Privacy Policy


Last updated: 11:18 pm - Monday, 29th January 2018

Contents

  1. Introduction 
  2. The information you provide
  3. The information we collect
  4. Lawful basis for processing personal data
  5. Sharing personal data
  6. Where is your data stored?
  7. How do we keep your Personal Information secure?
  8. Your rights
  9. Comments and feedback

Introduction

Cursor complies with the Data Protection Act 1998 which protects the privacy of personal data and upholds individuals rights. We are currently preparing for the forthcoming EU General Data Protection Regulation (GDPR), and will support these new regulations by the May 2018 deadline. 

We are registered with the Information Commissioner:

Organisation name: CURSOR AND CODE LTD
Registration number: Z9371938

If you would like to get in touch about anything in this policy or about your Personal Information then please contact usby email: dpo@cursor.co.uk

The information you provide

We collect a variety of information in order to deliver our products and services. Your privacy is important to us and so we have developed systems to ensure that we manage your personal data transparently, fairly and securely. 

If you would like information on our products and services on this website then we may ask for you to provide a name and email address so we can send this information to you. By providing your name and email address, which is usually requested via online form, you agree to us contacting you with regard to the information you request.

Some forms on our website also include a checkbox asking you for permission for us to add you to our mailing list. This is an opt-in mailing list and your personal information will be used solely by us. 

Under no circumstances will your personal information be sold or used by any other organisation. 

From time to time, we may send emails which we think may be of interest to you. Each email communication you receive from us will have the option to remove your e-mail address from our list.

Whenever we collect Personal Information from you, we let you know and provide you with the following precise information:

  • The information we have collected
  • The basis on which we are holding it (e.g. because you gave us consent or legal basis for processing)
  • What we will do with it
  • How long we will hold it for
  • Where it is stored
  • Who it might be shared with
  • Your rights in relation to the data
  • Information on how you can access and manage this data

The information we collect

In addition to personal information you may choose to provide via this website, we collect anonymised information about our website visitors in order to help monitor and improve the performance of our digital services. These anonymised data collection services include Google Analytics for website stats and Rollbar for error / bug reporting.

Google Analytics

Google Analytics is web analysis service provided by Google. We use this service to access statistical reports on how people use our website to evaluate performance. Google Analytics servers are hosted in the USA in data centres that are compliant with ISO 27001 and the Privacy Shield Framework.The Privacy Shield Frameworks are designed to provide a mechanism to comply with data protection requirements (including GDPR) when transferring personal data from the European Union and Switzerland to the United States in support of transatlantic commerce. 

Read more about Google data protection and compliance

Rollbar

Rollbar is a system that helps us detect, diagnose and resolve errors and bugs with our online services. Anonymous information about errors generated by user sessions is gathered by Rollbar and is encrypted (during transit and rest) and stored at Rollbar's ISO 27001 compliant data centre in the USA. Rollbar complies with EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by US Department of Commerce with regard to the collection, use, and retention of personal information in the European Union or member countries as well as Switzerland.

Read more about Rollbar data protection and compliance

The lawful basis for processing data

Consent

If you choose to request more information on our products and services on this website then we may ask for you to provide a name and email address so we can send this information to you. 

If you choose to opt-in to our mailing list then from time to time, we may send emails which we think may be of interest to you. Each email communication you receive from us will have the option to remove your e-mail address from our list. This is an opt-in mailing list and your personal information will be used solely by us.

Under no circumstances will your personal information be sold or used by any other organisation. 

If you choose to connect with us via social media such as a Linked In, Twitter or Facebook account, we may record a copy of your account 'handle' so that we can contact you via social media.

Contractual obligation

During the process of a quotation, we will gather both personal and commercial information about you, the business and the project which we have been asked to quote for. The information requested is to fulfill our contractual obligation in providing a full and accurate quotation for work. The additional personal information we will request about you is usually your position at work which is used to confirm if you have the authority to request a quotation and your work address so we can deliver this quotation.

If a quotation is approved, we will ask for further information that is specific to your individual project. This information (known as the 'project information') can be commercially sensitive and may be covered by a non-disclosure agreement on request. In addition to the project information, we may ask for your mobile telephone number which is only to be used as a secondary contact number in case of emergencies or out of office hours contact is required.

Sharing personal information

We don't share your information with anyone.

However, there are special situations in which we may need to share access to your Personal Information without your explicit consent. For example; 

  • If required by law.
  • To protect the life of an individual.
  • Or to comply with any valid legal process, government request, rule or regulation. 

Where is your data stored

Your data is stored inside the European Economic Area (EEA). In addition we may use facilities that comply with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by US Department of Commerce with regard to the collection, use, and retention of personal information in the European Union or member countries as well as Switzerland.

How do we keep your Personal Information secure?

Cursor follows industry best practice to ensure that your data is secure and cannot fall into the wrong hands. We work with CESG Certified Cyber Security Professionals (a government run scheme for Cyber Security specialists approved by GCHQ) who help protect our networks, systems and data - which includes helping keep your Personal Information secure. 

Cursor achieved the government recommended, Cyber Essentials standard on 3 April 2017. Cyber Essentials aims to help organisations implement basic levels of protection against cyber attack, demonstrating to their customers that they take cyber security seriously. The five basic controls within Cyber Essentials were chosen because, when properly implemented, they will help to protect against unskilled internet-based attackers using commodity capabilities – which are freely available on the internet. 

Since October 2014, Cyber Essentials has been a minimum requirement for bidding for Government contracts. Now that we have achieved this basic standard, we have made a commitment to achieve Cyber Essentials Plus, an externally audited version of the standard during 2018.

Find our listing on the IASME Cyber Essentials List of Certified Organisations

As well as these significant investments in IT systems and processes, we believe that people are at the core of effective security. As such, Cursor staff receive security training and are subject to simulated phishing (email) attacks to help them spot malicious emails. Cursor’s managing director is a member of CISP (Cyber Intelligence Sharing Partnership) and recently attended the Cyber UK conference arranged by the NCSC (National Cyber Security Centre) to keep informed of best practices for cyber security and information governance.

Your rights

Where we hold your Personal Information we make sure to give you access to it as a part of your data rights. The rights of the data subject will change during the implementation of the General Data Protection Regulations (GDPR) and will include;

  • Right of access by the data subject
  • Right to rectification
  • Right to erasure ('right to be forgotten')
  • Right to restriction of processing (including notification obligations)
  • Right to data portability
  • Right to object

We are currently in the process of implementing new systems that will allow us to protect your data rights under the new GDRP regulations. In the meantime, if you have a question or query about your data rights or would like to exercise your privileges as the data subject then please email our data team via dpo@cursor.co.uk

Comments and feedback

We are open and transparent about our use of data so if you are unclear about how we use data or think we could improve how we deal with Personal Information, let us know!

Last updated: 29/01/2018

More from our blog