PRIVACY POLICY

This Privacy Notice (PN) describes your rights under the General Data Protection Regulation (GDPR) and how we will use and protect your personal information. 

CRFS Ltd, Unit 1, Bourn Quarter, Wellington Way, Cambridge, CB23 7FW, UK

You have the right to lodge a complaint with our Data Protection Officer at privacy@crfs.com if you believe that your personal information is not being processed in line with this PN.

If you are not satisfied with the response, you have the right to lodge a complaint with the Information Commissioner’s Office. Find out on their website how to report a concern at ico.org.uk/make-a-complaint/

What is Personal Information?

Personal information can cover a wide range of areas, but in general, it includes: 

  • Information you tell us about you and your preferences  
  • Information provided by your connected devices such as mobile phones and PCs
  • Information we learn from your custom  
  • Information we learn about you from our agents, contractors and industry  
  • Online behaviour data, such as websites visited and content downloaded, which may be used to understand your interests and preferences (intent data). 

Personal information can include things that can allow someone to identify you either directly, i.e. through your name, or indirectly, e.g. through your address, phone number, or email address. Personal information can also include other things such as location data on mobile phones.  

Some types of personal information are categorised as being sensitive under data protection legislation and therefore need additional controls; CRFS does not collect, process or retain any such sensitive personal data.  

Where we collect your Personal Information from

In order to provide you with our products and services we need sometimes to collect and use your personal information. CRFS collects your personal information from a number of different sources, including:

Data you give to us:

  • When you enquire about our products and services
  • When you talk to us on the phone
  • When you use our website
  • In emails and letters
  • In customer surveys

Data we collect when you use our website:

  • Online profile and usage data. This includes the profile you create to identify yourself with us when you register on our website. It also includes other data about how you use our website.

Intent Data: 

  • We collect information about your online activity on our website, such as pages visited, content downloaded, and links clicked. This helps us to understand your interests and preferences so we can provide you with more relevant content and offers. 

Data from third parties:

  • Public information sources such as Companies House and social networks
  • Companies that introduce you to us
  • Market researchers
  • Agents and contractors working on our behalf.

Who we share your Personal Information with

In order to provide our products and services to you, CRFS may share your personal information with other CRFS companies and agents and contractors working on CRFS’s behalf. This includes companies in the following categories:

  • Print and design
  • Technology and IT
  • Digital and social media
  • Data analytics
  • Payment processing

We may also need to provide your personal information to other companies and agencies external to CRFS or its agents and contractors in connection with the provision of our products and services and to provide you with the product and service you have chosen.  These include:

  • HM Revenue & Customs, and other authorities
  • Information Commissioner
  • People whom you have authorised us to share your personal information
  • Audit firms

We never share your personal details with external companies for the purposes of their marketing. We may need to share your personal information with other organisations to provide you with the product or service you have chosen, including:

  • If you have a debit, credit or charge card that you use with us we will share transaction details with companies which help us to provide this service (such as Visa and Mastercard).

How we use your Personal Information

As well as this PN, your privacy is protected by law. CRFS is allowed to use personal information only if we have a proper reason to do so.  There are six main ways that CRFS is permitted to use your personal information:

  • To manage and fulfil our contractual commitments to you
  • To meet our legal obligations
  • To protect the vital interests of you or people in your organisation
  • To perform a task in the public interest
  • When you consent to us using your personal information for a purpose
  • When it is in CRFS’s legitimate interests.

We also use your personal information, including intent data, to: 

  • Personalize your website experience and provide you with more relevant content and offers.
  • Improve our website and marketing efforts.
  • Better understand your needs and interests. 

The majority of these uses are mandatory – in other words, where we need to use your personal information to meet our contractual obligations to you, to meet our legal obligations and to protect your vital interests. This also includes where you have provided us with your consent to use your personal information.

Cookies and Tracking Technologies 

We use cookies and similar tracking technologies to collect and store information about your online activity. This information helps us to provide and improve our website and to personalize your experience. You can manage your cookie preferences through your browser settings. 

Ways that CRFS uses personal data

  • To fulfil our obligations to you.
  • To deliver our products and services to you.
  • To correctly bill you for services and products.
  • To resolve complaints.
  • To provide you with information required to ensure you are informed of your products and services (where you consent).
  • To provide you with improved customer service.
  • To understand how you use our website to help develop our marketing activities and improve our customer service.
  • To detect, investigate, report and seek to prevent financial crime.
  • To recover money that is owed to us.
  • To run our business in an efficient manner.
  • To market products and services to you (where you consent).

We may also use your personal information based on our legitimate interests. A legitimate interest is when we have a business or commercial reason to use your information (for instance to add value to our products and services or to improve our customer service). But even then, it must not unfairly go against what is right and best for you. To achieve this, we will ensure that the collection and processing of your personal information:

  • is kept to a minimum with regards to the amount of data collected and the extent of any processing;
  • will not be overly intrusive to you; and
  • will be proportionate in order to meet our legitimate interests, as described below.

Our legitimate interests

  • Predict and develop what products and services will suit you and the pricing of those products
  • Analyse our interactions with you to improve our customer services for you
  • To seek your consent when we need it to contact you
  • To market products and services to you
  • Develop our products and our service to better meet customer needs
  • Consider all aspects of the personal data we hold about you, to help us understand how you use our products and what products may suit you.
Sending data outside of the EEA

Your personal information will occasionally be transferred to third party organisations, some of whom may be located outside of the EEA, as part of the services that we offer to you. For example, this could happen if any of our servers that store your personal information are located in a country outside of the EEA, or when one of our service providers is located in a country outside of the EEA, such as the United States. Different countries have different data protection and security laws and some of these do not offer the same level of protection as under UK data protection legislation.

