"Cookies" are small pieces of data stored on a User's device.
"Controller", "Customer", or "You" means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the Processing of Personal Data.
means personal data, reports, addresses, and other files, folders or documents in electronic form that a User of the Service stores within the Service.
"User" means an account owner, employer, employee, resource, agent, or representative of a Customer, who primarily uses the restricted areas of the Site/ Platform to access the Service in such capacity. The User corresponds to the Data Subject, who is the subject of Personal Data.
"Visitor" means an individual other than a User, who uses the public area but has no access to the restricted areas of the Site/Platform or Service. The Visitor corresponds to the Data Subject, who is the subject of Personal Data.
"Public Area" means the area of the Site that can be accessed both by Users and Visitors, without needing to log in.
"Restricted Area" means the area of the Site that can be accessed only by Users, and where access requires logging in.
What information do we collect?
Information Provided by the User or Visitor.
While using our , as a User or as a Visitor, you may provide, and we may collect Personal Data. Personally identifiable information may include, but is not limited to: e-mail addresses of those who communicate with us via e-mail, e-mail addresses of those who sign up to the Service, e-mail addresses of those who are signed up for the service by the account owner, e-mail addresses of those who are invited to the service, e-mail addresses of those who signup to any subscription feed, any mailing address, mobile phone numbers, and credit cards or other billing information.
Personal Data also includes other information such as name, email, phone number, position, workplace, photo of yourself or your colleagues or employees, login credentials, contractual and billing details, and any other information submitted by Users, Visitors or otherwise available to us when they signup or login to the"Site", "Platform" (either directly or through their social media or organizational Sign-On account), when creating their individual profile("User Profile"), or by updating their account or when any such information is linked to information that identifies a specific individual.
Information Provided via Integrated Services.
We use the information we collect;
- To provide and maintain our Service
- To notify you about changes to our Service
- To allow you to participate in interactive features of our Service when you choose to do so
- To provide customer support
- To gather analysis or valuable information so that we can improve our Service
- To monitor the usage of our Service
- To detect, prevent and address technical issues
- To provide you with news, special offers and general information about other goods, services and events which we offer that are similar to those that you have already purchased or enquired about unless you have opted not to receive such information
We use the information – other than Customer Data – to operate, maintain, enhance and provide all features of the Service, to provide the services and information that you request, to respond to comments and questions and to provide support to Users of the Service. We process Customer Data solely in accordance with the directions provided by the applicable Customer or User.
The Accuracy And Retention Of Personal Information.
We endeavour to ensure that any Personal Information in our possession is as accurate, current and complete as necessary for the purposes for which we use and or disclose such Personal Information. If we become aware that your Personal Information in our possession is inaccurate, out-of-date or incomplete, we will endeavour to revise such Personal Information accordingly.
We will retain your Personal Information only for so long as it is required for the purposes it was collected or to comply with applicable laws. This period may extend beyond the end of your relationship with us, but it will be only for so long as it is reasonably necessary for us to have sufficient information to respond to any issues that may arise after the end of your relationship with us or as required by applicable laws. When your Personal Information is no longer required, we will destroy, delete or convert it into an anonymous form.
The Site or Services may provide features that permit you to share information with other persons or services. You should be aware that when you voluntarily disclose your Personal or any other Information using any of these features, such Information may be collected, used or disclosed by such persons or services without restriction. This may result in unsolicited messages from third parties, identity theft and other harm to you. Any information that you disclose to such persons is entirely at your own risk. CeyDigital assumes no responsibility or liability as to any harm that you may suffer as a result of such activities.
Links to other web sites
Our services may contain links to other websites not controlled or operated by CeyDigital. These links do not imply that we endorse these third-party sites. We recommend reviewing those sites directly for information on their privacy policies. We do not share your personal information with those websites and are not responsible for their privacy practices. Any information you provide on thirdparty sites or services is provided directly to the operators of such services and is subject to those operators' policies, if any, governing privacy and security, even if accessed through the Service.
We are not responsible for the content, privacy and security practices and policies of third-party sites or services to which links or access are provided through the Service.
