CIS Data Privacy Statement
Effective from 25th May 2018
We respect that you trust us to use, store and share your information. In this notice we will explain how we collect personal information about you, how we use it, who we share it with, how we protect that information, how you can interact with us about your personal information and your rights.
Registered users of our Services are “Subscribers” and unregistered users are “Visitors”. Subscribers have access to either a hardcopy report, downloadable reports and/or access to the online CIS database which allows access and tracking of construction projects and companies involved in the construction industry. Content and data on some of our Services is viewable to Visitors on our website prior to login.
Data Controllers and Contracting Parties
The CIS Services are owned and operated by Newmarket Information (Publications) Limited trading as Construction Information Services (CIS), a company registered in Ireland with company number 103976. Our registered address is Suites 3 & 4, The Cube Offices, Beacon South Quarter, Sandyford, Dublin 18, D18 R7N8. For the purpose of applicable data protection laws, the data controller is CIS.
1. Who We Are
When we talk about ‘CIS’, ‘us’ or ‘we’ in this notice, we are talking about Newmarket Information (Publications) Limited trading as Construction Information Services (CIS), a company registered in Ireland with company number 103976. Our registered address is Suites 3 & 4, The Cube Offices, Beacon South Quarter, Sandyford, Dublin 18, D18 R7N8 and its subsidiary companies, who controls the website CIS Ireland www.cisireland.com. CIS is the data controller for the purposes of the GDPR.
We share your information within CIS to help us provide services, comply with legal requirements, and improve our products.
2. Data Protection Officer
Our Data Protection Officer oversees how we collect, use, share and protect your information to ensure your rights are fulfilled. You can contact our Data Protection Officer at DPO@cisireland.com or by writing to them at: Data Protection Officer, Suites 3 & 4, The Cube Offices, Beacon South Quarter, Sandyford, Dublin 18, D18 R7N8.
3. How we collect information about you
We collect personal information from you, for example when you take out a subscription, sign up to a Freemium subscription, request a trial or seek information about products or services. The information we collect includes information you give us, information we collect about you from your website and information we receive from other sources. The sources of information we collect are detailed below:
- The types of personal information collected and stored by CIS might include your name, e-mail address, postal address, telephone number (landline or mobile), and payment processing information including credit/debit card details (to the extent permitted by the GDPR) and information about your employment (including your job title and employer’s details) as well as other personal information.
You are not bound by any contractual or statutory obligation to provide personal data to us. However, if you choose to enter into a contract with us then we will need certain information for the purposes of entering into and performing that contract (which may include personal data) and we may not be able to conclude a contract with you without that information.
CIS (or any of its sub-contractors) may collect personal information about you in the following ways:
a. any data which you provide when you complete and submit an application to CIS to register on its website(s), apply for any of its services, sign up to our Freemium service, request a trial of our services or receive email alerts or other communications from CIS;
b. any data that you provide via postings to social media accounts of CIS, forums and blogs and any other posting that you make to a CIS website (in such circumstances the information posted by you will, of course, also be available to users of the website throughout the world);
c. during any transaction with us; and
d. any other data which you provide to CIS when you enquire about our activities by email, telephone or when you write to us or otherwise provide us with personal information. Please note your calls to CIS may be recorded for training and quality control purposes.
CIS (or any of its sub-contractors) may also receive information about you from third parties, for example a peer who wants to tell you about one of our websites.
We also collect information through our website, apps, social media, discussion forum and market research.
- We will use your personal information to help you to log on to your account and into restricted areas of www.cisireland.com. We may use your IP address to help diagnose problems with our server, or to administer this website. We may conduct analyses of user traffic to measure the use of this website and to improve the content of it and our services. These analyses will be performed through the use of IP addresses and cookies.
- We may receive information about you from other websites operated by CIS or from the other services that we provide. We also work closely with third parties such as payment processors, app providers and suppliers of information and we may receive information about you from them. We may also collect information about you or the company you work for from publicly available sources, including planning applications and their associated notices, reports and documents, Companies Registration Office, Tenders Advisory Service, the Official Journal of the European Union (OJEU) and publicly available content on journalistic media, social media and commercial construction trading and network events.
For further information on our current Cookies Policy please click here
5. How we keep your information safe
We protect your information with security measures. We keep our computers, files and buildings secure.
We use administrative, technical, and physical measures to safeguard personal information against loss, theft and unauthorised uses, access or modifications. Certain areas of this website may be password protected. If you are a user of this website and have a password, you can help to preserve your privacy by ensuring that you do not share your password with anyone else. We recommend you change your password regularly.
