CNA International part of Pertemps Network Group

 Data Retention Policy

 

  • This policy has been designed to help ensure that we comply with our legal obligations in relation to the retention and deletion of personal data.
  • Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
  • We will retain and delete your personal data as follows:
  • Account Data will be retained for 3 years following the date of our last contact or dealing with you, at the end of which period it will be deleted from our systems.
  • Profile Data (other than Profile Data which is also Account Data) will be retained for 3 years following the date of our last contact or dealing with you, at the end of which period it will be deleted from our systems.
  • Contact Data (other than Contact Data which is also Account Data) will be retained for 2 years following the date of our last contact or dealing with you, at the end of which period it will be deleted from our systems.
  • Usage Data will be retained for 2 years following the date of our last contact or dealing with you, at the end of which period it will be deleted from our systems.
  • Enquiry Data (other than Enquiry Data which is also Account Data) will be retained for 2 years following the date of our last contact or dealing with you, at the end of which period it will be deleted from our systems.
  • Transaction Data will be retained for 2 years following the date of our last contact or dealing with you, at the end of which period it will be deleted from our systems.
  • Notification Data (other than Notification Data which is also Account Data) will be retained for 2 years following the date of our last contact or dealing with you, at the end of which period it will be deleted from our systems.
  • Correspondence Data (other than Correspondence Data which is also Account Data) will be retained for 2 years following the date of our last contact or dealing with you, at the end of which period it will be deleted from our systems.
    • Notwithstanding the other provisions of this policy, we may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
  1. Amendments
    • We may update this policy from time to time by publishing a new version on our website.
    • You should check this page occasionally to ensure you are happy with any changes to this policy.
    • We may notify you of changes to this policy by email.
  2. Our details

CNA International is subsidiary of the Pertemps Network Group.

  • This website is owned and operated by http://pertempsnetwork.com
  • We are registered in England and Wales under registration number 07776671, and our registered office is at Meriden Hall, Main Road, Meriden, Warwickshire, CV7 7PT.
  • Our principal place of business is at Meriden Hall, Main Road, Meriden, Warwickshire, CV7 7PT.
  • You can contact us:
  • by post, using the postal address given above;
  • using our website contact form;
  • by telephone, on the contact number published on our website from time to time; or
  • by email, using the email address published on our website from time to time.

CNA International Executive Search

  • This website is owned and operated by https://cnapartnership.com/
  • We are registered in England and Wales under registration number 03009607  and our registered office is at Meriden Hall, Main Road, Meriden, Warwickshire, CV7 7PT.
  • Our principal place of business is at 7 George Road, Edgbaston, Birmingham, B15 1NP

You can contact us:

  • by post, using the postal address given above;
  • using our website contact form;
  • by telephone, on the contact number published on our website from time to time; or
  • by email, using the email address published on our website from time to time.

CNA International part of Pertemps Network Group

 Data Processing Policy

This document explains how we use your personal data.

 

We are committed to safeguarding the privacy of our customers and other website visitors. This policy explains how we handle your personal data.

  1. How we use your personal data
    • This section provides you with details about:
  • what personal data we may process;
  • in the case of personal data that we did not obtain directly from you, where we obtained that data from, and what types of data we have collected;
  • the purposes for which we may process your personal data; and
  • the legal grounds on which we process your data.
    • Account data. We may process the personal data that you have provided to us when you register so that we can set up your account with us (“account data“). The account data may include your name and email address. The account data may be processed for the purposes of operating our website, providing our services, ensuring the security of our website and services, maintaining back-ups of our databases and communicating with you.

The legal basis for this processing is our legitimate interests. Where you have provided your consent for us to do so, we may consider you for opportunities that you did not specifically apply for but which we think might be a good fit for your skillset, represent you to employers who may have appropriate vacancies for you, share your account data with our partner agencies, and process your account data to facilitate finding you a job.

Where you have given us consent to process your information for the purposes detailed above, we will enter the account data into our central recruitment database (“talent pool”).

