Skip to main content

General Privacy Notice

 
Who we are

Correla understands the importance of protecting personal information and is committed to complying with the UK GDPR,UK Data Protection Act (DPA 2018) and any other applicable data protection legislation applicable to the processing of personal data.

This notice applies to Correla Limited (“Correla”, “we”, “our”, or “us”). We are registered in England and Wales under company number 13062055 and have our registered office at Lansdowne Gate, 65 New Road, Solihull B91 3DL.

This Privacy Notice will be updated from time to time, so please ensure you check it regularly.


The personal information we collect and use:

In order to provide our services to you and our clients, we collect, use and are responsible for processing personal data to deliver those services. We collect that either directly from you or from third parties. Regardless of the source of data, Correla are committed to protecting your personal data and to ensuring that your personal information is used properly, lawfully and transparently.

Interactions:

How you interact with Correla or the services we provide to our clients, will determine the personal data we process about you. The types of interactions below detail the types of data collected and processed.

Visiting our website:
If you visit this website, we can collect the following personal data:

  • IP Address
  • Clicks and interactions with different pages
  • Analytics on how you interacted with the website
  • Your name and email address if you enter it into a form

The purposes for collecting and processing this data are:

  1. Monitor usage of the Correla website and identify which areas of the site are being utilized.
  2. Gather feedback and receive queries from website users on our products and services
  3. Collect contact details in order to supply our newsletter and/or inform you of upcoming Correla events.

 

The lawful basis.
Whenever personal data is collected, stored and used, the person or company collecting, storing and using it need something called a lawful basis. This is a legal requirement to explain why you’re doing so. For this interaction we collect, store and use under the following lawful basis:

1. Consent: Where we deploy cookies and other tracking technology, we require your consent to collect and process this data.
Where you provide your consent to receive our marketing newsletters or other electronic material
2. Legitimate Interest: Where you raise a query with us, we will use the contact details provided to respond to you in a timely manner.
For more information on lawful basis, find guidance here

Sharing your data
Circumstance and provision of service sometimes require the sharing of your data with suppliers of technology, law enforcement or other processor. We only do this under strict protocols and where we have the correct and sufficient mechanisms and controls in place. For this interaction we share your data with:

  • CRM Provider – We use a CRM provider to manage your consent and to provide the website.
  • Cookie control provider – We use an industry-leading supplier to provide you a compliant cookie control which enables you to provide your consent to cookies.
  • Google – If you consent to the use of Analytics via the Cookie control, your IP address, browsing history and other personal data will be shared with Google.

Visiting Our Office
If you visit the Correla offices, we collect the following personal data:
  • First Name & Last Name
  • Date & Time you entered and exited the building
  • CCTV Images
  • If you drive, your VRN
  • The name of the person you are visiting


The purposes for collecting and processing this data are:‍
1. Security & Health and Safety purposes
2. Detection & Prevention of Crime



The lawful basis
Whenever personal data is collected, stored and used, the person or company collecting, storing and using it need something called a lawful basis. This is a legal requirement to explain why you’re doing so. For this interaction we collect, store and use under the following lawful basis:

1.  Legitimate Interest: Where you raise a query with us, we will use the contact details provided to respond to you in a timely manner.

For more information on lawful basis, find guidance here


Sharing your data
Circumstance and provision of service sometimes require the sharing of your data with suppliers of technology, law enforcement or other processor. We only do this under strict protocols and where we have the correct and sufficient mechanisms and controls in place. For this interaction we share your data with:

  • Building Landlord – As Data Controller, they have access to the CCTV images for the purposes laid out above
  • The Health & Safety Team or the Fire Wardens should any accidents or evacuations occur
  • Law Enforcement should any crime be detected


Visiting us at an Exhibition or Conference

If you visit the Correla offices, we collect the following personal data:
  • First Name & Last Name
  • Email address
  • Job Title
  • Company

The purposes for collecting and processing this data are:‍
1.  Further contact relating to specific product or service enquiries
2.  Provision of newsletters or further Correla Event information


‍The lawful basis
Whenever personal data is collected, stored and used, the person or company collecting, storing and using it need something called a lawful basis. This is a legal requirement to explain why you’re doing so. For this interaction we collect, store and use under the following lawful basis:
1. Legitimate Interest: Where you raise a query with us, we will use the contact details provided to respond to you in a timely manner.
2. Consent: Where you provide your consent to receive our marketing newsletters or other electronic material
 
For more information on lawful basis, find guidance here

Sharing your data
Circumstance and provision of service sometimes require the sharing of your data with suppliers of technology, law enforcement or other processor. We only do this under strict protocols and where we have the correct and sufficient mechanisms and controls in place. For this interaction we share your data with:
The data collected from this interaction, at present, will not be shared with a third party for the provision of any services to Correla.
 
Responding to surveys
If you respond to a survey issued by Correla, we will collect the following data:

  • First Name & Last Name (This is survey dependent, sometimes we will not ask for this)
  • Your email address (This is survey dependent, sometimes we will not ask for this)
  • Date & Time you completed the survey
  • Your responses to the questions
  • Your IP address

The purposes for collecting and processing this data are:‍

  1. Feedback on the products and services offered by Correla
  2. Feedback on proposed Correla initiatives or future product development
  3. Assessment of Customer sentiment in relation to the delivery of our services

The lawful basis
Whenever personal data is collected, stored and used, the person or company collecting, storing and using it need something called a lawful basis. This is a legal requirement to explain why you’re doing so. For this interaction we collect, store and use under the following lawful basis:
1. Legitimate Interest: Providing your responses to our survey will enable us to:
a. Determine allocation of resources and funds for product or service development. 
b. Determine how our products and services can improve
c. Provide a benchmark on how well our services and products are performing
2. Consent: Where we provide you the option in the survey to receive further information from Correla, we will provide that information based on your consent.

