What information we collect and how we use it
We recognise the importance of respecting and protecting your personal data (information) and yet in order to be able to continue to provide you with the highest level of service we need to collect, process and share a certain amount of information about you. In this document we explain what information we’re likely to hold, how we collect it and how we will use or share it. It also explains your rights and how to contact us or the ICO in the event you have a complaint. Our commitment to you is that we will continue to treat your personal data fairly and legally and with the same discretion and respect as we have always applied.
Canaciello Holdings ltd. is the data controller of your information. This means that we exercise some judgment in determining how and why to process the information you share with us. If you have questions about how we process your information that aren’t answered in this policy, we invite you to get in touch with us at firstname.lastname@example.org. This policy applies to all your information however captured.
All your information falls into one or more of the following categories:
We may process any of your information identified in this policy where necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure. The legal basis for this processing is our legitimate interests, namely the protection and assertion of our legal rights, your legal rights and the legal rights of others.
In addition to the specific disclosures of personal data set out in this Section 3, we may disclose your personal data with law enforcement where such disclosure is necessary for compliance with a legal obligation to which we are subject, in order to protect your vital interests or the vital interests of another natural person, or in connection with the establishment, exercise or defence of legal claims, whether in court or not.
Transferring your personal information outside of the European Economic Area (“EEA”)
The information you share with us may be processed outside of the EEA. We have ensured that those companies with whom your personal data may be shared participate in, adhere to and have certified their compliance with the EU/U.S. Privacy Shield Framework and are committed to apply to the Framework’s principles in processing personal data received by them from EU member countries.
How long we hold on to your information
We only hold on to information for as long as we need to. How long will depend on the kind of information it is and why we need it.
In certain circumstances we may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, to resolve disputes and enforce our agreements.
You have the right to request a copy of the personal data we hold about you, but we will not include anything that compromise another person’s confidentiality or intellectual property. We’ll aim to send this to you within 1 month of your request. If we can’t do this, we’ll let you know within the 1 month
You have the right to ask us to correct any mistakes in your personal data
To be forgotten
You have the right to require us to delete your personal data in certain situations
Restriction of processing
You have the right to require us to restrict processing of your personal data in certain circumstances for example, if you don’t think it’s accurate
You have the right to receive the personal data you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party in certain situations
The right to object:
at any time to your personal data being processed for direct marketing (including profiling) by emailing email@example.com in certain other situations to our continued processing of your personal data, e.g. processing carried out for the purpose of our legitimate interests
You have the right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you. To the extent that the legal basis for our processing of your personal information is consent, you have the right to withdraw that consent at any time.
Right to complain
In the event that you wish to make a complaint about how we process your personal information, please contact us in the first instance at firstname.lastname@example.org and we will endeavour to resolve your query as soon as possible. If you consider that our processing of your personal information infringes data protection laws, you have a legal right to complain to a supervisory authority which in the UK is the Information Commissioner’s Office. You can contact them on https://ico.org.uk/.
Securing your information
At Canaciello Holdings ltd., all of the information we hold is stored on third party secure servers located in the EU and all other information is stored in the cloud. The key solutions we use are well- known, global businesses that are GDPR compliant and secure. We may use other smaller, local service providers from time to time and in these cases, will ensure that they are bound by the GDPR and obligations of confidentiality.
We ensure that everyone does their bit to keep all data – not just personal data, secure and confidential. Despite this, nothing can be 100% secure and we will notify you and the ICO of a suspected data security breach where we are legally required to do so.