- What information we collect, and why we collect it;
- How we use that information;
- How we protect that information;
- How you can control your information, including accessing, updating and deleting what we store; and
- How we share information collected.
Information we collectInformation you give us We may collect or record basic personal information which you voluntarily provide through completing forms on our Site, through electronic mail you send to us, or through other means of communication between you and us. The categories of personal information you provide may include:
- first and last name;
- job title and company name;
- email address;
- phone number
- mailing address;
- password to register with us;
- your personal or professional interests;
- any other identifier that permits us to make contact with you.
- general non-personal information pertaining to users of our sites technical information, including the Internet protocol (IP) address, source domain names, specific web pages, length of time spent, and pages accessed, browser type, internet service provider, device identifier, your login information, time zone setting, browser plug-in types and versions, operating system and platform, and geographical location;
- information about your visits and use of the Site, including the full Uniform Resource Locators (URL), clickstream to, through and from our Site, pages you viewed and searched for, page response times, length of visits to certain pages, referral source/exit pages, page interaction information (such as scrolling, clicks and mouse-overs), and website navigation and search terms used.]
- information about individual contacts for our customers (“Business Contact Information”) in the ordinary course of our business for managing and maintaining customer relationships. In particular, we may obtain the following types of Business Contact Information: name, address, invoice information including bank account information, and order information.
- To comply with legal obligations;
- Third parties with which we have contractual agreements to assist in administration of company sponsored benefits;
- Inquiries from third parties with a signed authorisation from the employee to release the information. All such requests of this type shall be referred to and completed on a confidential basis by the human resources or payroll department. The information will be returned directly to the requesting party and filed as part of the human resources department’s confidential records;
- Requests from prospective employers for written verification of employment. As it may not be reasonable for us to ask for consent from past employees on every occasion that we receive a reference request, past employees should let us know if they object to us processing their data for this purpose. All such requests of this type shall be referred to and completed on a confidential basis by the human resources or payroll department. The reference letter will be returned directly to the requesting party and filed as part of the human resources department’s confidential records.
How We Use InformationAs a data controller, we will only use your personal information if we have a legal basis for doing so. The purpose for which we use and process your information and the legal basis on which we carry out each type of processing is explained in the table below. Note that we may process your personal data for more than one lawful ground if the data is used for several purposes. Please Contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.
|Purposes for which we will process the information||Type of data||Legal Basis for the processing|
|To provide you with information and materials that you request from us.||(a) Identity (b) Contact||It is in our legitimate interests to respond to your queries and provide any information and materials requested in order to generate and develop business. To ensure we offer an efficient service, we consider this use to be proportionate and will not be prejudicial or detrimental to you.|
|To personalise our services and products and the Sites to you.||(a) Identity (b) Contact (c) Technical||It is in our legitimate interests to improve the Site in order to enhance your experience on our Site, to facilitate system administration and better our services. We consider this use to be proportionate and will not be prejudicial or detrimental to you. If you do not wish to receive tailored or personalised information from us based on personal information you have provided us, please contact us as provided in “Contacting Us” above.|
|To update you on services and products and benefits we offer.||(a) Identity (b) Contact (c) Profile (d) Usage (e) Marketing and Communications (f) Technical||It is in our legitimate interests to market our services and products. We consider this use to be proportionate and will not be prejudicial or detrimental to you. If you would prefer not to receive any direct marketing communications from us, you can opt-out at any time by contacting us as providing in “Contacting Us” above. For direct marketing sent by email to new contacts (i.e. individuals who we have not previously engaged with), we need your consent to send you unsolicited direct marketing.|
|To send you information regarding changes to our policies, other terms and conditions and other administrative information.||(a) Identity (b) Contact (c) Technical (d) Usage (e) Profile||It is in our legitimate interests to ensure that any changes to our policies and other terms are communicated to you. We consider this use to be necessary for our legitimate interests and will not be prejudicial or detrimental to you.|
|To administer our Sites including troubleshooting, data analysis, testing, research, statistical and survey purposes; To improve our Sites to ensure that consent is presented in the most effective manner for you and your computer, mobile device or other item of hardware through which you access the Sites; and To keep our Sites safe and secure.||(a) Identity (b) Contact (c) Technical (d) Usage (e) Profile||For all these categories, it is in our legitimate interests to continually monitor and improve our services and your experience of the Sites and to ensure network security. We consider this use to be necessary for our legitimate interests and will not be prejudicial or detrimental to you.|
|To measure or understand the effectiveness of any marketing we provide to you and others, and to deliver relevant marketing to you.||(a) Identity (b) Contact (c) Technical (d) Usage (e) Profile||It is in our legitimate interests to continually improve our offering and to develop our business. We consider this use to be necessary in order to effectively generate business and will not be prejudicial or detrimental to you.|
|To enforce the terms and conditions and any contracts entered into with you.||It is in our legitimate interests to enforce our terms and conditions of service. We consider this use to be necessary for our legitimate interests and proportionate.|
MarketingWe strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising. Third-party marketing – we do not share personal data with any company outside the Jonas group for marketing purposes.
