Privacy Policy

CEC Marketing Services Limited is committed to the protection and privacy of the personally identifiable information that we might collect from you as you use this Website. By submitting information, you agree to CEC Marketing Services Ltd use of this information as described in the following statement.

CEC Marketing Services Ltd collects personally identifiable information in certain areas of the website when users register interest in our services through use of the ‘contact form’, along with direct contact (such as job applications). The personal information collected may include, without limitation, your name, company, and contact information (mailing and e-mail addresses and phone numbers).

CEC Marketing Services Ltd uses this information to fulfil requests for service information and to review and consider any employment-related enquiries that may be submitted. CEC Marketing Services Ltd may keep any of your personal information on file and use it to contact you for business or recruiting purposes. The email addresses provided allows CEC Marketing Services Ltd to send emails to individuals based on their requests.

The website may use cookies to track usage of the site.

CEC Marketing Services Ltd does not disclose your personal information to third parties. You may unsubscribe from email lists or any registrations on the website at any time by either following instructions on the page of the website on which you have provided information or sending us an e-mail at the address below.

CEC Marketing Services Ltd has implemented accepted standards of technology and operational security in order to protect personal information from loss, misuse, alteration, or destruction. By using the CEC Marketing Services Ltd website, you consent to the collection, use, and storage of your information by us in the manner described in this Privacy Policy. Please see the related policies below for Information Security, Staff training and Data Retention and Deletion.

Information Security Policy

1.0   Overview

1.1   All staff are aware of their information security responsibilities and will comply with the measures set out in the GDPR and within this policy.

1.2   All computers are password protected and have high level anti-virus security software.

1.3   Documentation exists to ensure the investigation and reporting of security breaches complies with the measures set out in the GDPR.

2.0 Scope

2.1 This policy relates to all members of staff at CEC Marketing and any action taken by CEC related to Information Security.

3.0 Access to a Computer

3.1 All users will be provided with secure, personal log in details and users are forbidden to share their account details with anyone inside or outside CEC Marketing.

3.2 All accounts of former employees will be disabled and deleted when an employee leaves CEC Marketing.

4.0 Email Policy

4.1 All Emails sent by CEC Marketing will use appropriate language and meet the requirements set out in the Data Retention Policy and the GDPR.

4.2 Any miss-use of company Email including non-work related emails, or Emails that don’t comply with the Data Retention Policy and the GDPR, will result in disciplinary action.

5.0 Password Policies

5.1 Passwords must conform to a standardised and encrypted form including upper and lower-case letters, a number and a symbol.

5.2 These Passwords must be changed monthly, within the standard form.

6.0 Remote Working

6.1 Due to the nature of the personal data handled by CEC Marketing these are important policies relating to remote working.

6.2 Any Staff Members who work remotely must ensure they do not process any data on an unsecured network, this can include hot desks, café’s or restaurants.

6.3 Any Staff Members not on CEC Marketing’s network must take appropriate provision to ensure they are logged in via VPN.

6.4 Any Staff Member working remotely has to ensure these steps are taken to ensure the security of this information.

7.0 Use of Internet

7.1 The Internet must only be used for the purposes of CEC Marketing.

7.2 If any staff member is found to be misusing the internet to view inappropriate material they will face disciplinary action.

7.3 CEC Marketing is able to view and monitor staff browsing history and cookies to ensure that this policy is followed.

8.0 Laptop

8.1 All Laptops are, and remain, property of CEC Marketing and therefore must be used in line with the related points set out in this policy.

8.2 No un-authorized software is allowed to be installed on any laptop without express consent of IT support.

8.3 Any damage/loss/theft must be reported to the Managing Director immediately.

8.4 Any action that results in damage/loss/theft of the Laptop’s is the responsibility of the user.

9.0 Storage Device

9.1 No portable/removable storage devices are to be used in CEC Marketing by any staff member to keep in line with the Data Retention and Destruction policy.

10. Network

10.1 All CEC Marketing files are securely stored on the company network.

11.1 Confidential files are encrypted, password secured and stored on the company network.

11. Software

11.1 All software used by CEC Marketing is installed by our IT Support.

12. Starters and Leavers

12.1 It is CEC Marketing’s responsibility to ensure that all new staff members are informed of the contents of these documents and any GDPR related policy.

12.2 All new staff members will be informed of this policy and they will signify their acceptance by providing their signature as proof of compliance.

12.3 Any staff member leaving CEC Marketing will be removed from all related logs/policies/documents.

13. Document Owner and Approval

The Managing Director is the owner of this document and is responsible for ensuring that this procedure is reviewed in line with the review requirements of the GDPR.

A current version of this document is available to all members of staff on CEC Marketing’s intranet and is published on www.cecmarketing.co.uk

GDPR Training Policy

1. Scope

This policy applies to CEC Marketing’s training and awareness programme where relevant to the GDPR, compliance with the GDPR, and other matters relating to data protection and privacy.

2. Training Policy

2.1   D.P.O/ GDPR Manager assigns data protection responsibilities to Employees/Staff in relation to CEC Marketing’s policies and procedures on personal data management.

