At Sionic, we take protection of your personal data very seriously and strictly adhere to the rules laid out by all applicable data protection laws.
2. Lawful basis of processing personal information
We only collect and use personal information about you when the law allows us to. Most commonly, we use it where:
- Processing is necessary for the performance of a contract
- Processing is necessary to comply with our legal obligations
- Processing is necessary for the purpose of the legitimate interest pursued by us or a third party
3. What information we collect
We collect personal information from you, for example, if you register on our website, request product information, or use any of our services. The categories of personal information that we may collect, store and use about you include:
- First Name
- Last Name
- Phone number
- Email address
- Right to work in a certain country
- Any information you provide to us in your CV
- LinkedIn web address if you choose to provide this to us
3.1 Use of ‘Cookies’
Cookies are small text files (typically made up of letters and numbers) placed in the memory of your browser or device when you visit a website or view a message. Cookies allow a website to recognise a particular device or browser.
At Sionic, we set and use some cookies ourselves but only on our website. These are called first party cookies. When cookies are served by another domain, they are called “third party cookies”. We use some third party cookies on our website. Please see what cookies we use below:
First Party Cookies
|. Sionic.com||2 Years
|These cookies are set by google analytics.
More about google analytics is available here.
Third Party Cookies
4. How long we keep information for
We ensure that your personal data is retained only for the period that Sionic needs it for. All personal information collected has a defined retention period, which is in line with our data retention policy. For example, we keep your CV for two years.
If you would like to find out how long your information is being retained, please see “additional information”, section 10 of this policy.
5. Security of personal information
Sionic is committed to handling your personal information with high standards of information security. We have the following safeguards in place:
- Physical access controls
- System access controls (regular security testing)
- Data access controls
- Transmission controls (pseudonymisation and encryption of personal data)
- Anti-virus and malware protection
- Data backups (ability to restore personal data in a timely manner in the event of a physical or technical incident)
- Data segregation
- Ongoing device monitoring and patch management
- CyberEssentials and CyberEssentials+ Certifications
- Information Security Training (internal)
6. Children’s information
Sionic does not knowingly collect information on children without consent from a responsible parent. If Sionic has collected personal information on a child, please see section 10 “Additional information” of this policy immediately, so we can remove this information without undue delay.
7. Your individual rights under UK GDPR
In this section, we have summarised the rights that you have under the UK General Data Protection Regulation (“UK GDPR”). Some of the rights are complex, and not all of the details have been included in our summaries. Accordingly, you should read the relevant laws and guidance from the regulatory authorities for a full explanation of these rights.
Your principal rights under the UK GDPR:
- Receive certain information about our personal data collection and processing activities.
- Access your own personal data.
- Correct your personal data.
- The right to be forgotten.
- Restrict data processing.
- Object to data processing.
- Receive a copy of your personal data or transfer your personal data to another controller.
- Not be subject to solely automated decision-making under certain circumstances.
- Receive notifications of data security breaches.
You have the right to confirm whether or not we process your personal data and, where we do, you have the right to ask for certain additional information. That additional information includes details of the purposes of the processing, the categories of personal data concerned and the recipients of the personal data. Provided the rights and freedoms of others are not affected, we will supply to you a copy of your personal data. The first copy will be provided free of charge, but additional copies may be subject to a reasonable fee (£10).
You as a data subject have the right to rectification, which will allow you as the data subject to modify/change any personal information for the purpose of ensuring that the information we process is up to date.
The right to erasure or right to be forgotten will allow you as the data subject to inform us that you no longer want Sionic to continually store or process your personal information. Please be aware that we may decline your right for a number of reasons, which are not limited to having a lawful basis to process your information or us needing your information for the performance of a contractual obligation.
As a data subject, you have the right to stop any processing of your personal information. Please be aware that you must provide us with a legitimate reason for us to stop processing. Any request made that does not conform to the UK GDPR will be rejected.
On occasion, Sionic may send you marketing emails to make you aware of new services that we believe can benefit you, the data subject. As you have the right to object, you can click the unsubscribe link on all of our emails to inform us that you no longer want to receive marketing emails from us.
The right to data portability will allow you as the data subject to have your personal information securely transferred to another organisation for processing. At Sionic we place this reasonability on you. When you make this request, we will export all information about you and securely transfer it to yourself. You, the data subject, will be able to give this information to your chosen organisation.
If you have any questions about these rights, please see section 10 “Additional information” of this policy.
