Codestone Group (which includes Codestone Solutions Limited and Codestone Group Limited, together referred to as ‘we’ and ‘us’) collects, uses and is responsible for certain personal information about you. When we do so, we are regulated under the General Data Protection Regulation which applies across the European Union (including in the United Kingdom) and we are responsible as ‘controller’ of that personal information for the purposes of those laws.

Information collected by us

When you:

• visit our website (information is collected using cookies);
• interact with us using social media;
• request information on our products and services;
• complete online forms (including call back requests);
• register to use or access any websites / applications / services we make available (or when you update those details);
• place an order;
• use our products and services;
• make customer enquiries;
• when you respond to communications from us (such as questionnaires or surveys) or contact us offline (such as by telephone, fax, SMS, email or post); or
• call us or participate in chat sessions that are recorded;

we collect the following personal information when you provide it to us:

• email address;
• name;
• company address;
• company telephone number; and
• mobile telephone number.

In relation to billing and finance matters related to customers and suppliers, in addition to the above, we also collect the following personal information when you provide it to us:

• bank details.

When you submit a job application or make recruitment enquiries, we collect the following personal information when you provide it to us:

• email address;
• name;
• home, mobile or other contact telephone number; and
• date of birth.

We do not knowingly collect personal information from individuals under 18 years without parental consent. If you become aware that an individual under 18 years of age has provided us with Personal Data without parental consent, please contact our Data Protection Officer (see ‘How to contact us’ below). If we become aware that an individual under 18 has provided us with personal information without parental consent, we will take steps to remove the data as permitted by law.

Information collected from other sources

From time to time we may obtain certain data about you from third-party or publicly available sources (such as public databases, social media platforms, third party data providers and our joint marketing partners) to help us provide and improve our services, to enhance our ability to provide relevant marketing, advertising and content to you and to provide you with more relevant products, features and services. We take steps to ensure that such third parties are legally permitted or required to disclose such information to us. Examples of the information we may receive from other sources include email address, name, company address, company telephone number and mobile telephone number.

We may combine your personal information with data we obtain from our services, other users, or third parties to enhance your experience and improve our services.

How we use your personal information

We use your personal information to:

• provide any information and services that you have requested or any services that you have ordered;
• process an order you have made, carry out or exercise our rights and obligations arising from any orders and notify you of progress or of any issues in fulfilling your order;
• compare information for accuracy and to verify it with third parties;
• manage and administer your use of products and services you have asked us to provide;
• manage our relationship with you (for example, customer services and support and after sales support services);
• provide, maintain, protect and improve any products, services and information that you have requested from us;
• monitor, measure, improve and protect our content, website, applications and services and provide an enhanced, personal, user experience for you;
• provide you with any information that we are required to send you to comply with our regulatory or legal obligations;
• detect, prevent, investigate or remediate, crime, illegal or prohibited activities or to otherwise protect our legal rights (including liaison with regulators and law enforcement agencies for these purposes);
• contact you to see if you would like to take part in our customer research (such as feedback on your use of our applications, products and services);
• deliver targeted advertising, marketing or information to you which may be useful to you, based on your use of our products and services;
• respond to complaints or account enquiries;
• monitor and undertake analysis based on previous requests or your use of our products and services and to contact you with information on new developments, products, services and special offers which we feel may be of interest to you (based on your expressed preferences);
• to improve the quality of our services in case of recorded telephone calls or chat sessions.

Who we share your personal information with

We will share personal information with:

• any company within the Codestone Group, for the purposes set out in this Privacy Notice;
• our service providers and agents (including their sub-contractors) or third parties which process information on our behalf (e.g. internet service and platform providers, payment processing providers and those organisations we engage to help us send communications to you) so that they may help us to provide you with the products, services and information you have requested or which we believe is of interest to you;
• partners, including resellers, value-added reseller and independent software vendors that may help us to provide you with the products, services and information you have requested or which we believe is of interest to you;
• third parties where you have a relationship with that third party and you have consented to us sending information (for example social media sites or other third party application providers);
• third parties for marketing purposes (e.g. our partners and other third parties with whom we work and whose products or services we think will interest you in the operation of your business activities. For example, software and services providers that provide business solutions);
• law enforcement or other authorities if required by applicable law;
• credit reference and fraud prevention agencies;
• regulators to meet our legal and regulatory obligations;
• any third party in the context of actual or threatened legal proceedings, provided we can do so lawfully (for example in response to a court order);
• our own professional advisors and auditors for the purpose of seeking professional advice or to meet our audit responsibilities;
• another organisation if we sell or buy (or negotiate to sell or buy) any business or assets;
• another organisation to whom we may transfer our agreement with you; and

Some of those third party recipients may be based outside the European Economic Area — for further information, see ‘Transfer of your information out of the EEA’.

We will not share your personal information with any other third party.

Whether information has to be provided by you, and if so why

The provision of your information (information such as your name, email address, company address, company telephone number and mobile telephone number) is required from you to enable us to correspond with you with regards to any contractual requirements or enquiries, or a requirement relating to entering into a contract with us or in order to progress a recruitment enquiry. We will inform you at the point of collecting information from you, whether you are required to provide the information to us.

