties. These third-party websites have their own privacy policies, and are also likely to use cookies, and we, therefore, urge you to review them. The aforementioned third-party privacy policies will govern the use of personal information you submit, which may also be collected by cookies whilst visiting these websites. We do not accept any responsibility or liability for the privacy practices of such third-party websites and your use of such websites is at your own risk.

02. Who are we?

Cyferd is a UK company with offices in the UK only. Whilst we do have clients from all over the world, this policy is intended to comply with UK/EU requirements only. If you are outside of the UK and/or EU, and you have any concerns, please do not hesitate to contact us for more information about how we can help you.

03. What information will Cyferd collect about me?

When you participate in, access or sign up to any of Cyferd services, activities or online content, such as newsletters, competitions, live chats, message boards, telephone or text Cyferd, vote, donate money to a Cyferd charity appeal, register to attend for a Cyferd event or create an account using Cyferd online registration systems we may receive personal information about you.

This can consist of information such as your name, email address, postal address, telephone or mobile number, confirmation of adult age, or date of birth, depending on the activity.

By submitting your details, you enable Cyferd (and where applicable its contractors) to provide you with the services, activities, or online content you select.

Please note that sometimes we will require you to provide additional personal information, and sometimes sensitive personal information (e.g., if you’re sending in an application to be a contractor for a secure site we may need to know and collect data your political leanings and personal circumstances). When we do this, we will provide further information as to why we are collecting your information and how we will use it.

Cyferd also uses cookies (see our Cookie Policy here for details) and collects IP addresses (an IP address is a number that can uniquely identify a specific computer or other network devices on the internet) from visitors to Cyferd websites.

We will only collect, hold, use and/or process (together “process”) your personal information where we are legally allowed to do so. Cyferd will keep an inventory of all personal data that the Company processes. We will ensure that your personal information is:

• Processed lawfully, fairly and transparently;

• Collected for specific, explicit and legitimate purposes;

• Adequate, relevant and limited to what is necessary for the purpose of the processing;

• Kept accurate and up to date;

• Only kept for so long as is necessary;

• Processed securely using reasonable and appropriate technical and organisational measures to ensure integrity and confidentiality.

We may rely on the following lawful reasons when we collect and use personal data to operate our business and provide our products and services:

Contractual performance:

Where we process your personal information for contractual performance. This includes:

• Enabling us to take steps you request prior to us entering into a contract, and then;

• Once we have entered into a contract, to enable us to perform the contract and to provide you with the products and services. We will process your personal information in accordance with the contract.

Legitimate interests:

We may rely on legitimate interests based on our evaluation that the processing is fair, reasonable and balanced. These include:

• Delivering services to our clients – to deliver the professional services our clients have engaged us to provide; and

• Direct marketing – to deliver timely market insights and speciality knowledge we believe is welcomed by our business clients, subscribers and individuals who have interacted with us. Where we process your personal information for our interests we will do so only where we have carefully considered both our and your interests. We will not process your personal information if our interests are overridden by your interests or fundamental rights and freedoms.

Consent:

Where we rely solely on your consent to process your personal information 
There may be circumstances where we need to, or are required to, obtain and/or rely upon your consent to process your personal information. If this is the case, we will give you:

• The reason for needing your consent, including details as to how we will process your information;

• The choice as to whether to provide consent;

• Information to enable you to withdraw your consent.

04. How will Cyferd use the information it collects about me?

Cyferd will use your personal information for a number of purposes including the following:

• to provide our services, activities, or online content and to deal with your requests and enquiries;

• for service administration purposes, which means that Cyferd may contact you for reasons related to the service, activity, or online content you have signed up for, as set out in section 5 below (e.g., to provide you with password reminders or to notify you that a particular service, activity, or online content has been suspended for maintenance);

• to contact you about a submission you have made, including any content you provide;

• to provide you with information about our services, activities, or online content;

• to personalise the way Cyferd content is presented to you (e.g., if the first thing you look at every day on Cyferd’s website is our news feed, we may present this information or a link to it on your homepage);

• to use IP addresses to identify the location of users, to block disruptive use, to establish the number of visits from different countries and to determine whether you are accessing the services from the UK or not. If not, you may be re-directed to a more appropriate e.g., international versions of our web pages (see section 12 for details);

