OCS Visitors Privacy Notice
This privacy notice describes what personal information we collect about our visitors and third parties. Download a copy of the OCS Visitors Privacy Notice.
OCS Employee Privacy Notice
This privacy notice describes what personal information we collect about our employees, workers and contractors, and potential employees. Download a copy of the OCS Employee Privacy Notice.
OCS Website Users Privacy Notice
Purpose and Scope
We value the privacy of those who provide personal information to us.
This Privacy Notice describes:
- what personal information we collect about our visitors and third parties
- how we use and otherwise process that information;
- the basis upon which we process it;
- with whom it is shared; and
- how it is stored.
This Notice applies to all visitors and third parties ("you" and "your"), of OCS Group Limited, company number , a limited company registered at 4 Tilgate Forest Business Park, Brighton Road, Crawley, West Sussex RH11 9PB ("OCS", "we", "our"); data protection registration number Z6744241, and any members of our groups including any subsidiaries as defined by section 1159 of the Companies Act 2006
Compliance and Accountability
This Privacy Notice may be amended from time to time. Any changes we make to this Privacy Notice in the future will be made available where appropriate. Please check back frequently to see any updates or changes to notice content.
In connection with the different ways we may interact with you regarding the various services we provide, we may collect and use any of the following information about you and we refer to this as "personal information" throughout this Notice:
- full name
- contact telephone number
- email address.
- job title
- date of birth.
Communication Data between you and us, including:
- recordings of calls to our service centres
- email communications
- online chats
- comments and reviews collected through surveys or posted on our social media platforms.
Digital Information Data collected when you visit our websites, applications or other digital platforms, including:
- IP addresses
- browser data
- traffic data
- social media behaviour and user patterns.
If you subscribe to our newsletters, we may collect data regarding which newsletters you open, your location when opening them and whether you access any links inserted in the newsletters.
Sources of personal information
We collect Communication Data and Digital Information Data automatically when you visit our websites or use our applications and similar digital platforms. You are able to change your preferences as required here.
Special categories of personal data Some of the personal information which you may provide to us about you may contain special category data. We will only process special category data where we have an additional lawful basis for processing.
Use of your personal information
We may collect, use and store your personal information for the following reasons:
- We use Contact Information, Identity Data and Communication Data to ensure that we can supply the goods or services you have requested and to communicate with you in connection with that supply.
- We may carry out video surveillance on premises and store Digital Information Data to prevent crime and ensure your safety.
- We use Contact Information, Identity Data and Digital Information Data to provide you with newsletters from us about our products and services.
- We may use and compile Contact Information, Identity Data, Communication Data and Digital Information Data for profiling purposes to provide you with customised information about services and offers that may be of interest to you.
Legal bases for personal information use
We need to have a legal basis for processing your personal information as set out in this Privacy Notice and set out below:
- processing is necessary in order to comply with legal obligations which apply to us (e.g. our obligations under health and safety legislation or under statutory codes of practice);
- processing is necessary for the performance of a contract, or to take steps to enter into a contract; for example, to process invoices and to contact you where necessary, concerning any orders you may place with OCS.
- processing is necessary in order to fulfil our legitimate interests or the interests of a third party, but only if these are not overridden by your interests, rights or freedoms. Our legitimate interests include: to run our business lawfully and efficiently and to customise our services and the information we provide for your benefit
- where you have provided your explicit consent to do so;
- processing is necessary to protect the vital interests of the data subject or another person (for example, in the case of a medical emergency); and
- the law otherwise permits or requires the processing.
We will only process Special Category Data where we have an additional lawful basis for processing on one of the following grounds:
- Explicit consent - where you have given us explicit consent.
- Legal obligation related to employment - The processing is necessary for a legal obligation in the field of employment and social security law or for a collective agreement.
- Vital interests - The processing is necessary in order to protect the vital interests of the individual or of another natural person where the data subject is physically or legally incapable of giving consent. This is typically limited to processing needed for medical emergencies.
- Not for profit bodies - The processing is carried out in the course of the legitimate activities of a not-for-profit body and only relates to members or related persons and the personal data is not disclosed outside that body without consent.
- Public information - The processing relates to personal data which is manifestly made public by the data subject.
- Legal claims - The processing is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity.
- Substantial public interest - The processing is necessary for reasons of substantial public interest, on the basis of Union or Member State law.
- Healthcare - The processing is necessary for healthcare purposes and is subject to suitable safeguards.
- Public health - The processing is necessary for public health purposes and is based on Union or Member State law.
- Archive - The processing is necessary for archiving, scientific or historical research purposes, or statistical purposes and is based on Union or Member State law. Member States can introduce additional conditions in relation to health, genetic, or biometric data.
If we have sought your consent to collect and use certain types of personal information, you have the right to withdraw your consent at any time, by contacting DataProtection@ocs.com.
