Privacy Statement, effective as of May 24, 2018
In this statement, “CDL”, “we”, “us”, “our” or “Company” is a reference to Computer Disposals Ltd.
Being one of the UK’s leading IT disposal companies we take your privacy seriously and want you to understand our practices with respect to the handling of your ‘Personal Data’. This privacy statement explains how we do this.
‘Personal Data’ means any information relating to an identified or identifiable individual as defined in Article 4 (1) of the GDPR.
Please read this Privacy Statement carefully to learn how we collect, use, share and process information relating to individuals ‘Personal Data’, and your rights and choices regarding our processing of this data.
1. Responsible Entity
CDL is the controller of your ‘Personal Data’ as defined in Article 4 (7) of the GDPR and responsible for the collection, processing and disclosure of your Personal Data, unless expressly specified otherwise.
2. What Personal Data do we collect?
The Personal Data we collect about you may be obtained by the following:
- If you request one of our services, express interest, call customer support, use our “Contact Us” or similar features, register to use our websites, or download certain content, we generally require you to provide us with your contact information, such as your name, job title, company name, address, phone number, email address.
- If you make purchases, we may also require you to provide us with financial information and billing information, such as billing name and address, credit card number, or bank account information.
- If you use and interact with our websites, we automatically collect log files and other information about your device and your usage of our websites through cookies, web beacons or similar technologies, such as IP-addresses or other identifiers, which may qualify as Personal Data (view the “What device and usage data we process” section below).
- If you visit our offices, you may be required to register as a visitor and to provide your name, email address, phone number, company name, vehicle registration number, photograph and time and date of arrival.
3. Processing activities covered
This Privacy Statement applies to the following processing activities:
- Visiting our websites which display or link through to this Privacy Statement.
- Visiting our offices.
- Receiving communications from us, including emails, texts and any other means.
- Requesting asset management, data sanitisation and destruction services.
- Marketing and survey communications.
Our websites may contain links to other websites, applications and services maintained by third parties. The information practices of such other services are governed by the third-party privacy statements, which we encourage you to review to better understand those third parties’ privacy practices.
4. What device and usage data we process
We use common information-gathering tools, such as log files, cookies, web beacons and similar technologies to automatically collect information, which may contain Personal Data, from your computer or mobile device as you navigate our websites or interact with emails we have sent you.
4.1 Log Files
As is true of most websites, we gather certain information automatically via log files. This collected information may include your Internet Protocol (IP) address (or proxy server), device and application identification numbers, your location, your browser type, your Internet service provider and/or mobile carrier, the pages and files you viewed, your searches, your operating system and system configuration information, and date/time stamps associated with your usage. This information is used to analyse overall trends, to help us provide and improve our websites and to guarantee their security and continued proper functioning. We also collect IP addresses from users when they log into the services as part of the Company’s security features.
4.2 Cookies, web beacons and other tracking technologies
When you visit our websites, our servers or an authorised third party may place a cookie on your browser, which can collect information, including Personal Data, about your online activities over time and across different sites. Cookies allow us to track overall usage, determine areas that you prefer, make your usage easier by recognising you and providing you with a customised experience.
We also use web beacons on our websites. For example, we may place web beacons in marketing emails that notify us when you click on a link in the email that directs you to one of our websites. Such tracking technologies are used to operate and improve our websites and email communications and track the clicking of links or opening of emails.
The following sets out how we use different categories of cookies and similar technologies, as well as information on your options for managing the settings for the data collection by these technologies:
|Type of Cookies||Description||Managing Settings|
|Required cookies||Required cookies enable you to navigate our websites and use their features, such as accessing secure areas of the websites.|
If you have chosen to identify yourself to us, we may place on your browser a cookie that allows us to uniquely identify you when you are logged into the websites and to process your online transactions and requests.
|Because required cookies are essential to operate the websites there is no option to opt out of these cookies.|
|Functionality cookies||Functional cookies allow us to remember information you have entered or choices you make (such as your username, language, or your region) and provide enhanced, more personal features.|
Functional cookies may also be used to improve how our websites function and to help us provide you with more relevant messages, including marketing communications. These cookies collect information about how our websites are used, including which pages are viewed most often.
We may use our own technology or third-party technology to track and analyse usage and volume statistical information to provide enhanced interactions and more relevant communications, and to track the performance of our advertisements.
Lead Forensics, Communications house, 26 York street, London, W1U 6PZ. Lead Forensics uses a small piece of code, much like Google Analytics, which tracks IP addresses visiting a website. Those IP addresses are then matched to data held by Lead Forensics, providing accurate information about unknown website visitors.
CDL may also utilize HTML5 local storage or Flash cookies for these purposes. Flash cookies and HTML local storage are different from browser cookies because of the amount of, type of, and how data is stored.
|To opt out from data collection by Google Analytics, you can download and install a browser add-on, which is available here.|
To learn how to control functional cookies using your browser settings click here.
To learn how to manage privacy and storage settings for Flash cookies click here.
