For example, you may provide information to us when you contact one of our sales team, communicate with our staff or visit our stand at a show or exhibition. During these interactions you may share personal data such as: your name, address, e-mail address and contact number. In some circumstance this information will need to be used to provide you with one of our products or services that you have asked for.
Our legal basis for collecting your personal data
For existing and potential customers we will only collect, store, use, process, transfer and disclose personal data when it is necessary for Penso’s legitimate interests regarding project requirements or we have received consent to do so.
Our legal basis for using your personal data
Penso relies on the lawful basis for processing personal data. In some cases, more than one lawful basis may apply within respect to the same personal data.
Contract: We collect and process personal data in order to fulfil the contractual agreement between our customer or potential customer and Penso.
Legitimate Interest: There are a number of instances that we will collect and process personal data under the lawful basis of legitimate interests. When you provide your personal data to us we use your information for our legitimate business interests to carry out our work and complete necessary actions on projects. Before doing this though, we will also carefully consider and balance any potential impact on you or your rights.
An example of when we might use your personal data under legitimate interest would be the sharing of technical documentation with one of our authorised suppliers for project purposes.
Consent: To keep you updated on information on our services, solutions, research and news we will collect your consent at the point at which we collect your information. Your consent and the date your consent is provided are stored on our secure systems to help us maintain an accurate record of how we collected; and the reason for storing your information. You have the right to withdraw your consent to the use of your data at any time, and any marketing communications email that you receive will include the option to unsubscribe.
Personal data you give us
Personal information may be collected from you in various ways, such as exchanging business cards or corresponding with us by phone, e-mail, or at a trade show or otherwise.
Here are some examples of the type of personal data you may provide us with:
Personal contact details, such as name, title, addresses, telephone numbers and email addresses
Date of birth
Social media profiles
Penso is always looking for new people to join a variety of teams and disciplines, helping us to effectively and sustainably achieve the aims and growth of the business. As part of our recruitment process we advertise roles internally, online and via social media, you can apply for these via our website under the careers section and by providing us with your CV to firstname.lastname@example.org.
As part of any recruitment process, the organisation collects and processes personal data relating to job applicants. The organisation is committed to being transparent about how it collects and uses that data and to meeting its data protection obligations.
Further information can be found on the Applicant Data Privacy Notice.
Working with our existing and prospective customers, to help deliver our services and solutions, Penso maintains an information spreadsheet to collate all sales enquiry data. The personal information stored in these systems is managed in line with contractual agreements and processed on the legal basis of legitimate interest.
We want to communicate with you information about our services and solutions, including digital distribution of our company magazine, Driven. To manage this effectively we use consent as the lawful means for processing your personal data for marketing purposes. When requesting information from us or through interaction with one of our employees at an exhibition, conference or customer meeting, we will collect your consent to do so and manage this through our secure systems. We may also use your information to contact you for market research purposes, to better our services to meet our customer’s needs.
If you share our content through social media, for example by liking us on Facebook, following or tweeting about us on Twitter, or giving us a ‘+1’ via Google Plus, those social networks will record that you have done so and may set a cookie for this purpose. If you connect with us via a social media platform, this will be considered as consent for us to receive your personal data.
In some cases, where a page on our website includes content from a social network, such as Twitter feed, or Facebook comments box, those services may set a cookie even where you do not click a button. As is the case for all cookies, we cannot access those set by social networks, just as those social networks cannot access cookies we set ourselves.
Your data and Penso’s websites
Information automatically collected
Penso may also collect the following type of personal data when you visit our site(s):
Technical information, including the internet protocol (IP) address used to connect your computer to the internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform; and
Information about your visit, length of visits to certain pages, page interaction information (such as scrolling, clicks and mouse-overs), methods used to browse away from the page and any phone number used to call Penso
Our systems automatically gather some anonymous information about visitors, including IP addresses, browser type, language, and the times and dates of webpage visits. The data collected does not include personally identifiable information and is used, as described above, for statistical analysis, to understand user behaviour, and to administer the site.
The internet is not a secure medium. However we take reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your personal information.
We have put in place various security procedures as set out in this policy. For example, our security and privacy policies are periodically reviewed and enhanced as necessary and only authorised personnel have access to user information. We use secure server software (SSL) to encrypt financial information you input before it is sent to us, and our database is hosted in a secure data centre. Whilst we cannot ensure or guarantee that loss, misuse or alterations of data will not occur, we use our best efforts to prevent this.
CCTV onsite at Penso
We will also collect personal information about you through our use of CCTV, filming and photography. CCTV cameras are primarily used for security purposes at our facilities. We will film and take photographs at some of our events and exhibitions; we use film and photographs for our business purposes (for example, to post on our social media pages). We will display notices at stands and events where we use CCTV, or where we intend to film or take photographs, to let you know that we will collect personal information about you.
If you have Wi-Fi or Bluetooth enabled on your phone (or other device) when you visit us at our facility, we will also collect limited personal information through your device.
Where is your personal data stored?
All information you provide to us is stored on our secure servers and is protected using industry standard secure layer (SSL) encryption technology.
We will do our best to protect your personal data, although as the transmission of information via the internet is not completely secure we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access, misuse or loss.
Will Penso share my data?
Penso does not sell individuals’ information. We will share it only with our authorised Data Processors, who must always act on our instructions as the Data Controller under relevant data protection laws including GDPR. An example of an authorised Data Processor would be a partner who would require engineering data.