The website for Corethree Ltd is http://www.corethree.net. We’re committed to protecting and respecting your privacy in compliance with the General Data Protection Regulation (GDPR).

Our privacy policy explains when and why we collect personal information about people who visit our website, how we use that information, the conditions under which we may disclose information to others with your consent and how we keep information secure.

We may change our privacy policy from time to time so please check this pageperiodically to ensure that you’re happy with any changes. By using our website, you’re agreeing to be bound by this policy.

Any questions regarding this Policy and our privacy practices should be sent via email to info@corethree.net or by post to Corethree Ltd, Suite 14, Building 3, Hatters Lane, Croxley Green Business Park, Watford, Hertfordshire, WD18 8YG. Alternatively, you can contact us via telephone on +44 (0) 845 557 0475.

WHO ARE WE?

Corethree Ltd is a B2B mobile app developer and a global leader in mobile ticketing and commerce. We specialise in integrating, analysing and monetising content, products, data and services for mobile and enterprise, bridging the gaps between operator and customer. Our Data Controller is Paul Doyle. He can be reached via email at info@corethree.net or by post to Corethree Ltd, Suite 14, Building 3, Hatters Lane, Croxley Green Business Park, Watford, Hertfordshire, WD18 8YG. Alternatively, you can contact him via telephone on +44 (0) 845 557 0475.

HOW DO WE COLECT INFORMATION ABOUT YOU?

We obtain information about you when you send us an email, call us on the telephone, communicate through online platforms, send us information through the post or verbally provide us with information during on or offsite, face-to-face meetings.

WHAT TYPE OF INFORMATION IS COLLECTED FROM YOU?

The personal information we collect might include your name, the address of the
company you work for, work email address, telephone numbers and other business-
related information.

Category of personal data and data subject: CORPORATE CLIENT RECORDS

Client company name, client employee name, client employee position, client company address, contact details and other information you may divulge about your business requirement.

Legal basis for processing personal data: CORPORATE CLIENT RECORDS

Article 6(1)(b) - contract

CORPORATE CLIENT RECORDS details are shared with:

We use third-party service providers for data storage and for the purposes of completing tasks and providing services. Client contact details are stored on Salesforce CRM.

Time limits for erasure for CORPORATE CLIENT RECORDS

The data is held only as long as necessary for the purpose of the delivery of services, fulfilling a contract or providing a quote and erased upon termination of contract (excluding information that must be kept for statutory purposes or legal reasons). Financial information held for a minimum of six years as per the HMRC requirements.

Security measures to ensure security level appropriate to risks for CORPORATE CLIENT RECORDS

Paper records are kept securely. Electronic data is password protected, employees can only access the information essential for their role and receive appropriate training for their role. All employees have passwords so there is an audit of any changes made, there is also a back-up system that means data can be restored. All anti-virus software and other software are kept up to date. We have signed agreements with all third-party service providers to ensure that proper procedures are followed relating to personal data passed from the Controller to the Processor. These agreements are compliant with the requirements of Article 28 of the General Data Protection Regulation.

Category of personal data and data subject: WEBSITE OR TELEPHONE ENQUIRIES

Client company name, client employee name, client employee position, client company address, contact details and other information you may divulge about your business requirement.

Legal basis for processing personal data: WEBSITE OR TELEPHONE ENQUIRIES

Article 6(1)(a) – consent

WEBSITE OR TELEPHONE ENQUIRIES details are shared with:

Enquiry contact details are stored on Salesforce CRM.                

Time limits for erasure for WEBSITE OR TELEPHONE ENQUIRIES

Data is held indefinitely until converted as a customer or deleted immediately if individual objects to processing.

Security measures to ensure security level appropriate to risks for WEBSITE OR TELEPHONE ENQUIRIES
Paper records are kept securely. Electronic data is password protected, employees can only access the information essential for their role and receive appropriate training for their role. All employees have passwords so there is an audit of any changes made, there is also a back-up system that means data can be restored. All anti-virus software and other software are kept up to date. We have signed agreements with all third-party service providers to ensure that proper procedures are followed relating to personal data passed from the Controller to the Processor. These agreements are compliant with the requirements of Article 28 of the General Data Protection Regulation.

