Privacy Policy

COTU LIMITED PRIVACY POLICY 

At COTU, we are committed to protecting your privacy. We will never sell or pass on your details to any other organisation without your permission.

All personal information collected by us is kept in the strictest confidence. We will not share, or sell any personal information to any third party unless required to do so by law.

Information Collection 

We collect basic identification and contact information from you, such as your name and contact details, in order to provide you with services you request and for marketing our services and products.

Occasionally we may request more specific information in the form of surveys.  This is voluntary, and is to help us improve our software products and customer services.

Data Protection 

To protect customer privacy, access to information by employees is restricted. If any information with which you have provided us becomes inaccurate or out of date, or if you have any queries about this privacy statement, please contact us.

Data Protection Act registration 

COTU Limited is registered with the Information Commissioners Office as a data controller under reference ZB348269.

Use of Cookies 

We may use a “cookie” in order to track website usage. This cookies does not collect personal information, but records the time of visit, date, “referring” page, and the IP address. This anonymous information is used by us to create a better user experience.

Website Logs 

Our webserver automatically collects some information that does not identify you personally. For example, IP address, type of browser and operating system, the date and time you access our Site, etc.

External Links 

Some pages may contain external links to other websites. We cannot be held responsible for content or privacy policy of those sites.

Protecting your Data 

From May 2018 the General Data Protection Regulation (GDPR) will apply to all data we hold about our customers.

We take our responsibility for management of customers data seriously and review all our systems and suppliers regularly to ensure that where we or they store your data, it is held only for legitimate reasons, and is carefully looked after.

We have ensured that our staff, management and board understand the scope and impact of the GDPR. Where appropriate we have processes and procedures to ensure we fully comply with GDPR.

Data storage and processing 

We store service usage data, such as call records, for billing purposes. This data contains individual phone numbers but is not processed by us in a way that personally identifies a subscriber. We do not process this data for any other purposes.

We store customer contact information, such as email address and phone number, for marketing purposes only when you have contacted us to enquire about our services. When we use third party marketing or advertising services we have ensured that these suppliers are in compliance with GDPR. We do not profile our customer data for marketing or advertising purposes, nor pass on any customer data to third parties for such purposes.

Any data that we store is held securely within the EU and is processed only for the purpose for which it is collected. We follow the principle of Privacy by Design.

Customer Rights 

Customers and subscribers have clear rights under GDPR which we are fully prepared for:

  • The right to be informed about the personal data that is being held and processed
  • The right of access to personal data via a Subject Access Request
  • The right to rectification of personal data if inaccurate, incomplete, or out of date
  • The right to erasure of data where there is no lawful reason for its continued processing
  • The right to restrict processing of data where information is inaccurate or there is an objection to the lawfulness of the processing
  • The right to portability of personal data to reuse elsewhere
  • The right to object if no legitimate reason exists for the processing of data
  • The right to check or challenge automated decision making and profiling

Please refer to the GDPR regulation or ico.org.uk for full details of these items and the conditions under which it may be appropriate to contact us or make an access request.

Personal data and Subject access requests 

Customers can exercise these rights for themselves or their subscribers by making a request in writing to our Data Protection team via dataprotection@cotu.uk

Data security and data breaches 

Should we have a data breach or be made aware of such in our supply chain we will notify this to the ICO within the prescribed timescales of the GDPR.

Data protection officer 

If you require further information regarding data protection, please contact our Data Protection Officer via dataprotection@cotu.uk