The agreements that we have with these third-party organisations are such that they will not use your personal information for any other purposes other than what we have agreed with them. We ensure that any third-party organisations with whom we share personal information implement adequate levels of protection to safeguard your personal information, in accordance with the GDPR and any other applicable data protection legislation. For example, we may put in place special contracts (which are approved by the European Commission and are known as “standard contractual clauses”) with those services providers, or alternatively will ensure they have signed up to, and comply with, other approved mechanisms such as the EU-US Privacy Shield.

If you choose not to give personal information

We may need to collect personal information by law, or under the terms of a contract we have with you. If you choose not to give us this personal information, it may delay or prevent us from meeting our obligations.

Marketing

We believe it is important for CRFS to communicate with you to let you know of products, services, and other important information.  Communication with you allows us to understand your needs, so we can offer you the right products and services to help and support your specific requirements.  We will contact you with marketing messages if you have consented to them.  We may also contact you if you are a new or existing customer, or you are an existing customer and the marketing messages relate to similar products or services to those that you have currently (or have had in the past), and we have a legitimate interest in doing so.  We may also have regulatory or contractual reasons for sending you communications.

Our communications with you

Where you phone us to enquire about a new product, or you visit our website to assess different products but do not complete a sale then we will record this. We may use this information to prioritise our communications with you and we may contact you to offer you the opportunity to assess whether other products are more suitable for you.

Where we rely on your consent, we may seek, or re-seek, your marketing consent any time there is a change in your relationship with us, including, where you investigate buying another product from us, change address, add additional contacts to your account, where you have objected to marketing communications, where there is a change in law, where there is a structural change in our business, or where prices change.

Where we do not hear from you we will contact you no more frequently than every 12 months to ensure your consent preferences remain accurate. Of course, you are free to change your preferences at any time either online or by contacting us. We will always need to send you information on the products and services that you use. However, you can ask us to stop sending you marketing messages by contacting us at any time.

How long we keep your Personal Information

We will keep your personal information for as long as you are a customer of CRFS. After you stop being a customer, unless we explain otherwise to you, we’ll hold your personal information based on the following criteria:

For as long as we have reasonable business needs, such as managing our relationship with you and managing our operations to allow us to respond to any questions or complaints you may have
  • For as long as we provide goods and/or services to you and then for as long as under product support or warranty cover; and/or
  • Retention periods in line with legal and regulatory requirements.
Appropriate safeguards will be implemented to protect your data, including where technical limitations restrict our ability to remove your personal information from our systems.

Obtaining your Personal Information

You have the right to obtain a copy of the personal data we hold about you:

By emailing us at: privacy@crfs.com

By writing to us at: Data Privacy Team, CRFS Ltd, Unit 1, Bourn Quarter, Wellington Way, Cambridge, CB23 7FW, UK

You also have the right to get your personal information from us in a format that can be easily re-used. You can also ask us to pass on your personal information in this format to other organisations if this is technically feasible.

Correcting your Personal Information

You have the right to question any information we have about you that you think is wrong or incomplete. Please contact us if you want to do this.

By emailing us at: privacy@crfs.com

By writing to us at: Data Privacy Team, CRFS Ltd, Unit 1, Bourn Quarter, Wellington Way, Cambridge, CB23 7FW, UK

Controlling your Personal Information

Data Protection law provides you with a number of rights in relation to how we can use your personal information.

Right to erasure (Right to be forgotten) – you have the right to request the deletion or removal of your personal information where there is no compelling reason for its continued processing by us.
  • Right to restrict processing – you have the right to request that we block or suppress processing of your personal information.
  • Right to object – you have the right to object to the processing of your personal information by us where the processing is based on our legitimate interests, is processed for direct marketing purposes (including profiling) or for the purposes of statistics. If you wish to object to our use of legitimate interest for marketing please see section ‘Withdrawing your consent’  for contact details.
  • Rights related to automated decision making including profiling – you have the right not to be subject to automated decision making, including profiling. We can only carry out these activities where the decision is necessary for entry into the performance of a contract, authorised by European Union or Member state law to which we are subject or based on your explicit consent.

There may be legal or other reasons why we need to use your data in the way that we do, but please contact us if you think otherwise.

By emailing us at: privacy@crfs.com

By writing to us at: Data Privacy Team, CRFS Ltd, Unit 1, Bourn Quarter, Wellington Way, Cambridge, CB23 7FW, UK

Further information on your personal information rights is available on the Information Commissioner’s website at ico.org.uk

Withdrawing your consent

Where we process personal information based on your consent, you have the right to withdraw this consent at any time. If you withdraw your consent, and we rely on it to use your personal information, we may not be able to provide certain products or services to you. Please contact us if you want to do this.

Through your email preferences centre:

In the footer of each email we send you there is the option to manage your preferences and/or unsubscribe to communications.

By emailing us at: privacy@crfs.com

By writing to us at: Data Privacy Team, CRFS Ltd, Unit 1, Bourn Quarter, Wellington Way, Cambridge, CB23 7FW, UK