We operate a number of websites, industry magazines, newsletters and other services to individuals in the construction and power industries.
1. How do we collect information?
We collect information in the following ways;
When you give it to us DIRECTLY
There are many ways you give us your information. For example;
- When you register on our websites
- When you request to receive our free e-newsletters
- When you complete a survey asking for your views on various products and services
- When you purchase a product or service from us
- When you download a free digital issue of the magazine
- When you request more information about a product or service that we offer
- When you communicate with us either by phone, in writing, by email or in person.
Please always obtain consent first before giving us anyone else’s personal information.
Please make sure that any personal details which you provide are accurate and current, and let us know if there are any changes.
When you give it to us INDIRECTLYYour information may be shared with us by independent organisations, for example associations such as IPAF (International Powered Access Federation) or NDA (National Demolition Association). These independent third parties will only share your information when you have consented.
You should check their Privacy Notice when you provide your information to understand fully how they will process your data.
When you share your data with us via Social MediaDepending on your settings or the privacy notices for social media and messaging services like Facebook, WhatsApp, LinkedIn or Twitter, you might give us permission to access information from those accounts or services.
If you use community tools, we may store the content and communications which you send and receive, and we reserve the right to monitor your communications. We may also detail your activity and personal preferences when visiting our sites (see “Cookies”, below).
When you share your data with us via information available publiclyThis may include information found in places such as websites, business listings, association membership lists, directories, Companies House and information that has been published in articles/newspapers.
2. What personal information do we collect?
We will only ever capture the minimum amount of information that we need to in relation to your subscription, purchases or services we provide to you and we promise to keep your information secure.
The personal data we will usually collect is:
- Your name
- Your contact details
Where it is appropriate, we may also ask for additional information.
3. What do we do with the information we collect?
We will use your personal data with your consent on a contractual basis to provide you with the product or service that you have requested, such as;
- Magazine subscriptions
- Industry Reports
We will process your personal data for the legitimate interest of conducting core business activities, these will include:
- where the processing enables us to enhance, modify, personalise or otherwise improve our services / communications for the benefit of our customers
- to enhance the security of our network and information systems
- to operate our websites and provide the information and services you ask for, including downloads, reports, chat rooms, bulletin boards, promotions and competitions
- to send you magazines, either in print (by post) or in digital format (by email) that will be of interest and benefit to you as an individual in the construction or power industry
- to deal with your customer service requests
- for internal analysis and research to improve our websites and other products and services
- to send you newsletters by email that will be of interest and benefit to you as an individual in the construction or power industry
- to send you marketing information about KHL publications, events and services, by post and by email
- to send you information from selected third-party companies, but only as permitted by law or requested by you (see “How to unsubscribe” below)
- to send administrative emails (for example, if you forget your password)
- to prevent and detect fraud and abuse of our sites or services
- to determine the effectiveness of promotional campaigns and advertising (data is aggregated)
Whenever we process data for legitimate interest purposes, we will ensure that we always keep your Personal Data rights in high regards and take account of these rights. You have the right to object to this processing if you wish and if you wish to do so please e-mail firstname.lastname@example.org. All emails will be answered within 2 working days. Please bear in mind that if you object, this may affect our ability to carry out tasks for your benefit.
How to unsubscribe
- Click the unsubscribe link at the bottom of any e-mail newsletter or other correspondence.
4. Who else has access to your information
Our service/host providersIn the course of our legitimate business activities, there may be a need for us to share, or give access to, your personal data to affiliated companies or other organisations who work for us that provide us with services or host our applications/software that you may access, for example:
- Mailing houses – those who package and send magazines to subscribers
We will ensure that data processing agreements, compliant to GDPR, are in place before sharing with, or giving access to, your data with any of our service/host providers.
Some of these companies may process your information in countries outside the European Economic Area (EEA), such as the United States. Data protection laws in these countries may not offer the same level of protection as in the EEA. If you are not happy for us to transfer your information in this way, you should not access and use our websites.
Sharing with third partiesWe will never commercially sell your personal data to anyone else or give it to third parties who might use it for their own purposes.
We will only ever share your personal data in other circumstances, not listed above, if we have your explicit and informed consent at the time of collection.
In exceptional circumstances, we may disclose your personal information if required by law or to protect or defend ourselves or others against illegal or harmful activities. If our business is sold or restructured, your details may be transferred as part of the business.
5. How we keep your information safe and who has access to it
Your personal information will be hosted securely within the UK. We ensure that there are appropriate physical and technical controls in place to protect your personal details.
We undertake regular reviews of who has access to information that we hold to ensure that your personal information is only accessible by appropriate KHL employees and our service/host providers.
We will ensure that all KHL staff who have access to your personal data shall be obliged to keep your personal data strictly confidential. We do comprehensive checks on the companies we use before we work with them and put a contract in place that sets out our expectations and requirements, especially regarding how they manage the personal data they may have access to as part of providing those services.
We have a duty to report certain types of personal data breaches to the relevant supervisory authority, and where feasible, we will do this within 72 hours of becoming aware of the breach. If a breach is detected and likely to result in a high risk of adversely affecting you, we will inform you without undue delay.
