Privacy Policy

In this policy “we”, “us” and “our” means Connect Assist Limited and its subsidiaries.  You can contact us by writing to:

FAO: Data Protection Officer
Unit 3 Cefn Coed Parc
Nantgarw
Cardiff
CF15 7QQ

You can contact our Data Protection Officer by email at DPO@connectassist.co.uk

This privacy policy explains how we use any personal information we collect about you when you contact us or use one of our services.

Why we collect and process information about you?

In order to provide an outstanding service to our customers, and support our staff, we may collect and process personal information. Most of the information we process is provided to us directly by you for one of the following reasons:

  • You have made an enquiry to us or use one of our services.
  • You have made an information request to us.
  • You wish to attend, or have attended, an event.
  • You subscribe to our e-newsletter, provide feedback or complete customer surveys.
  • You are a current employee or have applied for a job or secondment with us.
  • You are representing your organisation.

As part of Connect Assist’s corporate functions and service delivery, we may process special category data such as health information.

In the event of a health and safety issue such as a pandemic, that may affect the Company or wider community, where we believe that your individual health may be a risk to others, we may disclose information about you (such as symptoms and potential infection) to other employees or visitors, for example customers, suppliers, external trainers or workmen/women and the like, that may have come into contact with you. We will inform you, where possible, prior to notifying others and will only disclose essential information relative to the risk.

We may also receive personal information indirectly, where an employee of ours provides your contact details as an emergency contact or a referee.

We may also collect information about visitors to our website in order to improve our services, this information may include unique identifiers such as your IP address.

We record all telephone calls, which may be used for training and in defence of legal claims or in dispute resolution.  We operate CCTV systems at our company offices, which may record images of staff and visitors.  These systems are protected from unauthorised access but may be used for the detection and prosecution of criminal activity at our premises. 

Data Subject Rights

Under data protection law, you have rights we need to make you aware of.  The rights available to you depend on our reason for processing your information.

  • Your right to be informed

You have the right to be informed about the collection and use of your personal data. This is a key transparency requirement under the GDPR.  When we collect information from you, you will be provided with information including: your purposes for processing their personal data, and who it will be shared with. We call this ‘privacy information’.

  • Your right of access

You have the right to ask us for copies of your personal information.  This right always applies, however, there are some exemptions which means you may not always receive all the information we process.

  • Your right to rectification

You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. This right always applies.

  • Your right to erasure

You have the right to ask us to erase your personal information in certain circumstances.

  • Your right to restriction of processing

You have the right to ask us to restrict the processing of your information in certain circumstances.

  • Your right to object to processing

You have the right to object to processing if we are able to process your information under legitimate interests.

  • Your right to data portability

This only applies to information you have given us.  You have the right to request that we transfer the information you gave us from one organisation to another, or give it to you.  The right only applies if we are processing information based on your consent or under contract and the processing is automated.

As we need your consent to process your special category data, you have the right to withdraw your consent at any time.

You are not required to pay any additional charge for exercising your rights, and we have one month to respond to you.

If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law, you can complain to the Information Commissioner’s Office.

How long we keep your data

We will hold your personal information on our systems in accordance with our retention policy, and for no longer than necessary for the purpose of the supply of services and for any legal requirements.

Third parties

We use data processors who are third parties who provide elements of services for us such as cloud data storage and specialist service providers. We have contracts in place with our data processors. This means that they cannot do anything with your personal information unless we have instructed them to do it. They will not share your personal information with any organisation apart from us. They will hold it securely and retain it for the period we instruct.  For the purposes of design and maintenance information may be transferred from within the EEA to a jurisdiction outside the EEA, if so, it is done so under a Data Transfer Agreement, which contain standard data protection contract clauses. The European Commission has adopted standard data protection contract clauses (known as the Model Clauses) which provide safeguards for personal information that is transferred outside of the EEA. We use Model Clauses when transferring personal data outside of the EEA. Staff outside of the EEA may be engaged in, among other things, the fulfilment of your order and the provision of support services.

In some circumstances we are legally obliged to share information. For example, under a court order or where we cooperate with other European supervisory authorities in handling complaints or investigations. We might also share information with other regulatory bodies in order to further their, or our, objectives. In any scenario, we’ll satisfy ourselves that we have a lawful basis on which to share the information and document our decision making.

Changes to our Privacy Policy

We keep our Privacy Policy under regular review, and we will place any updates to this web page. This Privacy Policy was last updated on 25 June 2019.

Where we provide links to websites of other organisations, this privacy notice does not cover how that organisation processes personal information. We encourage you to read the privacy notices on the other websites you visit