Category of personal data and data subject: INDIVIDUALS WHO MAKE A COMPLAINT

Name, contact details and other information you may divulge about your complaint.

Legal basis for processing personal data: INDIVIDUALS WHO MAKE A COMPLAINT

Article 6(1)(f) - legitimate interest

INDIVIDUALS WHO MAKE A COMPLAINT details are shared with:

Enquiry contact details are stored on Salesforce CRM.                

Time limits for erasure for INDIVIDUALS WHO MAKE A COMPLAINT

Data is held for two years after complaint is closed.

Security measures to ensure security level appropriate to risks for INDIVIDUALS WHO MAKE A COMPLAINT

Paper records are kept securely. Electronic data is password protected, employees can only access the information essential for their role and receive appropriate training for their role. All employees have passwords so there is an audit of any changes made, there is also a back-up system that means data can be restored. All anti-virus software and other software are kept up to date. We have signed agreements with all third-party service providers to ensure that proper procedures are followed relating to personal data passed from the Controller to the Processor. These agreements are compliant with the requirements of Article 28 of the General Data Protection Regulation.

Category of personal data and data subject: STAFF RECORDS

Name, address, date of birth, contact information, bank details, pension details, tax details, National Insurance Number, P45, P11D, Third-party emergency contacts, annual leave details, sick leave details, performance details, driver’s license, passport, qualifications, employment history

Legal basis for processing personal data: STAFF RECORDS

Article 6(1)(b) – contract (Name, address, date of birth, contact information, bank details, pension details, annual leave details, performance details, qualifications, employment history)

Article 6(1)(c) – legal obligation (Name, address, date of birth, pension details, tax details, National Insurance Number, P45, P11D, driver’s license, passport)

Article 6(1)(f) - legitimate interest (Third-party emergency contacts)

STAFF RECORDS details are shared with:

We use third-party service providers for payroll services who also share the data with HMRC under legal obligation.  

Time limits for erasure for STAFF RECORDS

Financial records are held for six years to satisfy statutory requirements. Non-financial information is erased upon termination of employee contract.

Security measures to ensure security level appropriate to risks for STAFF RECORDS

Paper records are kept securely. Electronic data is password protected, employees can only access the information essential for their role and receive appropriate training for their role. All employees have passwords so there is an audit of any changes made, there is also a back-up system that means data can be restored. All anti-virus software and other software are kept up to date. We have signed agreements with all third-party service providers to ensure that proper procedures are followed relating to personal data passed from the Controller to the Processor. These agreements are compliant with the requirements of Article 28 of the General Data Protection Regulation.

Category of personal data and data subject: CORPORATE CLIENT APP CUSTOMER RECORDS

Contact details, date of birth, account password, geo specific information (if location services enabled), boarding and alighting stations, period of travel, voucher codes, PayPal email, Pay Pal password, Apple Pay account information, Apple Pay password, Google Pay account information, Google Pay password, Android Pay account information, Android Pay password, Samsung Pay account information, Samsung Pay password, Ping It account information, Ping It  password, credit/debit card information: billing address, cardholder title, cardholder name, card number, card type, security pin, start month/year, expiry month/year; gifted ticket recipient email address, device used, photo ID

Legal basis for processing personal data: CORPORATE CLIENT APP CUSTOMER RECORDS

Article 6(1)(b) - contract

CORPORATE CLIENT APP CUSTOMER RECORDS details are shared with:

We use third-party service providers for data storage and for the purposes of completing tasks and providing services.

Time limits for erasure for CORPORATE CLIENT APP CUSTOMER RECORDS

Upon termination of the Corporate Client (Controller) Contract, Corethree will destroy all personal data of Controller Data stored within its systems. Corethree will only retain a record of transactions by date and volume with the data rendered anonymous in such a way that the data subject is no longer identifiable (excluding information that must be kept for statutory purposes or legal reasons).

