Select Page

Privacy Policy

Effective Date: 05/25/2018
Last Updated: 01/07/2019

IMPORTANT: PLEASE READ THIS PRIVACY POLICY AS IT APPLIES TO ANY PERSONAL INFORMATION (“REFERRED TO AS “PERSONAL DATA”) YOU PROVIDE US OR WE COLLECT ABOUT YOU, FOR EXAMPLE IF YOU ACCESS THE WEBSITE AT CORDIUM.COM OR ANY OTHER WEBSITE OWNED, OPERATED OR PROVIDED BY COLUMBO TOPCO LIMITED, A LIMITED COMPANY INCORPORATED IN ENGLAND & WALES (REGISTERED NUMBER 09332651) AND/OR ANY OF ITS SUBSIDIARY UNDERTAKINGS (REFERRED TO EITHER AS “CORDIUM,” “WE” OR “US”). WE DO NOT MARKET TO OR ENTER INTO CONTRACTS WITH CHILDREN NOR WE DO COLLECT PERSONAL DATA FROM ANY PERSON UNDER 18 YEARS OF AGE.  PLEASE DO NOT ACCESS OR USE THE WEBSITE OR OUR SERVICES IF YOU ARE UNDER 18 YEARS OF AGE.

This Policy

This policy sets out what personal data we may collect, how we process and protect that data, the lawful grounds for that processing, and your related rights.  Essentially, “personal data” means any information relating to an identified or identifiable natural person, namely one who can be identified, directly or indirectly, from that information alone or in conjunction with other information.

In most cases, the lawful ground will be that the processing: (i) is necessary for our legitimate interests in carrying out our business, including to maintain, improve and market our products and services, provided those interests are not outweighed by your rights and interests (“Legitimate Interests”), (ii) is necessary to perform a contract with you (“Contract”), or (iii) is necessary to comply with our legal obligations (“Legal Obligation”). Where processing is based on your consent (“Consent”), we will identify the processing purposes and provide you with relevant information to make the processing fair and transparent.

  1. Information Collection and Use

We collect or are provided Personal Data in the normal course of business, for example:

  • you may provide us with your details during discussions about buying our products or services,
  • when you visit the Website, we may collect information about your visit such as your IP address and the pages you’ve visited,
  • you may provide us with your details when you ask about our Services (through the Website, by email or otherwise) and we may obtain legally-compliant lists of potential customers for our Services for our marketing purposes.

We may collect the following Personal Data from or about you:

  • contact Information such as name, email address, mailing address, phone number
  • information about your business role, such as job title and company name
  • information about your interests in our services and products

We use this information for our legitimate business interests, including to:

  • respond to enquiries and provide advice and support related to our Website and Services. Lawful basis: Legitimate Interests or Contract.
  • analyze and improve the Website, the Services. For example, for technical or security purposes and to improve the customer experience. Lawful basis: Legitimate Interests, however, where for example applicable law requires your consent to use certain cookies, we will ask for your Consent having provided you with relevant information.
  • market our Services – if we do so, we will provide you with an easy and free way to opt-out of receiving such communications in the future. Lawful basis: Legitimate Interests (or Consent as above).
  • administer and manage delivery of our services and products to you. Lawful basis: Legitimate Interests (or Consent as above).
  • in certain circumstances, to share it with a limited number of third-parties as described in this policy, for example for operational requirements and business continuity purposes. Lawful basis: Most processing will be based on Legitimate Interests. Some processing is based on Contract and, where necessary (as above), some processing may be based on your prior Consent.

When you provide us with personal data about yourself or another person, you are confirming to us that you are authorized to provide us with that information and that any personal data you give us is accurate and up-to-date.

Given the nature of our business, we do not ask for “sensitive” or “special categories of personal data,” such as information about your health, political opinions, racial origins or sexual life and we would ask you not to send any to us.

 

  1. Information Sharing

We will only share your Personal Data with third parties in the ways set out in this privacy policy. We do not give, sell or rent your Personal Data to third parties for them to market their services to you. Nor do we accept advertising from third parties on the Website.  We may provide your Personal Data to our service providers to help us with our business activities, such as inputting your contact information into our CRM or email marketing system. In all cases we will have a written processor agreement with these companies safeguarding your Personal Data, including that it may only be processed for the purposes of that agreement and on our instructions. We may also disclose your Personal Data:

  • For provision of the Services, and for our own disaster recovery and business continuity purposes, we may store or transmit personal data to or through third party providers, such as with our contractors and advisors to help us operate, secure and analyze our business. Lawful basis: Legitimate Interests or Contract.
  • We may be obliged to disclose your personal data to comply with a law, order or request of a court, government authority, other competent legal or regulatory authority or any applicable code of practice or guideline. We may also be obliged to disclose personal data when we believe in good faith that disclosure is necessary for our legitimate interest such as investigating fraud, to make or defend a legal claim, to protect your safety or the safety of others, or to maintain our compliance or that of our personnel with applicable laws, regulations and/or professional obligations, all in accordance with applicable law. Lawful basis: Legal Obligation.
  • If Cordium is involved in a merger, acquisition, or sale of all or a portion of its assets, we may disclose such Personal Data as is necessary for our legitimate interests in completing that transaction and always provided that appropriate safeguards are in place including limitations and restrictions on use, access and retention. Lawful basis: Legitimate Interests.
  • In other situations, only with your prior consent. Lawful basis: Legitimate Interest and Consent.

