Who are we?
We are Acteon Group Operations (UK) Limited, registered in England and Wales with company number 15426649 (“we”, “Acteon”, “us”, “our”).
Our contact details
If you have any concerns or questions about our use of your personal information, you can:
Email: [email protected]; or
Write to: Legal & Risk, Acteon Group Operations (UK) Limited, Ferryside, Ferry Road, Norwich, Norfolk, NR1 1SW, UK
Changes to this notice
We may amend this notice from time to time. If we make any changes, we will notify you and, where required, obtain renewed consent.
What personal data do we collect?
Name, email address, location, telephone or mobile, job title.
How do we use your personal data?
Administrative operations – fulfil contract;
Statistical analysis – legitimate interests;
Marketing activity, including sharing with the group – legitimate interests;
Retention of information to conduct our business operation – legitimate interests;
Retention of information to fulfil legal requirements – legal obligations;
To enforce our agreements with you – legitimate interests.
Who do we disclose your personal data to?
Third party service providers:
- cloud services
- logistics
- marketing
- enforcing customer payments
Other entities within the Acteon Group of companies (please contact us if you require further details)
Professional advisors such as accountants and lawyers
Government or regulatory authorities
Insurers and broker
Please note this list is non-exhaustive and there may be other examples where we need to share with other parties where justified by our legitimate interest, permitted by applicable law, or necessary for compliance with a legal obligation to which we are subject.
Where do we send your personal data?
Your personal data will be transferred to third countries (i.e., countries outside of the UK or EEA and without an adequacy decision from the European Commission or UK Secretary of State). This includes, as a minimum, all countries in which Acteon companies are located and could include any country in the world dependent upon the reason required for transfer. In circumstances where your personal data is transferred to a third country, it will be transferred pursuant to an appropriate safeguard (e.g., standard contractual clauses) or an exception/derogation.
Security of your personal data
We employ the following technical measures to keep your personal data secure:
- Controlled Access Rights
- User ID: Account creation process / procedure: APP / HR
- We require Multi-Factor Authentication (MFA) on all accounts
- Measures for the protection of data during transmission
- Use of encryption on all communication and data (VPN’s, HTTPS, 365 data at rest)
- We only use current protocols and algorithms (TLS 1.2 etc.)
- Emails use TLS for secure communication
- Measures for the protection of data during storage
- Drive encryption on laptops
- Physical control of the room
- All data rooms are behind locked doors
- Secure Backups – Combo of Cloud and Local backups
- Measure of availability / restore times
- Appropriate Disposal of assets
- Certified disposal of assets with data on them
- Strong passwords
- Acceptable use policy outlines requirements of this
- Endpoint device protection software on all assets
We employ the following organisational measures to keep your personal data secure:
- Acceptable Use Policy
- “Clean Desk” Policy/Guidelines
- Information Security Policies
- Data Protection Policy
- Data Breach Notification Procedure
- National Institute of Standards and Technology cybersecurity audits
- Awareness and Training – (Phishing)
- Initial trainings
- Phishing and additional Ad-hoc training as needed
- Training – Global Data Privacy
- Protecting Personal Data
- Responding to a Data Privacy Breach
- Know your role
- Training – Ethics and Code of Conduct
- Confidential Information
- Data Privacy
What are your rights?
You have the following rights under data protection laws:
- Access: you can ask us for copies of your personal data;
- Rectification: you can ask us to rectify personal data you think is inaccurate or to complete information you think is incomplete;
- Erasure/be forgotten: you have the right to ask us to erase your personal data in certain circumstances;
- Restriction of processing: you have the right to ask us to restrict the processing of your personal data in certain circumstances;
- Object to processing: you have the right to object to the processing of your personal data in certain circumstances;
- Data portability: you have the right to ask that we transfer the personal data you gave us to another organisation, or to you, in certain circumstances;
- Withdraw consent: where your personal data is processed based on your consent, you have the right to withdraw your consent.
You are not required to pay any charge for exercising your rights. However, certain requests may attract a reasonable fee for the administrative costs of complying with the request if it is manifestly unfounded or excessive; or if you required further copies of the information following a request. If you make a request, we have one month to respond to you.
Please contact us using the details in the “Our contact details” section of this notice if you wish to make a request to exercise one or more of your rights.
Complaints to the regulator
If you have any concerns about our use of your personal information, you can make a complaint to us using the details in the “Our contact details” section of this notice.
You can also complain to the ICO if you are unhappy with how we have used your data.
The ICO’s address:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk