CRM Technologies Ltd ("CRMT", "we", "us", and "our") respect your privacy. This Policy applies to CRMT’s websites, products, and services that refer to this Policy in our role as “Data Controller” for your personal information. We also act as a “Data Processor” for some of the services and products we provide our customers and treat their data with the same level of respect. Our duties as a Data Processor are outlined in contractual agreements between us and our customers. Please contact us if you have any questions regarding our duties as a data processor.
This Policy describes how CRMT processes your personal data, but it may not address all possible data processing scenarios. We may inform you of product or service specific data collection through supplementary policies or notices provided before collection.
This Policy describes:
1. How We Collect & Use Your Personal Data
Personal data means any data that, either on its own or jointly with other data, can be used to identify you as an individual. You directly provide us with such data when you use our websites, products, or services, or interact with us by, for example, creating an online account, at events or contacting us by phone. We may also obtain data by recording how you interact with our websites, products, or services. For example, we may use technologies like cookies or receive use data from software running on your device. As permitted by law, we may also obtain data from public and commercial third-party sources.
As a company that sells its products and services to other business, the personal data we collect is about you and your company. This includes name, company, job position, postal and email addresses, phone number, login information (account and password), IP address etc., depending on how you interact with us. We also collect the information you provide to us and the content of messages you send us, such as the query information you provide, or the questions or information you provide for customer service support.
Before using our products or services, you may need to provide personal data. In some cases you may be able to opt not to disclose your personal data to us.
We may use your personal data for the following purposes:
- Creating an account.
- Fulfilling your transaction or service requests, including fulfilling orders; delivering, activating, or verifying products or services; participating in onsite or virtual activities; fulfilling your requests for changes or providing you with the requested information (such as marketing materials for products and services, and white papers); and providing technical support.
- Contacting you with your consent; sending you information about products and services that may interest you; inviting you to participate in our activities (including promotional activities), market surveys, or satisfaction surveys; or sending you marketing information. If you do not want to receive these types of information, you can opt out at any time via our preference centre.
- Providing you with customized user experience and content.
- Qualifying and managing suppliers and business partners, and communicating or working with suppliers and business partners.
- Complying with and enforcing applicable legal requirements, industry standards and our policies.
We may also collect and use non-personally identifiable information (Non-PII). Non-PII is information that cannot be used to identify a particular individual. For example, we will collect statistical data, such as the numbers of visits to our website. We collect this data to understand how users use our websites, products, and services so that we can improve our services and better satisfy our customer’s needs.
We will endeavour to isolate your personal data from non-PII and ensure that the two types of data are used separately. If personal data is combined with non-PII, it will still be treated as personal data during processing.
We will process your personal data following the requirements of applicable laws on an appropriate legal basis, including:
- Processing your personal data to fulfil the contract when responding to a transaction or service request;
- Processing your personal data with your consent;
- Processing based on the legitimate interests of CRMT or a third party when we use your personal data to contact you, conduct marketing or market surveys, improve our products and services, and other purposes. Legitimate interests include enabling us to more effectively manage and operate our business and provide our products and services; protecting the security of our businesses, systems, products, services, and customers; internal management; complying with internal policies and processes; and other legitimate interests described in this policy;
- Processing your personal data as necessary to comply with and fulfil legal obligations.
2. How We Protect and Retain Your Personal Data
The security of your personal data is important to us. We use appropriate physical, management, and technical measures to protect your personal data from unauthorized access, disclosure, use, modification, damage, or loss. For example, we use cryptographic technologies for data confidentiality, protection mechanisms to prevent attacks, and access control mechanisms to permit only authorized access to your personal data. We also provide training on security and privacy protection for employees to raise their awareness of personal data protection. We are committed to protecting your personal data; however, please note that no security measure is perfect.
We will retain your personal information for no longer than is necessary for the purposes stated in this Policy, unless otherwise extending the retention period is required or permitted by law. The data storage period may vary with scenario, product, and service. The standards we use to determine the retention period are as follows: the time required to retain personal data to fulfil business purposes, including providing products and services; maintaining corresponding transaction and business records; controlling and improving the performance and quality of products and services; ensuring the security of systems, products, and services; handling possible user queries or complaints and locating problems; whether the user agrees to a longer retention period; and whether the laws, contracts, and other equivalencies have special requirements for data retention; etc..
3. How We Disclose Personal Data
CRMT does not share your personal data with any third parties with the exception of our authorised service providers who are providing services to us under a contractual agreement. As part of our supplier due-diligence we ensure that such providers comply with applicable data protection regulations as a “Data Processor”. For example, we store your data in our marketing automation system which is provided by a third party.
To comply with applicable laws or respond to valid legal procedures, we may also disclose your personal data to law enforcement or other government agencies. If we are involved in a restructuring, merger & acquisition, or a bankruptcy or liquidation lawsuit in a given jurisdiction, your personal data may be disclosed in connection with the transaction. We may also disclose your data when appropriate, for example, to execute Terms and Conditions, when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss, or when it is in connection with an investigation of suspected or actual illegal activity.
4. How to Access & Control Your Personal Data
It is your responsibility to ensure that all personal data submitted to CRMT is correct. We are dedicated to maintaining the accuracy and completeness of personal data and keeping the data up-to-date.
To the extent required by applicable law, you may (i) have the right to access certain personal data we maintain about you, (ii) request that we update or correct inaccuracies in that data, (iii) object or restrict to our use of your personal data, and (iv) ask us to delete your personal data from our database. To exercise these rights, please contact us to give your feedback online. Your written request may be required for security. We may decline the request if we have reasonable grounds to believe that the request is a fraudulent, unfeasible or may jeopardize the privacy of others.
If allowed by applicable laws, you have the right to withdraw your consent at any time when we process your personal data based on your consent. However, withdrawal does not affect the legitimacy and effectiveness of how we process your personal data based on your consent before the withdrawal is made; nor does it affect any data processing based on another justification other than your consent.
If you think that the way we process your personal information does not comply with applicable data protection laws, you can contact the relevant competent data protection authority. You can obtain the information for contacting EU data protection authorities at http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm.
5. How We Process Children's Personal Data
Our websites, products and services are intended for adults and we do not intentionally store “special category” data as defined by the EU General Data Protection Regulation. If we become aware that we have accidentally collected a child's personal data or special category data, we will attempt to delete the data as soon as possible.
7. International Transfers of Your Personal Data
Your personal data collected by CRMT may be processed or accessed in the country/region where you use our products and services or in other countries/regions where CRMT, subsidiaries, service providers or business partners have a presence. These jurisdictions may have different data protection laws. In such circumstances, we will take measures to ensure that data is processed as required by this Policy and applicable laws, which includes when transferring the data subject’s personal data from the EU to a country or region which have been acknowledged by the EU commission as having an adequate level of data protection, we may use a variety of legal mechanisms, such as signing standard contractual clauses approved by the EU Commission, obtaining the consent to the cross-border transfer of a data subject in the EU, or implementing security measures like anonymizing personal data before cross-border data transfer.
8. Updates to This Policy
9. How to Contact Us
If you have any questions or suggestions, please contact us. If you have any privacy complaints or issues, and want to contact our Data Protection Officer (DPO), please write to:
Data Protection Officer (DPO)
CRM Technologies Ltd
100 Longwater Avenue
Last updated: May 2018