General Information about cookies
- A cookie is a small file typically consisting of a string of letters and numbers that is sent by our web server to your web browser (e.g. Chrome or Edge), and is then stored by the browser. Each time the browser requests a page from the server, it sends this small file back to the server so that the server can distinguish and track users as they navigate different pages on a website and improve the experience for returning users.
- Cookies can be either ‘session cookies ‘or ‘persistent cookies’. A session cookie will expire, be deleted, at the end of the user session, when you close your web browser. A persistent cookie will be stored by the browser and will remain valid until a set expiry date (unless you go in and manually delete it before the expiry date).
- To recognise your device when you visit our websites;
- To log on and register on our websites:
- To improve our websites’ usability;
- To analyse the use of our websites;
- To link to email marketing campaigns;
- To improve the security of our websites; and
- For the general administration of our websites.
Cookies on our website
We use both session cookies and persistent cookies on this website. Session cookies are those that delete themselves when you leave the site. Persistent cookies are those that have an expiry date after you first visit our website.
Most cookies we use are persistent cookies to give you a better experience and service, as well as making it more secure.
For your information these are the cookies active on our website
|Used to distinguish users. Persistent cookie.||2 years|
|_gid||Used to distinguish users. Persistent cookie.||24 hours|
|_gat||Used to throttle request rate. If Google Analytics is deployed via Google Tag Manager, this cookie will be named _dc_gtm_<property-id>. Persistent cookie.
|PHPSESSID||The PHPSESSID cookie is native to PHP and enables websites to store serialised state data. The PHPSESSID cookie disappears once the website and session is closed. Session cookie
|When you close the browser|
These are request that are made from a user to an external service. Despite the fact that these requests don’t set any cookies, they can still transfer privacy information to third parties.
We have the following Third-party Requests enabled on our website
|Google Adwords||Paid Advertising on Google|
|Remarketing||Serving ads to people that visited my website|
- Analytics are persistent cookies that allow us to recognise, count the number of visitors, and provide anonymous data about how our visitors use our websites.
- Using analytics cookies helps us improve the way our websites work and navigate, ensuring that users are able to find what they are looking for without difficulty. No personally identifiable data is collected about you.
- We use Google Analytical Cookies ending with: _ga, _gid, _gat
- For further information please click here https://support.google.com/analytics/answer/6004245.
Managing and Blocking cookies
- You can block some or all cookies by activating the setting on your browser. If you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our websites. This may impair your ability to fully utilise our websites.
- More information about cookies can be found on the website http://www.aboutcookies.org. This also gives details on how to delete cookies from your device. For information on how to do this on your smart mobile phone or tablet browser, please consult your device’s manual, or manufacturer.
- More information can be found here: http://docs.businesscatalyst.com/reference/misc/bc-cookies.html.
- By clicking “ACCEPT” on the cookie banner, you agree to the placement of cookies on your device, unless you actively block them. If you choose not to receive our cookies, we cannot guarantee that your experience will be as fulfilling as it would otherwise be, in fact you might not be able to access any or all of the website. Once your consent has been provided, this message will not appear again when you revisit. If you, or another user of your computer, wish to withdraw your consent at any time, you can do so by altering your browser settings.
- If you have any questions about our cookies or this cookies policy please contact us by email to firstname.lastname@example.org
Date of Policy: 24.05.18
This policy applies to all products and services provided by us and sets out how we seek to protect personal data and ensure that staff understand the rules governing their use of personal data to which they have access in the course of their work. This policy is effective from 15.05.18.
You give us your information either through this website or by any other means. We may seek to use your personal data for business purposes that may include the following:
- Acting as an administrator for the fulfillment of client prize draws & promotional activity including product sampling
- Managing some customer service via social media platforms
- Occasionally executing email campaigns on behalf of clients
- Using primary & secondary research methods to collect consumer insight to inform & support marketing strategy
- Compliance with our legal, regulatory and corporate governance obligations and good practice.
- Gathering information as part of investigations by regulatory bodies or in connection with legal proceedings or requests.
- Ensuring business policies are adhered to (such as policies covering email and internet use).
