Policy key definitions:
- “I”, “our”, “us”, or “we” refer to the business, Combined Knowledge Ltd.
- “you”, “the user” refer to the person(s) using this website.
- GDPR means General Data Protection Regulation.
- PECR means Privacy & Electronic Communications Regulation.
- ICO means Information Commissioner’s Office.
- Cookies mean small files stored on a user’s computer or device.
Processing of your personal data
Under the GDPR (General Data Protection Regulation) we control and / or process any personal information about you electronically using the following lawful bases.
The ways in which we process your information:
To provide products and services at your request
Lawful basis: Contract
Why: To enable us to supply training, products and services that you have appointed us to provide.
How: To provide training and services that you have asked us to deliver we may use your information to supply you with training course materials in eBook form (which requires an online account to be created using your email address) or in physical form by post.
We may also create user accounts (which may include your email address and name) to enable you to access course resources and participate in the class.
We may also send you instructions and information necessary to join a training course or event and advise you of any changes to training courses you have enrolled for.
When you acquire a product on behalf of your company, we may need to send you information related to product changes, updates and maintenance periods etc. Your email address may form part of any user account you create to access the product. Each individual user’s company email address may form part of a user account necessary to access the software. User account details are stored securely in our licensing database to allow us to grant access to product content and monitor usage levels. If we have supplied you with a license to a Microsoft Office 365 app, we may keep a record of your business Office 365 tenant URL in our licensing database to give you access to product content.
Data retention period: If you have purchased a product or service from us, we are required under UK tax law to keep your basic personal data (company name, name, address, contact details) for a minimum of 6 years after which time it will be destroyed.
Sharing your information: We do not share your information with third parties unless you have registered for an event hosted by more than one company. In which case your contact information will only be shared with those co-hosts and treated appropriately as personal data under existing regulations. The hosts for each event will be made clear on event information and marketing prior to the event.
Lawful basis: Consent
Why: To tell you about offers, events and news relevant to training, products and services for Microsoft technologies and the industry surrounding them.
How: We will use your contact details and areas of interest (if provided) to send you marketing that is as relevant as possible.
Data retention period: We will continue to process your information until you withdraw consent or it is determined your consent no longer exists.
Sharing your information: We do not share your information with third parties unless you have registered for an event hosted by more than one company. In which case your contact information will only be shared with the co-hosts and treated appropriately as personal data under existing regulations. The hosts for each event will be made clear on event information and marketing prior to the event.
To assist businesses who show a legitimate interest in our products or services by visiting our website.
Lawful basis: Legitimate Interest
Why: To help identify businesses that have visited our website. Please note, this process does not enable us to directly identify the individuals who visit our website, only business names. We may use this information to assist these businesses on the basis that they have shown a legitimate interest in what we offer.
How: The IP address of the website visitor will be checked against a list of known IP addresses registered by businesses to identify the business. This process does not enable us to directly identify the individual user who visited our website. Domestic, consumer IP addresses and most small businesses are excluded from this process.
If, as determined by us, the lawful basis upon which we process your personal information changes, we will notify you about the change and any new lawful basis to be used if required. We shall stop processing your personal information if the lawful basis used is no longer relevant.
Your individual rights
Under the GDPR your rights are as follows. You can read more about your rights in detail here;
- the right to be informed;
- the right of access;
- the right to rectification;
- the right to erasure;
- the right to restrict processing;
- the right to data portability;
- the right to object; and
- the right not to be subject to automated decision-making including profiling.
You also have the right to complain to the ICO [www.ico.org.uk] if you feel there is a problem with the way we are handling your data.
We handle subject access requests in accordance with the GDPR.
We use the following different types of cookies:
Strictly necessary cookies
These are cookies which are needed for our websites, applications or services to function properly, for example, these cookies allow you to access secure areas of our website or to remember what you have put into your shopping basket.
Performance cookies and analytics technologies
These cookies collect information about how visitors and users use our websites, applications and services, for instance which functionality visitors use most often, and if they get error messages from areas of the websites, applications or services. These cookies don’t collect information that identifies a visitor or user. All information these cookies collect is aggregated and therefore anonymous. We only use these cookies to improve how our website, applications and services work.
These cookies allow our websites, applications and services to remember choices you make (such as your user name, language or the region you are in) and provide enhanced, more personal features. They may also be used to provide services you have asked for. The information these cookies collect may be anonymised and they cannot track your browsing activity on other websites.
Targeting or advertising cookies
These cookies are used to deliver adverts more relevant to you and your interests. They are also used to limit the number of times you see an advertisement as well as help measure the effectiveness of the advertising campaign. They are usually placed by advertising networks with the website operators’ permission. They remember that you have visited a website and this information is shared with other organisations such as advertisers. Quite often targeting or advertising cookies will be linked to site functionality provided by the other organisation.
Web beacons and parameter tracking
IP Address and traffic data
We keep a record of traffic data which is logged automatically by our servers, such as your Internet Protocol (IP) address, device information, the website that you visited before ours and the website you visit after leaving our site. We also collect some site, application and service statistics such as access rates, page hits and page views. We are not able to identify any individual from traffic data or site statistics.
Data security and protection
We ensure the security of any personal information we hold by using secure data storage technologies, encryption and precise procedures in how we store, access and manage that information. Our methods meet the GDPR compliance requirement.
Transparent Privacy Explanations
We have provided some further explanations about user privacy and the way we use this website to help promote a transparent and honest user privacy methodology.
Email marketing messages & subscription
Under the GDPR we use the consent lawful basis for anyone subscribing to our newsletter or marketing mailing list. We only collect certain data about you, as detailed in the “Processing of your personal data” above. Any email marketing messages we send are done so through an EMS, email marketing service provider. An EMS is a third party service provider of software / applications that allows marketers to send out email marketing campaigns to a list of users.
Email marketing messages that we send may contain tracking beacons / tracked clickable links or similar server technologies in order to track subscriber activity within email marketing messages. Where used, such marketing messages may record a range of data such as; times, dates, IP addresses, opens, clicks, forwards, geographic and demographic data. Such data, within its limitations will show the activity each subscriber made for that email campaign.
Any email marketing messages we send are in accordance with the GDPR and the PECR. We provide you with an easy method to withdraw your consent (unsubscribe) or manage your preferences / the information we hold about you at any time. See any marketing messages for instructions on how to unsubscribe or manage your preferences, you can also unsubscribe from all mailing lists by following this link.
Our EMS provider is MailChimp (www.mailchimp.com). When provided, we may hold the following information about you within our EMS system to help personalise our communications with you and ensure we send you content that is as relevant as possible;
- Email address
- IP address
- Subscription time & date
- Company name
- Company contact details