We take steps to regularly validate the personal information we hold to ensure that the information is accurate and, where necessary, up to date. Information that is no longer required for any valid business purpose, and that we are not required to keep pursuant to any applicable law, will be routinely destroyed by secure means.
When you contact us about your information we will ask you to identify yourself. This is to protect your information.
Payments made via our websites or processed by us by credit/debit card payments whilst you are on the telephone are processed in a secure environment using software provided by third party providers. All other payments are processed by authorised bank transfer or direct debit.
6. How long we use your information for
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.
Details of the periods for which we retain different aspects of your personal information are as follows:
- personal information held about you in connection with potential sales, including marketing prospect data, is held for a period of 3 years where there has been no positive interaction with you;
- personal information held about you in connection with contracts we have entered into with you is held for a period of 7 years after the expiry of termination of the contract;
- personal information held about you in connection with research we have undertaken is held for a period of 5 years after the last date on which there have been any changes in respect of the subject matter of such research;
- personal information held about you in connection with website interactions you have undertaken is held for a period of 5 years after the last date of positive interaction from you; and
- personal information held about you in connection with financial transactions records is held for a period of 6 years after the date of the transactions as required by law
If you use our Paid Services only every few years, we will retain your information and keep your profile open until you decide to close your account. In respect of the Freemium service we reserve the right to cancel the subscription if after 2 months of signing up you have not engaged with the Service. After 6 months on the freemium service you account will be closed if you have not upgraded within that time and you may not sign up again to the free service. In some cases we choose to retain certain information (e.g., visits to our site) in a depersonalized or aggregated form.
In some circumstances you can ask us to delete your data: see the section on ‘Your Rights’ below for further information.
7. Lawful bases for processing
To use your information lawfully, we must rely on one or more of the following legal bases: -
- Performance of contract
- Legal obligation
- Protecting the vital interests of you or others
- Public interest
- Our legitimate interest, and
- Your consent
To meet our legal obligations, we collect some of your personal information, verify it, keep it up to date with regular checks and delete it once we no longer have to keep it. We may also gather information from third parties to help us meet our obligations. If you do not provide the information we need, or help us to keep it up to date, we may not be able to provide you with our products and services.
We will only collect and process personal data about you where we have lawful bases. Lawful bases include consent (where you have given consent), contract (where processing is necessary for the performance of a contract with you (e.g. to deliver the CIS Services you have requested)) and “legitimate interests”.
Where we rely on your consent to process personal data, you have the right to withdraw or decline your consent at any time and where we rely on legitimate interests, you have the right to object. If you have any questions about the lawful bases upon which we collect and use your personal data or you wish to exercise your right to withdraw consent or object to our legitimate interest, please contact us on firstname.lastname@example.org
Sometimes we need your consent to use your personal information. With direct marketing for example, we need your consent to make you aware of products and services which may be of interest to you. We may do this by phone, post, email, text or through other digital media. You can decide how much direct marketing you want to accept when you apply for new products and services. If we ever contact you to get your feedback on ways to improve our products and services, you have the choice to opt out.
9. How we use your information
CIS may use your personal information (subject in each case to the requirements of the GDPR) for the following purposes:
9.1 Administering your subscription
- Administering your website account(s) and otherwise in connection with any service for which you have provided your information, including any email alerts, transactions with us and competitions and promotions that you take part in. We will need to use your personal information where this is necessary for us to perform our obligations under a contract with you, for example where you have purchased services from us or for the purposes of our legitimate interests in administering our business and managing our relationship with you;
- Process your payments, keep payments safe and secure and protect against fraudulent transactions. We need to process payments for performance of our contract with you. It is also in our legitimate interests to process personal information to keep our customers’ payments secure.
- Responding to any enquiry you make through the website, by email or by phone. We will need to use your contact information (such as your email address, postal address and phone number) to contact you in response to a request you make and to otherwise deal with your enquiry and is necessary for us to perform our contractual obligations to you or to take steps to enter into a contract with you;
- We use data and content about Subscribers for invitations and communications promoting our Services and network growth, engagement and our Services including by sending you newsletters and/or alerts and information regarding CIS's or any third party's future services. We will need to use your personal information (such as your email address and/or telephone number) to send you information about services that you may be interested in. It is in our legitimate interest to study how customers use our products and services and to promote, develop and grow our business. In some instances, we will process information for these purposes with your consent
- We will contact you through email, phone, notices posted on our websites or apps, and other ways through our Services, including push notifications. We will send you messages about the availability of our Services, security, or other service-related issues. We also send messages about how to use the Services, network updates, reminders, project suggestions and promotional messages from us and our partners. You may change your communication preferences any time by contacting email@example.com. Please be aware that you cannot opt-out of receiving service messages from us, including security and legal notices.