Opting outYou can ask us to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or by contacting us at any time.
Change of purposeWe will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you in a timely manner and we will explain the legal basis which allows us to do so.
Fitronics Ltd T/A CAP2 as data processorIn certain cases, we also operate as an data processor and we collect and process personal information on behalf of our business customers in the provision of our services and products. In these circumstances, Fitronics Ltd T/A CAP2 is acting as a data processor and our business customers remain the data controller in respect of personal information they provide to us. Our business customers remain the data [information] controllers with respect to any customer information that they provide to us for our provision of services. To the extent that we are acting as data processor, we therefore act in accordance with the instructions of such customers regarding the collection, processing, storage, deletion and transfer of customer information, as well as other matters such as the provision of access to and rectification of customer. We will only use such personal information for the purposes of providing the services and products for which our business customers have engaged us. Our business customers are responsible for ensuring that these individuals’ privacy is respected, including communicating to the individuals in their own privacy policies who their personal information is being shared with and processed by. As a data processor, we may share personal information where instructed by our business customer. Where authorized by the business customer, we may also share personal information with third party service providers who work for us and who are subject to security and confidentiality obligations. Where Fitronics Ltd T/A CAP2 is acting as a data processor, we will refer any request from an individual for access to personal information which we hold about them to our customer. We will not respond directly to the request. We will retain personal information which we process on behalf of our customers for as long as needed to provide services and products to our customers and in accordance with any agreement in place with our customers.
- comply with law
- enforce or apply the terms of any of our user agreements
- protect our rights, property or safety,, or the rights, property or safety of our users, or others
- in the event that we become involved in a business divestiture, change of control, sale, merger, or acquisition of all or a part of our business, in which case we may disclose your personal information to the prospective seller or buyer of such business or assets;
- if all or substantially all of our assets are acquired by a third party, in which case personal information held by it about its customers will be one of the transferred assets;
- if we are under a duty to disclose or share your personal information in order to comply with any legal or regulatory obligation;
- if necessary to protect the vital interests of a person; and
- to enforce or apply our terms and conditions or to establish, exercise or defend the rights of Fitronics Ltd T/A CAP2, our staff, customers or others.
International TransfersWe share your personal data within the Jonas Group. This will involve transferring your data outside the European Economic Area (EEA) to Canada the USA, Australia and New Zealand. Canada and New Zealand have been deemed by the EU as having an adequate level of protection for personal data. Many of our external third party service providers and business partners are based outside the European Economic Area (EEA) so their processing of your personal data will involve a transfer of data outside the EEA to the United States, Canada, and Australia. Whenever we transfer your personal data outside the EEA to the countries identified above which have not been deemed by the EU to have an adequate level of protection for personal data, and specifically to the US, we ensure a similar degree of protection is afforded to it by using standard data protection clauses approved by the European Commission (as permitted under Article 46(2)(c)) that are designed to help safeguard your privacy rights. You can contact us as provided in “Contacting us” above if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.
