Updated: 10th September 2023
Who we are
We are CYSIAM Limited, Unit 3, Manor Farm, Astwood, MK16 9JS (“CYSIAM”, “we”, “us” or “our”). Our registered address is 1 New Street, Wells, Somerset, BA5 2LA and company registration number is 11422969.
Our website address is: https://www.cysiam.com (“the website” or “service”).
We are registered with the UK’s Data Protection Authority, the Information Commissioners Office (ICO), and our reference number is ZA523103.
Why we have this policy
This policy informs you of who we are, what data we collect about you, why we collect it and what rights you have with regards to your data.
CYSIAM are committed to ensuring that your privacy is protected. Any information collected whilst visiting our website will only be used in accordance with this privacy statement.
This policy will be regularly updated, so we recommend you check it regularly. Any major changes to this policy will be communicated directly to any individuals whose data we hold.
- Personal Information – Any information that can be used directly or indirectly to identify an individual. Examples of this are: names, telephone numbers, email address, home address, location data, online identifier (username) etc.
GDPR and Data Protection Act 2018
The UK GDPR is the UK General Data Protection Regulation. It is a UK law which came into effect on 01 January 2021 and is based on the EU GDPR. It sets out the key principles, rights and obligations for most processing of personal data in the UK.
On 28 June 2021, the EU approved adequacy for the UK, meaning that data can continue to flow as it did before between the UK and EU.
The UK’s Data Protection Act 2018 (DPA 2018), supplements UK GDPR as well as adding further data protection requirements not covered by UK GDPR.
What we collect
CYSIAM is the Data Controller for the data we collect. We may collect the following personal information from you so that we can provide our services. The data we collect has been audited to ensure it is the minimum amount of data required.
- Email address
- Phone Number
- Job Role
- Contents of enquiry message
- Any information you provide us via communications (email, phone conversations, social media)
We will not request or process any special category or sensitive data (such as ethnicity, religion, sexual orientation, health data).
Where you utilise our managed security services, we may also collect the following that could be constituted as personal information:
- IP addresses
- Support call recordings
How we use your information
We will use the information you provide for the following reasons:
- To establish contact with you to understand your requirements and how CYSIAM can assist you.
- Provide security services to you.
- To establish contractual agreements.
- To maintain ongoing business relationships between CYSIAM and the data subject.
- Obtain goods and services from our suppliers or partners.
- To provide material relating to the services provided by CYSIAM through marketing.
The legal basis for processing your data
Under UK GDPR we must have a valid, lawful reason for collecting your data. The lawful basis we have for processing your data is consent.
In order for CYSIAM to provide our services to you and respond to your communications, we collect and process your personal information. For the purposes of a UK GDPR lawful basis this is done under a legitimate interest, in that there is a legitimate interest for both you and CYSIAM to process your information.
Once you enter into a contract with CYSIAM we will process your information under the contractual legal basis, where there is a contractual requirement for us to hold and process your personal data.
In addition, to allowing us to communicate to you and provide services, we may use your information to contact you about our new or existing services that we think may be of relevance to you. You can ask to be removed from our database at any time by contacting email@example.com
How we share your information
CYSIAM will respect your privacy and data, however there may be times that we will share your data with third parties, partners or suppliers.
This will only be done where it is necessary to deliver you the services you require.
How your data is secured
CYSIAM have appropriate technical and organisational measures (TOMs) in place to ensure personal information is protected. Theses TOMs are regularly reviewed.
How your data is stored
CYSIAM will process your data securely both at rest and in transit. We may use third party or cloud solutions to do this, but where this is done it will be encrypted and access only permitted via multi factor authentication or single sign on.
The following cloud services may be used in the processing of data:
- Microsoft 365 (https://www.microsoft.com/en-us/trust-center/privacy)
- HubSpot (https://legal.hubspot.com/security)
- Xero (https://www.xero.com/uk/security/)
- Connectwise (https://www.connectwise.com/company/trust)
- 3CX (https://www.3cx.com/company/privacy/)
Where your data is processed
Your data will be processed inside the European Economic Area (EEA). Due diligence has been carried out to ensure that any third party or cloud solutions are located in the EEA. Where available, UK data centres are chosen for cloud services used by CYSIAM.
How long your data is stored
We will store your data for as long as it is necessary for the purposes it was originally collected. Once it is no longer required your data will be deleted, unless there is another legitimate reason or legal obligation for doing so.
What your rights are
Under GDPR you, the data subject, have rights with regards to your data. Some of these include:
- Right of access – You have the right to access the data we hold about you. If you would like to do this, you may do so in any format, the best method is to email firstname.lastname@example.org. We will respond to all requests and provide a response within one month.
- Right of rectification – you have the right to correct any data we hold if it is incorrect.
- Right of erasure (‘right to be forgotten’) – You have the right for any data we hold about you to be erased if you want it to.
- Right to data portability – You have the right to transfer any data we hold about you to another service provider. Should you require this, we will provide this in a common format.
- Object to processing – You have the right to object to us processing your information where we are relying on a legitimate interest, this includes where we use your information for marketing purposes to inform you about our products and services.
You have the right to withhold or request we remove your data; however, this may impact the level or type of service(s) we can provide to you.
For further information on this policy or any questions about your data please email us at email@example.com
If you have any concerns or complaints with how we process your data, please contact us at firstname.lastname@example.org
Alternatively, you can raise a complaint directly with the ICO https://ico.org.uk/concerns/
What they are
How to disable them
As a rule, cookies will make your browsing experience better. However, you may prefer to disable cookies on this site and on others. The most effective way to do this is to disable cookies in your browser. We suggest consulting the Help section of your browser or taking a look at the About Cookies website (http://www.aboutcookies.org.uk/) which offers guidance for all modern browsers.