  • Profile data. We may process other information that you provide to us (“profile data“). This profile data may include your name, address, telephone number, email address, profile pictures, gender, date of birth, relationship status, interests and hobbies, educational details, employment history, curriculum vitae, job preferences and employment details. The profile data may be processed for the purposes of enabling and monitoring your use of our website and services.

We may also process your profile data in relation to job vacancies that you have applied for, generally processing any job applications, facilitating the recruitment process and furthering our relationship with you. The legal basis for this processing is our legitimate interests in finding an appropriate person for a particular role.

Where you have provided your consent for us to do so, we may consider you for opportunities that you did not specifically apply for but which we think might be a good fit for your skillset, represent you to employers who may have appropriate vacancies for you, and share your profile data.

Where you have given us consent to process your information for the purposes detailed above, we will enter the profile data into our central recruitment database (“talent pool”).

  • Contact data. We may collect your details from third-party sources such as LinkedIn, CV Library or a similar website, this information may include your name, email address or telephone number (“contact data”). We may do this where we identify that you are suitable for an available vacancy. We may use the contact data to contact you to ask whether you would like us to provide you with recruitment services. Our use of the contact data in these circumstances is limited to making contact with you to determine whether you are interested in receiving our services. The legal basis for this processing is our legitimate interest as a business to maintain a viable talent pool.
  • Usage data. We may process data about your use of our website and services (“usage data“). The usage data may include your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use. The source of the usage data is our analytics tracking system. This usage data may be processed for the purposes of analysing the use of the website and services.

The legal basis for this processing is our legitimate interests, namely monitoring and improving our website and services.

  • Enquiry data. We may process information contained in any enquiry you submit to us regarding our services (“enquiry data“). The enquiry data may be processed for the purposes of offering, marketing and selling relevant products and/or services to you.

The legal basis for this processing is consent.

  • Transaction data. We may process information relating to any payments made to you through our website (“transaction data“). The transaction data may include your contact details, your bank account details, and the transaction details. The transaction data may be processed for the purposes of processing these payments and keeping proper records of those transactions.

The legal basis for this processing is the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract and our legitimate interests, namely our interest in the proper administration of our website and business.

  • Notification data. We may process information that you provide to us for the purpose of subscribing to our email notifications, job alerts and/or newsletters (“notification data“). The notification data may be processed for the purposes of sending you the relevant notifications, job alerts and/or newsletters.

The legal basis for this processing is consent.

  • Correspondence data. We may process information contained in or relating to any communication that you send to us (“correspondence data“). The correspondence data may include the communication content and metadata associated with the communication. Our website will generate the metadata associated with communications made using the website contact forms. The correspondence data may be processed for the purposes of communicating with you and record-keeping.

The legal basis for this processing is our legitimate interests, namely the proper administration of our website and business and communications with users.

  • Other processing activities. In addition to the specific purposes for which we may process your personal data set out above, we may also process any of your personal data where such processing is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.

Please do not supply any other person’s personal data to us, unless we prompt you to do so.