2.2   D.P.O/ GDPR Manager shall ensure that all Employees/Staff with day-to-day responsibilities involving personal data and processing operations, and those with permanent/regular access to personal data, demonstrate compliance with the GDPR.

2.3   D.P.O/ GDPR Manager ensures that these members of Employees/Staff are kept up to date and informed of any issues related to personal data.

2.4   D.P.O/ GDPR Manager maintains a list of relevant external bodies, the most important of which is the Information Commissioner’s Office. (ICO.org.uk)

2.5   D.P.O/ GDPR Manager ensures that all security requirements related to data protection are demonstrated and communicated to Employees/Staff to the same effect.

2.6   Employees/Staff are provided with specific training on processing personal data relevant to their individual day-today roles and responsibilities, and in accordance with CEC Marketing’s policies and procedures.

2.7   Employees/Staff are provided with specific training on any information security requirements and procedures applicable to data protection and the data processing with their individual day-to-day roles and responsibilities, including reporting personal data breaches.

2.8   Employees/Staff are provided with training on dealing with complaints relating to data protection and processing personal data.

2.9   The Staff Training Log can be accessed at the request of the data subject.

Document Owner and Approval

The Managing Director is the owner of this document and is responsible for ensuring that this policy document is reviewed in line with the review requirements stated above.

A current version of this document is available to all staff on CEC Marketing’s intranet and is published on www.cecmarketing.co.uk.

This policy was approved by the Managing Director on 01/01/2018.

Retention of Records – Data Retention and Destruction Policy

1. Scope

1.1 All CEC Marketing’s records, whether analogue or digital, are subject to the retention and destruction requirements of this procedure.

1.2 This policy enables CEC Marketing to meet the requirements of the GDPR and ensure that the rights of data subjects are maintained.

1.3 This policy relates solely to electronic data.

1.4 This document exists to ensure that data is retained and destroyed appropriately and in line the GDPR.

2. Responsibilities

2.1 The following roles are responsible for retention of these records because they are the information asset owners.

2.2 Asset owners are responsible for ensuring that all personal data is collected, retained and destroyed in line with the requirements of the GDPR.

2.3 The Managing Director is responsible for retention of financial (accounting, tax) and related records.

2.4 The Managing Director is responsible for retention of all HR records.

2.5 The Managing Director is responsible for retention of all Health and Safety records.

2.6 The Managing Director is responsible for retention of all other statutory and regulatory records.

2.7 The Managing Director is responsible for storage of data in line with this procedure.

2.8 The Managing Director is responsible for ensuring that retained records are included in business continuity and disaster recovery plans.

3. Procedure

3.1 The required retention periods, by record type, are recorded in (Retention and Destruction Log) under the following categories:

3.1.1 Record Type

3.1.2 Retention period

3.1.3 Retention period to start from

3.1.4 Retention justification

3.1.5 Record medium

3.1.6 Disposal method

3.2 Cryptographic keys, which are required for personal data records are retained.

3.3 For all storage media, CEC Marketing retains the means to access the data.

3.4 Portable/removeable storage media are destroyed in line with the GDPR.

3.5 CEC Marketing handles personal data of organisations employees which includes; Organisation name, Size, Organisation location, Prospect Name, Job Title, DOB, Email Address, Telephone number, TPS Screening result, Data Source, Company ID, Contact ID, Address ID, Primary Industry Sector, Secondary Industry Sector, Currency, Revenue, IT Staff, Number of PC’s.

3.5 CEC Marketing will retain information of all prospects/organisations/contacts and contents of the calling activity, in keeping with the Data Protection Act, for no longer than Six Years after the last point of contact.

3.6 CEC Marketing will not store data beyond the duration of any campaign undertaken, unless specifically stated in the retention log, after which it will be kept for the maximum of Six Years and then destroyed in accordance to the Data Protection Act and GDPR.

3.7 CEC Marketing will ensure that no personal data will be kept longer than is absolutely necessary.

3.8 CEC Marketing will ensure that no data will be held longer than stated in the Data Retention and Destruction Log.

3.9 CEC Marketing will ensure that all Data is destroyed in line with the GDPR.

3.9.1 All staff are responsible for ensuring that all Data is kept for only the allocated time within the Data Retention Log and that all Data is destroyed in line with this policy after the allocated time of retention.

3.9.2 All staff are responsible for ensuring that Data is destroyed in line with this policy and the GDPR and will destroyed using a digital document shredder.

3.9.3 Information related to the retention of records can be found in the Data Retention and Deletion Log, available on request from the data subject.

3.9.4 Information about the destruction can be found in the Data Retention and Destruction Log, available on request from the data subject.

3.9.5 All data will be stored securely.

3.9.6 All data will be accurate and complete.

3.9.7 No data will be archived except for data subjects who do not want to be contacted again.

3.9.8 Any data stored for this purpose will be anonymised.

Document Owner and Approval

The Managing Director is the owner of this document and is responsible for ensuring that this procedure is reviewed in line with the review requirements of the GDPR.

A current version of this document is available to all members of staff on CEC Marketing’s intranet and is published on www.cecmarketing.co.uk

Signed: Christine Cockerton                                        Date: 23/05/18