Ctrl Hub gain ISO27001

ISO27001 accreditation highlights continued focus on data security for Ctrl Hub

The team at Ctrl Hub are having a very productive first half to 2018:

  • Business / user numbers continue to grow
  • Client satisfaction is at its highest
  • A new website is being finalised
  • Ctrl Hub is now GDPR compliant
  • A major product upgrade (V2.0) is being rolled

Now they have another reason to celebrate after announcing they have achieved ISO27001 accreditation.

ISO27001 which is a globally recognised standard demonstrates that the holder is adhering to best practices and procedures of information security.

Mark Lisgo, Director at Ctrl Hub explains why ISO27001 means so much to the team, “As a business we are focused on supporting our clients to reduce overall risk and increase business performance.”

“To achieve this Ctrl Hub provides a powerful and paperless solution to operational management, and how we support clients to manage their information securely within the system is critically important.”

“Our clients trust us to support their business as it captures, stores and shares information both internally and externally, and this involved multiple locations, departments and stakeholders.”

“The announcement of ISO27001 accreditation shows how committed we are across all areas of information security, governance, risk and compliance, excellence in these areas ultimately drives better performance for Ctrl Hub, and our clients.”

“I would like to thank everyone involved in supporting the work required to achieve this prestigious award, especially Ashley Dawson our Chief Technical Officer, his technical and organisational skills have been key to getting the accreditation, all at the same time as getting Ctrl Hub 2.0 ready for release.”

Ctrl Hub were audited by the British Assessment Bureau during May and passed with zero non-conformances.

For more information about the benefits of a powerful, paperless, ISO27001 certified and GDPR complianct operational management system contact Paul Henderson at paul@ctrl-hub.com or visit www.ctrl-hub.com

 

 


Ctrl Hub - Corporate Privacy Policy

CORPORATE PRIVACY STATEMENTOF CTRL HUB LIMITED

REVIEWED IN MAY 2018

We, Ctrl Hub Limited (also referred to as we, us our in this document), are committed to protecting and respecting your privacy.  For the purposes of this policy ‘you’ are our customers or individuals who supply personal information to us in order to communicate with us.

This privacy policy sets out the basis on which we collect and process personal information gathered:

  1. through our website ctrl-hub.com (our “Site”);
  2. when you communicate with us by email or telephone;
  3. when you enter into contracts with us to use our Platform (the “Platform”).

For the purposes of data protection legislation (the Data Protection Act 1998 and its successor legislation the EU General Data Protection Regulation which will take direct effect in the UK on 25 May 2018), we are the controller of this personal information.  This means that we determine the purposes and means of the processing of this personal data.

Please note that when you enter into a contract with us for the use of the Platform, you and your employees will upload personal data during day to day use of the application.  We simply process this personal information on your behalf and you remain the controller of this data.  The full terms on which we process the information uploaded to the Platform are contained in our Platform privacy statement (available on the platform) and in your service agreement with us.   When you become a client we also hold some personal data about your employees so that we can administer the contract.  In relation to that data we act as a controller and perform the activities set out in this policy.

Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. If you have questions or complaints regarding our privacy policy or practices, please contact us at enquiries@ctrl-hub.com.

If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact the Information Commissioner’s Office on 03031231113 or via the complaints mechanism on their website www.ico.org.uk.

WHAT IS PERSONAL INFORMATION?

We consider the following to be personal information: name, identification number, phone number, job title and e-mail address.  It may also include less obvious information such as location data, an online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of a natural person. We treat personal information is confidentially.

COLLECTION OF PERSONAL INFORMATION THROUGH OUR SITES

Personal Information We Collect
Our Site does not collect personal information about you except for information that you voluntarily provide when you request a demo of the Platform or submit an email to us with comments or questions about our Site or product. We may set cookies from time to time to better gauge our readership level, please see our cookie information for further details.

COLLECTION OF PERSONAL INFORMATION FROM YOU WHEN YOU COMMUNICATE WITH US

We may collect personal information from you when you communicate with us by email, telephone or post.  This could be to obtain some further information about any of our product or services or for another reason.  Where it is appropriate to do so, this information may added to our marketing database (see MARKETING COMMUNICATIONS).

COLLECTION OF PERSONAL INFORMATION FROM OUR CUSTOMERS

We also collect personal data from you when you enter into a contract with us to use our Platform.  In these circumstances we collect and process the following information about you:

Information you give us:

  • when you, your company or your employer enters into a contract with us for the Platform;
  • by corresponding with us by email or otherwise; and
  • when a user account is created by you, or on your behalf, to access the Platform.

The information you give us may include your name, address, job title and organisation you work for, email address and phone number.

We use this information to:

  • carry out our obligations arising from contracts entered into between you or your company and us and respond to customer service requests;
  • administer your account;
  • notify you about changes to our services; and
  • send you a newsletter or information about other products we offer that are similar to those you have already purchased, provided you have agreed to receive such communications (see MARKETING COMMUNICATIONS).

