Data Privacy Statement
Crimson Limited, is a public-impact digital transformation consultancy working on an annual basis with clients world-wide .
This website offers you a platform to engage with us on IT Projects Consultations or Consultative Engagements. You are responsible for the accuracy of the personal data inputted. If you use functions on the website which access data from external sources, such as LinkedIn, please be aware that the website will access your personal data from these sources.
Our reputation is reliant on the trust of people we work with, and consequently the effective and professional use of the information you provide us is paramount.
Your privacy is important to us, and we are committed to protecting and safeguarding your data privacy rights.
This Privacy Statement explains what we do with your personal data, if providing you with a service that may be of interest, or simply as a result of you visiting our website.
We respect your right to privacy. Our overall aim is to ensure that our collection and use of personal information is appropriate to the provision of services to you and is in accordance with applicable data protection laws.
Important definitions in this policy:
“You” are a consultant, client contact or contact at any other organisation References in this policy to:
“client” means any organisation to which we offer and/or provide project consultancy to;
“client contact” means a responsible owner at a client;
“consultant” means a person whose services are supplied via Crimson to work on project delivery, consultancy, managed service or outsourced engagements where specialist skills or additional capacity are required.
Specifically, this Privacy Statement provides you with details about the personal information we collect and hold about you, how we use your personal information and your rights regarding your personal information.
It does not cover any use of your personal information by:
- Any other organisation involved in the supply chain of services offered by us
What does Crimson do?
The core of what we do…
To work with clients to provide consultancy and outsourcing services to help them solve technology and other related challenges.
Where necessary, Crimson engages contractors and specialist resources to address skills gaps or capacity constraints as part of delivering these services.
Where does Crimson collect data from?
This Privacy Statement applies to the collection, storage and use of personal information collected by Crimson (“we” or “us”):
- via our website at www.crimson.co.uk; or any other website operated by us (the “Site”); or
- from company websites; or
- from your business card; or
- in the course of us providing consultancy services to you (“Services”); or
- events (networking/conferences etc) and any other business-related activity; or
- Client Referral – from known associates including associated companies
What is our lawful basis for processing your personal data?
We use the data we gather to perform a number of tasks, including:
- complying with any legal or regulatory requirements and to make the necessary disclosure under the requirements of any applicable law, regulation, direction, court order, guideline, circular or code which are applicable to us for the prevention of crime.
Client contacts: we use the information collected from clients to ensure that we provide business services to you. This will involve providing other business services from our portfolio.
Suppliers: we use the data collected to ensure the business arrangements between us run smoothly.
We consider that it is necessary for our legitimate interests as a business to process your personal data. At different stages in the processes we also have other lawful grounds for processing your data such as compliance with our legal obligations and where it is necessary for the performance of contracts related to project process.
Where we are required by law to obtain your consent to the processing of your personal data, we will obtain it.
A full statement of our legitimate interest may be found here.
All users of the Site and our Services
We collect, store and use your personal information for the following purposes:
- to make the Site available to you; and
- to provide any Services that you request.
Sometimes, our use of your personal information is for purposes which are ancillary to the provision of the Site and then Services, or which are desirable to make them operate more effectively. In those circumstances, we believe we have a legitimate interest in handling your personal information, and do not believe that this storage and use of your personal information will unduly prejudice your rights or freedoms.
How do we share your personal information and who do we share it with?
Contractor engagement
Crimson may engage contractors directly or via third‑party suppliers to support the delivery of its services. Personal data relating to such individuals is processed solely for the purposes of resource assessment, onboarding, service delivery, access management, and compliance with contractual and legal obligations. Crimson does not operate as a recruitment agency and does not place candidates with third‑party clients.
Your personal data provided to us is processed by Crimson Limited. We will ensure that:
- access to your personal data is restricted to staff who are required to process such data as part of their job;
- only necessary information is released to the relevant employees;
- IT support service providers;
- payment processors and software providers;
We will disclose information under the following circumstances:
Service and Site usage information: When we share anonymous information generated by our Services with our clients.
Third-party service providers: When we share information with third-party service companies for them to facilitate and support us in the provision of the Services. This includes:
These organisations are appointed by Crimson as data processors and authorised to use your personal information only as necessary to provide the relevant services to us. These organisations are required to process such information based on our instructions and in accordance with this Privacy Statement. They do not have any independent right to share this information.
Group companies: We provide your personal information to our subsidiaries or affiliated companies for the purpose of processing personal information on our behalf to provide the Site and the Services. These parties are required to process such information based on our instructions and in accordance with this Privacy Statement. They do not have any independent right to share this information.
Compliance with laws and legal proceedings: When we respond to court orders, or legal process, or to establish or exercise our legal rights or defend against legal claims. When we believe it is necessary to share information in order to investigate, prevent or take actions against illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of our terms of use, or as otherwise required by law.
Merger or acquisition: When we need to transfer information about you if we are acquired by or merged with another company. If we are involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified by email and/or a prominent notice on our Site of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information.