• to analyse and improve the services offered on Cyferd websites;

• to provide you with the most user-friendly navigation experience. Cyferd may also use and disclose information in aggregate (so that no individuals are identified) for marketing and strategic development purposes;

• when you access Cyferd website from outside the UK, you may see international-based web pages which may feature advertising. A certain amount of this advertising is tailored to the individual user and location;

• Cyferd uses web tracking cookies to work out what advertising might be most relevant to you based on the pages you look at on the Cyferd website and other Cyferd worldwide pages, and your IP address information. This is a practice widely used by other major web publishers and is known as “onsite behavioural targeting”. The tracking system is anonymised and therefore it does not know who you are. See our Cookie Policy for further details;

• Where Cyferd proposes using your personal information for any other uses we will ensure that we notify you first. You will also be given the opportunity to withhold or withdraw your consent for the use of your personal information for purposes other than those listed above.

05. When will Cyferd contact me?

Cyferd may contact you:

• in relation to any service, activity, or on-line content you have signed up for in order to ensure that Cyferd can deliver the services to you;

• in relation to any correspondence we receive from you or any comment or complaint you make about Cyferd products or services;

• in relation to any contribution you have submitted to Cyferd, e.g. on Cyferd message boards or via text or voice mail message;

• to invite you to participate in surveys about Cyferd services (participation is always voluntary);

• for marketing purposes, either where we have legitimate reason to do so, or you have specifically agreed to this (see section 6 below).

Relevant webpages will give you detailed information about how Cyferd will contact you in relation to specific services, activities, or on-line content.

06. Will I be contacted for marketing purposes?

Cyferd will only use your non-business, personal information provided by you for marketing purposes, or to promote new services, activities, or on-line content where you have agreed to this.

07. Will Cyferd share my personal information with anyone else?

We will keep your information confidential except where disclosure is required or permitted by law (for example to government bodies and law enforcement agencies) or as described in section 8 below. Generally, we will only use your information within, however, sometimes Cyferd uses third parties to process your information on our behalf. Cyferd requires these third parties to comply strictly with its instructions and Cyferd requires that they do not use your personal information for their own business purposes, unless you have explicitly consented to the use of your personal information in this way. We will never sell your information to a third party.

We will only share your information with a third party or transfer your data outside of the UK / EU if we need to. Where we do this, we will comply with all of our legal obligations, and we ensure that there are adequate protections in place to protect your information.

If we need your consent, we will:

• explain why we need to share your personal information;

• explain the purpose for which we will be sharing it;

• provide you with details of the third-party;

• obtain your explicit consent for such disclosure.

You will be able to easily withdraw your consent in the same way in which you gave it.

Where we rely on a different lawful basis, such as ‘legitimate interests’ or ‘contractual’, we will do so only to the extent permitted by such lawful basis.

If you access our service using your NHS Care Identity credentials, the identity access and management services are managed solely by NHS Digital. NHS Digital is the controller for any information (personal or otherwise) that you have provided to NHS Digital in order to receive a national digital identity and to authenticate your claim to that identity. NHS Digital uses that personal information solely for that single purpose. For any personal information, Cyferd’s role is simply that of a processor only and we must act under the instructions as provided by NHS Digital (as the controller) when verifying your identity. To see NHS Digital’s Privacy notice and Terms and Conditions, please click [https://digital.nhs.uk/services/nhs-care-identity-service-2]. 

Any personal information that you provide to us separately, will be managed in accordance with the terms of our Privacy Policy.

08. Offensive or inappropriate content on Cyferd websites

If you post or send offensive, inappropriate, or objectionable content anywhere on or to Cyferd websites or otherwise engage in any disruptive behaviour on any Cyferd service, Cyferd may use your personal information to stop such behaviour.

Where Cyferd reasonably believes that you are, or may be, in breach of any applicable laws (e.g., because content you have posted may be defamatory), Cyferd may use your personal information to inform relevant third parties such as your employer, school email/internet provider or law enforcement agencies about the content and your behaviour.

