Privacy Notice – Cedaro Limited

Cedaro Limited operate this website https://www.cedaro.co.uk and is part of the Digital Phone Company Group, which includes Digital Phone Company Ltd, Digital Phone Holdings Ltd, Online Mobiles Ltd t/a Hypermobile and Cedaro Ltd.

At Cedaro Ltd (referred to in this policy as “us” or “we” or “our”) we take privacy seriously and want you to be fully aware of the personal data we collect, why we collect it and who we share it with. We are committed to protecting and respecting your privacy and complying with applicable data protection and privacy laws. The following Privacy Notice sets out to achieve this.

This Notice and any other documents referred to in it sets out:

• How we collect your personal information, why and what for.
• Why we process your personal information
• When and why we disclose your personal information to other organisations.
• Your personal information; along with your rights and choices
• Why we use cookies.
• The steps we take to ensure your information is kept secure and confidential.
• How long we will hold your information for.
• How to contact us.

Our site, products or services may, from time to time, contain links to and from the websites of other companies, our partner networks and affiliates. If you follow a link to or from any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

By using this website and/or by submitting personal data to us, you accept and agree to the processing of your personal data in accordance with this Policy. If you do not agree with this Policy, please do not use this website or provide us with your personal data.

If you wish to contact us regarding privacy or anything on this document please write to; Data Protection Officer, Cedaro Ltd, 16 Southgates Road, Great Yarmouth, Norfolk, NR30 3LJ. Alternatively, you can email privacy@cedaro.co.uk or call 01603 777770. If our response is not to your satisfaction or you believe we are not using your personal data correctly, you have the right to complain to the Information Commissioner at https://ico.org.uk/.

1. Information we may collect from you

We may collect and process the following data about you and your business:

1.1 Information which is available as part of a networking group of which both you and we are a member of.
1.2 Information that you provide by filling in forms on our site or when speaking to our customer service and/or sales teams. This includes information provided at the time of making purchases from our site, registering for further information, entering a sales promotion, or otherwise contacting us.
1.3 If you contact us, we may keep a record of that correspondence for our records and to administer our business.
1.4 We may also ask you to complete surveys that we use for research purposes, although you do not have to respond to them.
1.5 Details of transactions you carry out face-to-face, on the phone or through our website, and of the fulfilment of your orders.
1.6 Details of your visits to our website including, but not limited to, traffic data, & location data and the resources that you access for statistical purposes.

2. IP addresses

We may collect information about your computer, including where available your Internet protocol (IP) address, operating system and browser type, for system administration and to report aggregate information. This is collected to ascertain statistical aggregate data about our users’ browsing actions and patterns.

3. Cookies

Cookies are small pieces of data stored on your computer’s hard drive and browser which allow us to recognise your computer.

We use cookies for the following reasons:

3.1 To distinguish you from other users of our site and to track patterns of behaviour of visitors to our site.
3.2 To enhance the functionality of our site which helps to provide you with a good user experience
3.3 For marketing purposes and to collect website traffic data and anonymous profiling
3.4 To identify your device and IP address to provide benefits to you including preventing the need to re-enter items you place in a shopping cart if you do not finish a transaction in a single visit.
3.5 To reduce fraudulent activity via identification of your IP address and any prior activity relating to it.
3.6 If we believe an order has been placed fraudulently, or our online system has been abused, we may share that information with third parties including the Police, credit card companies and any other organisation that may help to track and/or prevent future occurrences of fraud or abuse.

Cookies are stored on your browser and you can choose to modify your browser to prevent this from happening. Please understand that if cookies are turned off, you may not be able to view certain parts of this site that are designed to enhance your visit.

4. Lawful basis for processing

There are 6 lawful bases for processing personal information:

• Contract
• Legal Obligation
• Consent
• Legitimate Interest
• Vital Interest
• Public Task

Three of these are used by Cedaro Ltd.

Contract – By purchasing through us, you are entering into a contract with us as well as your chosen network and/or insurance provider. This basis is used when we process your information for the purpose of initiating and finalising those contracts.

Consent – We may ask your consent to be contacted for marketing purposes at the time of taking out a contract. Where this basis is used, it will be clear and require a positive opt-in.

Legitimate Interest – This is used for all other purposes where the Contract or Consent basis are not suitable. For example: processing customer information for marketing purposes or backing up data for the ability to recover from a system failure. Legitimate Interest is used when we have a genuine, lawful need to process your information to achieve a business objective and our interest is not over-ridden by your own interests, rights or freedoms.

5. Your rights and choices

At any point while we are in possession of or processing your personal data, you, the data subject, have the following rights:

5.1 Right of Access

Should you wish to see the data that is being processed on you by us, you can request this in-store or via emailing privacy@cedaro.co.uk. Data will be provided free of charge unless the request is unfounded, excessive or repetitive; in which case a fee relative to the administrative cost of such a request will be charged. Information will be provided without delay and within 28 days of receipt of request. To provide you with a copy of the data we hold we will need to prove your identity using reasonable means.

5.2 Right to Rectification

You have the right to have inaccurate personal data rectified; you can request this verbally or in writing. We will take reasonable steps to ensure that the data is accurate and to rectify the data if necessary, within 28 days. Rectification will be free of charge unless the request is unfounded or excessive, at which point a reasonable fee may be requested. All processing on the person in question will be put on hold whilst we take steps to ensure the accuracy of the data. We will request the individual requesting rectification prove their identity before complying with the request.

5.3 Right to Erasure

The right to erasure, also known as the right to be forgotten, allows you to request any of your personal data be deleted. This right is not absolute and only applies in certain circumstances; for instance, if the personal data is no longer necessary for the purpose it was initially collected, or if we gained the data with your consent, and you withdraw that consent. We will respond within 28 days of receiving your request. We will request proof of ID to verify your identity before we act on the request.

5.4 Right to restrict processing

You have the right to request the restriction or suppression of your personal data, this is not an absolute right and will only apply in some circumstances. Should you request to restrict, verbally or in writing, we will only store the data and not use it. We will ensure this is done without undue delay and within 28 days of your request; we will request ID to prove your identity.

5.5 Right to data portability

The right to request that we move, copy or transfer your personal information that was originally given to us during the contract process. Data will be supplied in a structured, commonly used and machine-readable format (usually .csv). We will act upon the request without undue delay and within 28 days of receipt; we will require ID to prove your identity.

5.6 Right to object

If our lawful basis is legitimate interest, you have the right to object, in certain circumstances, to the use of processing your personal data. We will respond without undue delay and within 28 days of receipt of your request.
You have absolute right to object to the use of your personal data for direct marketing. We will stop sending you direct marketing at the earliest opportunity once the request is received. To object to direct marketing contact us in-store, or by emailing privacy@cedaro.co.uk.

6. Storage of your personal data

6.1 Data Quality

We take steps to keep the personal data we possess accurate and up-to-date and to delete out of date or otherwise incorrect or unnecessary personal data. Please remember that it is your responsibility to provide us with correct details as well as to update the personal data you have provided us with in case of any changes.

6.2 Data Security

Unfortunately, the transmission of information via the internet can never be completely secure. Although we will do our best to protect your information, we cannot guarantee the security of information transmitted to our site; any transmission is at your own risk.
Once we have received your information, we will use procedures and security features to try to prevent unauthorised access. Such measures include, where appropriate, the use of firewalls, secure server facilities, encryption, implementing proper access rights
management systems and processes as well as careful selection of processors. Where appropriate, we may also take back-up copies and use other such means to prevent accidental damage or destruction to your personal data.

The information that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. Such staff may be engaged in, among other things, the fulfilment of your order and the processing of your payment details. By submitting your personal data, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Policy.

6.3 Retention of Data

The length of time we retain your information is dependent on what we are holding and why we are holding it. We will not keep your information for longer that is necessary for our business or legal requirements.

