cordel scan of railway

GDPR Statement

This statement was produced on 24th May 2018 and updated on 22nd November 2021.

GDPR

GDPR (General Data Protection Regulation) imposes strict controls on how all organisations collect and process personal data within the European Union and/or personal data of EU citizens.

The regulation outlines six key principles for organisations that process individuals’ personal information. These are that data shall be:

  • processed lawfully, fairly and transparently
  • collected for specified, explicit and legitimate purposes
  • adequate, relevant and limited to what is necessary for processing
  • accurate and kept up-to-date
  • retained only for as long as necessary
  • processed in an appropriate manner to maintain security

What has Cordel done to prepare for GDPR?

We are constantly improving the technical and organisational security measures we have in place to protect your data and ensure we are fully compliant with GDPR. The work we are doing will also assist with your own compliance obligations regarding any customer data held within Cordel or platforms delivered by Cordel.

Under the terms of GDPR, Cordel will only collect, store and process personal data required to perform the services provided by Cordel (e.g. contact details, IP addresses). We will not collect, store or process data that is labeled as sensitive under GDPR including but not limited to data that reveals racial or ethnic origins, political opinions, religious or philosophical beliefs, trade union memberships, genetic data, data concerning health or sexual orientation.

Cordel sales will handle personal data in the following contexts:

  • Contact information collected and used for cold outreach (email & phone)
  • Prospect information used during engagement, potentially leading to a sale
  • Post-sale customer information

Personal data is held in the following systems:

  • Corporate (gmail) address book
  • CRM (Hubspot currently)

Here are some of the ways we are ensuring that we are fully GDPR compliant.

Awareness & accountability

We have a company-wide commitment to ensuring complete compliance with GDPR. Our progress is communicated throughout all departments each quarter, so that everyone working at Cordel understands what needs to be done and by when.

Audit

We are undertaking an extensive audit to clearly document what data we hold, where we hold it, where that data comes from and where it potentially goes. This enables us to keep track of all data and allows us to make the right decisions to ensure that your data is always protected.

Policies

We have updated our Privacy and Cookie Policies along with our Terms of Service so that you can see exactly how, why, where and for how long we may be processing and holding your data. You can contact us on support@abovedigital.agency at any point in time if you have questions or would like to lodge a complaint.

Basis and consent

By signing up to Cordel, you are entering into an agreement which gives us a legitimate basis to process your data, in line with GDPR requirements. In order for you to benefit fully from the services provided by Cordel, we will need to process some of your data.

However, in order to keep you up-to-date with helpful tips, events and exciting news, we will need your explicit consent. Such consent will be requested explicitly when the need arises.

Your rights

Under GDPR you have the right to see a full copy of any data we hold about you, and also the right to request that it is fully deleted from our system (although we may be required to keep some records to ensure that you are not contacted in future, or to comply with any legal obligations).

This is also true for the data you hold about your customers within our services – you need to be able to adhere to GDPR requirements too, and we are willing to support you with this. We will continue to keep you updated with our progress on this via the website, newsletters or social media.

Data protection

Security is a priority in everything we do while developing and delivering Cordel. We are constantly evaluating potential threats to understand if there is any risk to your data. As potential threats are constantly evolving, we use a number of technical and organisational measures – which are also continually adapting – to stay ahead of potential threats.

Legal jurisdiction

Cordel is a Global Group incorporated under the laws of the United Kingdom, so we ultimately answer to the UK Information Commissioner’s Office (ICO) regarding Data Privacy and Protection.

Despite all our best efforts, should the unthinkable happen and we suffer a significant data breach that puts your personal data at risk, we have a legal duty to report this to the ICO within 72 hours of discovery. We have updated our internal Security Incident Response Policy and Procedures to include mandatory notification requirements, both with the ICO and publicly with you, our customers.

Maintaining your privacy is of the utmost importance to us.

Contacting us

If you want to contact us about GDPR, data protection or how we handle your data in general, please contact us on support@abovedigital.agency and we will get back to you promptly.

Where can I learn more about GDPR?

You can go directly to the European Commission website for a full run down of everything GDPR-related: https://ico.org.uk/for-organisations/data-protection-reform

The UK Information Commissioner’s Office website is also another great resource for GDPR info: http://ec.europa.eu/justice/data-protection/index_en.htm