Privacy Policy

This privacy policy applies to www.crossdata.co.uk which is served by Dizions Limited and governs the privacy of its users and visitors and  provides details of how Dizions Ltd collect and process  personal data through the use of the site www.crossdata.co.uk, including any information you may provide through our site when you purchase a product or service. Dizions Ltd  need to collect and use certain types of personal information about the people they deal with, such as current, past and prospective clients, suppliers, affiliates, employees, professional contacts and others with whom they communicate.

In addition, Dizions Ltd may occasionally be required, by law or via their professional bodies  to collect, use and share certain types of personal information to comply with the requirements of government departments, agencies and regulators.

The Website

This website and its owners take a proactive approach to user privacy and ensure the necessary steps are taken to protect the privacy of its users throughout their visiting experience.

Data Protection Legislation

In the United Kingdom and the European Economic Area (EEA), “Data Protection Legislation” means all applicable data protection and privacy legislation or regulations including The Privacy and Electronic Communications (EC Directive) Regulations 2003 (also known as PECR) and any guidance or codes of practice issued by the European Data Protection Board or the Information Commissioner, together with:

·       prior to 25 May 2018, the UK Data Protection Act 1998; and

·       from 25 May 2018 onwards Regulation (EU) 2016/679 (the “General Data Protection Regulation” or “GDPR”), as amended by the UK Data Protection Bill.

Dizions Ltd fully endorse and adhere to the principles of data protection set out in the Data Protection legislation and will:

·       fully observe the conditions regarding the fair collection and use of personal information

·       Meet the  legal obligations to specify the purposes for which Dizions Ltd use personal information

·       only collect and process the personal information needed to carry out Dizions Ltd business or to comply with any legal requirements

·       ensure that the personal information used is as accurate as possible

·       ensure personal information is not held any longer than is necessary

·       ensure that people know about their rights to see the personal information Dizions Ltd holds about them

·       take appropriate technical and organisational security measures to safeguard personal information; and

·       ensure that personal information is not transferred abroad without suitable safeguards.

Use of Cookies

This website uses cookies to better the users experience while visiting the website. Where applicable this website uses a cookie control system allowing the user on their first visit to the website to allow or disallow the use of cookies on their computer/device. This complies with recent legislation requirements for websites to obtain explicit consent from users before leaving behind or reading files such as cookies on a user's computer/device.

Cookies are small files saved to the user's computer's hard drive that track, save and store information about the user's interactions and usage of the website. This allows the website, through its server to provide the users with a tailored experience within this website. Users are advised that if they wish to deny the use and saving of cookies from this website on to their computers hard drive they should take necessary steps within their web browsers security settings to block all cookies from this website and its external serving vendors.

This website uses tracking software to monitor its visitors to better understand how they use it. This software is provided by Google Analytics which uses cookies to track visitor usage. The software will save a cookie to your computer's hard drive in order to track and monitor your engagement and usage of the website, but will not store, save or collect personal information. You can read Google's privacy policy for further information

Other cookies may be stored to your computer's hard drive by external vendors when this website uses referral programs, sponsored links or adverts. Such cookies are used for conversion and referral tracking and typically expire after 30 days, though some may take longer. No personal information is stored, saved or collected.

Contact & Communication

Users contacting this website and/or its owners do so at their own discretion and provide any such personal details requested at their own risk. Your personal information is kept private and stored securely until a time it is no longer required or has no use, as detailed below. Every effort has been made to ensure a safe and secure form to email submission process but advise users using such form to email processes that they do so at their own risk.

External Links

Although this website only looks to include quality, safe and relevant external links, users are advised to adopt a policy of caution before clicking any external web links mentioned throughout this website. (External links are clickable text / banner / image links to other websites. The owners of this website cannot guarantee or verify the contents of any externally linked website despite their best efforts. Users should therefore note they click on external links at their own risk and this website and its owners cannot be held liable for any damages or implications caused by visiting any external links mentioned.

Social Media Platforms

Communication, engagement and actions taken through external social media platforms that this website and its owners participate on are custom to the terms and conditions as well as the privacy policies held with each social media platform respectively.