As a data processor we will hold your information for as long as the network and or supplier request us to, this is mainly for fraud prevention and data security along with contractual purposes.

As a data controller, we need your data to carry out legal obligations arising from any contracts entered between you and us. We may process personal data for up to 7 years if you are a prospective customer and for the length of your contract plus 7 years if you become a customer. This is in keeping with our legitimate interests and contractual obligations.

We may also store personal data for up to 7 years for any of the following reasons:
• Respond to any questions or complaints
• To show that we treated you fairly
• To maintain records to comply with legal and regulatory rules that apply to us
• In keeping with our legitimate interests and contractual obligations
We may store your personal data in paper or electronic formats, both of which are stored securely. If we delete your personal information it may persist on back-up or archival media for legal, tax or regulatory purposes. Where data is deleted, we have processes in place to securely dispose of data we no longer require.

If you have any queries relating to our use of your personal information or any other related data protection questions, please contact us at privacy@cedaro.co.uk or write to us at Data Protection Officer, Cedaro Ltd, 16 Southgates Road, Great Yarmouth, Norfolk, NR30 3LJ.

7. How your information is used

We use information held about you in the following ways:

7.1 To ensure that content from our site is presented in the most effective manner for you and your computer.
7.2 Prospecting for new customers & lost customer prospecting
7.3 To manage customer quotes & tenders and to carry out our obligations arising from any contracts entered between you and us.
7.4 To carry out credit checks, identity, location and security checks.
7.5 Quality monitoring of calls
7.6 To notify you about changes to our service or to your contract.
7.7 To personalise our offering and to provide you with information, products or services that you request from us or which we feel may interest you. Where you have consented to be contacted for such purposes.
7.8 To develop our products and/or services. However, for the most part we only use aggregate and statistical information for this

As an existing customer we may send you offers on products or services like those which you have previously purchased from us. You can opt out of this at the point you initially give us your personal information or by following the instructions in any future communication from us. Due to their nature, service messages may not contain opt-out instructions.

8. Disclosure of your information

We may disclose your personal information to any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.

We will not pass on your personal data to third parties unless: it is a requirement of the service or product you have with us, where this will be detailed within the contract, if it is a prerequisite to the service or product you intend to have with us, you will be notified beforehand, or it is a legal requirement to do so.

8.1 Mobile networks or insurance companies who process personal data for us for the purposes described in this Policy. The network provider may use this information to carry out credit checks and security checks as well as for other purposes.
8.2 Licensed credit reference agencies so that they can carry out credit checks and security checks on our behalf.
8.3 Distribution and/or courier companies for the purposes of fulfilling your order
8.4 Companies we have a joint venture or agreement to co-operate with
8.5 Companies we have contracts with, to provide you with the services agreed in your contract, e.g. device repair centres
8.6 Debt collection agencies or other debt recovery organisations
8.7 If we sell or buy any business or assets, in which case we may disclose your information to the prospective seller or buyer of such business or assets;
8.8 If we or substantially all our assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
8.9 If we are under a duty to disclose or share your information to comply with any legal obligation, or to enforce or apply our Terms and Conditions of Supply (which can be viewed on our site) and other agreements; or to protect the rights, property, or safety of our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

9. Changes to our Privacy Notice

We may from time to time decide to change this Policy with or without notice, to reflect any changes to our privacy practices in accordance with changes to legislation, best practice or any enhancements. Any changes we may make to this Policy in the future will be posted on this page and will become effective as soon as they are posted. We will assume you have accepted any such change if you continue to use this site after such changes have been posted and before such period has expired. If you do not accept any such changes, please contact us by using the contact details below and ask us to stop using your personal data. We recommend that you re-visit this Policy from time to time to learn of any such changes to this Policy.

10. Contact details

Any questions or requests regarding this Notice are welcomed and should be addressed to:

Data Protection Officer
Cedaro Ltd
16 Southgates Road
Great Yarmouth
Norfolk
NR30 3LJ

Or alternatively electronically at privacy@cedaro.co.uk.

Version 2.0, last modified 5th June 2018