8. Data transfers/third parties
8.1 Providing your information to others
Sionic, as a data controller, may disclose your personal data, listed in section 3 to some third parties insofar as reasonably necessary for the purposes, and on the legal bases, set out in this policy. Third parties that we use are listed below:
Salesforce: For managing our relationship with clients and prospects. It is one integrated CRM platform that gives all Sionic practices and departments a single, shared view of clients and prospects. The CRM is mission critical to marketing and also enables us to collect, connect, analyse, respond to and report on both outbound and also inbound data. We also use it to create MI dashboards and commercial analysis for the board and senior management.
Eventbrite: This is an event management and ticketing website used to help promote and manage Sionic events.
Greenhouse: This is our central applicant tracking system, managing our recruitment process from end to end, ensuring our candidates have been processed the right way and enables us to report on company recruitment trends.
Ariba: Portal for uploading invoices and receiving POs for a specific client.
Harvest: Main Accounts Receivable invoicing tool.
Coupa: Portal for uploading invoices and receiving POs for specific clients.
Beeline: Timesheet system to track and bill a specific client.
Sage: Accounting general ledger.
Xero: Accounting general ledger.
Quickbooks: Accounting general ledger.
Survey Monkey and Smart Monkey: Survey tools used to conduct both internal and external surveys.
Google Forms: Alternative survey tool.
Campaign Monitor: The Marketing and Business Development team use this platform to email clients and contacts and to nurture their relationships. This includes regular client newsletters and campaign e-shots. The platform is integrated with Salesforce so that data can flow both ways. This means, for example, that the results of e-shots and newsletters drop into Salesforce for further bespoke development and analysis.
Zoom webinar/meetings: The Marketing team use this to allow event participants to register and join webinars and discussions. Anyone attending agrees to the Ts&Cs of Zoom, which includes the fact that their details will be shared with the event organisers (as a legitimate business interest to which they have actively signed up). We then load the details into Salesforce to allow us to progress the relationship further on a tailored basis.
Hubspot: CRM that is used to send direct mail and track and monitor that 1-2-1 outreach (open and click throughs).
Googledocs: To complete Sionic’s Operational Resilience questionnaire.
Please see here for information about how Google Analytics uses this information, and visit here for information about the Google Analytics Opt-out Browser Add-on. Please note that Google may track your activity over time and across websites.
8.3 Information security with transfers
In this section, we provide information about the circumstances in which your personal data may be transferred to countries outside the UK and European Economic Area (EEA).
We, Sionic, do transfer personal information to third parties outside of the UK and European Economic Area (EEA). We take steps to ensure that where your information is transferred outside of the UK and EEA by our service providers and hosting providers, appropriate measures and controls are in place to protect information in accordance with applicable data protection laws and regulations. For example, we may share information with affiliates based outside the UK and EEA for the purposes foreseen by this policy. Sionic are subject to Sionic data protection policies designed to protect data in accordance with all applicable data protection laws. In each case, such transfers are made in accordance with the requirements of the UK GDPR, EU GDPR and other applicable data transfer legislation.
9. Right to complain
We take any complaints about our collection and use of personal information very seriously.
If you think that our collection or use of personal information is unfair, misleading or inappropriate, or if you have any other concerns about our data processing, please raise this with us in the first instance.
To make a complaint, please contact us.
Alternatively, you can make a complaint to the Information Commissioner’s Office (ICO):
By Post: Information Commissioners Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
By Website: Click Here
By Email: Click Here
By Phone: 0303 123 1113 (Local rate) or 01625 545 745 (National rate)
10. Additional information
Your trust is important to us. That is why we are always available to talk to you at any time and answer any questions concerning how your data is processed. If you have any questions that could not be answered by this policy or if you wish to receive more in-depth information about any topic within it, please contact us.
11. Review of this policy
We keep this policy under regular review. This policy was last updated in August 2022.
We reserve the right to update this policy at any time. We may also notify you in other ways from time to time about the processing of your personal information.
12. How to contact us direct
This is how to contact us directly if you have any questions about this policy or information we hold about you:
- By email: email@example.com
- By letter: Sionic, 5th Floor, 20 Gracechurch Street, London, EC3V 0BG, UK
- By phone: +44 (0) 207 842 4800
Date of issue: August 2022
Issuing Department: Sionic People Team
Date of next review: August 2023
Anything you’re unsure about?