Cordium may be held liable for unlawful transfer of personal data to third parties.

 

  1. Transfers outside the EEA

We may transfer your Personal Data to Cordium entities or service providers in the United States of America for the purposes set out in this privacy policy. We will put in place appropriate measures to safeguard Personal Data transferred to the USA. By providing your Personal Data, and agreeing to this Privacy Policy, you consent to such transfer.

 

  1. Participation in the EU-U.S. and Swiss-U.S. Privacy Shield Programs

Cordium complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States, respectively. Cordium has certified to the U.S. Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov/

Organizations that participate in the U.S.-E.U. and Swiss-U.S. Privacy Shield Programs must comply with the seven Privacy Shield Principles, which require the following:

A. Note. Organizations must publish online privacy notices containing specific information about  their participation in the Privacy Shield (including, where applicable, the entities or subsidiaries of the organization also adhering to the Principles); their practices around collecting, using and sharing personal data with third parties; their privacy practices, including an individual’s rights to access and correct data, and the choices they make available to individuals regarding limiting data collection and use. The thirteen specific items to be addressed in the notice also include (i) any relevant establishment in the EU and Switzerland, respectively, that can respond to inquiries or complaints, (ii) the independent dispute resolution mechanism designated to address complaints, a hyperlink to the complaint submission form of that dispute resolution body, (iii) the possibility, under certain circumstances, for EU and Swiss individuals to invoke additional binding arbitration; (iv) the possibility that the organization may be held liable for unlawful transfer of personal data to third parties; and (v) the organization’s obligation to disclose personal data in response to national security or law enforcement requests.

B. Choice.  Participants must provide a mechanism for individuals to opt out of having personal information disclosed to a third party or used for a materially different purpose than that for which it was provided. Opt-in consent is required with respect to the sharing of sensitive information with a third party or its use for a new purpose.

C. Accountability for Onward Transfer.

a. To transfer personal information to a third party acting as a data controller, a participant must comply with the Notice and Choice Privacy Shield Principles. It must also enter into a contract with the third party controller limiting the purposes for which the data may be processed and ensuring that the recipient will provide the same level of protection as the Principles.

b. To transfer personal data to a third party acting as an agent (such as a service provider), an organization has additional obligations. It must: transfer the data for limited and specified purposes; ascertain that the agent is obligated to provide at least the same level of privacy protection as required by the Principles; take reasonable steps to ensure that the agent effectively processes this data in a manner consistent with Principles; upon notice, take reasonable steps to stop and remediate unauthorized processing; and upon request, provide a summary or copy of privacy provisions of its contract with the agent to the Department of Commerce.

D. Security. An organization creating, maintaining, using or disseminating personal data must take reasonable and appropriate measures to protect it from loss, misuse and unauthorized access, disclosure, alteration, and destruction, taking into “due account” the risks involved in the processing and the nature of the personal data.

E. Data Integrity and Purpose Limitation. An organization must take reasonable steps to limit processing to the purposes for which it was collected, and to ensure that personal data is reliable for its intended use, accurate, complete, and current. It must only retain personal information for as long as needed for the purpose of collection. An organization must adhere to the Privacy Shield Principles for as long as it retains such information.

F. Access. An organization must provide a mechanism by which data subjects may request access to personal information the organization holds about them and enable them to correct, amend, or delete information that is either inaccurate or processed in violation of the Principles.

G. Recourse, Enforcement and Liability. This Principle addresses three topics:  recourse for individuals affected by non-compliance; consequences to organizations for non-compliance, and compliance verification.

 

  1. Your Rights

You have the right to ask whether Cordium processes your Personal Data and to request a copy, to access your data, to object to direct marketing and in certain circumstances to have the data rectified or blocked or withdrawn. To request this information, please email privacy@cordium.com. If your personal information changes, or if you no longer desire our services, you may ask to have your Personal Data corrected, amended, removed or deleted by emailing privacy@cordium.com. You have the right to ask us to restrict processing certain of your personal data, to erase your personal data, and to ‘port’ certain of your personal data to you or another provider, provided in each case that we have such data and certain conditions are met. You also have the right to object to direct marketing and, under certain circumstances, to object to our processing of your Personal Data. We will respond to your request within 30 days.

Opt-Out Preferences
If you subscribe to our newsletter(s), we will use your name and email address to send the newsletter to you. You may choose to stop receiving our newsletter or marketing emails by following the unsubscribe instructions included in such emails or by contacting us at privacy@cordium.com.

