Croner-i is the Data Controller for any personal data that you supply to us as part of the services you are contracted to receive from us. As our client, you are our data subject.
Our address is
240 Blackfriars Road
Telephone 0844 561 8166
Croner-i is a company within the Peninsula Group of Companies.
Croner-i has a Data Protection Officer, Gail Tuck, who can be contacted at firstname.lastname@example.org at Victoria Place, Manchester, M4 4FB.
What personal data we collect
We will obtain personal data about you (such as your name, address, email address, telephone number) whenever you complete an online form.
For example, we will obtain your personal data when you register to use the Site, send us feedback, post material, contact us for any reason, sign up to a service, enter a competition, purchase goods or services or as part of the provision of your existing contractual services
Occasionally we may receive information about you from other sources (such as credit reference agencies) which we will add to the information which we already hold about you in order to help us provide goods and services.
What we do with your personal data
We will use your personal data for any one or more of the following purposes: to help us identify you and any accounts you hold with us; administration; research, statistical analysis and behavioural analysis; customer profiling and analysing your purchasing preferences; marketing—see ‘Marketing and opting out’ below; fraud prevention and detection; to prevent and/or detect crime; billing and order fulfilment; credit scoring and credit checking—see ‘Credit checking’ below; customising this Site and its content to your particular preferences; to notify you of any changes to this Site or to our goods and services which may affect you; improving our goods and services; to allow you to participate in interactive features of the Site; in the event we sell or buy any business or assets.
The following table sets out how we handle your personal data and our legal basis for doing so under GDPR and the Data Protection Act 2018.
|What we do||Our legal basis under GDPR|
|Use the personal data that you provide on our web forms and questionnaires||Article 6(1)(b) - when you provide us with your personal data, for instance to obtain a quote for our services, this is a necessary step to take at the request of the data subject prior to entering into a contract|
|Provide goods and services to you||Article 6(1)(b) - this is necessary for the performance of a contract with you, our data subject|
|Provide our online services||Article 6(1)(b) - this is necessary for the performance of a contract with you, our data subject|
|Contact you regarding the services we provide||Article 6(1)(f) - we need to contact you for our legitimate interests so that we can gather more information for the provision of our services, or to deliver those services most effectively|
|Retain your data under our data retention policy after your contract has expired||Article 6(1)(f) - we need to retain your personal data for only as long as necessary under the law to protect our legitimate interests|
|Where you require us to make Reasonable Adjustments to enable you to attend a meeting or interview, we may require further information from you.||Article 9(2)(a) of GDPR (explicit consent).|
If this includes information about your physical or mental health, such information (being sensitive personal data, Special Category data), will only be used by us, with your explicit consent, to assess your eligibility for Reasonable Adjustments. We will not share or disclose it to others.
You can withdraw your consent as anytime by contacting us. Please note that we may not be able to process your request for Reasonable Adjustments if you do this.
The following table sets out the categories of personal data that we obtain.
|Name, postal address, email address, website, identification number, location data, online identifier - these are classed as personal data|
This data is provided by you on our web forms and questionnaires when you register to use the Site, send us feedback, post material, contact us for any reason, sign up to a service, enter a competition, purchase goods or services or as part of the provision of your existing contractual services.
This data may be provided if you apply for a job opportunity.
|Special categories of personal data are racial or ethnic origin, political opinions, sex life, sexual orientation, religious or philosophical beliefs, trade union membership, genetic data, biometric data for the purposes of uniquely identifying a natural person, or data concerning health||This data may be required by us to make Reasonable Adjustments to enable you to attend a meeting or interview, we may require further information from you.|
We may collect, hold, use and disclose the information collected to compile statistical data and to; maintain our database; develop/improve our website; respond to any email enquiries; notify you of any upcoming marketing, training or other events that you have opted in to; provide you with publications; manage quality control; manage systems administration; attend to compliance issues; provide you or your organisation with advice and determine suitability for employment.
We will not use or disclose your personal information for any other purpose which is not related (or in the case of sensitive information, directly related) to the above purposes without your consent, unless otherwise authorised, required or permitted under the laws of England and Wales. The Group does not sell your data to third parties.
If you no longer wish to receive information about our services, please send an email to our Group Data Protection and Compliance Officer (email@example.com) advising that you do not wish to receive further information.
Will we disclose your data?
Personal data will only be disclosed on a confidential basis to external service providers so that they can provide services such as financial or administrative services in connection with the operation of our business; and to any person (where necessary) in connection with their services, such as law enforcement, regulatory authorities, partners or advisors; or to companies within the Peninsula Group in the UK.
The handling of these operations is governed by a data processing contract between us and our external service provider, ensuring a commitment to the principals of the GDPR and the Data Protection Act 2018. We ensure external service providers are only authorised to use personal data for the limited purposes specified in our agreement with them.
How long we keep your personal data
Personal data from our data subjects is retained in line with our data retention policy. The Group keeps most data for 7 years, which covers the 6 years by law in which we have to keep certain information for a minimum of 6 years plus the current year. Personal data that is no longer necessary to be kept under the Group’s data retention policy will be deleted. Under the Group’s data retention policy, there are certain exemptions in relation to financial data and health data. A copy of the Group’s data retention policy can be made available upon request.
You have the following rights in relation to personal data held on you by the Group:
- The right to be informed about how personal data is used - (this notice)
- The right to access a copy of personal data that the Group holds about you
- The right to rectification of any errors in personal data held by the Group
- The right to erasure of any personal data
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making including profiling
If you wish to learn more about these rights and how they operate, please look at the ICO’s website https://ico.org.uk/for-the-public/.
The Group does not operate any automated decision making systems.
You have a right to request a copy of the personal data that we hold about you. If you would like a copy of some or all of your personal data please email firstname.lastname@example.org or write to our Group Data Protection and Compliance Officer at Victoria Place, Manchester, M4 4FB. Proof of your identity will be required for security purposes.
If you are unhappy with the response that you receive from us when you exercise your GDPR rights or Data Protection Act 2018 rights, you have the right to lodge a complaint to the ICO. More guidance about raising a complaint with us is available on the ICO’s website https://ico.org.uk/for-the-public/raising-concerns/ and for raising a complaint with the ICO, more information is available on https://ico.org.uk/concerns/.
This website uses Google Analytics, a web analytics service provided by Google, Inc. Google Analytics sets a cookie in order to evaluate your use of this website and compile reports for us on activity on the website. Google stores the information collected by the cookie on servers in the United States and the transfer of the data to servers in the USA is governed by the EU-US Privacy Shield framework. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google. By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above. More information about Google’s compliance with GDPR can be obtained from their website https://privacy.google.com/businesses/compliance.
Cookies are text files placed on your computer to collect standard internet log information and visitor behaviour information. This information is used to track visitor use of the website and to compile statistical reports on website activity. For further information visit www.aboutcookies.org.
You can set your browser not to accept cookies and the above websites tell you how to remove cookies from your browser. However, in a few cases some of our website features may not function as a result.
How to contact us
Group Data Protection and Compliance Officer
Telephone 0844 892 2779