CTI Privacy Policy
CTI Limited processes basic personal data (i.e. contact details) of its clients, associates, suppliers and supporters. In the case of coaching clients, further personal data which may include their career and life history or other coaching notes may be stored for a limited period.
CTI has a number of individual career counselling/life coaching clients who have found us by recommendation, via our website or through the online Life Coaching Directory. As they are individuals, we need to ensure that we have their consent for any contact we may make with them in future.
CTI paper files are kept in a locked office, and computer data is stored on a laptop on which all data is encrypted, password protected, and protected by an anti-virus / anti-malware system.
CTI also uses Customer Relationship Management systems run by external providers to store contact details (organisation, contact name, phone number, email address) of prospective clients, clients, associates, suppliers and supporters, and to send targeted email communications to these contacts. These providers undertake through their Data Protection policies to store data securely, either in the UK, or in the USA under the conditions of the EU-U.S. Privacy Shield Framework.
CTI’s website uses traffic log cookies to identify which pages are being used. This helps us analyse data about webpage traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system. Website users can choose to accept or decline cookies. CTI's website does not collect any additional personal data, except any information sent via the Contact Us form, which may be stored and used as per paragraph 1 or 2 below.
-
Personal Data of contacts in companies and organisations
a) Used in targeted marketing phone calls
Before making phone calls to an organisation with which CTI has not had contact, CTI will check that the phone number we intend to call does not appear on the CTPS database of companies that do not wish to receive unsolicited calls (e.g. using https://secure.marketscan.co.uk/tpsctpschecker.aspx)
Lawful basis for contacting them: legitimate interest – to offer services which the data subject may require on behalf of their organisation.
Retention of personal data: indefinitely, unless informed of change of phone no, or requested to no longer contact them.
b) Used to send them targeted and tailored marketing emails
Lawful basis for contacting them: legitimate interest – to offer services which the data subject may require on behalf of their organisation.
Retention of personal data: until we are informed that they have left the organisation.
Privacy Statement: we add the following to the CTI email signature used for marketing emails:
CTI stores your name and email address (and phone no if known) securely on our computer, in order to contact you to make you aware of services that we could provide. Please inform us by reply to this email if you no longer wish us to contact you in this way. You can see CTI's privacy policy here.
C) Used to send them marketing emails from the CTI CRM database
Lawful basis for contacting them: legitimate interest – to offer services which the data subject may require on behalf of their organisation.
Retention of personal data: until we are informed that they have left the organisation.
Privacy Statement: We will include the following message at the end of CTI marketing emails:
You can see CTI's privacy policy here. CTI Limited respects your time and privacy. We store your name and email address securely, in order to make you aware from time to time of services that CTI could provide. If you no longer wish to receive CTI emails, please unsubscribe using the link below.
-
Personal data of CTI coaching clients
a) Used to set up and provide coaching sessions
CTI stores contact details of prospective coaching clients and passes them to CTI Associates who may coach them, in order to confirm whether they wish to proceed with coaching by a particular CTI coach. If the coaching goes ahead, the coach will use the contact details to set up coaching sessions, and possibly for contact between sessions. If the client is contracting on their own behalf, CTI also use their contact details to send them a service agreement.
The CTI coach may also keep notes of coaching sessions to assist in offering appropriate support throughout the process of working with the coachee.
Retention of personal data: for period agreed between coach and coachee (recommended six months, and not normally more than five years, from completion of coaching)
Consent: Signed consent to store and retain personal data is requested from the coaching client before the first coaching session, using a CTI coaching agreement form.
b) Used to maintain contact and make them aware of CTI services
CTI would like to send former coaching clients a periodic greeting email with brief information on CTI services. Opt-in permission will be sought for this from the coachee at the end of the coaching when an evaluation form is sent to them. The emails would be sent from the CRM database, so would include the opt-out message as 1.c) above.
-
Personal Data of CTI Associates
A) Used to contact them by phone, text or email in connection with prospective, current or past assignments
Lawful basis for contacting them: ‘contractual/legitimate interest’ – in connection with assignments which they have carried out, or may wish to carry out, on behalf of CTI Limited.
Retention of personal data: indefinitely, unless requested to no longer contact them.
B) Used to send them emails from the CTI CRM database
Lawful basis for contacting them: legitimate interest – to inform them of developments in CTI Ltd, or possible work assignments. The email would be sent from the CRM database, so would include the opt-out message as 1.c) above.
-
Personal Data of CTI Suppliers
A) Used to contact them by phone or email to request products or services.
Lawful basis for contacting them: in connection with a contract for goods or services.
Retention of personal data: as long as CTI is likely to require goods or services from them.
B) Used to send them emails from the CTI CRM database
Lawful basis: legitimate interest – they as a provider to CTI may well have an interest in developments in CTI. If they come to the point where they do not have such interest, they have the opportunity to opt out, as 1.c) above.
-
Personal Data of CTI Supporters
A) Used to send them emails from the CTI CRM database
Lawful basis: consent – they as family, friends or acquaintances may well have an interest in developments in CTI. Their consent will be sought to continue sending them updates, and if they come to the point where they no longer have such interest, they have the opportunity to opt out, as 1.c) above.
- Recording of requests for information or erasure and responses to them
When a request is received to provide personal data held by CTI on a data subject, (a 'subject access request') CTI will respond without delay with the data held on that person, and will record on a list of such requests the request, the date it was received, the response and the date of response.
When a request is received to erase someone’s personal data, CTI will note the request on a list of such requests, to include the date of the request, name of organisation (if applicable), initials of the person concerned and action(s) taken, with date(s), to remove their data from all CTI computer and paper records.
When a request is received for CTI Limited to no longer contact a person, CTI will note the request on a list of such requests, to include the date of the request, name of organisation (if applicable), name of the person concerned and action(s) taken, with date(s), to remove them from contact lists, including the CTI CRM system if applicable. The CRM system may retain their details on a ‘black list’ to ensure that they are not emailed again from the system.
- Action in the event of a data breach
Should CTI Limited become aware of loss of or unauthorised access to any Personal Data held by CTI:
- the incident will be investigated by the Business Manager, who will conduct an assessment of the risks arising from the data breach
- the need to inform the Information Commissioner's Office, data subject(s) and organisations affected will be assessed, and if appropriate they will be notified as soon as practicable
- if crime is suspected the police will be notified as soon as practicable
- and steps will be taken to prevent similar loss or unauthorised access in future.
- Queries or requests for information
If you have any queries on the above, or wish to know what personal information CTI holds relating to you, please contact the Business Manager on cti@cti.ltd.uk