CC33Global Limited, trading as CC33, is an outsourced services provider. We value the privacy of prospective and existing clients, including their customers, and are committed to protecting it as a responsible company.
Definitions
Data Controller: when CC33 is the data controller, it controls how that data will be used. CC33 is the data processor that processes data on behalf of its clients. The point of contact for this privacy statement is privacy@cc33.co.uk.
CC33 may process and store information about a prospective, current, or former client. This shall also include any agent, employee, or representative of our clients where CC33 has obtained their data from such person or organisation as part of its business relationship with our clients. CC33 may also process and store information about those applying for employment with CC33. We are registered with the ICO and are responsible for protecting this information in accordance with this privacy statement.
Data Subject: Individuals whose personal information was provided by our clients, their employees, prospective clients, and those applying for employment with CC33.
Personal Data: Any information about an identified or identifiable natural person. An identifiable natural person can be directly or indirectly identified from the information.
Sensitive Data: Medical records, race, religion, sexuality, and political or trade union membership.
Third-Party: Any individual or entity that is neither CC33 nor an employee, agent, contractor, or representative.
Data Processing: Any action performed on personal information, including collection, recording, organising, storing, sharing, and transmitting. This includes electronic and paper documents containing personal information.
Legislation: CC33 must comply with the Data Protection Act (DPA) 2018 and the EU General Data Protection Regulation (GDPR) and associated regulations
Legal Basis for Processing
CC33 processes data based on the following legal bases.
Consent: Where we have obtained explicit consent from data subjects, particularly for the processing of Sensitive Data and for direct marketing to individuals' personal addresses, emails or telephone numbers.
Contractual Necessity: When data processing is necessary to perform a contract between CC33 and our client or their customers.
Legitimate Interests: When processing is in the legitimate interest of CC33, such as communicating with prospective clients or employees and marketing to business customers. These interests are balanced against the rights and freedoms of data subjects.
Legal Obligation: To comply with applicable legal requirements.
Personal Data We Collect
CC33 collects data to operate effectively and provide ongoing contractual support to our clients. We also collect data to communicate with prospective employees. We will only collect the minimum personal information needed to complete a task and will not collect information unnecessarily. The data we collect can include the following:
Information on client computer hardware and software: This information can include an IP address, browser type, domain names, access times, and website address. CC33 uses this information to operate our service and maintain its quality.
Provide business contact information for our clients and potential clients.
Retention of Personal Data: CC33 retains personal data in accordance with its data retention policy or as long as necessary to provide the support requested in our contracts. Actual retention periods may vary depending on client requirements, but we will align retention periods with statutory guidelines. Specific retention periods will be determined based on contractual obligations and regulatory requirements.
Where We Obtain Data To Provide Our Services
How We Use Personal Data
We only process our clients' customer information according to their written instructions to fulfil the contract between us and the client.
When we market to business customers, we do this in the legitimate business interest of growing and maintaining our client base. We always offer our clients the right to opt out of further communications. Where a business customer opts out, we will record this and ensure we do not market to that customer again.
When we communicate with prospective employees, we do this in the legitimate business interest of increasing our staff numbers. We will always offer individuals the right to opt out of further communications, and should the individual choose not to be contacted by CC33 again, we will record this and ensure we do not communicate with that individual again.
We will not send marketing material to an individual's personal email address or home address without their consent.
Sensitive Data will not be used without express consent.
Security of Personal Data
All Personal Data is stored in a controlled, secure environment, protected from unauthorised access, use, or disclosure. Our Information Security Management System (ISMS) thoroughly documents electronic data storage. Measures include encryption, access controls, pseudonymisation, and regular security assessments.
Use of Cookies
The information we collect during normal website use is used for system administration, filtering traffic, looking up user domains, and reporting on and analysing how parts of the site are used. Such use does not result in collecting or storing personally identifiable data.
We may use any of the following cookies.
Cookie Control: You can accept or decline cookies. Most web browsers automatically accept cookies, but you can modify your browser settings to decline cookies. Please note that disabling cookies may affect your ability to use certain features of our website.
Links to Other Websites
Our website may contain links to other websites. However, once you have used these links to leave our website, we do not have any control over that website. Therefore, we are not responsible for the protection and privacy of any information you provide whilst visiting such sites, and this privacy statement does not govern any such websites.
Sharing Data With Third Parties
CC33 does not sell, rent, or lease client lists to third parties.
We may, from time to time, share your data with contractors who perform tasks required to complete a service. All such contractors are required to maintain equivalent levels of security when processing your personal information as CC33 and, where required, are bound by a legal agreement to keep your personal information private and secure and to process it only upon our specific instruction.
How to Access and Control Your Data
Clients and individuals have the right to access information held about them to ensure that such personal data is accurate and relevant for the business purposes for which it was collected.
To understand what personal information we hold, you must submit a Subject Access Request to privacy@cc33.co.uk. We have 28 days to provide the information you request.
You may also call us on 0114 399 0087 with your personal data enquiries or requests, or you can write to us at our registered office address.
Your Rights
Right to Rectification: You may request that we correct inaccuracies in your data.
Right to Erasure: You can request the deletion of your data under specific circumstances.
Right to Restrict Processing: You may request the restriction of processing where data accuracy is contested or processing is unlawful.
Right to Data Portability: You can request that we provide your data in a structured, commonly used, and machine-readable format and transfer it to another data controller.
Right to Object: You can object to processing your data for marketing purposes.
Withdrawal of Consent: Where processing is based on your consent, you can withdraw consent at any time for future processing.
Lodging a Complaint: You can complain to a data protection authority, the Information Commissioner's Office (ICO): https://ico.org.uk/for-the-public/
Where We Store and Process Personal Data
CC33 adheres to applicable data protection legislation and only processes and stores data within the UK. If data is transferred outside the UK, we will ensure appropriate safeguards to protect personal information.
Incident Handling
We will report all serious data breaches to the ICO within 72 hours, resulting in personal data loss, release, or corruption. A severe breach is a compromise of CC33’s data security that results in the loss or disclosure of personal or sensitive Data, which could prove detrimental to the individual’s financial, physical, or emotional well-being. The damaging effect would include information leading to the following:
A non-reportable breach will compromise CC33's data security, resulting in the loss or disclosure of staff members' data where there is no particular sensitivity and no adverse effect on individuals.
Privacy Commitment
At CC33, we are dedicated to maintaining the privacy and security of your data. We continuously review and update our privacy practices to ensure compliance with applicable data protection regulations and to safeguard your information effectively. If you have any questions, concerns, or requests regarding this privacy policy or the processing of your data, please do not hesitate to contact us at privacy@cc33.co.uk. We value your trust and are committed to being transparent, accountable, and responsive in all matters concerning your privacy.
Our commitment to industry leading communication and management begins with energetic and passionate people.
