How we use your information
- Visitors to our website
- Complaints and feedback received
- Information required for commercial purposes for providing our services to our customers
- Information for marketing of Chorus
- Job applicants and our current and former employees
Client Data Security
To provide our customers with application support and cloud services, Chorus sometimes has the need to hold and processes data on behalf of its customers. Data is received into Chorus HQ, which is a Police Assured Secure Facility (PASF). Data is sanitised and stored on a server under ISO27001:2015 Information and Security Management Standard.
When data is received by Chorus HQ the following handling conditions are applied in line with the UK Data Protection Act 2018:
- Data is used for a specified, explicit purpose
- Data is only shared internally with individuals who have a legitimate need to see it
- Data is never shared externally (unless permitted by the owner)
- Data is retained for up to 3 years and then destroyed, unless otherwise specified by the owner
Employees with access to OFFICIAL-SENSITIVE data are cleared to Non Police Personal Vetting (NPPV3) and Security Clearance (SC) levels.
Visitors to our website
We may collect and process the following data about you:
- Our website has a number of forms on which enable you to contact us and submit enquiries about our company, products and services. This data will include details that enable us to understand and respond to your enquiry in a suitable manner. The information you give us will include your name, email address, organisation, telephone number, and job title, as well as any other details you choose to disclose in the freeform text field.
Technical and visit information
With regard to each of your visits to our website we may automatically collect the following information:
- Technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform
- Information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our website (including date and time), parts you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as searching, scrolling, click-throughs, and mouse-overs), and methods used to browse away from the page.
- We operate a password protected section of the website called our ‘client area’ that enables us to store certain content that is for the benefit of our customers and users. To ensure that this content remains for our users only, we ask those that wish to access it to register with us. For this, we ask you to provide us with your email address, name, organisation and the date you registered.
Website data sharing
We may share your information with selected third parties including:
- Analytics and search engine providers that assist us in the improvement and optimisation of our website.
- Our Customer Relationship Management (CRM) tool that allows us to categorise and respond to website form submissions.
We may disclose your personal information to third parties:
- In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
- If substantially all of our assets are acquired by a third party, in which case personal data held by us about our customers and their staff will be one of the transferred assets.
Website data storage
- All information you provide to us is stored on secured servers. Where we have given you (or where you have chosen) a password which enables you to access certain parts of this website, you are responsible for keeping this password confidential. Please do not share your password with anyone.
- The forms that collect data about you regarding any enquiries you submit automatically generate a record in our (CRM) tool that alert us to the submission and allow us to action a response. The CRM system we use is GDPR compliant in the way that they store and encrypt personal data.
Transmission of information via the internet is not always secure, but we do have a Secure Socket Layer (SSL) certificate that validates our website’s identity and encrypts the information you send and receive from our site.
Your data is stored with us for the length of time that it is required to deal with your request. Such as client area log in details will remain with us until you no longer require access to our secure content to enable us to administer your account effectively.
Complaints and feedback
Should you wish to make a complaint our complaints process is available upon request. All information received during the course of a complaint is handled with the same level of security protection on need for privacy as any other information we collect.
Information required for commercial purposes for providing our services to our customers
Chorus use information provided by yourself to provide our services and products to our customers. This data is only used for its intended and stated purpose. This includes financial information for the production of invoices and receiving of payments for services provided.
Protecting your information
In order to protect your information, we have in place the following methods of protection:
- Monitored Firewall protection
- Malware protection on all platforms
- Encryption on data at rest and at point of use
- Ongoing backups
- Auditing for data integrity on an ongoing basis
Chorus have a backup policy in place. We retain backups for a maximum of six months. Upon receiving a request to remove data of a personal nature, this will be completed by removing all reference and data from the production environment. The full deletion of this data will be achieved after the retention period stated above has been reached.
Requests for your information
We will respond to requests for the information we hold on you within the required 30-day period. Initial requests will not be charged. However, should more than 2 requests be made within a 3-month period of time, subsequent requests will be charged at £10 per request.
All information will be provided in the format of a PDF document.
Chorus collect information from various sources for marketing purposes. This information can be from social media forums, industry forums to name but a few. We retain this information for a period of no more than 18 months, or the duration of the marketing campaign only.
Chorus share information with the following external organisations for commercial purposes: –
- Outsourced IT Provider
- Pension Company
The exception to this criteria is the sharing of information with UK authorities for investigatory purposes as per current legislation on finance and personnel.
Chorus are aware that sometime information with regards to suppliers is personal in nature. This information is protected to the full extent as any other information within our environment. This information is not shared unless express permission is granted by the individual.
Job applicants and our current and former employees
When Chorus receive job applications we hold these in a secure manner. The application forms are deleted or, in the instance of hard copies, shredded after the selection period is completed. This information is not shared outside our organisation and is only shared internally with designated personnel. Where information of an applicant is to be retained for future use, only the contact information will be retained. Consent from the applicant will be sought prior to the retention of any personal contact information.
All personal information held by Chorus on current employees is managed and maintained in a secure manner, the same as any other information we hold. All employees have the right to view the data we hold on them at any time. A formal request is required to be made for this information through their line manager.
All personal information held by Chorus on former employees is managed and maintained in a secure manner, the same as any other information we hold. Should a former employee wish to view the data that we hold on them the steps for requesting information (detailed above) is followed. Information held on personnel is retained for a period no longer than 3 years after the cessation of employment, in line with current UK legislation. After this period of time all information on the former employee is deleted. If requested, a confirmation of this will be communicated to the person.
Reporting of data breaches
Chorus report all major data breaches, of data we have control and are responsible for, to the Information Commissioners Office, our customers and/or suppliers. All potential data breaches are fully investigated as per our Information Security Incident Policy.
When a data breach is detected, and the severity ascertained, this will be reported to the ICO within 72 hours.
Chorus take security of all information seriously, we hold certification to the following schemes: –
- ISO27001:2013 Information Security Standard
- Cyber Security Essentials Plus
As such, our management system is audited and verified on an annual basis
Data Protection Officer
Chorus have not designated a Data Protection Officer (DPO). However, should you have any queries relating to data protection please contact: [email protected]
Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site. The table below explains the cookies we use and why.
What cookies does Chorus use?
These cookies are used to collect information about how visitors use our site. The data is then used to generate reports to help improve our website. The cookies collect anonymous information including the number of visitors to the site, how visitors have reached the site and the pages that have been visited.
We use form cookies to capture contact information to enable us to respond to requests for information in an effective manner.
We use WordPress cookies that enable visitors to use the client area effectively and help remember you when you return to the site.
These are cookies that are required for the operation of this website.
How do I change my cookie settings?
Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.aboutcookies.org or www.allaboutcookies.org.
To opt out of being tracked by Google Analytics across all websites visit http://tools.google.com/dlpage/gaoptout.
We are planning to enhance our cookie tool to allow users to more easily change their cookie settings after their initial choice.