Who we are
Coreix are committed to ensuring our business, services and internal processes are GDPR compliant.
This policy (together with our Terms of Service www.coreix.net/legal and any other documents referred to therein) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
For the purpose of the GDPR regulation Coreix Ltd (company registration No. 4821355) of First Floor, Unit 6, Silver Court, Welwyn Garden City, AL7 1LT, will act as a data processor for personal data that has been provided via our website at www.coreix.net (our ‘site’). This includes information provided at the time of registering to use our site or subscribing to our services, posting material or requesting further services.
Our nominated representative for the purpose of the Act is Paul Davies.
What kinds of personal information do we collect?
We collect information about you when you register for a service from us and the information includes: your name, company name, contact details, address, IP address and payment information: credit or debit card details. We do not collect sensitive information from individuals.
We use your information for administrative and business purpose to carry out our contract, provide the services and manage your account:
- Your contact details and other information to confirm your identity and your communications with us. This includes your name, address, phone number, email address, server ID
- Your communications with us, including emails, webchats and phone calls. (We collect your phone number and any information provide to us during your conversation with us.)
- Your payment and financial information including billing representative names, contact details and payment card details which we collect via secure payment processing services.
- Details you provide through our support ticket system (contact information, a summary of the problem you are experiencing or information that would be helpful in resolving the issue)
- Details of transactions you carry out through our site, the fulfilment of orders and the provision of services to you.
- Details of your visits to our site (including, but not limited to, traffic data, location data, weblogs)
IP addresses and cookies
We may collect information about your computer, including where available your IP address, operating system and browser type, for system administration and reporting purposes. This is statistical data about your browsing actions and patterns, and does not identify any individual. We may obtain information about your general internet usage by using a cookie file which is stored on the hard drive of your computer. Cookies contain information that is transferred to your computer's hard drive. They help us to improve our site and to deliver a better and more personalised service. They enable us:
- To estimate our audience size and usage pattern.
- To store information about your preferences, and so allow us to customise our site according to your individual interests.
- To speed up your searches.
Where we store your personal data
Your personal data is stored on our own servers and this hardware is located in Enfield Data Centre ISO27001 certified. None of your personal data is transferred outside the EEA.
We have strict security measures to protect your personal information, follow our security procedures and apply suitable technical measures, such as encryption, regular penetration testing of systems to protect your information. All Coreix Ltd employees are trained with regards to access, security and processing of any personal data stored on our servers.
Uses made of the information
We use information held about you in the following ways:
- To ensure that content from our site is presented in the most effective manner for you and for your computer.
- To provide you with information, products or services that you request from us or which we feel may interest you, where you have consented to be contacted for such purposes.
- To carry out our obligations arising from any contracts entered into between you and us.
- To allow you to participate in interactive features of our service, when you choose to do so.
- To notify you about changes to our service.
We (and our group companies) may also use your data to provide you with information about our goods and services which may be of interest to you and we may contact you about these by email, post or telephone. If you do not want us to use your data in this way, or to pass your details on to third parties for marketing purposes, please tick the relevant box situated on the form on which we collect your data.
Disclosure of your information
We may disclose your personal information to any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 Companies Act 2006.
We may disclose your personal information to third parties:
- In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
- If Coreix Limited or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
- If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, including a contractual obligation, or in order to enforce or apply our Terms of Service www.coreix.net/legal/ and other agreements; or to protect the rights, property, or safety of Coreix Limited, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
Disclosure of your information for legal reasons
We disclose your information to other third parties in specific circumstances:
- We will use your personal information to help prevent and detect crime and fraud. If we suspect that criminal or potential criminal conduct has occurred, we will in certain circumstances need to contact an appropriate authority, such as the police.
- We will use your information with debt collection agencies if you do not pay amounts owed to us when you are contractually obliged to do so.