Users are advised to use social media platforms wisely and communicate / engage upon them with due care and caution regarding their own privacy and personal details. This website nor its owners will ever ask for personal or sensitive information through social media platforms and encourage users wishing to discuss sensitive details to contact them through primary communication channels such as by telephone or email.

This website may use social sharing buttons which help share web content directly from web pages to the social media platform in question. Users are advised before using such social sharing buttons that they do so at their own discretion and note that the social media platform may track and save your request to share a web page respectively through your social media platform account.

Shortened Links in Social Media

This website and its owners through their social media platform accounts may share web links to relevant web pages. By default, some social media platforms shorten lengthy URL's (web addresses).

Users are advised to take caution and good judgement before clicking any shortened URL's published on social media platforms by this website and its owners. Despite the best efforts to ensure only genuine URL's are published many social media platforms are prone to spam and hacking and therefore this website and its owners cannot be held liable for any damages or implications caused by visiting any shortened links.

Dizions' own client data

The types of personal data Dizions Ltd collect and use

Personal data means any information capable of identifying an individual. It does not include anonymised data.

Dizions Ltd may process the following types of personal data about clients as follows:

·       Identity Data may include: first name, maiden name, last name and  title.

·       Contact Data may include: billing address, delivery address, email address and telephone numbers.

·       Financial Data may include:  bank account details and other financial details.

·       Marketing and Communications Data may include  preferences in receiving marketing communications from Dizions Ltd and our third parties and your communication preferences.

Special Personal Data

Dizions Ltd do not collect any Special Personal Data. Special Personal Data refers to data that includes details about a client's race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. We do not collect any information about criminal convictions and offences.

Using client personal data: the legal basis and purpose

Dizions Ltd will process personal data:

·       as necessary to perform their contract with the client and to update their records

·       as necessary for Dizions Ltd own legitimate interests e.g. for good governance and managing their business operations and to send the client marketing communications (or those of a third party) and the client's interests and fundamental rights do not override those interests

·       as necessary to comply with a legal obligation.

Generally, Dizions Ltd do not rely on consent as a legal ground for processing client personal data, other than in relation to sending marketing communications via email or text message. You have the right to withdraw consent to marketing at any time by emailing dpo@dizions.co.uk

Change of purpose  

·       Dizions Ltd will only use client personal data for the purposes for which it was collected , unless it is reasonably considered that Dizions Ltd need to use it for another reason and that reason is compatible with the original purpose. If a client wants to find out more about how the processing for the new purpose is compatible with the original purpose, please dpo@dizions.co.uk

·       If Dizions Ltd need to use  personal data for a purpose unrelated to the purpose for which the data was collected, the client will be notified and the legal ground of processing will be explained.

Dizions Ltd may process client personal data without knowledge or consent where this is required or permitted by law.

Disclosures of Personal Data

Subject to applicable data protection law Dizions Ltd may share personal data with:

·       Government bodies and agencies in the UK e.g. HMRC and Companies House;

·       Sub-contractors and other persons who help  provide their services;

·       Service providers who provide IT and system administration services.

·       Courts, to comply with legal requirements;

·       In an emergency or to otherwise protect your interests;

·       Anyone else where we have your consent or as required by law.

We require all third parties to whom we transfer your data to respect the security of your personal data and to treat it in accordance with the law. We only allow such third parties to process your personal data for specified purposes and in accordance with our instructions.

Data Security

Dizions Ltd have put in place appropriate security measures to prevent personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, access to personal data is limited to those employees, agents, contractors and other third parties who have a business need to know such data. They will only process personal data on Dizions Ltd instructions and they are subject to a duty of confidentiality.

Dizions Ltd have in place procedures to deal with any suspected personal data breach and will notify the client and any applicable regulator of a breach where legally required to do so.

Data retention periods

·       Dizions Ltd will only retain personal data for as long as necessary to fulfil the purposes it was  collected for, including for the purposes of satisfying any legal, accounting, or reporting requirements. 

·       To determine the appropriate retention period for personal data, Dizions Ltd consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure, the purposes for which the personal data is processed and whether those purposes can be achieved through other means, and the applicable legal requirements.

