NCS-IT provides IT solutions and services to private and public-sector clients. NCS-IT (as data controller) may also obtain your personal data in the context of business-to-business (B2B) marketing.
We summarise below in our Glossary, how NCS-IT collects and uses your personal data in order to build products for which NCS-IT is the data controller. These products help our clients better understand their customers and target their marketing more effectively. In general, our legal basis for processing such data is our legitimate interest for direct marketing purposes, which does not affect or harm the rights or freedoms of individuals. You can find out more about what NCS-IT does with your data, what data we hold and how to opt out by contacting firstname.lastname@example.org.
We also summarise when and how NCS-IT handle/process personal data in order to provide a range of software, data services, consultancy and managed services to their clients, who will have their own legal basis for processing.
We may collect information about you from publicly accessible data sources (such as the Edited Electoral Roll), commercially available data sources (such as lifestyle data or the Royal Mail’s PAF data), as well as open data sources such as the Office for National Statistics which publishes census data, and HM Land Registry. This information can include personal data such as your name, address, date of birth and/or data relating to properties such as house value, number of rooms and the neighbourhood in which you live. Please note that these data sources may change from time to time.
In addition, in the context of B2B marketing, if you have previously engaged with NCS-IT in the course of (or with a view to) buying our products or services, provided your business contact details to us and/or connected with NCS-IT via social media, we may from time to time contact you by post, email and/or telephone with regards to products or services we think may be of interest to you. We will do so only in accordance with applicable law (PECR).
NCS-IT may access, handle and/or process data provided to us by certain clients, as directed by them for the provision of services by NCS-IT and as agreed in a contract with them.
NCS-IT uses the data sources referred to above, along with anonymous market research data to create profiles relating to probable lifestyles and demographic characteristics. We append these profiles to our clients’ customer records by matching to the names and addresses in the Reference database (sometimes we allow our resellers and clients to do this themselves). This allows our clients to gain more insight on the customers who use their products and services. We also share this data with our digital partners, so they can match it to cookies to allow advertisers to target digital and social advertising more effectively. The type of profiling which NCS-IT carries out does not result in any automated decisions being made about you that have a legal or significant effect.
NCS-IT has a range of clients in sectors such as financial services, not-for-profit, media and retail. Using our data products enables our clients:
The NCS-IT Reference database may at times be requested by a public-sector client to process sensitive data/special categories of data, for the purposes of the client recording and reporting information to certain public authorities. Where NCS-IT hosts the client’s data, it will be on a secure system and in accordance with the ISO 27001 standard.
In addition, as part of the data services NCS-IT provides to certain clients, processing client data for the purposes of appending certain NCS-IT variables or building segmentations.
If you apply for a role at NCS-IT (whether directly or through a recruitment agency, job board or otherwise), we will collect certain personal data (which may include sensitive data/special categories of data) about you (for example, your name, address, employment history etc). We will do so solely for the purpose of ascertaining your suitability for the role in question. The legal basis for processing such personal data is our legitimate interest in connection with recruitment, which is balanced with your interests in applying for the role. Unless you give us your consent, we will not use this personal data for any other purpose and we will not keep your personal data for longer than six months.
When you visit our site our web server will store small text files on your computer’s hard drive (i.e. Cookies). These cookies will allow our servers to recognise you when you revisit.
Cookies can be first- or third-party cookies. First-party cookies are owned and created by the website you’re viewing. Third-party cookies are owned and created by an independent company, usually a company providing a service to the owners of the website. We use first-party cookies. Please note that we may also use third parties (including, for example, advertising networks and providers of external services like web traffic analysis services), over which we have no control.
We use the following two main types of cookies:
Transient/ Per-Session cookies - these cookies may be used to record that you have logged in or out of certain areas of our site during your browsing session. This is to ensure that your experience of our content is as seamless as possible. These transient cookies are not stored when you close your browser.
Persistent/ Permanent cookies - these cookies stay on your machine until they expire or are deleted and many of them have automatic deletion dates to ensure your hard-drive doesn’t get overloaded. These cookies often store and re-enter your login information.
To enable or disable cookies you will need to follow the instructions of your browser provider. Alternatively, an external resource is available providing specific information about cookies and how to manage them. If you set your browser to disable cookies you may not be able to access secure areas of our website.
We ensure that there are appropriate technical controls in place to protect your personal data. All our data is kept in secure servers in the UK. No personal data is transferred outside of the EEA (European Economic Area).
We undertake regular reviews of who has access to any personal data information that we hold, to ensure it is only accessible by appropriately trained staff and contractors. NCS-IT is certified to ISO 27001 standards.
You have the right to ask us to stop processing your personal data or, where relevant, to withdraw your consent. In order to do so, or if you would like us to remove or correct your data, or to understand what personal data we hold about you or where it comes from, please contact us via the following email address: email@example.com, or call us on +44 (0)20 3289 5013.
Except for the purposes of complying with our legal obligations or for operational reasons, we will not hold onto your data for longer than is necessary. Any data that we consider is no longer needed is securely deleted.
Data controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
data processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
data protection legislation means, from 25 May 2018, the EU General Data Protection Regulation and the UK Data Protection Act 2018 (once enacted);
PECR means The Privacy and Electronic Communications (EC Directive) Regulations 2003, as amended (note that PECR will soon be replaced by the new EU ePrivacy Regulation);
personal data means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
sensitive data/special categories of personal data means data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data, data concerning health or data concerning a natural person's sex life or sexual orientation.