1. Who We Are
We are Cluster Seven Services Limited (registered company 05030975) whose registered office is at 27-32 Old Jewry, 1st Floor, London, EC2R 8DQ, referred to as “ClusterSeven”, “we,” “our,” or “us” in this policy. ClusterSeven is committed to protecting and respecting your privacy.
This policy (together with our Terms of web use (found at: www.clusterseven.com/terms-web-use/ ) and any other documents referred therein) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. By visiting our site at www.clusterseven.com, accessing our partner portal or using our free or paid for services we offer online (“Services”) you are accepting and consenting to the practices described in this policy.
We are a “data controller” for the purposes of the Data Protection Act 2018 and the EU General Data Protection Regulation 2016/679 (GDPR) and any successor legislation to the GDPR or the Data Protection Act 2018 (“Data Protection Law“). This means that we are responsible for, and control the processing of, your personal information. If you use our cloud-based services we may be a “data processor” under the Data Protection Law, in which case our obligations are detailed in the Subscription Agreement applicable to these services.
You can contact us in any of the following ways:
By post: Cluster Seven Services Limited, 27-32 Old Jewry, London, EC2R 8DQ
By email: email@example.com
By telephone: 020 7148 6270
Via the “Contact” tab on our site
1. Information we may collect from you
We may collect and process the following data about you:
- Information that you provide by filling in forms and using our Services on our site www.clusterseven.com, or our partner portal via telephone or email. This includes information provided at the time of registering to use our Services, subscribing to our Services, posting material or requesting further services. We may also ask you for information when you report a problem with our Services. The information you give us may include your name, address, e-mail address and phone number, job title. We refer to these types of data as Identity and Contact Data.
- If you contact us, we may keep a record of that correspondence or communication. We may also ask you to complete surveys that we use for research purposes, although you do not have to respond to them. We refer to these types of data as Profile Data.
- If you use our cloud-based platform (CSM), information about how you use our Services (whether this is required for our own billing purposes or otherwise) and the resources that you access. We collect this automatically based on your usage of our Services. We refer to these types of data as Usage Data.
- Technical details of your visits to our site and/or our portal including, but not limited to, traffic data, location data, weblogs and other communication data. We may also collect information about your computer, including where available your IP address, operating system and browser type for system administration. This is statistical data about our users’ browsing actions and patterns, and does not identify any individual. We collect this information by using cookies, server logs and other similar technologies. We may also receive technical data about your visits to our site from third party analytics providers. We refer to these types of data as Technical Data.
2. How we use your personal data
We will only use your personal information lawfully and in accordance with Data Protection Law. We will mainly use your personal data in the following circumstances:
- where we need to perform the contract we are about to enter into or have entered into with you and your organization;
- where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests; and
- where we need to comply with a legal or regulatory obligation.
We have set out in a table below a description of all the ways we plan to use your personal data and the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
Whenever we process your Personal Information under the ‘legitimate interest’ lawful basis, we make sure that we take into account your rights and interests and will not process your personal information if we feel that there is an imbalance.
We may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data.
|Purpose/Activity||Type Of Data||Lawful Basis For Processing|
|To register you as user of our Services.||(a) Identity and Contact||Perform our contract with you or your organization.|
|To provide our Services including to manage payments, fees and charges.||(a) Identity and Contact, (b) Usage.||(a) Perform our contract with you or your organization, (b) Necessary for our legitimate interests (e.g. to recover debts due to us).|
|To administer and protect our business and our site (including troubleshooting, data analysis, security, testing, system. maintenance, support, reporting and hosting of data)||(a) Identity and Contact, (b) Technical, (c) Usage.||(a) Necessary for our legitimate interests (for running our business, ensuring content is presented in the most effective manner for you, provision of administration and IT services, network security and to prevent fraud), (b) Necessary to comply with a legal obligation.|
|To use data analytics to improve our site, our Services, marketing, customer relationships and experiences.||(a) Technical, (b) Usage.||Necessary for our legitimate interests (to define types of customers for our Services, to keep our site updated and relevant, to develop our business and to inform our marketing strategy).|
|To make suggestions and recommendations to you about products or services that may be of interest to you.||(a) Identity and Contact, (b) Technical, (c) Usage, (d) Profile.||Necessary for our legitimate interests (to develop our products/services and grow our business).|
You have the right to ask us not to process your personal data for marketing purposes. You can exercise this right at any time by contacting us at firstname.lastname@example.org or writing to us at the address given in section 13 below.
If you opt out of receiving marketing messages, we will continue to send you service-related communications in relation to your or your organizations use of our Services.
4. Where We Process And Store Your Personal Data
We may need to share your data with our trusted third party providers to provide support services, help us create and send information to you, manage our site and store and back up data securely.
We require all third party providers to respect the security of your personal data. We enter into contracts with our third party providers that require them to comply with the Data Protection Law and ensure that they have appropriate controls in place to keep your information secure. We do not allow third party providers to use your personal data for their own purposes and permit them only to process your personal data for specified purposes in accordance with our instructions.
For users of our Cloud based services your personal data will be stored and processed in an EU territory unless you are located in the United States in which case your personal data will be stored and processed in the United States if you request this.
5. Disclosure Of Your Information
We may disclose your personal information to any member of our group, which means our subsidiaries or our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.
We may disclose your personal information to third parties:
- In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
- If ClusterSeven or its ultimate holding company or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
6. Data Security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an authorized way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site or our Services, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site or via our partner portal; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorized access.
7. Data Retention
We will retain information you provide to us for as long as we need it to provide you with our Services. If you choose to stop using our Services, we will delete this information to the extent we are able. However, please note that (1) there might be some delay in deleting this information from our servers and backup storage; and (2) we may retain this information if necessary to comply with our legal, accounting or reporting requirements, to resolve disputes or to enforce our agreements.
8. Statistical Information
We may collect and retain anonymised, non-personal, statistics concerning visitors to our website and/or users and use of our Services. Any such statistics are owned exclusively by us.
9. Your Rights
You have various rights in respect of the personal information we hold about you – these are set out in more detail below. If you wish to exercise any of these rights, you can do so by contacting us using the information at section 13 below. Please note that you will need to provide us with evidence of your identity.
Access: You can ask us to give you a copy of the personal information that we hold about you.
Correct: You can ask us to change or complete any inaccurate or incomplete personal information held about you.
Erase: You can ask us to delete your personal information where it is no longer necessary for us to use it, you have withdrawn consent, or where we have no lawful basis for keeping it.
Object: You can object to our processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
Restrict: You can ask us to restrict our use of your personal information in the following circumstances: a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) if you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
Transfer: You can ask us to provide you or a third party with some of the personal information that we hold about you in a structured, commonly used, electronic form, so it can be easily transferred.
Withdraw consent: If you have given us your consent to use personal information (for example, for marketing), you can withdraw your consent at any time.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
Our Services may, from time to time, contain links to and from the websites of our partner networks, and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer if you agree. Cookies contain information that is transferred to your computer’s hard drive.
We use the following cookies:
- Strictly necessary cookies: these are cookies that are required for the operation of our site and the provision of the Services. They include, for example, cookies that enable you to log into secure areas.
- Analytical/performance cookies: these allow us to recognise and count the number of visitors and to see how visitors move around our site when they are using it. This helps us to improve the way our site works, for example, by ensuring that users are finding what they are looking for easily.
- Functionality cookies: these are used to recognise you when you return to our site. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our site.
13. Further Information
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.