Introduction and Background
Congility Limited is committed to protecting and respecting the privacy of our clients and ensuring the security of their information.
This document constitutes the definition of Congility’s approach to what personal information we hold about our clients, why this information is kept and for how long.
This Policy has been written to conform with the General Data Protection Regulation (GDPR) and to explain when and why we collect personal information about people who are employees of Congility or our clients or potential clients, how the Company uses this information, the conditions under which we may disclose it to others and how we keep it secure. We are registered with the Information Commissioners Office (ICO) and our Registration No. is: Z5886614.
This Policy may be updated from time to time, so it is important to check that the current version is being viewed. If you are using our website, you are agreeing to be bound by this Policy.
Any questions regarding this Policy and our privacy practices should be sent by email to or by writing to us at Congility Limited, Mekon House, 31 -35 St Nicholas Way, Sutton, Surrey, SM1 1JN. Alternatively, our telephone number is: 020 8722 8499.
How do we collect information from you?
We obtain information about our clients when they make an initial enquiry about our services and ongoing through the term of any contract services provided.
This information comes from our clients themselves, who provide it through enquiries into our portal or business cards or contact at conferences and seminars.
What type of information is collected from you?
The personal information we collect is usually limited to name, address, email address, contact telephone number(s). In relation to our clients, this may also occasionally include details of other 3rd parties involved in the development of a product and their involvement with the client concerned. Personal information is garnered from a range of sources that include conferences and unsolicited client enquiries to our website.
Why do we need this information?
- Contractual – we have a contract or order for services live and in place with the customer concerned and the contact details are for client contacts directly associated with the delivery of the contract/order in question.
- Compliance – we have a legal or mandatory requirement to record dealings with the contact concerned
- Vital interest– it is necessary to record health information for a member, employee or guest
- Legitimate interest – There is a valid interest expressed by the contact in question that has or needs to be followed up or genuine research of some kind is required, including competitor analysis.
- Consent – The contact in question has provided explicit consent and approval for their details to be kept on the system.
We hold personal information on our systems only for as long as we believe is necessary for the relevant activity or, for the term defined in any relevant contract agreement. We review our retention periods for personal information on a regular basis. We are legally required to hold some types of information to fulfil our statutory or regulatory obligations. Any contact information supplied to us by client contacts is held on our CRM (internal contact database) for a minimum period of 6 years. At the end of this term it will be deleted from our system unless contact is still established with the client concerned and there is a relevant and valid reason for maintaining the information.
At any time, a client can contact us and request their information be updated or deleted from the system. In this case we will either update the relevant record in our CRM or alternatively delete it from our records.
How is this information used?
We may use this information to:
- process enquiries, requests for quotes and services and orders from our clients;
- to carry out our obligations arising from any contracts entered into, including the provision of support services to clients who have entered into contracts with us;
- liaise with other 3rd parties involved in the development of a product or in a project for a client;
- seeking views or comments on the services we provide;
- notification of changes to our services;
- sending of information which has been requested and that may be of interest. This may include information about terms and conditions, system installations, maintenance & monitoring and the like. It may also include newsletters and updates regarding upcoming events that we believe may be of interest.
We maintain recorded CCTV at our offices with cameras located at strategic points throughout the Company’s business premises, principally at the entrance and exit points, but only covering communal or public areas. We retain the camera images for 31 days unless required to be held for evidential reasons.
Who has access to your information?
We will not sell or impart client information to any 3rd parties other than the emergency services or 3rd party alarm receiving centres.
We may, in appropriate cases, voluntarily or where required by law, pass your data to the Police and similar organisations such as law enforcement agencies (including fraud prevention and detection) or other governmental agencies.
We will never share information with 3rd parties for marketing purposes.
3rd Party Service Providers working on our behalf:
We may pass information to our 3rd party service providers, agents subcontractors and other associated organisations for the purposes of completing tasks and providing services on our behalf. However, when we use 3rd party service providers, we disclose only the personal information that is necessary to deliver the service and we have a contract in place that requires them to keep all information secure and not to use it for their own direct marketing purposes. We never release any information to 3rd parties beyond the emergency services or approved sub-contractors, for them to use for their own direct marketing purposes in any circumstance unless we are required to do so by law, for example, by a court order or for the purposes of prosecution or prevention of crime.
