Privacy and Legal

Legal

Crimson & Co is the trading name of Crimson Consulting (UK) Ltd, which is incorporated in England and Wales under the Companies Act 1985 – No 4683556. Registered office: Crimson Consulting (UK) Ltd, 137 Euston road, London, NW1 2AA.

Privacy

The data controller is Crimson Consulting (UK) Ltd, (referred to in this policy as “we” or “us”).

Looking after the personal data you share with us is hugely important and we want you to be confident that your data is safe and secure with us. This policy sets out what we do with your information and what we do to keep it secure. It also explains where and how we collect your personal information, as well as your rights over any personal information we hold about you. If you have any queries about this statement, please Contact us.

Data Collection

Personal data

All personal data is collected and stored in line with the Data Protection Act 1998 and the General Data Protection Regulations.

When you register for our services, download a report or join our mailing list, you may provide us with:

  • Your personal details, which include your email address, phone number, company, job title and industry
  • Your account login details, such as your username and the password that you have chosen

When you browse our website, we may collect:

  • Information about your online browsing behaviour on our website
  • Information about any devices you have used to access our website (including the make, model and operating system, IP address, the address of the web site from which you linked, browser type and mobile device identifiers etc)
  • HTTP protocol elements (your server address and top level domain name (e.g. .com, .gov etc), date and time of visit, etc)
  • Search terms

When you contact us, or we contact you, we may collect:

  • Personal data you provide about yourself anytime you contact us about our services (for example, your name, username and contact details), including by phone, email or post or when you speak with us through social media
  • Details of the emails we send to you that you open, including any links in them that you click on

Why we collect personal data

We collect data for the following purposes:

  • Completion and support of scprime® assessments
  • Web site and system administration
  • Research and development
  • To enable the user to log in and take self-assessments
  • Enabling clients to participate in ‘join our mailing list’ initiatives

This data is collected from all web users. Web access logs are used for statistical purposes only (e.g. to measure the use/performance of the site) except in the event of a security breach when they could be used for tracing the breach. No information gathered from web logs is given or sold to any third party.

Any personal information that you provide to us will only be used for the purpose stated at the time we request it. This information will not be disclosed to a third party except where authorised by you or as otherwise permitted by the Data Protection Act and the General Data Protection Regulations.

How long we retain your personal data

We will retain a record of your personal information. This is done to provide you with a high quality and consistent service. We will always retain your personal information in accordance with law and regulation and never retain your information for longer than is necessary. 

Data security

Security standards

We have implemented generally accepted standards of technology and operational security to protect personally identifiable data and information from loss, misuse, alteration or destruction. We use iThemes security to keep our data secure.

iThemes collect the IP address of visitors, user ID of logged in users, and username of login attempts are conditionally logged to check for malicious activity and to protect the site from specific kinds of attacks. Examples of conditions when logging occurs include login attempts, log out requests, requests for suspicious URLs, changes to site content, and password updates. This information is retained for 30 days.

This site is scanned for potential malware and vulnerabilities by Sucuri's SiteCheck. They do not send personal information to Sucuri; however, Sucuri could find personal information posted publicly (such as in comments) during their scan. For more details, please see Sucuri's privacy policy. This site is part of a network of sites that protect against distributed brute force attacks. To enable this protection, the IP address of visitors attempting to log into the site is shared with a service provided by iThemes.com. For privacy policy details, please see the iThemes Privacy Policy.

Back-up

We back up our data which is stored on Amazon S3, who are GDPR compliant. We store backups for 30 days when they are then deleted. We have an SSL certificate for www.crimsonandco.com and all its subdomains.

Cookies

Definition and why they are used

Cookies are small data files that allow a website to collect and store a range of data on your desktop computer, laptop or mobile device. Cookies contain information unique to your web browser which allow the website to remember your choices and preferences during your visit, but they do not include personal information that can identify you.

Cookies help us to provide important features and functionality on our website and we use them to improve your customer experience. Cookies help our website recognise your device and remember little bits of information about your visit like your preferences, settings and how you use the website. This information is then used to personalise and improve the way you interact with our site.

How we use cookies

We use cookies to do the following:

  • Research and development: cookies can help us to understand how our Website is being used. These cookies are used in the management of the site and include recording visitor numbers and other web analytics. Cookies allow us to improve the way our website works so that we can personalise your experience. 
  • Measuring the effectiveness of our marketing communications: we use Cookies to measure the effectiveness of our marketing communications, for example by telling us if you have opened a marketing email that we have sent you

Google analytics and cookies

Google Analytics is a web analytics service provided by Google, Inc., which uses cookies to help analyse how users use this website. The information generated by the cookie about your use of this Site (such as your IP address, the URL visited, the date and time the page was viewed) will be transmitted and stored by Google on servers in the United States. Google will use this information to monitor your use of this Site, compiling reports on website activity for website operators and providing other services related to website activity and internet usage. Google may transfer this information to third parties where required by law, or where such third parties process information on Google’s behalf. Our google analytics data is deleted every 26 months. For more information about Google’s privacy policy in respect of Google Analytics, please refer to http://www.google.com/analytics/learn/privacy.html

You may opt out of Google Analytics by visiting 

https://tools.google.com/dlpage/gaoptout?hl+en=GB

How to manage your cookies

You may stop or restrict the placement of cookies on your computer by adjusting your settings in your web browsers. However, this may interfere with some of the functionality of the site. You can find more detailed information about how you can manage Cookies at the all about cookies and your online choices websites.

E-mail and Electronic Forms

If you have given your consent, we at Crimson & Co may provide you with information about news, services and products that we believe will be of interest to you. You can change your mind about your marketing preferences by contacting us at any time.

We collect the following information:

  • Physical contact information
  • Online contact information
  • Preference data

This data will be used for the following purposes:

  • Completion and support of the current activity
  • Contacting visitors for marketing of services or products

In all cases this information will only be used for the stated purpose for which it was provided. A number of online forms are provided on this site. Each form is processed using standard mail techniques and is not encrypted.

If you opt in to our mailing list, your data will be stored with Zoho CRM, wo are GDPR compliant. Your data will be stored for as long as it’s on our mailing list.

General

Links to other sites

We sometimes provide you with links to other websites, but these websites are not under our control. Therefore, we will not be liable to you for any issues arising in connection with their use of your information, the website content or the services offered to you by these websites. We advise you to consult the privacy policy and terms and conditions on each website to see how each supplier may process your information.

Access to collected information

Under the Data Protection Act 1998 and the General Data Protection Regulations, you have the right to request a copy of any data we hold about you and you can request for any inaccurate information to be corrected or removed from the database at any time. If you have any concerns regarding the data held about you by Crimson & Co, a subject access request must be made in writing for the attention of our data protection officer, Jonathan Gibson to the address given in the contact details below. We will respond within 30 days of your request.

Changes to our privacy policy

We may change our Privacy Policy from time to time. Any changes will be published on our website which can be accessed at any time.

Contacting us

If you have any questions about how we collect, store and use personal data please contact us:

Call: +44 (0) 845 644 6972

Email: information@crimsonandco.com

Write: Crimson & Co, 137 Euston Road, Kings Cross, London NW1 2AA