·       By law Dizions Ltd must keep basic information about our clients (including Contact, Identity, Financial and Transaction Data) for six years after they cease being customers for tax purposes. 

Client rights under applicable data protection law

 These include the right to:

·       Request access to your personal data.

·       Request correction of your personal data.

·       Request erasure of your personal data.

·       Object to processing of your personal data.

·       Request restriction of processing your personal data.

·       Request transfer of your personal data.

·       Right to withdraw consent.

More information about these rights can be found at www.ico.org.uk

If a client wishes to exercise any of the rights set out above, please contact dpo@dizions.co.uk.

There is no fee payable to access your personal data (or to exercise any of the other rights). However, Dizions Ltd may charge a reasonable fee if the request is clearly unfounded, repetitive or excessive. Alternatively, Dizions Ltd may refuse to comply with the request in these circumstances.

Dizions Ltd will request specific information from to help confirm the identity and ensure the right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. Dizions Ltd may also contact you to ask you for further information in relation to your request to speed up our response.

Dizions Ltd will try to respond to all legitimate requests within one month. Occasionally it may take  longer than a month if the request is particularly complex or a number of requests have been made. Dizions Ltd will notify you and keep you updated.

Dizions and GDPR -Clients and their Users

Dizions software is used to store personal data for a wide range of purposes and includes sensitive information. Dizions recognises that it is important to ensure this data is only available to those authorised to process it.

Dizions is committed to ensuring the security and integrity of this data and achieves this in a number of ways.

Servers

All client data is held on servers operated by Rackspace and are located in the UK. These servers are:

·       inside a building with extensive physical security

·       protected from unauthorised access by a number of means, including multiple passwords, identifiable IP addresses and SSL

·       backed up daily with backups held securely for a limited period of time

·       subject to periodic penetration testing.

In some cases uploaded documents are stored on servers operated by Amazon which meet similar security standards.

No data is transferred out of the European Union.

Software

Dizions' software is protected by a two-stage login process to minimise the risk of unauthorised access. System Administrators can set:

·       minimum password strengths

·       password update intervals

·       permitted access times for individual users

·       permitted access IP addresses for groups of users

·       optionally use a second device (eg text message on a phone) to confirm login.

All connections are secured by a 256bit SSL certificate.

Each Dizions client has their own separate database(s) so there is no risk of data accidentally becoming visible to other clients.

Dizions' Staff

Dizions provides users with access to the Crossdata systems and creates the initial databases and users/passwords. However, after implementation, Dizions staff will not have access to the data stored in the clients' databases as users are forced to change the initial passwords when logging in for the first time.

However, Dizions support staff will have access to personal data in the following circumstances:

·       If data migration is requested, staff will need to be able to view the data being migrated during the process. This is subject to a specific data sharing agreement as part of the data migration contract.

·       If a remote desktop session is arranged to assist with technical support, Dizions staff will be able to view personal data displayed on-screen during the remote desktop session. Users have to agree to this before the session begins.

·       In a training/implementation session the Dizions trainer/consultant may have sight of clients' data during the session.

·       Very infrequently it may be necessary to access a client database directly, for example if all system administrators' passwords have been lost. Direct access is only possible from one computer within the Dizions office and must be authorised in advance and in writing by the client's authorised representative.

In all cases Dizions' personnel are bound by confidentiality agreements limiting processing any personal data to only that necessary to carry out the required tasks.

Lawful Processing

Under GDPR, Dizions processes a client's data as part of the contractual agreement with the client.

Processing is limited to:

·       That necessary to meet contractual obligations to provide the service offered by the Dizions software

·       Additionally, with the consent of the client, to provide technical support.

·       In the event of the termination of the contract, Dizions will destroy all client data stored in the software either:

o   immediately on termination if the client requests it, or

o   after a period of six months unless the client requests we retain it for a longer period.

Rights of Access, Rectification, Erasure and Data Portability

Dizions' software systems include all the necessary functions to enable clients to meet these requirements without requiring any intervention from Dizions.

Certifications

Dizions is certified to ISO 27001 and Cyber Essentials Plus, both of which are externally reviewed and audited annually.