4.3 Social Media Features
Our websites may use social media features, such as the Facebook “like” button, the “Tweet” button and other sharing widgets (“Social Media Features”). You may be given the option by such Social Media Features to post information about your activities on a website to a profile page of yours that is provided by a third party social media network in order to share with others within your network. Social Media Features are either hosted by the respective social media network or hosted directly on our website. To the extent the Social Media Features are hosted by the respective social media networks, the latter may receive information that you have visited our website from your IP address. If you are logged into your social media account, it is possible that the respective social media network can link your visit of our websites with your social media profile.
Your interactions with Social Media Features are governed by the privacy policies of the companies providing the relevant Social Media Features.
5. Purposes for which we process Personal Data and the legal basis on which we rely
We will collect and process your Personal Data for the purposes, on a legal basis, identified in the following instance:
- To provide asset management, data sanitisation and destruction services: We will process your Personal Data in compliance with our data capability statement as agreed in your processing contract to an operation defined in GDPR Article 4 (2).
- Promoting security of our websites: We will process your Personal Data by tracking use of our websites, creating aggregated, non-personal data, verifying accounts and activity, investigating suspicious activity, as well as violations of and enforcement of our terms and policies, to the extent this is necessary for the purpose of our legitimate interests in promoting the safety and security of the systems and application used for our websites, and protecting our rights and the rights of others.
- Managing user registrations: We will process your Personal Data by managing your user account for the purpose of performing the contract with you according to any applicable terms of service.
- Handling contact and user support requests: If you fill out a “Contact Me” web form, request user support, or if you contact us by other means, we will process your Personal Data for the performance of our contract with you and to the extent it is necessary for the purpose of our legitimate interests to fulfil your request and communicate with you.
- Managing payments: If you have provided financial information, we will process your respective Personal Data to check the financial qualifications and collect payments to the extent this is necessary for completing transaction with you under the contract entered into with you.
- Developing and improving our websites: We will process your Personal Data to analyse trends, track your usage of our websites and interactions with emails to the extent this is necessary for our legitimate interests to develop and improve our websites and to provide our users with more relevant and interesting content.
- Managing office visitors: We will process your Personal Data for security reasons, to register who visited our offices and who signed the non-disclosure agreement that visitors may be required to sign.
- Complying with legal obligations: We will process your Personal Data when cooperating with public and government authorities, courts or regulators in accordance with our legal obligations under applicable laws to the extent this requires the processing or disclosure of Personal Data to protect our rights, and is necessary for our legitimate interests to protect against misuse or abuse of our websites, to protect personal property or safety, to pursue remedies available to us and limit our damages, to comply with a judicial proceedings, court order or legal process, and/or to respond to lawful requests.
Where we need to collect and process Personal Data by law, or under a contract we have entered into with you and you fail to provide that required Personal Data when requested, we may not be able to perform the contract.
6. Who do we share Personal Data with?
We may share your Personal Data with the following recipients:
- Our contracted service providers which provide services such as IT and system administration and hosting, credit card processing, document signature tracking software, research and analytics, marketing, customer support and data enrichment. A complete list of contracted service providers can be provided on request.
- In individual cases we may also share Personal Data with professional advisers acting as processors or joint controllers including lawyers, bankers, auditors and insurers.
7. International transfer of information collected
We do not transfer your personal data outside the European Economic Area (EEA).
Our websites are not directed at children. We do not knowingly collect Personal Data from children under the age of 16. If you are a parent or guardian and believe your child has provided us with Personal Data without your consent, please contact us as described in the “Contacting Us” section below and we will take steps to delete such Personal Data from our systems.
9. How long do we keep your Personal Data?
We will only retain your personal data for as long as necessary to fulfil the purposes that we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
By law we must keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they cease being customers for tax purposes.
In some circumstances you can ask us to delete your data: see Request erasure below for further information.
10. Your rights relating to your Personal Data
You have certain rights regarding your Personal Data, subject to local data protection laws. These may include the following rights:
- To access your Personal Data held by us (right to access).
- To rectify inaccurate Personal Data and ensure it is complete (right to rectification).
- To erase/delete your Personal Data to the extent permitted by other legal obligations (right to erasure; right to be forgotten.
- To restrict our processing of your Personal Data (right to restriction of processing).
- To transfer your Personal Data to another controller to the extent possible (right to data portability).
- To object to any processing of your Personal Data carried out based on our legitimate interests (right to object).
- Where we process your Personal Data for direct marketing purposes or share it with third parties for their own direct marketing purposes, you can exercise your right to object at any time to such processing without having to provide any specific reason for such objection.
- Not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects (“Automated Decision-Making”); Automated Decision-Making currently does not take place on our websites.
- To the extent we base the collection, processing and sharing of your Personal Data on your consent, to withdraw your consent at any time, without affecting the lawfulness of the processing based on such consent before its withdrawal.
11. How to exercise your rights
To exercise your rights, please contact us in accordance with section 14 and 15 of this statement. We try to respond to all legitimate requests within one month and will contact you if we need additional information from you in order to honour your request. Occasionally it may take us longer than a month, considering the complexity and number of requests we receive. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.