Data subject rights
Where we act as a data controller for your business, we will ensure your rights under GDPR regulations to:
- Request your data is deleted, corrected or brought up to date;
- Request your PII is transferred to another party; and
- Make a complaint to our supervisory authority (The Information Commissioner’s Office)
Personal information collection, use and sharing
When you register with www.cirrusresponse.com website or use the services made available to the public on the www.cirrusresponse.com website, personal information is needed such as your name, company name, and email address. Cirrus uses and shares personal information for purposes such as processing and fulfilling your request, billing, service improvement, research, marketing, communicating with you and other general purposes. With regard to the use of Cirrus CCaaS solutions purchased by our customers, see the section below entitled Data Collected Through Cirrus Purchased Solutions.
Cirrus may also anonymise and aggregate data collected and use and disclose it for general purposes.
The security of your personal information is important to us. We follow generally accepted standards to protect the personal information submitted to us, both during transmission and when we store and process it in our data centre. However, no method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, we cannot guarantee its absolute security and do not take responsibility for any third-party actions when we have endeavoured to follow generally accepted standards. In addition, we do not take responsibility for your systems, the Internet itself or any third-party networks or services used to transmit data which are outside the firewall of the data centre we use to process and store your personal data. If you have any questions about the security on our website or our services, please contact us.
Email marketing choices
You may choose to stop receiving our marketing emails by following the unsubscribe instructions included in these emails or you can contact us. If you purchase a service, you can still opt out of marketing related emails however you cannot opt out of service-related announcements.
If your personal information changes, you may correct, update, amend, delete/remove or deactivate it by contacting us by email or postal mail at the contact information listed below. We will respond to your request within 30 days. Note that different rules apply to personal information processed or stored in our purchased solutions. (See section below entitled Data Collected Through Cirrus Purchased Solutions).
Cirrus uses a technology called “cookies” to store session information. A cookie is a small amount of data, which often includes an anonymous unique identifier, which is sent to your browser from a web site’s computers and stored on your computer’s hard drive. We use both session ID cookies and persistent cookies. A session ID cookie expires when you close your browser. We use Session Cookies to track your Login status. This cookie is only ever transmitted over HTTPS. A persistent cookie remains on your hard drive for an extended period of time. We use Persistent Cookies to determine from where you were referred you to our site, as well as the last user ID that you logged in as. Cirrus may set and access Cirrus cookies on your computer. Cookies are required to use certain services provided on the Cirrus website. You can remove persistent cookies by following directions provided in your Internet browser’s “help” directory. If you reject cookies, you may still use our site, but your ability to use some areas of our site will be limited.
As is true of most websites, we gather certain information automatically and store it in log files. This information includes internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and clickstream data.
We use this information, which does not identify individual users, to analyse trends, to administer the site, to track users’ movements around the site and to gather demographic information about our user base as a whole. We also gather, parse, and retain data related to the provision of our website and related services for internal and service-related purposes.
We do link automatically-collected data to personally identifiable information. IP addresses are tied to personally identifiable information to better gauge our customers’ needs and provide specific information to best serve them.
Third party advertising
Our website may offer publicly accessible blogs. You should be aware that any information you provide in these areas may be read, collected, and used by others who access them. We may display personal testimonials of satisfied customers on our site in addition to other endorsements. With your consent, we may post your testimonial along with your name. If you wish to update or delete your testimonial, please contact us.
Social media features
Data collected through Cirrus purchased solutions
Cirrus is in the business of providing contact-centre-as-a-service (CCaaS) solutions and associated services and in connection with providing such offerings to its customers. Cirrus collects information (including PII) under the direction of its customers about their business activities, employees, contractors, affiliates, and applicants (“Customer Data”) Cirrus has no direct relationship with the individuals whose personal data it processes and stores for Cirrus customers and Cirrus will process, store and retain Customer Data as per our agreement with our applicable customer (including transferring the Customer Data to the applicable customer). Therefore, if you are an employee/contractor/applicant of one of our customers and would no longer like to be involved with one of our customers that use our solutions or otherwise have issues related to your data that is included in Customer Data (such as to correct, amend, or delete such data), please contact the customer that you interact with directly. For the purposes of the EU GDPR, EU-US Privacy Shield, the Swiss Privacy Shield and other global privacy laws, Cirrus acts as a processor/instruction taker which accesses and processes Customer Data on behalf of its customers, which are the controller/owner of such data.
Service providers and sub processors
Cirrus may transfer PII to companies that help us provide our services. Transfers to subsequent third parties are covered by the provisions in this Policy regarding notice and choice and the service agreements with our customers. Our contracts with sub-processors contain provisions necessary to ensure the right of the data subject under the GDPR.
Data retention, deletion and correction
Cirrus will retain PII from our website and other PII related to marketing to our customers for a reasonable time proportionate to our mutual evaluation of Cirrus as a potential supplier to you, or a provider of industry sector information in which we reasonably infer you may be interested. You may request your data is deleted, corrected or brought up to data at any time and we shall comply with your requests in accordance with our obligations under the GDPR.
Data that we process on behalf of our customers are retained for as long stipulated by our customer agreement. Cirrus will also retain and use this PII as necessary to comply with our legal obligations, including the Data Retention Investigatory Powers Act, 2014 resolve disputes and enforce our agreements.
Cirrus Response Limited
The Kirkgate, 19-33 Church Street,
Surrey, KT17 4PF
Effective date: 23 May 2018