Disclosure of personal information to Group companies
Your Contact Information and Identity Data may be made available to OCS employees, temporary staff, workers and contractors, and with customers, agencies and suppliers in the course of providing our services. This information may include your name, job title, telephone number, address and email address.
Your personal information may be shared with any company that is a member of our group, where we have a lawful basis upon which to do so for example internal administrative purposes, corporate strategy, auditing and monitoring and research & development.
We may also share your personal information with our group companies where they provide products and services to us, such as information technology systems, human resources services and employee monitoring.
Access to your personal information is limited to those who need to know.
Disclosure of personal information to third parties
We may share your personal information with the following categories of third parties:
- companies that provide products and services to us, such as:
- insurance companies,
- information technology systems suppliers and support, including email archiving, telecommunication suppliers, back-up and disaster recovery and cyber security services; psychometric testing providers and other outsourcing providers, such as off-site storage providers and cloud services providers.
- other parties such as legal and regulatory authorities, accountants, auditors, lawyers and other outside professional advisors.
We will also disclose your personal information to third parties:
- where it is in our legitimate interests to do so to run, grow and develop our business, for example:
- if we sell or buy any business or assets, we may disclose your personal information to the prospective seller or buyer of such business or assets;
- if OCS or substantially all of its assets are acquired by a third party, in which case personal information held by OCS will be one of the transferred assets;
- if we are under a duty to disclose or share your personal information in order to comply with any legal obligation, any lawful request from government or law enforcement officials and as may be required to meet national security or law enforcement requirements or prevent illegal activity;
- to enforce contractual obligations, to respond to any claims, to protect our rights or the rights of a third party, to protect the safety of any person or to prevent any illegal activity; or
- to protect the rights, property or safety of OCS, our employees, workers and contractors, customers, suppliers or other persons.
Transfers of information outside of the EEA
We are a global company and may transfer the personal data we collect about you to countries outside the EEA so long as there is a lawful basis for doing so or we have your consent. In certain circumstances we may seek your explicit consent to send your personal data outside of the EEA. Before sending your personal data to countries outside of the EEA data we will ensure that adequate data protection provisions are in place, the processor has provided appropriate safeguards to ensure enforceable rights and legal remedies or other specified conditions are met under data protection law.
Restrictions on use of personal information by recipients
Any third parties with whom we share your personal information are limited (by law and by contract) in their ability to use your personal information for the specific purposes identified by us. We will always ensure that any third parties with whom we share your personal information are subject to privacy and security obligations consistent with this privacy notice and applicable laws.Security
OCS is committed to protecting personal information from loss, misuse, disclosure, alteration, unavailability, unauthorised access and destruction and takes all reasonable precautions to safeguard the confidentiality of personal information, including through use of appropriate organisational and technical measures. Organisational measures include physical access controls to our premises, staff training and locking physical files in filing cabinets.
Technical measures include the use of encryption, passwords for access to our systems and use of anti-virus software.
In the course of provision of your personal data to us, your personal information may be transferred over the internet. Although we make every effort to protect the personal information which you provide to us, we cannot guarantee the security of your personal information transmitted to us over the internet and any such transmission is therefore at your own risk.
You have certain rights in relation to your personal information under data protection legislation. If you would like further information in relation to these or would like to exercise any one of them, please contact DataProtection@ocs.com. You have the right to request that we:
- provide access to any personal information which we hold about you;
- update any of your personal information which is out of date or incorrect;
- delete any personal information which we hold about you;
- restrict the way that we process your personal information;
- provide your personal information to a third-party provider of services;
- provide you with a copy of any personal information which we hold about you; or
- consider any valid objections which you have to our use of your personal information.
Retention of personal information
We keep your personal information for no longer than necessary for the purposes for which the personal information is used or otherwise processed. The length of time we retain personal information depends on the purposes for which we collect and use it and/or as required to comply with applicable laws. In all cases we will only retain data as required to support legitimate business purposes.
Third party websites
Please note that this privacy notice only applies to the personal information that we collect from or about you and we cannot be responsible for personal information collected and stored by third parties. Third party websites have their own terms and conditions and privacy policies, and you should read these carefully before you submit any personal information to these websites. We do not endorse or otherwise accept any responsibility or liability for the content of such third-party websites or third-party terms and conditions or policies.
Further questions or making a complaint
If you have any queries or complaints about our collection, use or storage of your personal information, or if you wish to exercise any of your rights in relation to your personal information, in the first instance, contact your Line Manager. Thereafter, please contact our Data Protection Team or write to 4 Tilgate Forest Business Park, Brighton Road, Crawley, West Sussex RH11 9BP. We will investigate and attempt to resolve any such complaint or dispute regarding the use or disclosure of your personal information. You may also make a complaint to the Information Commissioner's Office (ICO) Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF on 0303 123 1113.