  1. Providing your personal data to others
    • To our group companies. We may disclose your personal data to any member of our group of companies (this means our subsidiaries, our ultimate holding company and all its subsidiaries) insofar as reasonably necessary for the purposes set out in this policy.
    • Our insurers/professional advisers. We may disclose your personal data to our insurers and/or professional advisers insofar as reasonably necessary for the purposes of obtaining and maintaining insurance coverage, managing risks, obtaining professional advice and managing legal disputes.
    • Our clients/potential employers/partner agencies. We may disclose your profile data and account data to our clients, potential employers, and our partner agencies insofar as reasonably necessary in relation to potential job vacancies, and in the process of representing you to employers who may have an appropriate vacancy for you and administering any job placement.
    • Where we provide your personal data to any third party. Where we share your personal data with any third party, we will ensure this processing is protected by appropriate safeguards including a suitable data processing agreement with that third party.
    • To comply with legal obligations. In addition to the specific disclosures of personal data detailed above, we may also disclose your personal data where such disclosure is necessary for compliance with a legal obligation we have to comply with, or in order to protect your vital interests or the vital interests of another individual.
  2. Transfers of your personal data outside of the European Economic Area
    • Where your personal data is transferred outside of the EEA, we will ensure that either (a) The European Commission has made an “adequacy decision” with respect to the data protection laws of the country to which it is transferred, or (b) we have entered into a suitable data processing agreement with the third party situated in that country to ensure the adequate protection of your data. Transfers outside of the EEA will be protected by appropriate safeguards.
    • You acknowledge that personal data that you submit for publication through our website or services may be available, via the internet, around the world. We cannot prevent the use (or misuse) of such personal data by others.
  3. Retaining and deleting personal data
    • Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes. We will retain and delete your personal data in accordance with our Data Retention Policy.
    • We may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
  4. Amendments
    • We may update this policy from time to time by publishing a new version on our website.
    • You should check this page occasionally to ensure you are happy with any changes to this policy.
    • We may notify you of changes to this policy by email.
  5. Your rights
    • You may instruct us to provide you with any personal information we hold about you; provision of such information will be subject to:
  • your request not being found to be unfounded or excessive, in which case a charge may apply; and
  • the supply of appropriate evidence of your identity (for this purpose, we will usually accept a photocopy of your passport certified by a solicitor or bank plus an original copy of a utility bill showing your current address).
    • We may withhold personal information that you request to the extent permitted by law.
    • You may instruct us at any time not to process your personal information for marketing purposes.
    • In practice, you will usually either expressly agree in advance to our use of your personal information for marketing purposes, or we will provide you with an opportunity to opt out of the use of your personal information for marketing purposes.
    • The rights you have under data protection law are:
  • the right to access;
  • the right to rectification;
  • the right to erasure;
  • the right to restrict processing;
  • the right to object to processing;
  • the right to data portability;
  • the right to complain to a supervisory authority; and
  • the right to withdraw consent.
    • Your right to access your data. You have the right to ask us to confirm whether or not we process your personal data and, to have access to the personal data, and any additional information. That additional information includes the purposes for which we process your data, the categories of personal data we hold and the recipients of that personal data. You may request a copy of your personal data. The first copy will be provided free of charge, but we may charge a reasonable fee for additional copies.
    • Your right to rectification. If we hold any inaccurate personal data about you, you have the right to have these inaccuracies rectified. Where necessary for the purposes of the processing, you also have the right to have any incomplete personal data about you completed.
    • Your right to erasure. In certain circumstances you have the right to have personal data that we hold about you erased. This will be done without undue delay. These circumstances include the following: it is no longer necessary for us to hold those personal data in relation to the purposes for which they were originally collected or otherwise processed; you withdraw your consent to any processing which requires consent; the processing is for direct marketing purposes; and the personal data have been unlawfully processed. However, there are certain general exclusions of the right to erasure, including where processing is necessary: for exercising the right of freedom of expression and information; for compliance with a legal obligation; or for establishing, exercising or defending legal claims.
    • Your right to restrict processing. In certain circumstances you have the right for the processing of your personal data to be restricted. This is the case where: you do not think that the personal data we hold about you is accurate; your data is being processed unlawfully, but you do not want your data to be erased; it is no longer necessary for us to hold your personal data for the purposes of our processing, but you still require that personal data in relation to a legal claim; and you have objected to processing, and are waiting for that objection to be verified. Where processing has been restricted for one of these reasons, we may continue to store your personal data. However, we will only process it for other reasons: with your consent; in relation to a legal claim; for the protection of the rights of another natural or legal person; or for reasons of important public interest.
    • Your right to object to processing. You can object to us processing your personal data on grounds relating to your particular situation, but only as far as our legal basis for the processing is that it is necessary for: the performance of a task carried out in the public interest, or in the exercise of any official authority vested in us; or the purposes of our legitimate interests or those of a third party. If you make an objection, we will stop processing your personal information unless we are able to: demonstrate compelling legitimate grounds for the processing, and that these legitimate grounds override your interests, rights and freedoms; or the processing is in relation to a legal claim.
    • Your right to object to direct marketing. You can object to us processing your personal data for direct marketing purposes. If you make an objection, we will stop processing your personal data for this purpose.
    • Automated data processing. To the extent that the legal basis we are relying on for processing your personal data is consent, and where the processing is automated, you are entitled to receive your personal data from us in a structured, commonly used and machine-readable format. However, you may not have this right if it would adversely affect the rights and freedoms of others.
    • Complaining to a supervisory authority. If you think that our processing of your personal data infringes data protection laws, you can lodge a complaint with a supervisory authority responsible for data protection. You may do this in the EU member state of your habitual residence, your place of work or the place of the alleged infringement.
    • Right to withdraw consent. To the extent that the legal basis we are relying on for processing your personal data is consent, you are entitled to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.
    • Exercising your rights. You may exercise any of your rights in relation to your personal data by written notice to us in addition to the other methods specified above.
  1. Cookie Policy