For more information on lawful basis, find guidance here

Sharing your data
Circumstance and provision of service sometimes require the sharing of your data with suppliers of technology, law enforcement or other processor. We only do this under strict protocols and where we have the correct and sufficient mechanisms and controls in place. For this interaction we share your data with:

  • Survey agencies – In the provision and aggregation of the results, these agencies will process the data on behalf of Correla

 

How long do we keep your information?

We will keep your personal information only as long as is necessary to conclude the purpose for which it was collected, or to meet legislative requirements. Personal information will be securely destroyed or put beyond use when it is no longer required, in accordance with our data retention and information management policy.

International Data Transfers
Providers of certain technologies or services may operate from different countries. We operate a UK/Adequate country first policy when undertaking or considering the transfer your personal data outside of the UK.  Where we transfer data outside the UK we rely on the following:

UK GDPR Adequacy decisions: Under the regulation, a number of countries have been deemed adequate in their data protection laws and mechanisms, meaning they have an eqivilent level of protection as the UK. For example, The EU has adequate protection.

International Data Transfer Agreements (IDTAs). Where data is to be shared beyond an adequate country, Correla ensure that an IDTA is in place with that supplier, meaning an adequate contractual measure is in place to protect your data.

‍Your rights
‍The UK GDPR facilitates a number of rights for you to access, rectify and delete your data. Your rights are:

1. Right to be Informed: You have the right to ask us how and why we are processing your personal data. If we have provided this to you in the form of this Privacy notice, we will inform you. Where processing has not been identified in this notice, we will provide you with details of what data we are processing, why we are processing it, where we are processing it and how it is being processed.

2. Right to Access: You have a right to access and have a copy of your information provided to you.

3. Right to Rectification: You have the right to have your data updated where inaccuracies have occurred and for that data to be completed, where it remains incomplete.

4. Right to erasure (Also knows as the Right to be Forgotten): You have a right for your data to be deleted, but only if you meet a particular element of the following criteria:

  1. We don’t need the data anymore to provide the service or product,
  2. You have withdrawn your consent for us to process that data,
  3. If you have objected to the use of your data and we can no longer justify the reason for processing your data,
  4. You have objected to direct marketing we undertake,
  5. There is a legal obligation which requires us to erase the data,
  6. It is found that we have processed the data unlawfully,
  7. You wish us to erase the data based on it being processed.


5. Right to restrict processing: You have the right to restrict us from processing your data if:
a. You don’t believe the data we are processing about you is accurate,
b. The data we are processing has been obtained without a lawful basis and you wish to restrict the processing rather than delete it
c. You wish us to retain the data when it is no longer needed by us to provide the service, in support of a legal claim,
d. Where you have objected to the processing of your data and we are in the process of considering the legitimate interest we have in processing it

6. Right to data portability: Where you have provided data to us and Correla is the Data Controller, you have the right to be provided your data in a format that enables you to transfer that data to another provider.

7. Right to object to processing: You have the right to object to our processing of your personal data where:

  1. We are directly marketing to you – this is an absolute right.
  2. Where our we are processing under legitimate interest. This is not an absolute right and we may continue to process your data if our legitimate interest is compelling for the continuation of processing
  3. We are processing the data under the lawful basis of ‘Public Task’.

8. Rights relating to automated decision making and profiling: Where we undertake automated decision making as part of our services or pridcuts (in which your personal data is or can be processed) you can request:

  1. Information on those automated decisions and profiling outputs,
  2. Human intervention where you are challenging a decision presented by the automated process,
  3. Information on the regularity of the checks we carry out to ensure the systems generating those decisions are working as intended.
Exercise Your Rights
To exercise any of the rights above, please email the Correla privacy team stating:
  • The right(s) you wish to exercise
  • Any specifics relating to the data that may help us identify and implement your request.

The email for the Correla Privacy team is: box.correla.privacy@correla.com

We reserve the right to request identification from you to verify your request and to ensure accuracy and security of any data provided under the exercising of your rights.

You can also exercise any of the rights above by writing to us. Please mark your letter: F.A.O The Data Protection Officer. 
Our address is: Correla Ltd, Lansdowne Gate, 65 New Road, Solihull, B91 3DL


Personal Data Security

We are committed to making sure we keep your personal data confidential and implement and manage data security measures that are applicable to the processing we do. We adhere to, and are accredited against, the following standards:

  • ISO27001: 2013
  • NIST

The standards above are supplemented by a robust set of controls and policies that mean our Correla team are trained in data protection responsibilities and how to secure your personal data.

We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

 

Did we do ok?


‍We hope that we can resolve any query or concern you raise about our use of your information.

If we do not resolve your complaint to your satisfaction, you have the right to lodge a complaint with the Information Commissioners Office (ICO). To contact the ICO, visit their website https://ico.org.uk/concerns/ 
or 
You can contact them directly on the ICO helpline: 0303 123 1113.

 

Changes to this privacy notice

You may request a copy of this privacy notice from us using the contact details set out above. We may modify or update this privacy notice from time to time.

Version Control:

Version: 1.0
Effective Date: 01/04/2021
Change: Initial Privacy Notice

Version: 2.0
Effective Date: 01/03/2024
Change: Format Updates. Lawful Basis and contact details updated. Interactions defined for further clarity on data being processed.

 
We may change this privacy notice from time to time, so please check this page regularly.