Security of Your Personal DataThe security of your personal information is important to us. We follow generally accepted industry standards to protect the personal information submitted to us, both during transmission and once we receive it. We use appropriate measures to safeguard personally identifiable information, which measures are appropriate to the type of information maintained, and follows applicable laws regarding the safeguarding of any such information under our control. In addition, in some areas of our Sites, we may use encryption technology to enhance information privacy and help prevent loss, misuse, or alteration of the information under our control. We also employ industry-standard measures and processes for detecting and responding to inappropriate attempts to breach our systems. No method of transmission over the Internet, or method of electronic storage, can be 100% secure. Therefore, we cannot guarantee the absolute security of your information. The Internet by its nature is a public forum, and we encourage you to use caution when disclosing information online. Often, you are in the best situation to protect yourself online. You are responsible for protecting your username and password from third party access, and for selecting passwords that are secure. If you have any questions about security on our Site, you can contact us as provided in “Contacting us” above.
Data Retention: How Long We Keep Your Personal DataWhen you contact us, we may keep a record of your communication to help solve any issues that you might be facing. Your information may be retained for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirement. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. [Details of retention periods for different aspects of your personal data are available in our retention policy, which you can request by contacting us].
Your rightsSubject to certain limitations, you have rights under data protection laws in relation to your personal data. These rights include the rights to:
- Request access to your personal data – (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it. Note that we may refuse to comply with a request for access if the request is manifestly unfounded or excessive, or repetitive in nature.
- Request correction of your personal data – this enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us. Note that we may refuse to comply with a request for correction if the request is manifestly unfounded or excessive, or repetitive in nature.
- Request erasure of your personal data – this enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note that we may refuse a request for erasure, for example, where the processing is necessary to comply with a legal obligation or necessary for the establishment, exercise or defence of legal claims.
- Request restriction of processing your personal data – this enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it. Note that we may refuse to comply with a request for restriction if the request is manifestly unfounded or excessive, or repetitive in nature.
- Request transfer of your personal data – we will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies where your personal data is processed by us with your consent or for the performance of a contract and when processing is carried out by automated means.
- Right to withdraw consent – you can withdraw your consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent.
Your Right To ObjectDirect marketing You have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms. Where we process your information based on our legitimate interests. You also have the right to object, on grounds relating to your particular situation, at any time to processing of your personal information which is based on our legitimate interests. Where you object on this ground, we shall no longer process your personal information unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
Exercising Your RightsIf you wish to exercise any of the rights set out above, including withdrawing consent, please contact us giving us specific details regarding which right you choose to exercise. No fee usually required You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances. What we may need from you We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response. Time limit to respond We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated. Please direct any questions about your information to the Data Protection Contact identified above.
- Completion and support of Site activity;
- Site and system administration;
- Research and development; and
- Anonymous user analysis, user profiling, and decision-making.
|Forgot_session_id||Session id if forgot password|
|Homeportal_booking_session_id||Booking session id|
|Homeportal_check_field||Temporarily holds forgot password question|
|Homeportal_check_value||Temporarily holds forgot password answer|
|Homeportal_got_past_search||If got past search on journey|
|Homeportal_kiosk_back||Adds back button to kiosk mode if set|
|Homeportal_last_search||Saves user search settings|
|Homeportal_session_id||Login session ID|
|isFirstLogin||If user logged in for first time|
|Move_hash||Used for moving members|
|Register_session_id||Id of newly registered member|
|Reset||Clears cookie user ids|
|smallPrint||Address details to be displayed for centre on Direct Debit mandate.|
|Theme||Theme (this may not be used anymore)|
|EU_COOKIE_LAW_CONSENT||Stores record of consent for cookies.|
|Third Party Cookies||Cookie Name(s)||Purpose||Link|
Social Media and Online EngagementWe occasionally use a variety of new technologies and social media options to communicate and interact with customers, potential customers, employees and potential employees. These sites and applications include popular social networking and media sites, open source software communities and more. To better engage the public in ongoing dialog, certain of our businesses use certain third-party platforms including, but not limited to, Facebook, Twitter and LinkedIn. Third-Party Websites and Applications (TPWA) are Web-based technologies that are not exclusively operated or controlled by us. When interacting on those websites, you may reveal certain personal information to us or to third parties. Other than when used by our employees for the purpose of responding to a specific message or request, we will not use, share, or retain your personal information.