Privacy Policy

COBALT BLACK LIMITED – PRIVACY NOTICE 

1. Cobalt Black Ltd is committed to protecting the privacy of personal data in accordance with applicable Data Protection legislation. 

Cobalt Black Ltd 

 2. Cobalt Black Ltd (company number 11710023) provides management, information and security advisory services. Reference to Cobalt Black in this Privacy Notice refers to Cobalt Black Ltd (CBL) and all the services it provides, its affiliates and any other entities authorised to use the name Cobalt Black. 

 Circumstances when Cobalt Black may collect and process Personal Data 

 3. If you enquire about our services through our website or through email you will need to provide personal data to Cobalt Black in order to allow to request to be responded to. 

4. If Cobalt Black is contracted to provide advisory or other professional services it may receive from the client information that may contain personal data which has been collected for a legal purpose. 

5. If you apply for employment with Cobalt Black we will require a CV and employment history, and will document the outcome of your application. 

6. In the process of conducting necessary research to meet requirements of a legal contract, Cobalt Black may collect additional personal information through publicly available sources. 

 Types of Personal Data 

 7. The personal information that may be collected includes: 

  •  Identification information such as title, name, the company that an individual works for, their job title and their position 
  • Contact information such as telephone numbers, postal addresses and email addresses 
  • Details of employment history and experience 
  • Financial information from suppliers if we pay for products or services 

Storage of Personal Data 

 8. Information collected directly from you when enquiring or engaging Cobalt Black will be stored in our management filing system. 

9. CVs and employee information are held within our HR records. 

10. Research is stored within our document storage system. 

Data Security 

11. Cobalt Black has appropriate security measures in place to prevent personal data from being accidentally lost or used or accessed unlawfully. However, the transmission of data via the internet is not completely secure and although we use a number of technical and organisational measures to protect your data, we cannot guarantee the security of your information transmitted online. 

12. Personal data is stored on a data storage system where data is encrypted both in transit and at rest. Cobalt Black IT systems are only accessible by authorised staff and are protected by multi factor authentication. 

13. Cobalt Black has procedures in place to deal with any suspected data breach and will notify you, and any applicable regulator(s), of a suspected data breach when legally required to do so. 

Sharing Personal Data 

 14. We will not use personal data for any other purpose other than set out above, or disclose it to any third party, without appropriate consent unless we are required to do so by law or for a lawful purpose. 

Data Storage of Processing Services 

15. Some of our data processing services are supplied by third party providers, who will need to have access to your data for that purpose. Such third party suppliers will be appointed on the basis that they provide sufficient guarantees to implement appropriate technical and organisational measures so that the processing will meet the requirements of the applicable Data Protection legislation and ensure the protection of the rights of the data subjects, and will carry out processing only on our written instructions, or where we have a legitimate interest in doing so, as indicated above. 

Compliance with legal obligations 

 16. We may disclose your personal data if we are required to do so in order to comply with any legal or regulatory obligation or request, or where we have a legitimate interest in doing so, such as in order to enforce or apply our contract with you, to investigate potential breaches, or to protect our property and rights or those of others. This may include exchanging information with other companies and agencies for the purposes of credit risk reduction and to comply with legislation concerning money laundering, tax evasion, crime prevention and fraud protection. 

Transfers outside the EEA 

 17. In order to provide some of our professional services, we may share your personal data with one or more third party providers situated in countries outside the United Kingdom and/or European Economic Area (including the USA) that do not have the same standards of Data Protection laws. We will only do so with your consent, or where it is necessary for performance of the contract we have with you or for the establishment, exercise or defence of legal claims. However, we will ensure that contractual or other safeguards are in place to ensure that your personal data is adequately protected, and that enforceable rights and effective legal remedies are available for data subjects, and will inform you of the nature of these safeguards at the relevant time. 

Data Retention 

18. If you contact us with an enquiry about our professional services but you do not subsequently become a client (or the company or other person you represent does not do so), it is our policy to delete your personal data after twelve months. 

19. If you are or become a client (or the company or other person you represent is or becomes a client), we normally retain contract information (including personal data) for a minimum period after the end of the relevant contract or client relationship, or for longer where it is necessary for us to do so for compliance with regulatory or other legal obligations, or for the establishment, exercise or defence of legal claims, or where we agree with you to do so. In some cases it may be necessary for us to retain records indefinitely. 

20. Personal data relating to our professional contacts will be retained for so long as is necessary, or until you indicate otherwise to us, but we will aim to update our contacts’ preferences on a periodic basis. 

21. In certain cases, it may not be physically possible to delete certain data (for instance, where it is stored on a secure external server), in which case we will take appropriate steps to ensure that it is not available for re-use or disclosure to third parties. 

Rights of a Data Subject 

22. The Data Subject has (subject to certain exceptions under the Data Protection legislation) rights that include: 

  • To access the personal data held about you and request a copy of it T
  • To ask us not to process your personal data for marketing purposes 
  • To withdraw at any time any consent you have given to receive marketing material from us, or in any other case where we process your personal data on the basis of a consent that you have given (and not on some other legal basis) 
  • To ask us to rectify inaccurate personal data about you 
  • To ask for the restriction of personal data about you that is inaccurate, unlawfully processed, or no longer required 
  • To ask for the transfer of your personal data in a structured, commonly used and machine readable format where appropriate 
  • To ask for the erasure of personal data about you where processing is no longer necessary, or the legitimate interests we have in processing your personal data are overridden by your interests, rights and freedoms as the data subject 
  • To make a complaint to a supervisory authority (see below) 

 Changes to this Privacy Notice 

23. Cobalt Black may change this Data Protection Notice from time to time. In the case of any substantial change, we will notify appropriate data subjects (where practicable) in writing or by email. 

Contact Cobalt Black 

24. If you have any questions or comments about this Privacy Notice, or you wish to exercise your rights under Data Protection legislation then please contact our Data Protection Officer: 

  • By Email: information@cobaltblack.uk 
  • By Post: Data Protection Officer, Cobalt Black Ltd, Staverton Court Staverton Cheltenham GL51 OUX United Kingdom  

Lodging a Complaint with a Supervisory Authority 

24. You have the right to lodge a complaint to a supervisory authority about the processing of your data by Cobalt Black Ltd. Contact details, where available, can be found below.  

Information Commissioner’s Office 

Wycliffe House 

Water Lane 

Wilmslow 

Cheshire 

SK9 5AF 

 

T: 0303-123-1113 

W: www.ico.org.uk 

 

©Copyright. All rights reserved.

We need your consent to load the translations

We use a third-party service to translate the website content that may collect data about your activity. Please review the details in the privacy policy and accept the service to view the translations.

Privacy Settings

Website Translator

Privacy Settings

This tool helps you to select and deactivate various tags / trackers / analytic tools used on this website.

Select all services
Website Translator
More
Save Settings