- We will use and process your information in order to comply with legal obligations to which we are subject. For example, we may need to disclose your information pursuant to a court order
The use of your data
The Board of Directors for Coreix Limited is committed to comply with applicable legal requirements and with other requirements which relate to all aspects of personal information in relation to its business activities, products and services we offer. We are committed to fulfilling compliance obligations by continually improving our business management system (which includes the personal information management system) and general performance as an integral part of our business strategy and operating methods. Development will be reviewed annually with objectives and targets through the Business Management System framework.
Coreix Limited is committed to comply with data protection requirements and good practice where applicable, including:
- processing personal information only where this is strictly necessary for legal and regulatory purposes, or for legitimate organizational purposes;
- processing only the minimum personal information required for these purposes;
- providing clear information to natural persons (including children) about how their personal information can be used and by whom;
- ensuring special safeguards when collecting information directly from children;
- only processing relevant and adequate personal information;
- processing personal information fairly and lawfully;
- maintaining a documented inventory of the categories of personal information processed by the organization;
- keeping personal information accurate and, where necessary, up-to-date;
- retaining personal information only for as long as is necessary for legal or regulatory reasons or for legitimate organizational purposes and ensuring timely and appropriate disposal;
- respecting natural persons’ rights in relation to their personal information;
- keeping all personal information secure;
- only transferring personal information outside the UK in circumstances where it can be adequately protected;
- where appropriate, the strategy for dealing with regulators across the EU, where goods and/or services are offered to natural persons who are resident in other EU countries;
- the application of the various exemptions allowable by data protection legislation;
- developing and implementing additions to the BMS to enable the BMS policy to be implemented in relation to any personal information held;
- where appropriate, identifying internal and external interested parties and the degree to which they are involved in the governance of the organization’s BMS;
- the identification of workers with specific responsibility and accountability for the BMS;
- maintain records of processing of personal information;
The policy is applicable to the entire business.
Coreix does not store any data which falls into Article 9 of the GDPR, which are defined under 3.1.30 under BS10012:2017 as follows:
- racial or ethnic origin;
- political opinions;
- religious or philosophical beliefs;
- trade-union membership;
- the processing of genetic information;
- biometric information for the purpose of uniquely identifying a natural person;
- information concerning health or information concerning a natural person's sex life or sexual orientation.
Coreix is not required to appoint a DPO due to the fact we do not meet criteria stated under Article 37 of the GDPR.
- Coreix is not a public authority or body;
- the core activities of Coreix do not consist of processing operations which, by virtue of their nature, their scope and/or their purpose, require regular and systematic monitoring of data subjects on a large scale; and
- the core activities of Coreix do not consist of processing on a large scale of special categories of data pursuant to Article 9 and personal data relating to criminal convictions and offences referred to in Article 10.
How long we retain your personal data
We will retain your personal information for as long as necessary to fulfil the purposes we collected it for; such as any legal, accounting, or reporting requirements. After such time, we will either delete or anonymize your information or, if this is not possible, then we will securely store your information and isolate it from any further use until deletion is possible.
Order information, copy of your bills we retain for 6 years from the date of the order placed in accordance with our legal obligation to keep records for tax purposes. Contact Details we retain as long as you are one of our clients and six years after
Criteria for determining retention periods
To determine the appropriate retention period for personal data, we consider the following:
- the amount, nature, and sensitivity of the personal data
- the purposes for which we process your personal data
- the potential risk of harm from unauthorised use or disclosure of your personal data
- the applicable legal requirements
In the unlikely event of a breach occurring (as defined in the GDPR) we will notify you within 48 hours of the breach coming to our attention. This will be enough time for you to consider your requirements, under GDPR, for reporting the breach to the ICO and Data Subjects.
You have the right to ask us not to process your personal data for marketing purposes. We will usually inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data. You can also exercise the right at any time by contacting us at firstname.lastname@example.org.
Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
Access to information
To access information we have on you use: https://www.coreix.net/assets/pdf/p_Company_Right_of_Access.pdf and follow the instruction.