9.3. Security and Investigations
- We use the data (which can include your communications) to investigate, respond to and resolve complaints and Service issues (e.g., bugs). We may need to use personal information, such as your IP address, to diagnose server problems or administer our websites where this is necessary for us to perform our obligations under a contract with you and provide services and in our legitimate interests to keep our website functioning;
- Comply with legal requirements and exercise or defend legal claims. We may be legally obligated to process personal data and/or it is in our legitimate interest to process personal data for the purposes of complying with legal requirements to which we are subject.
9.4 Enhancing Services and Research
- We use data, including public feedback, to conduct research and development for the further enhancements of our Services in order to provide you and others with a better, more intuitive and personalized experience, drive subscription growth and engagement on our Services, and help connect professionals to each other and to opportunities in the Construction Industry. We may need to use personal information, such as your IP address, to diagnose server problems or administer our websites. We may sometimes use your personal information (e.g. your IP address) to measure use of our websites and assess the effectiveness of our site pages. We may also use this personal information to improve the content of our websites and services. It is in our legitimate interest to look at user traffic via Google Analytics so that we can improve our websites and better meet your needs as a user.
- For generating and sharing aggregated insights that do not identify you. For example, we may use your data to generate statistics about our subscribers, their profession or industry, to publish visitor demographics for a Service or demographic construction insights. We may generate aggregated statistics about users, traffic patterns etc. of the CIS website(s) and other services and developing CIS's marketing plans. We may sometimes use your personal information (e.g. your IP address) to measure use of our websites to improve the content of our websites and services and assess the effectiveness of our site pages. It is in our legitimate interest to look at user traffic publically available on Google Analytics so that we can improve our websites and better meet your needs as a user;
9.5 Research into Construction Projects
We use data to undertake research, including relating to the nature and extent of building or construction projects or the commercial involvement of those providing (or interested in providing) services for those projects. We may process personal information as part of such research or to contact you for the purposes of such research. It is in our legitimate interest to undertake such research to help us provide services to our customers and to enhance or verify the information we hold. In some instances, we will process information for these purposes with your consent.
9.6. CIS disclosure of your information
CIS may also disclose your information (subject in each case to the requirements of the GDPR) as follows:
- if you have given your consent for CIS to do so, to other selected organisations to enable them to contact you or send you information by post, telephone and/or email;
- We may share your contact details and information about any building or construction project that you are associated with commercially to customers of ours, which may include building product manufacturers or distributors, contractors, subcontractors or installers, professional service providers or other companies allied to the construction industry.
- to any service providers, sub-contractors and agents appointed by CIS to perform the functions on its behalf and in accordance with its instructions; We use others to help us provide our Services (e.g. maintenance, analysis, audit, payments, fraud detection, marketing and development). They will have access to your information as reasonably necessary to perform these tasks on our behalf and are obligated not to disclose or use it for other purposes.
- to third parties selected by CIS as part of aggregated and anonymised statistics about users, traffic patterns etc. of the CIS website(s);
- to such individuals and/or bodies as necessary to ensure CIS's compliance with any applicable law, regulation, legal proceeding or governmental request;
- It is possible that we will need to disclose information about you when required by law, subpoena, or other legal process or if we have a good faith belief that disclosure is reasonably necessary to (1) investigate, prevent, or take action regarding suspected or actual illegal activities or to assist government enforcement agencies; (2) enforce our agreements with you, (3) investigate and defend ourselves against any third-party claims or allegations, (4) protect the security or integrity of our Service (such as by sharing with companies facing similar threats); or (5) exercise or protect the rights and safety of CIS, our Subscribers, personnel, or others. We attempt to notify Subscribers about legal demands for their personal data when appropriate in our judgment, unless prohibited by law or court order or when the request is an emergency. We may dispute such demands when we believe, in our discretion, that the requests are overbroad, vague or lack proper authority, but we do not promise to challenge every demand.
- to any individual making a subject information request to CIS.