09. What if I am a user aged 16 or under?

Cyferd’s policy is not to engage with, nor keep information on persons under 16 years of age. If you are aged 16 or under, please ensure your parent or guardian provides any personal information to Cyferd on your behalf, clearly stating the purpose for sharing such information. Only where it is necessary to comply with the law will such information be recorded and kept.

10. How long will Cyferd keep my personal information?

We will hold your personal information on our systems for as long as is necessary for the relevant activity, or as long as is set out in any relevant contract you hold with Cyferd, or Cyferd corporate retention schedule (a database that defines which documents should be kept and for how long). If your circumstances change, a flag goes on the database and, while Cyferd cannot use the personal information, it stays on the system for a period of one year for administrative purposes before being deleted automatically.

Where you contribute material to Cyferd, we will generally only keep your content for as long as is reasonably required for the purpose(s) for which it was submitted.

Cyferd, as brokers of contemporary thought, also has an obligation to record snapshots of history which may include some User Generated Content i.e., content provided by the public. Therefore, some content submitted to, or shared with Cyferd, may be retained for prolonged periods of time or potentially indefinitely in Cyferd Archives, which is true of news contributions which are published. There may also be rare instances where we will share your contribution with third parties in the interests of maintaining archives. Where possible, we will endeavour to inform you as soon as possible, or let you know at a later date where we are likely to keep content indefinitely.

11. Can I find out what personal information Cyferd holds about me?

Under the Data Protection Act, and General Data Protection Regulations (GDPR) you have the right to request a copy of the personal information Cyferd holds about you. We will use reasonable efforts to supply, correct or delete personal information about you on our files in accordance with the regulations. Please address requests and questions about this or any other questions about this Privacy Policy to the Data Protection Officer, via email  info@cyferd.com or to the address at the end of this policy.

12. What if I am accessing Cyferd websites outside the UK?

Cyferd website is published in the UK by Cyferd as www.cyferd.com. The website, (www.cyferd.com), is also made available to international users accessing the website from outside the UK (and EU). All personal information submitted by non-UK citizens will be processed in accordance with this Privacy Policy as if the person was in the UK.

13. Changes to Cyferd’s Privacy Policy

This Privacy Policy may be updated from time to time so you may wish to check it each time you submit personal information to Cyferd. The date of the most recent revisions will appear on this page. If you do not agree to these changes, please do not continue to use Cyferd’s website(s) to submit personal information to Cyferd. If material changes are made to the Privacy Policy, we will notify you by placing a prominent notice on the website.

14. How do we secure your personal data?

We place a great deal of importance on the security of all personal information. We have in place appropriate technical and security measures which are reviewed routinely. Our approach to information security is validated by our internal security audit performed by the Head of Technology.

15. Your rights; including your right to object and right to withdraw consent

We respect and place significant importance on your rights. The recently adopted EU General Data Protection Regulations outline your rights, and provide further information in relation to those rights and details what we must and will do, and/or when you wish to exercise your rights. In summary, your rights include the right to:

• Basic information (such as our identity, or that of the controller if not us, the reason and basis on which we process your personal data, together with as much information to ensure fairness and transparency) and to be informed;

• Object: to object to processing of personal data where such is done by us in certain circumstances, for example for our legitimate interests or direct marketing;

• Withdraw consent: to withdraw your previously given consent;

• Access: to be aware of and verify the lawfulness of the processing;

• Rectification: to correct personal data if it is inaccurate or incomplete;

• Erasure:  to request the removal or deletion of personal data;

• Restrict processing:  to restrict the processing of personal data;

• Data portability:  to obtain and reuse personal data;

• Be aware of any automated decision-making or profiling, and to request such is restricted.

If you wish to object or to withdraw consent, you may contact us through one of the methods detailed below in section 16. In addition, where we have sent you a marketing email, we will have provided an ‘unsubscribe’, ‘set your preferences’ or ‘opt-out’ link which you can use to stop any future marketing communications.

16. Contacting Cyferd about this Privacy Policy

If you have any questions or comments about this Privacy Policy, please contact:

Cyferd

128 City Road
London
EC1V 2NX
UK

Attn: The Data Protection Officer 
Or email: info@cyferd.com

Updated 08/08/2022