Data Privacy at Castell
Castell respect your right to privacy and will process personal information you provide only in accordance with the General Data Protection Regulation 2018, the Data Protection Act 2018 and other applicable privacy laws.
Castell is responsible for the data we collect and process for our own purposes. We’re committed to maintaining the security and privacy of the personal data we process, whether through our website or through our interactions with clients, investors or industry partners.
We may automatically process some technical data such as your Internet Protocol (IP) address to identify what companies have interacted with the website. This processing only identifies a company name and will not be used to identify an individual.
How Do We Use Your IP address?
We use your IP address to track traffic flows and to make our websites easier for you to use and to better understand how our websites are used.
Whilst we take appropriate measures in our own practices, security and privacy is at the core of our business operations. It is imperative we operate in accordance with industry and regulatory requirements.
Although our services do not revolve around collecting and processing personal data, we often process personal data as part of delivering information to our clients and investors.
We have a contact form, a catalogue request form and on our website, which allows individuals to provide information to contact us or send a paper catalogue to the address provided. This data is processed under your consent and only used to facilitate your enquiry.
Data Types – first name, last name, email address, phone number, company, industry sector, full address, country and free-text comments.
Data Types: name, country, email address, occupation, and employment.
To administer our website and protect our business and this website (including troubleshooting; data analysis; testing; system maintenance; support; and reporting and hosting of data) we will process your personal data under your consent.
Data Types: name, country, email address, occupation, and employment.
Financial Management, Accounting and Administration
Our financial management and accounting services process basic supplier contact information to fulfil our accounting requirements. This ranges from invoices, purchase orders, account details, statement of works, terms and conditions and bank details. We use a cloud-based solution to process and store this data. This processing is primarily to enable us to perform our side of the contract with our suppliers and meet our legal obligations for financial reporting.
Data Types – Name, email addresses, address, telephone details, supplier bank account details, signatures, business contact details.
We process basic contact and work information in relation to associates, contractors and job seekers who would like to work with us. The information could be collected through our website, email, Linkedin, social media, recruitment agencies or job advertising boards. Contractors who are working with us or who could potentially be working with us in the future will have their details stored in a cloud-based solution, so that we can keep track of their skills, work history, contact details and availability. This processing is undertaken under Castell’s legitimate interests and in the performance of a contract or with a view to entering into one.
Data Types – name, email addresses, address, telephone, CV, skills, work history, passport, driving licence, references and email conversations.
Castell make use of social media platforms such as LinkedIn, YouTube, Facebook and Twitter. We as a business sign up to the terms and conditions of the provider and use these platforms to provide insight into the latest news and activities taking place across our group, to promote Castell’s employees, our services and provide you with our latest thought leadership content on different subject matter.
We use industry leaders for our cloud-based infrastructure services, which means that the provider looks after all of the physical equipment and management of it. This means that there are high levels of physical security on our systems and Castell provide additional layers above that. We build our systems and services in these environments, which also allow you to choose the location of where data is held (including personal data). Castell always choose the United Kingdom (UK) or the European Union (EU), which means if we deliver a service from these systems, data will reside in the UK or EU.
Email, office applications and document storage
We use an externally hosted provider for these services who are world renowned experts in providing these services. The data is all processed in the EU and we are responsible for ensuring it’s configured securely. These systems are critical to our company and if you have dealings with us, no doubt your data will be held within these.
Security of Personal Data
We take the security of personal data extremely seriously. We assess security for Confidentiality, Integrity and Availability to ensure that data remains protected, accurate and available for its intended purposes. Some of the core controls we have implemented, for our cloud solutions, include:
- Multi-Factor Authentication (MFA) on all Internet cloud-based systems
- Encryption of data at rest and in transit
- Technical assessments of our systems for vulnerabilities and configuration weaknesses
- Controlled access to only approved individuals
- Security awareness training for all our employees
- Policies and procedures on secure operations and configuration of systems
International Data Transfers
Primarily our systems and services are all located within the United Kingdom. Your personal data will be processed outside of the EU and in countries that are deemed not to have adequate safeguards in place. This is because some of the locations of where some of the industry leading systems we use are hosted in the UK but process data outside of the EU in countries such as but not limited to the United States of America.
There may also be occasions where our employees work outside of the EU and access systems from outside the EEA.
Your rights in relation to your data
Under Data Protection Law you have a number of rights that are focussed on placing you in control of how your data is processed.
You can exercise these rights by emailing us at firstname.lastname@example.org or by writing to Castell Safety International Limited, 217 Kingsbury Road, London NW9 9PQ.
We may ask you for identification prior to disclosing any data, as we need to ensure we only disclose information to the person entitled to it.
You have the following rights in relation to the processing of your personal data;
- Right to be Informed – You have the right to be provided information on how your personal data is processed
- Right to Access – You have the right to have access to the personal information we hold about you
- Right to Rectification – This relates to the right to rectify any inaccurate personal information we hold about you
- Right to Erasure – The right to request that we delete your data, or stop processing it or collecting it, in some circumstances
- The Right to Object – You have the right to object to the processing of your data, such as requesting us to stop sending you communications
- Right to Data Portability – You can request your personal data to be sent to another service provider
- Right to Withdraw Consent – You have the right to withdraw your consent and stop the processing of your personal data
Right to Lodge a Complaint – You can lodge a complaint with the Data Protection Regulator, the UK Information Commissioner’s Office, using the below details;
Postal Address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Live Chat: https://ico.org.uk/global/contact-us/live-chat
Online Form https://ico.org.uk/global/contact-us/email/
Telephone: 0303 123 1113
Changes to our policy
From time to time, things change, and we are always striving to continuously improve our business operations and services we deliver.
Some of the changes may result in changes to our privacy information and this page, to ensure we are transparent about how we are processing your data at all times.
When any significant changes to the way we protect your privacy are made, we will make this clear on our website or by other means of communication such as email, so that you are able to review the changes and make an informed decision as to whether you want to exercise any of your rights in relation to the processing of your personal data.