Security measures to ensure security level appropriate to risks for CORPORATE CLIENT APP CUSTOMER RECORDS

Electronic data is password protected, employees can only access the information essential for their role and receive appropriate training for their role. All employees have passwords so there is an audit of any changes made, there is also a back-up system that means data can be restored. All anti-virus software and other software are kept up to date. We have signed agreements with all third-party service providers to ensure that proper procedures are followed relating to personal data passed from the Controller to the Processor. These agreements are compliant with the requirements of Article 28 of the General Data Protection Regulation. All financial information is tokenised and only accessible by third party payment gateways for transactions.

HOW ELSE YOUR INFORMATION MAY BE USED?

We may also use your information to:

  • to provide you or your company with a quote for our services,
  • to carry out our obligations arising from any contracts or agreements entered,
  • into by you or your company and Corethree Ltd,
  • seek your feedback on the services we provide,
  • notify you of relevant changes to our services,
  • send you communications which you have requested and that may be of interest to you for legitimate business purposes,
  • process an employment application.

We review our retention periods for personal information on a regular basis. We are legally required to hold some types of information to fulfil our statutory obligations. Corethree Ltd will hold your personal information on our systems for as long as is necessary for the relevant activity, or as long as is set out in any relevant contract you hold with Corethree Ltd.

WHO HAS ACCESS TO YOUR INFORMATION?

We will not sell or rent your information to third parties for marketing purposes.

Third Party Service Providers working on our behalf: We may pass your information to our third-party service providers, agents subcontractors and other associated organisations for the purposes of completing tasks and providing services to you on our behalf. However, when we use third party service providers, we disclose only the personal information that is necessary to deliver the service and we have a contract in place that requires them to keep your information secure and not to use it for their own direct marketing purposes. Please be reassured that we will not release your information to third parties beyond the Core Three Ltd Network for them to use for their own direct marketing purposes, unless you have requested us to do so, or we are required to do so by law, for example, by a court order or for the purposes of prevention of fraud or other crime.

YOUR CHOICES:

We will not contact you for marketing purposes by email, phone or text message unless you have given your prior consent. We will not contact you for marketing purposes by post if you have indicated that you do not wish to be contacted.

You have a choice about whether or not you wish to receive information from us. If you do not want to receive direct marketing communications from us about Corethree Ltd services, then you can change your marketing preferences at any time by contacting us via email to info@corethree.net or by post to Corethree Ltd, Suite 14, Building 3, Hatters Lane, Croxley Green Business Park, Watford, Hertfordshire, WD18 8YG. Alternatively, you can contact us via telephone on +44 (0) 845 557 0475.

YOUR RIGHTS

Under the General Data Protection Regulation (GDPR), you have rights as an individual which you can exercise in relation to the information we hold about you.

  • The right to be informed : This encompasses Corethree Ltd’s obligation to provide ‘fair processing information’, typically through a privacy notice that emphasises the transparency in our data processing methods and the reasons we may process your personal data with your consent.
  • The right of access : This allows individuals to be aware of and verify the lawfulness of the processing.
  • The right to rectification : This gives individuals the right to have personal data rectified if it is inaccurate or incomplete.
  • The right to erasure : Also known as ‘the right to be forgotten’ this enables an individual to request the deletion or removal of personal data where there is no compelling reason for its continued processing.
  • The right to restrict processing : This provides individuals with the right to ‘block’ or suppress processing of personal data.
  • The right to data portability : This permits individuals to obtain and reuse their personal data for their own purposes across different services. It allows them to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without limiting usability.
  • The right to object : Individuals have the right to object to processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling); direct marketing (including profiling); and processing for purposes of scientific/historical research and statistics.

You can read more about these rights at https://ico.org.uk/for-the-public/is-my-information-being-handled-correctly/.