For information about how we use Cookies please see our Cookie Policy at   https://www.pertemps.co.uk/landing/legal/cookie-policy/

  1. Our details

CNA International is subsidiary of the Pertemps Network Group.

Pertemps Network Group

  • This website is owned and operated by http://pertempsnetwork.com
  • We are registered in England and Wales under registration number 07776671, and our registered office is at Meriden Hall, Main Road, Meriden, Warwickshire, CV7 7PT.
  • Our principal place of business is at Meriden Hall, Main Road, Meriden, Warwickshire, CV7 7PT.

You can contact us:

  • by post, using the postal address given above;
  • using our website contact form;
  • by telephone, on the contact number published on our website from time to time; or
  • by email, using the email address published on our website from time to time.

CNA International Executive Search

  • This website is owned and operated by https://cnapartnership.com/
  • We are registered in England and Wales under registration number 03009607  and our registered office is at Meriden Hall, Main Road, Meriden, Warwickshire, CV7 7PT.
  • Our principal place of business is at 7 George Road, Edgbaston, Birmingham, B15 1NP

You can contact us:

  • by post, using the postal address given above;
  • using our website contact form;
  • by telephone, on the contact number published on our website from time to time; or
  • by email, using the email address published on our website from time to time.
  1. Data protection officer

Our data protection officer’s contact details are: Tracy Evans, who can be contacted via email: tracy.evans@pertemps.co.uk, or telephone: 01676 525000.

 

Zoho Security Practices, Policies & Infrastructure

 

CNA International uses Zoho as their CRM Software.

Physical Security

Our datacenters are hosted in some of the most secure facilities available today in locations that are protected from physical and logical attacks as well as from natural disasters such as earthquakes, fires, floods, etc.

  • 7x24x365 Security. The data centers that host your data are guarded seven days a week, 24 hours a day, each and every day of the year by private security guards.
  • Video Monitoring. Each data center is monitored 7x24x365 with night vision cameras.
  • Controlled Entrance. Access to the Zoho data centers is tightly restricted to a small group of pre-authorized personnel.
  • Biometric, two-Factor Authentication. Two forms of authentication, including a biometric one, must be used together at the same time to enter a Zoho data center.
  • Undisclosed locations. Zoho servers are located inside generic-looking, undisclosed locations that make them less likely to be a target of an attack.
  • Bullet-resistant walls. Zoho servers are guarded safely inside bullet-resistant walls.

Network Security

Our network security team and infrastructure helps protect your data against the most sophisticated electronic attacks. The following is a subset of our network security practices. These are intentionally stated in a very general way, since even knowing what tactics we use is something hackers crave. If your organization requires further detail on our network security, please contact us.