- Operational reasons, such as recording transactions, training and quality control, ensuring the confidentiality of commercially sensitive information, security vetting, credit scoring.
- Investigating complaints.
- Checking references, ensuring safe working practices, monitoring and managing staff access to systems and facilities and staff absences, administration and assessments.
- Monitoring staff conduct, disciplinary matters.
- Marketing our business.
- Improving our services through knowledge of what is used and how.
Any and all information passed to us by any third party will be treated in accordance with this policy.
This is defined as information relating to identifiable individuals, clients, suppliers, marketing contacts, job applicants, current and former employees, agency, contract and other staff.
The type of personal data we may gather might include: individuals’ contact details, educational background, financial and pay details, details of certificates and diplomas, education and skills, marital status, nationality, job title, and CV.
This is defined as personal data about an individual’s racial or ethnic origin, political opinions, religious or similar beliefs, trade union membership (or non-membership), physical or mental health or condition, criminal offences, or related proceedings. Any use of sensitive personal data will be strictly controlled in accordance with this policy.
Application of Policy
This policy applies to all of our staff and we will ensure that they are familiar with this policy and comply with its terms.
We may supplement or amend this policy by additional policies and guidelines from time to time. Any new or modified policy will be circulated to staff before being adopted.
Fair and lawful processing
We will always seek to process personal data fairly and lawfully in accordance with the rights of the individuals’. This generally means that we will not process personal data unless the individual whose details we are processing has consented to this happening.
The processing of all data must be:
- Necessary to deliver our services and the services that we deliver on behalf of our clients
- In our legitimate interests and not unduly prejudice the individual’s privacy
- In most cases this provision will apply to routine business data processing activities.
Sensitive personal data
In most cases where we process sensitive personal data we will require the data subject’s explicit consent to do this unless exceptional circumstances apply or we are required to do this by law (e.g. to comply with legal obligations to ensure health and safety at work). Any such consent will need to clearly identify what the relevant data is, why it is being processed and to whom it will be disclosed.
Accuracy and relevance
We will seek to ensure that any personal data we process is accurate, adequate, relevant and not excessive, given the purpose for which it was obtained. We will not process personal data obtained for one purpose for any unconnected purpose unless the individual concerned has agreed to this or would otherwise reasonably expect this.
Individuals may ask that we correct inaccurate personal data relating to them. If you believe that information is inaccurate you should record the fact that the accuracy of the information is disputed and inform Constantin Singureanu.
We keep personal data secure against loss or misuse. We are committed to protecting the confidentiality of your information and will take all reasonable measures to secure your information, including encryption, third party audits, access controls and security testing.
Where other organisations process personal data as a service on our behalf, Constantin will establish what, if any, additional specific data security arrangements need to be implemented in contracts with those third party organisations.
Storing data securely
- In cases when data is stored on printed paper, it will be kept in a secure place where unauthorised personnel cannot access it.
- Printed data will be shredded when it is no longer needed.
- Data stored on a computer will be protected by strong passwords.
- Constantin will approve any cloud used to store data.
- Servers containing personal data will be kept in a secure location, away from general office space.
- Data will be regularly backed up in line with the company’s backup procedures.
- Data will never be saved directly to mobile devices such as laptops, tablets or smartphones.
- All servers containing sensitive data will be approved and protected by security software and strong firewall.
Processing data in accordance with the individual’s rights
We will abide by any request from an individual not to use their personal data for direct marketing purposes and notify Constantin Singureanu (email@example.com) about any such request.
We will not send direct marketing material to anyone electronically (e.g. via email) unless they have given us positive consent to receiving our marketing material and that consent will be recorded and stored.
Being transparent and providing accessible information to individuals about how we will use their personal data is important for us. The following are details on how we collect data and what we will do with it:
What information do we collect?
- Full name and job title
- IP address and other data associated with your computer
- Demographic information eg postcode
- Additional information provided by you may include:
- Preferences and reminders
- Home address
- Telephone number
- Mobile phone number
- Date of birth
- Payment and bank account information
- Automatically generated information created while you use this website may include:
- Transactional information
- Clickstream information
- Information eg e-codes and cinema codes created as a result of using this website
How is it collected?