A client always has a choice as to whether they wish to receive information from us. We will not contact a client for marketing purposes by email, phone or text, if they have specifically requested us not to. The “provision of consent” for marketing exercises is tagged in the CRM for all client contacts. If an expression of consent is withdrawn at any time, this will also be tagged in the CRM to confirm that the consent for direct contact has been withdrawn.
How you can access and update your information
The accuracy of your information is important to us. If you change email address, or any of the other information we hold is inaccurate or out of date, please email us at: or by writing to us at The Data Officer, Congility Limited, Mekon House, 31 -35 St Nicholas Way, Sutton, Surrey, SM1 1JN. Alternatively, our telephone number is: 020 8722 8499.
You have the right to ask for a copy of the information the Company holds about you (we may charge £10 for information requests to cover our costs in providing you with details of the information we hold about you).
In certain circumstances, such as where you believe that the data is no longer necessary for the purposes for which it was collected, you have a right to require us to erase all personal data held about you. Note: There are exemptions to this right, for example in relation to freedom of expression and compliance with legal obligations.
Security precautions in place to protect the loss, misuse or alteration of your information
When you give us personal information, we take steps to ensure that it’s kept securely.
Non-sensitive details (your email address etc.) are transmitted normally over the Internet, and this can never be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk. Once we receive your information, we will take all reasonable care to ensure its security on our IT Systems (soft copy information) or held securely in our offices (hard copy information).
The GDPR requires Congility to notify any Personal Data Breach to the applicable regulator (unless the breach is unlikely to result in a risk to your rights and freedoms) and, in certain instances, you.
We will notify you or any applicable regulator where we are legally required to do so.
We may make use of the information we hold about you to provide you with information that directly affects you or in the case of system users, their system.
Use of ‘cookies’
For the same reason, we may obtain information about your general internet usage by using a cookie file which is stored on the hard drive of your computer. Cookies contain information that is transferred to your computer’s hard drive. They help us to improve our site and to deliver a better and more personalised service. They enable us:
- To estimate our audience size and usage pattern.
- To store information about your preferences, and so allow us to customise our site according to your individual interests.
- To speed up your searches.
- To recognise you when you return to our site.
Links to other websites
In addition, if you linked to our website from a 3rd party site, we cannot be responsible for the privacy policies and practices of the owners and operators of that 3rd party site and recommend that you check the policy of that 3rd party site.
18 or Under
We are concerned to protect the privacy of children aged 18 or under (although under the GDPR this is currently the under 16’s). If you are aged 18 or under‚ please get your parent/guardian’s permission beforehand whenever you provide us with personal information.
Transferring your information outside of Europe
As part of the services offered to you, the information which you provide to us may be transferred to countries outside the European Union (“EU”).
These countries may not have similar data protection laws to the UK. By submitting your personal data, you’re agreeing to this transfer, storing or processing. If we transfer your information outside of the EU in this way, we will take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this Policy.
If you access our services while you are outside the EU, your information may be transferred outside the EU to provide you with those services.
At the time of publication of this Policy, our web site does not use the any web site recording service. Should this change then this Policy will be updated to reflect this change.
Your Rights Under Data Protection Legislation
You have various rights under data protection legislation:
- your right to access information held about you. Your right of access can be exercised in accordance with the Act. Any access request may be subject to a fee of £10 to meet our costs in providing you with details of the information we hold about you.
- Your right to correct any errors in the information we hold about you, and to change and correct any details you have already given us. Please inform us about any changes to your details so that we can keep our records accurate and up to date.
- Your right to ask us not to process your personal data for marketing purposes. We will inform you (before collecting your data) if we intend to use your data for such purposes end elicit your explicit consent to receive such material. At any time, you can exercise your right to withdraw such consent by requesting that you be removed from any mailing. Congility will then flag your contact details in our system as having withdrawn consent for direct contact. You can also exercise this right at any time by emailing us at: or by writing to us at The Data Officer, Congility Limited, Mekon House, 31 -35 St Nicholas Way, Sutton, Surrey, SM1 1JN. Alternatively, our telephone number is: 020 8722 8499.
Review of this Policy
We keep this Policy under regular review. This Policy was last updated in May 2018.