Support Portal

We provide a support function to our clients through which you log any service issues associated with the Platform.  To enable our helpdesk to respond quickly and efficiently, personal data will be collected from the individual logging the problem. Where necessary the helpdesk engineer will use this personal data logged to communicate with the individual in order to reach a resolution of the service issue.

DISCLOSURE OF YOUR PERSONAL INFORMATION

Service Providers
We use other third parties to process personal data on our behalf, for example we use Amazon Web Services to host the Platform (within the EEA). We will share your personal information only as necessary for the third party to provide us with that service.

We will ensure that our agreements with any such third parties contain appropriate data protection provisions so that personal information is processed only in accordance with our instructions and within the boundaries of the legal framework for data protection.

Other third parties
If we sell our business, or it undergoes a business transition, your personal information may be transferred to a third party as part of the process.  Where this is likely to occur, we will endeavour to inform you in advance.  If you are a customer, please see the terms on which we provide your service for further information.

We may also disclose your personal data if we are under a duty to do so in order to comply with any legal obligations; in order to enforce or apply our terms of use and other agreements; or to protect the rights, property or safety of business, our customers or others.  This includes exchanging information with other companies and organisations for the purposes of fraud protection.

MARKETING COMMUNICATIONS

You have the right to ask us not to process your personal data for marketing purposes.  We will inform you (at the point of collecting your data or as soon as possible thereafter) if we intend to use your data for direct marketing purposes (i.e. providing you with details of other products and services which we feel may interest you) and you will have the option to refuse permission for us to do this.   You can opt out of receiving any marketing communications from us at any time by clicking to ‘unsubscribe’ on any communication we send to you.

ACCESS TO PERSONAL INFORMATION

Your rights in connection with personal information

Under certain circumstances, by law you have the right to:

Request access to your personal information (commonly known as a "data subject access request"). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.

Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.

Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).

Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.

Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.

Request the transfer of your personal information to another party.

If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact our client support team at support@ctrl-hub.com.  If you are a client, you may also choose to deactivate your membership account.

No fee usually required

You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

What we may need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.

Right to Withdraw Consent

In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact our client support team at support@ctrl-hub.com.  Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.

INFORMATION SECURITY

Data Security

We have put in place measures to protect the security of your information. Details of these measures are available upon request. Third parties will only process your personal information on our instructions and where they have agreed to treat the information confidentially and to keep it secure.

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

How long will we use your information for?

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you. Once you are no longer a customer, of the company we will retain and securely destroy your personal information in accordance with applicable laws and regulations.

WHERE WE STORE YOUR PERSONAL DATA

Ctrl-Hub used Amazon Web Services to host the Platform on its secure servers in its data centre in the Republic of Ireland, consequently your personal data is never transferred outside of the European Economic Area (EEA).  If you require more information about where we store your personal data, please contact us at info@ctrl-hub.com.

 

LINKS TO OTHER SITES

Our Site may, from time to time, contain links to and from other websites that are not owned or controlled by us. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies.  Please check these policies before you submit any personal data to these websites.

COOKIES

A cookie is a small text file that is stored on a user’s computer for record-keeping purposes. We use cookies on our Sites and on our Cloud Service platforms, please see our Cloud Services privacy policy for information on how cookies are used by our platforms https://www.ctrl-hub.com/about-cookies. We link the information collected by cookies to personally identifiable information you submit to us while on our Sites.  This means, for example, that where you have submitted an email address to our Sites to receive updates from us, our cookies will monitor your browsing activity so we can better tailor our mailshots to you.

We use session ID cookies and persistent cookies. We use session ID cookies to make it easier for you to navigate our Sites. A session ID cookie expires when you close your browser. A persistent cookie remains on your hard drive for an extended period of time and enable us to track and target your interests to enhance your experience on our Sites. You can remove persistent cookies by following directions provided in your Internet browser’s “help” file.

If you reject cookies, you may still use our Sites, but your ability to use some areas of our Sites will be limited.

The use of cookies by our partners, affiliates, service providers is not covered by our privacy statement but you can use the following link to view their details ps://www.com/about-cookies.  We do not have access or control over these cookies. Our partners, affiliates, service providers may use session ID cookies for identity management within the Sites as you navigate to different areas.  Please visit their privacy statements for information on their policy in relation to handling personal information.

Clear Gifs (Web Beacons/Web Bugs)
Clear gifs are tiny graphics with a unique identifier, similar in function to cookies, and are used to track the online movements of web users. We use clear gifs in our HTML-based emails to let us know which emails have been opened by recipients. This allows us to gauge the effectiveness of certain communications and the effectiveness of our marketing campaigns. If you have elected not to receive marketing emails from us, clear gifs will not be used in any other communications with you.

Links to Other Sites
Our Sites may, from time to time, contain links to and from other websites that are not owned or controlled by us. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies.  Please check these policies before you submit any personal data to these websites.

 

CHANGES TO OUR PRIVACY POLICY

We may update this privacy statement to reflect changes to our information practices or changes in applicable law. If we make any material changes we will notify you by email (sent to the e-mail address specified in your account) or by means of a prominent notice on this Site prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices.

 

Document:  30

Version:  1

Date:  17 May 2018