  • Secure Communication. All data transmission to Zoho services are encrypted using TLS 1.2 protocols, and we use certificates issued by SHA 256 based CA ensuring that our users have a secure connection from their browsers to our service. We use the latest and strong ciphers like AES_CBC/AES_GCM 256 bit/128 bit keys for encryption, SHA2 for message authentication and ECDHE_RSA as the key exchange mechanism.
  • IDS/IPS. Our network is gated and screened by highly powerful and certified Intrusion Detection / Intrusion Prevention Systems.
  • Control and Audit. All accesses are controlled and also audited.
  • Secured / Sliced Down OS. Zoho applications run inside a secured, sliced-down operating system engineered for security that minimizes vulnerabilities.
  • Virus Scanning. Traffic coming into Zoho Servers is automatically scanned for harmful viruses using state of the art virus scanning protocols which are updated regularly.

People Processes

Designing and running data center infrastructure requires not just technology, but a disciplined approach to processes. This includes policies about escalation, management, knowledge sharing, risk, as well as the day to day operations. Zoho’s security team has years of experience in designing and operating data centers and continually improves our processes over time. Zoho has developed a world class practices for managing security and data protection risk.

  • Select Employees. Only employees with the highest clearance have access to our data center data. Employee access is logged and passwords are strictly regulated. We limit access to customer data to only a select few of these employees who need such access to provide support and troubleshooting on our customers’ behalf.
  • Audits. Audits are regularly performed and the whole process is reviewed by management.
  • AsNeeded Basis. Accessing data center information as well as customer data is done on an as-needed only basis, and only when approved by the customer (i.e. as part of a support incident), or by senior security management to provide support and maintenance.

Redundancy and Business Continuity

One of the fundamental philosophies of cloud computing is the acknowledgment and assumption that computer resources will at some point fail. We have designed our systems and infrastructure with that in mind.

  • Distributed Grid Architecture. Zoho services run on a distributed grid architecture. That means a server can fail without a noticeable impact on the system or our services. In fact, on any given week, multiple servers fail without our customers ever noticing it. The system has been designed knowing that server will eventually fail – we have implemented our infrastructure to account for that.
  • Power Redundancy. Zoho configures its servers for power redundancy – from power supply to power delivery.
  • Internet Redundancy. Zoho is connected to the world –and you- through multiple Tier-1 ISPs. So if any one fails or experiences a delay, you can still reliably get to your applications and information.
  • Redundant Network Devices. Zoho runs on redundant network devices (switches, routers, security gateways) to avoid any single point of failure at any level on the internal network.
  • Redundant Cooling and Temperature. Intense computing resources generate a lot of heat, and thus need to be cooled to guarantee a smooth operation. Zoho servers are backed by N+2 redundant HVAC systems and temperature control systems.
  • Geo Mirroring. Customer data is mirrored in a separate geographic location for Disaster Recovery and Business Continuity purposes.
  • Fire Prevention. The Zoho data centers are guarded by industry-standard fire prevention and control systems.
  • Data Protection & Back-up. User data is backed-up periodically across multiple servers, helping protect the data in the event of hardware failure or disaster.

Security Certifications

ISO/IEC 27001 is one of the most widely recognized independent international security standards. This certificate is awarded to organizations that comply with ISO’s high global standards. Zoho has earned ISO/IEC 27001:2013 certification for Applications, Systems, People, Technology, and Processes.

SOC 2 – Zoho is SOC 2 Type II compliant. SOC 2 is an evaluation of the design and operating effectiveness of controls that meet the AICPA’s Trust Services Principles criteria.

For more details on Zoho Compliance, please refer this Presentation.

For more information on our security policy and certifications, please contact security@zohocorp.com.
To get a copy of the compliance report, please contact sales@zohocorp.com

Find out more about Zoho Terms of Service HERE

Find out more about Legal Licensing Terms of Zoho One HERE

Zoho’s GDPR readiness