The CTOi Group respects your privacy and is committed to protecting your personal data. This privacy notice will inform you as to how we look after your personal data when you visit our website and tell you about your privacy rights and how the law protects you.
Who is collecting it?
The CTOi Group is made up of different legal entities, namely:
CTOi Group Limited
Cloud 21 Limited
CTO Technologies Limited trading as Otlo
This privacy notice is issued on behalf of the CTOi Group, so when we mention CTOi Group, “we”, “us” or “our” in this privacy notice, we are referring to the relevant company in the CTOi Group above responsible for processing your data.
How we protect your data
When you share your personal information with any company, you have a right to expect that information to be treated with total confidentiality.
Your privacy is extremely important to us. We’re committed to protecting any personal information you’ve given us and we comply with all relevant data protection laws.
This means that:
- We take full responsibility for the information we hold about you
- We will protect your privacy at all times
- We will not sell your personal information
These explain how your personal data is being managed and safeguarded by us, including:-
- What information we collect about you
- How we collect and use this information
- How we safeguard the information you’ve provided
- Your rights in relation to the information we hold about you
- How to report abuse
We know that you care how your personal information is used and we appreciate that you trust us to do that carefully and sensibly.
This Privacy Notice is designed to help you understand how we collect and use your personal information. We want you to make informed decisions when using our websites and any features on them.
This Privacy Notice applies to all the pages on our sites linking to this Privacy Notice and any features of them and any areas which require registration on our sites. However, it won’t apply to any third-party sites which are linked to our sites. We recommend that you read the privacy notice of any such sites that you visit as we are not responsible for them.
When we refer to our website or sites, we mean any of our websites or applications from which you have accessed this Privacy Notice.
The data we collect about you
Personal information that we collect may include your name, contact details (phone number, email address and address) and job role, data about the pages you visit and your other activity on our site and any other personal information relating to you that you supply to us.
If you contact us, we may keep a record of that correspondence.
We may also ask you to complete surveys that we use for research purposes, although you do not have to respond to them.
Details of your visits to our site including, but not limited to, traffic data, location data, weblogs and other communication data and the resources you access.
How your personal data is collected
We collect your information in two ways:
- Personal information you choose to disclose. You may, for example, provide us with your information when you post something on one of our sites, when you register for any features on our site that require registration, when you contact us (online or offline) or when you order services from us.
We may also collect information about your computer, including where available your IP address, operating system and browser type for system administration and to report aggregate information. This is statistical data about our users’ browsing actions and patterns and do not identify any individual.
How we will use your personal information
Each respective company within the Group will use your personal information for a variety of business purposes which are in our legitimate interests (“Business Purposes”), and/or in order to enter into or perform a contract with you (“Contractual”), and/or with your consent (“Consent”), and/or compliance with our legal obligations (“Legal Reasons”). For example, we may use your personal information:-
- To provide you with the relevant services through our applicable site, for Contractual Reasons
- To inform you about and provide more information on products and services offered by our group of companies, for our Business Purposes or with your Consent
- To invite you to participate in surveys and discussions and ask for your views on our services via online surveys and discussion forums, for our Business Purposes and/or with your Consent
- To improve the products and services offered to you for our Business Purposes
- For marketing for our Business Purposes and/or with your Consent
- For statistical or analytical purposes for our Business Purposes
- To detect, prevent or investigate security breaches or fraud for our Business Purposes and/or Legal Reasons
- To better meet the needs and preferences of our customers for our Business Purposes
We will not allow unrelated third parties to use your personal information for marketing without your consent. Where we rely on your consent, you have the right to withdraw it at any time.
We also use personal information to identify types of user, audit how our sites are used, and to help with the strategic development of our sites. When doing so, we remove any direct identifiers.
Participation in surveys and discussion forums is entirely voluntary. You may unsubscribe from being contacted for these purposes at any time. Survey information will be used for market research with the aim of improving our services.
We will show your username on any content you submit or post on our sites (including discussions, bulletins boards and forums).
How long will we keep your personal information
We will keep your personal information only for as long as necessary to fulfil the purposes for which we are processing your personal information unless that law permits or requires longer. This includes the purposes of satisfying any legal, accounting or reporting requirements.
Email marketing and opt-out
We will not send you marketing emails if you have opted out of receiving them. Any marketing emails we sent you will include an unsubscribe link at the end of the email.
How we keep your personal information safe
We seek to protect the safety of all your personal information by implementing appropriate technical and organisational measures.
All of the data we process is stored on a cloud-based system. By default, personal data in transit and at rest is always encrypted whether that is in email or stored within our document management system. We only use recognised, industry-leading hosting partners and market-leading suppliers audited against data privacy standards including ISO 27001 and 27018 to provide and support these services.
Sharing of personal information
We will never sell your personal information. We may disclose and share your personal information:
- With our group companies
- Any entity which acquires any part of our business
- Our service providers (including suppliers who develop or host our sites)
- Third-party search engines that may index user profile pages and usernames as part of the URL of the user profile page by default if required or permitted by law
- Relevant third parties if required to do so in accordance with applicable law
- Other third parties with your consent
Will my personal information be sent to another country
We do not transfer your data outside the European Economic Area (EEA).
In some regions, such as the EEA (European Economic Area), you may have certain rights in relation to your personal information, including the right to:
- Request access to and obtain a copy of your personal information
- Rectification of your personal information if it is no longer accurate or erasure of your personal information if our retention is no longer necessary for the purposes for which it was collected
- Resist or object to the processing of your personal information in certain circumstances
- Data portability (if applicable)
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us to confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
You may also have the right to complain to the Information Commissioner (if you are in the UK) or to your local data protection supervisory authority if you are unhappy with our privacy practices notified under this Privacy Notice.
Misuse of personal information
You agree not to misuse any personal information available on our sites or to gather it or use robots or other automated scripts, codes or functionalities to do so.
We may immediately suspend or terminate your access to our site without notice if we become aware that you are in breach of applicable terms and conditions of use or of this Privacy Notice.
Changes to this Privacy Notice
We may update this Privacy Notice from time to time. We will always include the date of a new version so that you know when there has been a change.
We have appointed a Data Protection Officer (DPO) who is responsible for overseeing questions in relation to this Privacy Notice. If you have any questions, including any requests to exercise your legal rights, please email firstname.lastname@example.org and mark your question or request for the attention of the DPO.