Last Updated – July 2023, Version 2.3
Who are we?
We are View My Chain a company incorporated in England and Wales with Company Number 09680211, whose registered office address is at 8 Whittle Court, Knowlhill, Milton Keynes, Buckinghamshire, MK5 8FT (“We”, “Us”).
We comply with the relevant data protection regulations and are registered with the Information Commissioners Office under numbers ZA154994.
Our Group Data Protection Officer is Colin Bradshaw and can be contacted at the above address, via our contact form or alternatively by telephone on [phone].
What this privacy policy covers
This policy applies to www.viewmychain.kinsta.cloud and associated iOS and/or Android mobile apps “website” and our day to day business operations. This policy covers what data we may collect about you, how we use it, your rights and how you can exercise them.
We may change this Privacy Policy from time to time by posting changes at this URL. Your continued use of the Services following the posting of such changes will be deemed your acceptance of those changes.
Any links from our website to third-party sites are not subject to this privacy policy so please make sure you read the privacy policy of those websites before you progress, we cannot accept any responsibility or liability for those third-party websites.
- Contact details – This is basic personal data which may include name, email address, telephone number, organisation name & address and your job title.
- Contact history – This is a record of what communications or telephone calls we may have sent or made to you.
- Tracking – We may track who has opened and clicked the email messages that we send which is at a person level (e.g. we know WHO has specifically carried out this action). We track the number of visitors to our website, but this is at an aggregated level.
- Video content – If you’re using our video recruitment tool, we will use this content as part of our recruitment process.
Where do we collect your information from, what is our lawful basis for doing so and what is the purpose for the processing?
Source |
Lawful Basis |
Purpose |
Retention Period |
GDPR Article Reference |
LinkedIn |
Legitimate Interest |
Prospecting our goods and services or business networking |
For as long as it is relevant and appropriate to keep this information based on role & communications |
Article 6(1)(f) |
Trade Shows & Events |
Legitimate Interest |
Prospecting our goods and services |
For as long as it is relevant and appropriate to keep this information based on role & communications |
Article 6(1)(f) |
Our Website |
Legitimate Interest / Consent / Contract |
Prospecting our goods and services, dealing with your enquiry |
For as long as it is relevant and appropriate to keep this information based on role & communications |
Article 6(1)(f) / Article 6(1)(a) /Article 6(1)(b) |
General Networking |
Legitimate Interest |
Prospecting our goods and services |
For as long as it is relevant and appropriate to keep this information based on role & communications |
Article 6(1)(f) |
Clients (Current / Lapsed) |
Legitimate Interest / Contract |
Client management, contract delivery & client development |
For as long as a customer & then for as long as it is relevant and appropriate to keep this information based on role, communications & contract cycle |
Article 6(1)(f) / Article 6(1)(b) |
Desk Based Research |
Legitimate Interest |
Prospecting our goods and services |
For as long as it is relevant and appropriate to keep this information based on role & communications |
Article 6(1)(f) |
Suppliers (Current / Lapsed) |
Legitimate Interest / Contract |
Management of supply of goods & services |
7 years post contract termination |
Article 6(1)(f) / Article 6(1)(b) |
Recruitment |
Contract |
Recruitment |
36 months |
Article 6(1)(b) |
Suppressions / Opt Outs |
Legal Obligation |
To honour your request to opt out of communications |
Indefinite |
Article 6(1)(c) |
Please note that address entity data is not Personally Identifiable Information (PII) as we do not identify a living data subject however, we treat all data collected as PII and afford the associated rights under the GDPR due to the volume and complexity of data collected and processed and the ready proximity of personal details.
Who do we share your details with?
- Our Group Companies - TwentyCi, TwentyCi Data, TwentyEA, View My Chain, Evolve Retail, TwentyCi Asia.
- Our Service Providers – We may provide your information to third parties who provide systems or services to assist with our business operations. For example, email marketing, CRM system providers, print & mailing house for direct mail campaigns. Where we do employ a third-party data processor this is ALWAYS under a written contract as is required under Article 28 of the GDPR.
- Regulatory Bodies – on rare occasions we may be asked to share your information with regulatory bodies who are investigating a complaint on your behalf.
Do we use Cookies?
Yes, please see our cookie policy here.
Security of your information
- We take appropriate technical and organisational precautions to prevent the loss, misuse or alteration of your personal data.
- We store the personal data you provide or that we collect on in our secure environment.
- The information that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”), however if this is the case we take all reasonable technical and organisational measures to ensure that the levels of protection is equal to or great than inside the EEA. Such transfers are usually due to the location of a server belonging to our service provider, such service providers are always operating under a contract with us.
- You acknowledge that the transmission of information over the internet is inherently insecure, and we cannot guarantee the security of data sent over the internet.
- You are responsible for keeping the password you use for accessing our website confidential; we will not ask you for your password (except when you log in to our website). If you think that your password has been compromised, please reset it.
What are your rights?
Under the data protection regulations, you have a number of rights as the data subject, the following section outlines these rights & how you can exercise them.
- Right to be informed
a. When we collect your information or within a reasonable period after collecting your information, we have to tell you about the collection and use of your information. The information we must provide you with includes, our purpose, lawful basis, retention periods, who we intend to share it with and your rights.
b. We must provide this in plain English.
- Right to access
a. You have the right to request access to the personal data that we process about you.
b. We must provide this free of charge. However, we can charge a ‘reasonable fee’ when a request is manifestly unfounded or excessive, particularly if it is repetitive.
- Right to rectification
a. You have a right to have inaccurate personal data rectified or completed if it is incomplete.
- Right to erasure
a. This gives you the right to request that we erase your information from our systems under certain circumstances.
b. This is not an absolute right to have your data erased and can be a bit confusing, for example if you are a supplier of goods and services to us, we need to process your information so that we can pay you. You can read more about when this right applies here.
c. If you have asked us to stop sending you marketing messages, in order to honour this request, we need to maintain a suppression file and we will do this under a legal obligation inline with data protection and PECR regulations – if we did not retain this suppression file, we may collect your data via another source and you may start getting marketing messages again.
d. If we do not believe that we need to comply with your request, we will explain why.
- Right to restrict processing
a. You have the right to request the restriction or the suppression of your personal data, again it only applies in certain cases and is an alternative to the “Right to erasure”. You can read more about this right here.
- Right to data portability
a. This right would be highly unlikely to apply to View My Chain and the data it holds about you. It would most likely apply in situations like switching banks and utility providers for instance. This right only applies where the following conditions have been met: -
i. you provided the personal data to the data controller (View My Chain)
ii. where our lawful basis (see table above) is based on your consent or contract; and
iii. is processed by automated means.
- Right to object
a. You have the right to object to: -
i. Processing which is based on legitimate interest, or the performance of a task in the public interest where there is no overriding justification for the processing of your data.
ii. Direct Marketing, including profiling.
iii. Processing for purposes of scientific / historic research and statistics.
- Rights related to automated decision making including profiling
a. You have the right to not be subject to a decision based solely on automated decision making which produces legal effects or significantly affects you. You also have the right to request human intervention, express your point of view or obtain an explanation of the decision and be able to challenge it.
b. However, we do not use any automated decision-making processes which have a damaging effect on you.
- Right to complain to a supervisory authority
a. If we have been unable to deal with your complaint to a satisfactory level, you have the right to complain to the Information Commissioners Office (ICO), you can contact them here.
Changes to our privacy policy
We reserve the right to update this Privacy Policy from time to time as appropriate in relation to legislative or our business developments. The “last updated” date will be updated with the date of the last change.