We may collect personal data:
- When we meet you in person
- When we speak to you by telephone
- When you correspond with us by email
- When you fill in forms and questionnaires
- When you visit our website
How will we use it?
We use the information we collect in order to understand your needs and provide you with a better service and in particular for the following purposes:
- Communicate with you and enable you to access the benefits and services of this website
- Internal record keeping
- To improve our products and services; provide relevant offers and fulfil transactions
- Protect you, provide you with customer service, prevent fraud, operate this website on your behalf and respond to your request
- To send promotional emails and updates about new products, special offers or other information we may think is of interest to you
- To contact you for market research purposes, we may contact you by email, phone or mail and we may use the information to customise the website according to your interests
Who will your information be shared with?
Your personal data is an important part of our business. We do not sell your information to third parties. We will only share your information as set out below and with your express consent. All information sharing is only done on the basis of being necessary and to fulfil legitimate business purposes. For example:
- Payment card information may be shared with payment processors to facilitate card transactions
- Bank account information may be shared with our bank to facilitate payment into your account
- Information may be shared with third parties to fulfil our role, fulfil transactions including payment information, and shipping. If further consent is required to pass your personal data to third parties, you may be contacted in order to give your positive consent for this purpose.
We may disclose your personal information to third parties in limited circumstances as follows:
- Where we engage the business services of a third party to provide services directly to us. We will carry out the necessary due diligence on any third party that we use to ensure that they fully comply with data protection regulations. Any third party will be engaged for a specific purpose and they will be strictly prohibited from using your personal data for any other purposes. If we do share your personal information we will contact you to inform you of the identity of that third party and to gain positive consent to pass your personal data to the third party specified.
We retain your data for
We will retain personal data for no longer than is necessary and in any event no longer than 1 year from the date of last usage. What is necessary will depend on the circumstances of each case, taking into account the reasons that the personal data was obtained, but will be determined in a manner consistent with our data retention guidelines.
We will also need to take into consideration any regulations that we must fulfil, for example for auditing purposes or for legitimate business purposes and may retain your information after your relationship with us has ended.
Identity and contact details of any Data Controllers are
If you would like a copy of your personal data or would like us to correct any inaccurate information held about you please contact Constantin Singureanu on firstname.lastname@example.org
We would like to send you information, from time to time about our products and services but we will only do so when we have your positive consent, which you can revoke at any time.
The personal data that we collect is subject to active consent by the data subject. This consent can be revoked at any time.
We will process personal data collected in connection with our Surveys, Newsletters and Events as a necessary legitimate interest.
Upon request, you will have the right to receive a copy of your data in a structured format. These requests will be processed within one month, provided there is no undue burden and it does not compromise the privacy of other individuals. You may also request that your data is transferred directly to another system. This will be done for free.
Right to be forgotten
You may request that any information held on you is deleted or removed, and any third parties who process or use that data must also comply with the request. An erasure request can only be refused if an exemption applies.
Privacy by design and default
Privacy by design is an approach to projects that promote privacy and data protection compliance from the start. Constantin will be responsible for conducting any Privacy Impact Assessments and ensuring that all IT projects commence with a privacy plan.
When relevant, and when it does not have a negative impact on the data subject, privacy settings will be set to the most private by default.
Data audit and register
Regular data audits to manage and mitigate risks will inform the data register. This contains information on what data is held, where it is stored, how it is used, who is responsible and any further regulations or retention timescales that may be relevant.
All members of staff have an obligation to report actual or potential data protection compliance failures. This allows us to:
- Investigate the failure and take remedial steps if necessary
- Maintain a register of compliance failures
- Notify the Supervisory Authority (SA) of any compliance failures that are material either in their own right or as part of a pattern of failures
Although we take every reasonable step to protect the information that you provide, we cannot guarantee the security or accuracy of the information that we gather. Please be assured that all our staff must observe this policy. They will monitor it regularly to make sure it is being adhered to.
If you have any questions or concerns about anything in this policy, do not hesitate to contact Constantin Singureanu.
Links to other websites
Notification of changes to this policy