9.7. Change in Control or Sale
9.8. International Transfer of Data
10. Your information and third parties
Sometimes we share your information with third parties. We use other companies, agents or contractors (“Service Providers”) to perform services on our behalf or to assist us with the provision of services to you. For example, we may engage Service Providers to provide market research, marketing (including competitions), advertising, communications, training, IT, hosting and other infrastructure, payment processing, and data cleansing and processing services. In the course of providing such services, these Service Providers may have access to your personal information. These third parties are contractually bound only to use personal information to perform the services that we hire them to provide. We will always use our best efforts to ensure that all the Service Providers we work with will keep your personal data secure.
11. Your personal information rights
You have the rights set out below with respect to the personal information that we hold about you. To exercise any of these rights, you should contact us by using the contact details set out at the bottom of this policy.
You will not normally have to pay a fee to exercise any of these rights. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity when you seek to exercise any of your rights. This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to help clarify the scope of your request.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated. Occasionally we may not be able to give you access to the personal information we hold about you (for example, we may not be able to give you access if it would unreasonably affect someone else’s privacy or if giving you access poses a serious threat to someone’s life, health or safety).
11.1. Rights to Access and Control Your Personal Data
For personal data that we have about you:
- Delete Data: You can ask us to erase or delete all or some of your personal data (e.g., if it is no longer necessary to provide Services to you). You also have the right to ask us to delete or remove your personal information where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal information to comply with local law. Please note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, after you make your request.
- Change or Correct Data: You can also ask us to change, update or fix your data in certain cases through the website or by contacting us on the contact details below, particularly if it’s inaccurate.
- Object to Use of Data: You can ask us to stop using all or some of your personal data (e.g., if we have no legal right to keep using it) or where the processing is based on legitimate interests (including any profiling we undertake to send you personalised offers, product recommendations and similar content) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. We will comply with your right to object in these circumstances, unless:
- we can demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms; or
- the processing is for the establishment, exercise or defence of legal claims;
- for direct marketing (including any profiling we undertake for the purposes of direct marketing).
Where we contact you by email for direct marketing purposes, you can easily unsubscribe from those marketing communications at any time by following the instructions included in these marketing communications. You can also contact us directly at any time to inform us that you do not wish to be contacted for direct marketing purposes.
- Withdraw your consent: Where we are relying on your consent to process your personal information, you may withdraw consent at any time. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent, or any processing that we can lawfully undertake without needing your consent.
- if you want us to establish the accuracy of the personal information;
- where our use of the personal information is unlawful but you do not want us to erase it;
- where you need us to hold the personal information even if we no longer require it, as you need it to establish, exercise or defend legal claims; or
- you have objected to our use of your personal information but we need to verify whether we have overriding legitimate grounds to use it.
- Restrict or Limit Use of Data: You may ask us to suspend the processing of your personal information:
- Right to Access and/or Take Your Data: You can ask whether or not we process your personal information and to request information on the purposes of data processing as well as confirmation on whether we use your personal information for these purposes only. You can ask us for a copy of your personal data and can ask for a copy of personal data you provided in structured, commonly used and machine-readable form. You may contact us using the contact information below, and we will consider your request in accordance with applicable laws.
- Right to Data Portability: Where we process personal information about you which has been provided by you directly to us; and is processed by automated means; and is processed with your consent or for the performance of a contract with you, you have the right to ask us where technically feasible, to transmit that data to another organisation.
- Right to Complain: If you believe that we have not complied with applicable data protection laws you can also contact the Data Protection Commissioner in Ireland at www.dataprotection.ie
11.2. Account Closure
We may retain your personal data even after you have closed your account if it is reasonably necessary to comply with our legal obligations (including law enforcement requests), meet regulatory requirements, resolve disputes, maintain security, prevent fraud and abuse, enforce our User Agreement, or fulfil your request to “unsubscribe” from further messages from us. Please see our retention policy above at Section 6. We may retain de-personalized information after your account has been closed.
12. Contact Us
If you have questions or complaints regarding this Policy or wish to exercise any of your rights, please first contact CIS by emailing firstname.lastname@example.org You can also reach us by post at Suites 3 & 4, The Cube Offices, Beacon South Quarter, Sandyford, Dublin 18, D18 R7N8 or by telephone at +35312999200. Please be reassured that all complaints will be fully investigated. We ask you supply as much information as possible to help our staff resolve your complaint as quickly as possible. You may also have the right to contact our Data Protection Officer at DPO@cisireland.com.
You can also contact the Data Protection Commissioner in Ireland at www.dataprotection.ie if you believe that we have not complied with applicable data protection laws.