HOW CAN YOU ACCESS AND UPDATE YOUR INFORMATION?

You also have the right to ask for a copy of the information Corethree Ltd holds about you. Corethree Ltd tries to be as open as we can be in terms of giving people access to their personal information. Individuals can find out if we hold any personal information by making a ‘subject access request’ under the General Data Protection Regulation (GDPR). If we do hold information about you, we will:

  • give you a description of it;
  • tell you why we are holding it;
  • tell you who it could be disclosed to; and
  • let you have a copy of the information in an intelligible form.

To make a request to Corethree Ltd for any personal information we may hold, you need to put the request in writing to Corethree Ltd, Suite 14, Building 3, Hatters Lane, Croxley Green Business Park, Watford, Hertfordshire, WD18 8YG.

We will try to deal with your request informally, for example by providing you with the specific information you need over the telephone if appropriate.

he accuracy of your information is important to us. If we do hold information about you, you can ask us to correct any mistakes by, once again, contacting us via email to info@corethree.net or by post to Corethree Ltd, Suite 14, Building 3, Hatters Lane, Croxley Green Business Park, Watford, Hertfordshire, WD18 8YG. Alternatively, you can contact us via telephone on +44 (0) 845 557 0475.

SECURITY PRECAUTIONS IN PLACE TO PROTECT THE LOSS, MISUSE OR ALTERATION OF YOUR INFORMATION

When you give us personal information, we take steps to ensure that it’s treated securely. Non-sensitive details (your email address etc.) are transmitted normally over the Internet, and this can never be guaranteed to be 100% secure. As a result, while we take great care to protect your personal information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk. Once we receive your information, we make our best effort to ensure its security on our systems.

USE OF COOKIES

Like many other websites, the Corethree Ltd website may use cookies. 'Cookies' are small pieces of information sent by an organisation to your computer and stored on your hard drive to allow that website to recognise you when you visit. While cookies collect statistical data about your browsing actions and patterns, they do not identify you as an individual. This helps us to improve our website and deliver a better more personalised web user experience.

It is possible to switch off cookies by setting your browser preferences. For more information on how to switch off cookies on your computer, visit our full cookies policy. Turning cookies of may result in a loss of functionality when using our website.

For more information about how we use Cookies, click here.

LINKS TO OTHER WEBSITES

Our website may contain links to other websites run by other organisations. This privacy policy applies only to the Corethree Ltd website‚ so we encourage you to read the privacy statements on the other websites you visit. Corethree Ltd cannot be held responsible for the privacy policies and practices of other sites even if you access them using links from our website.

In addition, if you linked to our website from a third-party website, Corethree Ltd cannot be held responsible for the privacy policies and practices of the owners and operators of that third-party site and recommend that you check the privacy policy of that third-party site.

16 OR UNDER?

Corethree Ltd is dedicated to protecting the privacy of children aged 16 or under. If you are aged 16 or under‚ please get your parent/guardian's permission beforehand whenever you provide us with personal information.

TRANSFERRING YOUR INFORMATION OUTSIDE OF EUROPE

As part of the services offered to you through this website, the information which you provide to us may be transferred to countries outside the European Union (“EU”). By way of example, this may happen if any of our servers are from time to time located in a country outside of the EU. These countries may not have similar data protection laws to the UK. By submitting your personal data, you’re agreeing to this transfer, storing or processing. If we transfer your information outside of the EU in this way, we will take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this Policy. Currently our servers are located within the European Union and the United States (covered under the EU-U.S. Privacy Shield Framework).

If you use our services while you are outside the EU, your information may be transferred outside the EU in order to provide you with those services.

HOW TO CONTACT CORETHREE LTD

Our address : Corethree Ltd, Suite 14, Building 3, Hatters Lane, Croxley Park, Watford, Hertfordshire, WD18 8YG.

Telephone : +44 (0) 845 557 0475

Email : info@corethree.net

Review of these policies : Corethree Ltd website keeps this Policy under regular review. This Policy was last updated in April 2018.