We take commercially reasonable steps to protect your personal information. This includes setting up processes and procedures to minimise unauthorised access to or disclosure of your information. However, we do not guarantee that we will eliminate all risk of misuse of your personal information by intruders. Please keep any passwords for your accounts safe and do not disclose them to anyone else. You must contact us immediately if you become aware of any unauthorised use of your password or other security breach.
Bulletin boards, chat rooms and other community areas on our sites are open to the public. You should avoid disclosing any information in these areas which may identify you or anyone else. We are not responsible for the protection or security of information which you disclose in these areas.
6. How long we retain your information and how we keep it up to date
We will only keep your information for as long as we need it to assist you with your enquiry, magazine subscription, newsletter subscription, event registration or other services associated to SCI media. We shall delete your data when we are no longer providing you with any products or services, or when you request for us to delete your data. We shall delete your information according to guidance issued by the Information Commissioner.
7. Your rights
The General Data Protection Regulations gives you certain rights and these are listed below for your convenience, further clarification of your rights is available on the Information Commissioners website
- You have a right to be informed when your personal data is being collected, what is collected and how it will be used or shared.
- You have the right to withdraw consent at any time.
- charge a reasonable fee taking into account the administrative costs of providing the information; or
- refuse to respond.
- You have a right in certain circumstances to have inaccurate personal data rectified, blocked (restrict processing), erased (right to be forgotten), or destroyed.
- You have a right in certain circumstances to object to the processing of your personal data for such reasons as direct marketing, automated decision making, profiling; although we can confirm we make no decisions on you using an automated process.
- You have a right to obtain certain products or service from us without sharing your data with us, for example; website downloads and website reports. Applicants should be aware that a reasonable financial charge will be made for providing this service. Financial transactions must be retained for 7 years. All other data (except financial) relating to the transaction will be deleted once the transaction has taken place.
- You have the right for your account to be deleted.
- You have a right, in certain circumstances, to data portability.
We collect and process your personal data through legitimate interests or because you have provided it to us to enable us to deliver a service to you. We will only process your personal data as you would reasonably expect us to.
Finally, if you are unhappy with how we have processed your information, you have the right to lodge a complaint with the Office of the Information Commissioner, contact details below.
Some of our websites contain cookies. Cookies are small text files that a website sends to your computer to record your online activity. Cookies may be used on our websites to help personalise your visits to our sites, improve how you use certain aspects of our sites and to record your online activity. You can disable cookies by adjusting your browser settings, but if you do so, some functions on our sites may not work correctly.
CCM GDPR Information Center
On May 25th, 2018 the EU General Data Protection Regulation (GDPR) entered into force in the European Union. To answer any GDPR-related inquiries, we have created CCM GDPR Information Center – a place where you can find all information about CodeTwo and the GDPR.
Privacy and security of your personal data
In CodeTwo, we care deeply about the privacy and security of your personal data. While processing personal data, we are always bound by these principles:
- we do not collect more information than it is necessary;
- we do not keep your data if it is no longer needed;
We are also committed to providing our clients with solutions that make it easier for them to comply with GDPR.
How has CodeTwo ensured GDPR compliance?
CodeTwo has engaged external advisors to make sure that its operations and processes meet the requirements of the GDPR. CodeTwo has undertaken the following actions to comply with the GDPR:
1. Defining the context of organization
CodeTwo has carefully analyzed the context in which it operates and identified relevant entities and their roles within personal data lifecycle;
2. Internal controls
CodeTwo has implemented processes and controls to make sure that no vital decisions regarding personal data processing and information security system can be made without a prior analysis and necessary internal approvals;
3. Internal procedures
CodeTwo has defined an extensive set of procedures describing the personal data processing and information security system, including procedures governing exercising data subjects rights;
4. Data Security Officer and Compliance
CodeTwo has designated a Data Security Officer – a person who is responsible for maintaining personal data security system and compliance program;
5. Data retention periods and scope of processed data
We have introduced and documented data retention periods and reviewed our processes against the scope of collected personal data to make sure that the data minimization principle is fulfilled;
6. Third parties
We have updated contracts with third parties to make sure that all contracts contain relevant data protection provisions required by GDPR and introduce a verification process to make sure that entities which do not guarantee security of personal data cannot become our business partners;
7. International Data Transfers
CodeTwo has reviewed contracts with third parties located outside of the EEA and updated relevant transfer mechanisms to make sure that international data transfers comply with the GDPR and that these third parties guarantee an adequate level of protection of personal data;
8. Services’ documentation
9. Training and awareness
We have prepared training materials on the GDPR and data security which are constantly available for all members of CodeTwo personnel. No one can start working in CodeTwo without being trained on the relevant GDPR provisions. All members of CodeTwo personnel undergo the training periodically.
Constant enhancements and control
We are fully aware that compliance with the GDPR is an ongoing process. Therefore, we have committed ourselves to undergo an external GDPR-compliance audit once a year. We have also employed our new and proprietary software development methodology to make sure that personal data protection principles are encoded in our products by design. We are working on several other initiatives as well.