Cookies and tracking technologies
Our Site and Services utilize "cookies" and other technologies for us to provide and monitor our Services and Site, to ensure that they perform properly, to analyze our performance and marketing activities, and to personalize your experience. Such cookies and similar files may also be temporarily placed on your device. The next time you visit the Site, your device will remember useful information such as preferences, visited pages or logging-in options.
Service providers and data disclosure
We engage selected third-party companies and individuals as "Service Providers", to perform services on our behalf or complementary to our own. These include providers of Third Party Services such as Cloud Service Providers, email delivery services digital behavioural analytics services, and help desk software providers. They may have access to personal data, depending on each of their specific roles and purposes in facilitating and enhancing our Services or other activities.
We use Google Analytics to collect site usage information and to measure and evaluate access, traffic on pages viewed on-site, operating system, IP address and cookies and how Users interact with and use the Platform and its various features. Google uses the data collected to track and monitor the use of our Service. This data may be shared with other Google services.
Security and safeguarding methods
In order to protect your data held with us, we use (SHA 256 with RSA encryption and TLS1.2) industry-standard physical, procedural and technical security measures, including encryption as appropriate.
Despite these efforts, please note thatno data transmission or storage efforts can be guaranteed to be 100% secure. As a result, we cannot guarantee or warrant the security of any information you disclose or transmit to us. Our team is trained on the importance of Privacy and Data Protection and will adhere to our internal policies.
The GDPR distinguishes between two main types of roles regarding the processing of personal data: "Data Controller" and "Data Processor". A data controller determines the purposes and ways that personal data is processed, while a data processor is a party that processes data on behalf of the controller.
Customers who are using the Platform or the services to process personal data for their own purposes and means will typically be considered as the"Data Controller", and are primarily responsible for meeting all applicable GDPR requirements; whileCeyDigital serves as its customer's"Data Processor", processing such personal data on behalf of its customers.
How we are fully compliant with GDPR
- Data Retention & Erasure –our retention policy ensure that we meet the 'data minimisation and 'storage limitation' principles and that personal information is stored, archived and destroyed compliantly and ethically. We have dedicated erasure procedures in place to meet the 'Right to Erasure' obligation and are aware of when this and other data subject's rights apply; along with any exemptions, response timeframes and notification responsibilities.
- Data Breaches –our breach procedures ensure that we have safeguards and measures in place to identify, assess, investigate and report any personal data breach at the earliest possible time. Our procedures are robust and have been disseminated to all employees, making them aware of the reporting lines and steps to follow.
- International Data Transfers & Third-Party Disclosures –where CeyDigital stores or transfers personal information outside the EU, we have robust procedures and safeguarding measures in place to secure, encrypt and maintain the integrity of the data. We carry out strict due diligence checks with all recipients of personal data to assess and verify that they have appropriate safeguards in place to protect the information, ensure enforceable data subject rights and have effective legal remedies for data subjects where applicable.
- Obtaining Consent –our consent mechanisms for obtaining personal data, ensure that individuals understand what they are providing, why and how we use it and give clear, defined ways to consent to us processing their information. We have developed stringent processes for recording consent, making sure that we can evidence an affirmative opt-in, along with time and date records; and an easy-to-see and accessible way to withdraw consent at any time.
- Direct Marketing –processes for direct marketing, including clear opt-in mechanisms for marketing subscriptions; a clear notice and method for opting out and providing unsubscribe features on all subsequent marketing materials comply with the regulations.
- Processor Agreements –where we use any third party to process personal information on our behalf (i.e. Infrastructure, development, payments etc), we use due diligence procedures for ensuring that they (as well as we), meet and understand their/our GDPR obligations. These measures include initial and ongoing reviews of the service provided, the necessity of the processing activity, the technical and organisational measures in place and compliance with the GDPR.
Unless the law permits, we will not collect, use or disclose your information for any purpose without obtaining your consent. However, we may seek consent to use and disclose Personal Information after it has been collected in those cases where we wish to use the Personal Information for a new or different purpose.
In most cases, and subject to legal and contractual restrictions, you are free to refuse or withdraw your consent at any time upon reasonable advance notice. It should be noted that there may be certain portions of the Site, Platform or Services that will only be made available to you if you provide specific Personal Information to us. Consequently, if you choose not to provide us with any required Personal Information or withdraw any consent that you have provided, we may not be able to make such portions of the Site, Platform or Services available to you.