How long your personal information will be kept

Where we are processing and using your personal information as permitted by law or with your consent, we will store your personal information:

• only for as long as is required to fulfil the purposes for which the information has been collected and afterwards for as long as is necessary and relevant for our legitimate business purposes; or
• until you object to our use of your personal information (where we have a legitimate interest in using your personal information), or
• until you withdraw your consent (where you consented to us using your personal information).

However, where we are required by applicable law to retain your personal information for a longer period or where your personal information is required for us to assert or defend against legal claims, we will retain your personal information until the end of the relevant retention period or until the claims in question have been settled.

Where we no longer need your personal information, we will dispose of it in a secure manner (without further notice to you).

Legal Basis for processing

We collect and process your personal data for a variety of different purposes as set out in this Privacy Notice. We collect and use your personal information under the following lawful basis:

• Contractual – because you have asked us to do something before entering into a contract (e.g. provide a quote), where our use of your information is necessary for us to fulfill our contractual obligations to you, contacting you in relation to any issues with your order or use of the services, in relation to the provision of the Services, or where we need to provide your personal information to our service providers related to the provision of the Services.
• Legitimate Interest – where our use of your information is for the purposes of our legitimate interests and we have made sure that your information, and your rights in relation to that information, are protected. Examples of where we may rely on this legal basis is:
  • for recruitment purposes,
  • to ensure network and information security;
  • to develop and improve our products or services (to help find out what information, products and services are most likely to interest you and to send or show you information and offers for these products or services);
  • to communicate with you regarding the Services, including to provide you important notices regarding changes to our terms and to address and respond to your requests, inquiries, and complaints.
  • to send you surveys in connection with our services.
  • to enforce our terms or this Privacy Notice, or agreements with third parties.
  • to assist in the investigation of suspected illegal or wrongful activity, and to protect and defend our rights and property, or the rights or safety of third parties.
• Legal Obligation – where we believe it is necessary to use your information to comply with laws, regulators, court orders, or other legal obligations to which we are subject, or pursuant to legal process.

Consent – where we have your consent. Where we rely on consent to use your information, you have the right to withdraw that consent at any time by contacting our Data Protection Officer (see ‘How to contact us’ below), provided that we are not required by applicable law or professional standards to retain such information. If you want to stop receiving future marketing messages and materials, you can do so by clicking the “unsubscribe” link included in our email marketing messages.

Where permitted by applicable law, we may transfer your personal information outside of the European Economic Area (EEA) where the transfer is:

• made with your informed consent;
• necessary for the performance of a contract between you and us or for pre-contractual steps taken at your request; or
• necessary for the performance of a contract made in your interests between us and a third party.

If you would like further information, please contact our Data Protection Officer (see ‘How to contact us’ below). We will not otherwise transfer your personal data outside of the EEA or to any organisation (or subordinate bodies) governed by public international law or which is set up under any agreement between two or more countries.

Cookies enable us to identify your device, or you when you have logged in. We use cookies that are strictly necessary to enable you to move around the site or to provide certain basic features. We also use cookies to help us to improve the performance of our website to provide you with a better user experience.

We do not use cookie information for any targeted marketing and we do not sell the information collected by cookies, nor do we disclose the information to third parties.

You may be able to configure your browser or our website, application or service to restrict cookies or block all cookies if you wish, however if you disable cookies you may find this affects your ability to use certain parts of our website, applications or services. For more information about cookies and instructions on how to adjust your browser settings to accept, delete or reject cookies, see the www.allaboutcookies.org website.

Under the General Data Protection Regulation you have a number of important rights free of charge. In summary, those include rights to:

• fair processing of information and transparency over how we use your use personal information;
• access to your personal information and to certain other supplementary information that this Privacy Notice is already designed to address. If you request a copy of your information you may be required to pay a statutory fee;
• require us to correct any mistakes in your information which we hold;
• require the erasure of personal information concerning you in certain situations;
• receive the personal information concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations;
• object at any time to processing of personal information concerning you for direct marketing;
• object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you;
• object in certain other situations to our continued processing of your personal information;
• otherwise restrict our processing of your personal information in certain circumstances.

For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals rights under the General Data Protection Regulation.

If you would like to exercise any of those rights, please:

• email, call or write to our Data Protection Officer (see ‘How to contact us’ below). ;
• let us have enough information to identify you;
• let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill); and

let us know the information to which your request relates.

We have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

We hope that our Data Protection Officer can resolve any query or concern you raise about our use of your information.

The General Data Protection Regulation also gives you the right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns/ or telephone: 0303 123 1113.

This privacy notice was published on 16^th May2022 and last updated on 3^rd May 2022.

We may change this Privacy Notice from time to time. We will always update this Privacy Notice on our website, so please try to read it when you visit the website.

If we make material changes to this Privacy Notice, we will notify you either by prominently posting a notice of such changes prior to implementing the changes or by directly sending you a notification. We encourage you to review this Privacy Notice frequently to be informed of how we are collecting, using, retaining, protecting, disclosing, and transferring your information.

Please contact our Data Protection Officer if you have any questions about this privacy notice or the information we hold about you.

If you wish to contact our Data Protection Officer, please send an email to [email protected], write to Data Protection Officer, Codestone Group, 2 Nuffield Road, Poole, Dorset, BH2 0RB or call 0370 334 4000.