If you follow a link to a service provided by another government department, agency or local authority, that organisation will:
- be the data controller for that site
- be responsible for processing any data you share with them
- publish and manage their own privacy notice with details of how to contact them
This Policy describes:
- What information we collect
- How we use the information we collect
- The legal basis for using your personal data
- What we do with your personal data
- Keeping your information secure
- How long we keep your personal data
- Where your data is processed and stored
- Your choices and rights
- Linking using personal data
- Changes to this policy
- How to contact us
What information we collect
We collect certain information about you when you use cefas.co.uk. “Personal data” is any information that can be used to identify you or that we can link to you.
This site collects and processes the following personal data:
- information you provide to us: when you contact us with questions, queries or feedback, the personal data you provide may include your full name, email address and other contact details
- recruitment application; when you apply for a role with us you may be need to provide us with your name and contact details along with various personal employment data, this is processed in line with our Recruitment Policy; and
- cookies and site monitoring: when you access cefas.co.uk, we may record your IP address, details of which version of web browser you used and information on how you use the site, using cookies and page tagging techniques.
For more information regarding how we collect and use personal data collected via cookies, see our Cookies Policy, where you can also find information on how to disable certain cookies by using appropriate features of your web browser software, if available.
How we use the information we collect
We may retain and process your personal data for the following reasons:
- to keep a record of questions, queries or feedback you have sent to us
- where you have applied for vacancy information or a position with us, to review and process your job application
- to comply with legal and regulatory obligations that we have to discharge
- to record and monitor your use of our website or our other online services for business purposes e.g. analysis of usage, measurement of site performance and generation of marketing reports
- to investigate any complaints or queries you may have
- to prevent and respond to actual or potential fraud or illegal activities
The legal basis for using your personal data
Depending on the nature of the personal data, and the reason why we need it, we rely on the following legal bases to process your personal data:
- consent – we might need your consent to use some of your personal data, in which case we will seek this consent from you
- compliance with our legal obligations – we may need to collect, use and/or share your personal data with others in order for us to comply with our legal obligations
- legitimate interests – we may use your personal data for our legitimate business interests, some of which are listed above under ‘How we use the information we collect’
Sharing your personal data with third parties
The personal data we collect may need to be shared with our supplier organisations, government departments, agencies and public bodies. We will only do this where it is necessary and the law allows us to.
We will not:
- sell or rent your personal data to third parties
- share your personal data with third parties for marketing purposes
We will share your personal data with third parties if we are required to do so by law – for example, by court order or to prevent fraud or other crime(s).
Keeping your information secure
Sending information over the internet is not completely secure, which means that we cannot guarantee the security of your data while it is in transit. We do, however, have procedures and suitable security measures in place to keep your personal data secure once we receive it, and it will only be made available to those at Cefas with a business need to see it.
We are committed to doing all that we can to keep your data secure. We have systems and processes in place to prevent unauthorised access or disclosure of your data - for example, we protect your data using varying levels of encryption. We also make sure that any parties we use to process your personal data on our behalf do so securely.
How long we keep your personal data
We will only retain your personal data for as long as:
- it is needed for the purposes for which has been collected/supplied to us
- the law requires us to
In general, this means that we will only hold your personal data for a maximum of 2 years, unless stated otherwise in our policies.
Where your data is processed and stored
We design, build and run our systems to make sure that your personal data is as safe as possible at all stages, both while it’s being actively processed and when it is being stored.
All personal data we hold is stored in the UK or the European Economic Area (EEA).
Your choices and rights
You have the following rights:
- to request information about how your personal data is processed
- to request a copy of your personal data
- to request that anything inaccurate in your personal data be corrected
- to request that your personal data is erased if there is no longer a justification for holding it
- to request that the processing of your personal data is restricted in certain circumstances
- where we are processing your personal data on the basis that this is necessary for our legitimate interests, to object to the processing
- where you we are processing your personal data on the basis of consent, to withdraw your consent and to request that we transfer the data to another organisation or to you
If you wish to make any of these requests, please contact using the details below.
Linking using personal data
Where cefas.co.uk contains links to other websites, this Policy only applies to cefas.co.uk and does not cover; websites belonging to other government services, transactions or third party websites that we may link to. Cefas does not take responsibility for the content of third-party websites or services which will have their own terms and conditions and privacy policies.
Right to withdraw consent
In the limited circumstances where you have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact email@example.com .
Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
How to contact us
We have appointed a Data Protection Officer (DPO) to oversee compliance with this privacy notice. If you have any questions about this privacy notice or how we handle your personal information, please contact the DPO at:
Cefas Security Team Cefas
If you are not happy with our response, or still have concerns about the way in which we use your personal data, you can also make a complaint to the Information Commissioner, who is an independent regulator at:
The Information Commissioner's Office
Cheshire SK9 5AF
Telephone: 0303 123 1113
Textphone: 01625 545860
Changes to this policy
We may change this Policy from time to time by amending this page. In that case, the ‘last updated’ date at the bottom of this page will also change. Any changes to this Policy will apply to you and your data immediately.
If these changes materially affect you, or how your personal data is processed, we will take reasonable steps to let you know.
This policy was last updated on 22/09/2021.