 

  1. Tracking Technologies / Cookies

Cookies
Cordium and our partners, affiliates or analytics or service providers (such as website developers and SEO specialists) use cookies or similar tracking technologies. These technologies are used in analyzing trends, administering the website, tracking users’ movements around the site, and gathering demographic information about our user base as a whole. You can control the use of cookies at the individual browser level but if you choose to disable cookies, it may limit your use of certain features or functions on our website or service. We may receive reports based on the use of these technologies by these companies on an individual and aggregated basis.

Please review our Cookie Policy which is part of (and incorporated into) this Privacy Policy for more information.

Analytics / Log Files
As is true of most web sites, we gather certain information automatically. This information includes internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, the files viewed on our site (e.g., HTML pages, graphics, etc.), operating system, date/time stamp, and clickstream data to analyze trends in the aggregate and administer the site. You are not identifiable from any of this data.

Social Media Widgets
Our Web site may include social media features, such as the Facebook “like” button, ‘Share This’ button or interactive mini-programs that run on our Sites. These features may collect your IP address, which page you are visiting on our site, and may set a cookie to enable the Feature to function properly. Social media features and widgets are either hosted by a third party or hosted directly on our Sites. Your interactions with these features are governed by the privacy policy of the company providing it.

 

  1. Security

The security of your Personal Data is important to us. We follow industry standards to protect the Personal Data submitted to us, both during transmission and once we receive it. No method of transmission over the Internet, or method of electronic storage, is 100% secure, however. Therefore, we cannot guarantee its absolute security. If you have any questions about the security of your Personal Data, you can contact privacy@cordium.com.

 

  1. Retention

We will retain your information for the longer of the period we are required to do so by law, as is reasonably necessary for the purpose (for example to comply with our legal obligations, resolve disputes, and enforce our agreements), or as needed to provide you services. If you opt-out of communications, we will retain your name and contact details to enable us to respect your request.

 

  1. Additional Information

Anonymized Data
We may create anonymized data from personal data, and any anonymization would be carried out in accordance with applicable law as well as relevant guidelines from regulators such as the UK Information Commissioner (‘UK ICO’).  Anonymization may, for example, be achieved by aggregating data to the point that no individual can be identified such as aggregating website use statistics to see which web content is working well and which could be improved. Anonymized data does not allow for the identification of any individual person and, as it is no longer personal data, neither data protection laws nor this Privacy Policy would apply to such data.

Links to 3rd Party Sites
Our Sites include links to other web sites whose privacy practices may differ from those of Cordium. If you submit Personal Data to any of those sites, your information is governed by their privacy policies. We encourage you to carefully read the privacy policy of any such third-party web site you visit. If we resell a service delivered or provided by a third party (‘Third Party Service’), including any software that is delivered or owned by a third party (‘Third Party Software’), it is that third party’s separate privacy policy that will apply to your personal data and your use of the Third Party Service and Third Party Software. Your use of a Third Party Service is not covered by this Privacy Policy. Please therefore review the privacy policy for any Third Party Service and Third Party Software before using it.

Testimonials
With consent from the individual, we display personal testimonials of satisfied customers on our website in addition to other endorsements, including their name. If you wish to update or delete your testimonial, you can contact us at privacy@cordium.com.

Changes To This Policy
We may update this privacy policy to reflect changes to our information practices. If we make any material changes we will notify you by email (sent to the e-mail address specified in your account) or by means of a notice on the Web Sites prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices.

 

  1. “Do-Not-Track” / California Privacy Notice

The Web Sites do not respond to “Do-Not-Track” signals communicated by your internet browser.

Contact Us

If you’ve any question you can always contact us by email at privacy@cordium.com. You have the right, at all times, to notify a complaint to any regulator such as the UK Information Commissioner, although we would welcome the opportunity to discuss and resolve any complaint with you first.

 

  1. Enforcement and Dispute Resolution

If you have any questions, complaints, or disputes regarding the manner in which Cordium handles or protects your Information, please bring it to Cordium’s attention by email at privacy@cordium.com. In compliance with the EU-U.S. and Swiss-U.S. Privacy Shield Principles, Cordium commits to resolve complaints about your privacy and our collection or use of your personal information. European Union or Swiss individuals with inquiries or complaints regarding this privacy policy should first contact Cordium.

Cordium has further committed to refer unresolved privacy complaints under the EU-U.S. and Swiss-U.S. Privacy Shield Principles to an independent dispute resolution mechanism operated by TRUSTe. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://feedback-form.truste.com/watchdog/request for more information and to file a complaint.

Cordium is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission. There is the possibility, under certain circumstances, for EU and Swiss individuals to invoke additional binding arbitration.

Cordium retains sole and absolute discretion in resolving all questions relating to the administration, interpretation and application of this Policy. This authority includes construing the terms of this Policy, including any disputed or doubtful terms.

 

© 2018 HedgeOp Compliance, LLC