FibreCRM Privacy Policy

Version 1.0 | May 2018

 

 

Introduction:

 

FibreCRM has created a robust and transparent Privacy Notice, designed to adhere to the GDPR and provide the Data Subjects with the highest possible levels of assurance and confidence in the security standards FibreCRM applies to their personal data.

 

As expected under the GDPR, FibreCRM will provide information to data subjects about how it processes their personal data, in a format that is:

  • Concise, transparent, intelligible and easily accessible
  • Written in clear and plain language, particularly if addressed to a child
  • Free of charge

All GDPR and Data Privacy documents are available on request, and we ask that you contact our Data Privacy Lead (Richard Jackson) in the first instance.

 

Index:

 

  1. The identity and the contact details of the controller

 

  1. The contact details of the data protection officer

 

  1. The purposes and legal basis for the processing

 

  1. Where the processing is based on legitimate interests, details of what these are

 

  1. The recipients or categories of recipients of the personal data

 

  1. Details of any transfer to a third country and details of the safeguards and how to obtain a copy of them or where they have been made available

 

  1. The retention periods or the criteria used to determine that period

 

  1. Details on rights of access to and rectification/deletion of personal data. Rights to object to processing and the right to data portability

 

  1. If processing is based on consent, the right to withdraw consent

 

  1. The right to lodge a complaint with the supervisory authority

 

  1. Details on whether the data subject is obliged to provide the personal data and the consequences of failure to provide it

 

  1. Details of any automated decision making, including details of the logic used and potential consequences for the individual

 

Identity and Contact Details of the Data Controller

 

Simon Leek (Director of FibreCRM Ltd) is the Data Controller. Simon`s contact details are as follows:

 

Data Controller:

 

Address:                      FibreCRM Ltd

Tremough Innovation Centre

Penryn

Cornwall

TR11 5GR

 

Telephone:                  020 3598 0898

 

Email:                          simon@fibrecrm.com

 

 

Identity & Contact Details of the Data Protection Lead

 

DPL:                             Richard Jackson

 

Address:                      FibreCRM Ltd

Tremough Innovation Centre

Penryn

Cornwall

TR11 5GR

 

Telephone:                  020 3598 0898

 

Email:                          richard.jackson@fibrecrm.com

 

Purpose and Legal Basis for Processing

 

FibreCRM processes personal data for Customer Relationship Management (CRM) software.

 

CRM is a strategy for managing an organisation’s relationships and interactions with customers and potential customers (prospects and/or leads).

 

CRM is designed to allow a Data Controller to manage their customer/business relationships, as a tool for growth and business development, efficiency and integration with existing/other business software tools.

 

In its simplest form, CRM provides a central location for storing customer and prospect information, and that data can be shared with internal colleagues. CRM tracks the historical interactions with customers, through telephone calls, emails, meetings and documentation.

 

Typical CRM systems will provide tools such as:

 

  • File and Content Sharing
  • Sales Forecasting
  • Email Campaign Generation
  • Instant Employee Messaging
  • Email Integration
  • Software Integration (FibreCRM specialises in the integration of its CRM products with accountancy practice software)
  • Dashboard Analytics
  • Prompts and Reminders, Calls to Action

 

FibreCRM will only process personal data where the data subject has either confirmed their consent for us to do so, or where there is a legitimate interest.

 

Third Country Transfers

 

FibreCRM will, on occasion, need to transfer personally identifiable data outside the EEA, to third countries or international organisations. This is necessary due to the need to access appropriate CRM product expertise which not always available in the EEA and is for the benefit of our clients and data subjects. FibreCRM closely monitors the findings and recommendations of the Article 29 Working Party, in relation to guidelines and recommendations on data transfers, binding corporate rules and contractual clauses.

 

Data Subject Rights under the GDPR

 

The GDPR provides the following rights for individuals:

  • The Right to be Informed
  • The Right of Access
  • The Right to Rectification
  • The Right to Erasure
  • The Right to Restrict Processing
  • The Right to Data Portability
  • The Right to Object
  • Rights in relation to Automated Decision Making and Profiling

 

Data Subject Right to Complain to the ICO

 

Should the data subject desire to lodge a complaint with the ICO in relation to a perceived infringement to the GDPR in respect of data that relates to them, FibreCRM provides information to guide the data subject towards how to manage this complaint.

 

In more details, the complaint will progress in this manner:

 

  • Every data subject should have the right to lodge a complaint with a single supervisory authority (ICO in the UK), in particular in the Member State of his or her habitual residence, and the right to an effective judicial remedy in accordance with Article 47 of the Charter if the data subject considers that his or her rights under this Regulation are infringed or where the supervisory authority does not act on a complaint, partially or wholly rejects or dismisses a complaint or does not act where such action is necessary to protect the rights of the data subject

 

  • The investigation following a complaint should be carried out, subject to judicial review, to the extent that is appropriate in the specific case

 

  • The supervisory authority (ICO) should inform the data subject of the progress and the outcome of the complaint within a reasonable period

 

  • If the case requires further investigation or coordination with another supervisory authority, intermediate information should be given to the data subject

 

 

  • To facilitate the submission of complaints, the ICO should take measures such as providing a complaint submission form which can also be completed electronically, without excluding other means of communication

 

How we Protect your Information:

 

We adopt appropriate data collection, storage and processing practices and security measures to protect against unauthorized access, alteration, disclosure or destruction of your personal information, username, password, transaction information and data stored on our Site.

Sensitive and private data exchange between the Site and its Users happens over a SSL secured communication channel and is encrypted and protected with digital signatures.

Changes to this Privacy Policy:

 

FibreCRM Limited has the discretion to update this privacy policy at any time. When we do,

we will post a notification on the main page of our Site, revise the updated date at the bottom of this page. We encourage Users to frequently check this page for any changes to stay informed about how we are helping to protect the personal information we collect.