International transfers
We want to make sure that your data is stored and transferred in a way which is secure. We will only transfer data outside of the European economic area where the recipient is compliant with the data protection legislation and the means of transfer provides approved safeguards. These will include contractual clauses, the EU – US privacy shield framework, or where the country concerned has been found adequate by the European commission in respect to the levels of data protection.
As a business, we transfer personal data between our EU and UK entities, including storing EU data subjects’ personal data on UK servers. Your personal data will be processed to the same high standards, as Crimson implements the GDPR across all its EU and UK entities.
We may send your information between Crimson’s group companies which may exist outside of Europe, to overseas clients or to clients within your country who may in turn transfer your data internationally.
Your information/data may be stored on cloud-based storage for parts of our overall business process.
Please be aware that countries which are outside the European Economic Area may not offer the same level of legal protection for your personal information as under EU law, although any collection, storage and use of your personal data by us (or on our behalf) will continue to be governed by this Privacy Statement.
Personal information, cookies and websites
Our website may offer you the opportunity to pass your personal information to us in relation to a particular role which is of interest to you. This information may be routed through one of our 3rd party suppliers before it is delivered electronically to us. All our 3rd party suppliers have been vetted to ensure that they will meet our own privacy and security standards in the collection and processing of your personal information.
Our website may also link or direct you to other websites or external content which are not within our control. Links to other websites may be provided for your convenience and information. While we will use our best endeavour to ensure that we link or direct you only to websites that share our privacy and security standards, we are not in the position to guarantee the same and we will not be responsible for the protection and privacy of any personal data which you provide on those websites. These sites have their own privacy statement in place, and we recommend you review these if you visit any linked website. You should therefore exercise caution including reviewing the Privacy Statement of those websites before disclosing any personal data.
Technologies such as cookies, beacons, tags and scripts are used by us and our affiliates, or analytics or service providers. These technologies are used in analysing trends, administering the Site, tracking users’ movements around the Site and to gather demographic information about our user base as a whole. We may receive reports based on the use of these technologies by these companies on an individual as well as aggregated basis.
We use cookies, for example, to remember users’ settings (e.g. language preference) and for authentication. Users can control the use of cookies at the individual browser level. If you reject cookies, you may still use our Site, but your ability to use some features or areas of our Site may be limited.
See Appendix 4 for further information on cookie usage.
How we safeguard your personal data
Crimson is passionate about protecting your information. To this end we have put in place appropriate measures that are designed to prevent unauthorised access to and misuse of your personal data. These include measures to deal with any suspected data breach. If you suspect any misuse or loss of or unauthorised access to your personal information, please let us know immediately by emailing GDPR@Crimson.co.uk.
Your information is held on servers hosted by us or our Internet Services Provider. The transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk.
Data retention
The period for which data is retained in each circumstance is determined by the balanced interests of the company and the data subjects concerned. If personal data needs to be retained to fulfil the documented business interests of the company, and that interest would align with the interests of the data subject, then we will continue to retain for a reasonable period.
However, we do not keep data for any longer than is necessary. For most people where we have limited contact it will be typically up to two years from the date of last contact with us unless extended for contractual, audit or legal obligations.. Where personal data relates to contractor engagement supporting service delivery, retention periods may be extended where required to meet contractual, audit, regulatory or legal obligations. Where we have engaged with you more extensively, for instance we have worked with you as client, or interviewed / placed you as an employee / progressed a resource assessment and engagement for consultancy delivery, we may retain data longer.
We will delete personal data after that time except where we need to keep any personal information to comply with our contractual (i.e. reporting requirements) or other legal obligations, resolve disputes, or enforce our agreements.
For more information on our data retention policy please contact GDPR@crimson.co.uk
Your rights, complaints, questions and suggestions
You have certain rights in relation to your personal information. If you would like further information in relation to these or would like to exercise any of them, please contact us via email at GDPR@crimson.co.uk at any time.
See Appendix 5 for further information.
Crimson tries to meet the highest standards when collecting and using personal information. We take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate.
If you wish to complain about this policy or any of the procedures set out within, please contact our Data Protection Officer via J.Emery@Crimson.co.uk. You can also seek a remedy through local courts if you believe your rights have been breached.
EU Supervisory Authorities
The designated legal entity for data protection matters in the EU is Harvey Nash BV (Netherlands). To contact and discuss your rights or any concerns you have about processing being carried out in the EU, please email GDPR@Crimson.co.uk
You may make a complaint to any supervisory authority for data protection matters in the EU. Crimson is registered as a data controller with the Information Commissioner’s Office in the UK, but also operates across the EU where other supervisory authorities operate.
Marketing activities
Periodically we may send you information that we think you will find interesting or to ask for your expertise in completing a survey. We may also send you information to:
- market our full range of services
- send you details of networking and client events and information about the industry sectors we think may be of interest to you.
- Subject to any applicable local laws and requirements we will not, as a matter of course, seek your consent when sending marketing materials relating to the above but we will always give you the option to unsubscribe of any such mails.
Where we have previously engaged with you, you will have the right to withdraw such permission at any time. Please email GDPR@Crimson.co.uk (as per agreed email address) or email via our website, www.crimson.co.uk.