1. Introduction

Thanks for reading our privacy policy. It tells you how we collect, use and share your personal information and what your rights are – and how to exercise them.

By “personal information” we mean personal data as defined in data protection law. In general, it means any information relating to you, which identifies you or allows you to be identified. That may be your name, an ID number, location, an online identifier or factors specific to you (e.g. physical, physiology (thoughts, feelings), genetic, mental, economic, cultural or social factors).

By "sensitive" personal information we mean two things: 1. what's technically known as "special categories" (personal information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data for the purpose of uniquely identifying an individual, data concerning health or data concerning an individual's sex life or sexual orientation) and 2. criminal data (criminal offences or related security measures, including the alleged commission of offences, proceedings for an offence committed or alleged to have been committed or the disposal of those proceedings, including sentencing).

This privacy policy is focused on our externally-facing activities. If you would like to understand how Communisis collects, uses and shares data about individuals in an employment context, please get in touch with us.

The privacy policy is split up into four parts:

  1. This Introduction
  2. Important information about your rights in relation to consent and to object to our use of your personal information
  3. Key information required by the GDPR
  4. Cookies and similar technologies

If you have any queries about this privacy policy, please contact our Data Protection Office.

2. Important information about your rights in relation to consent and to object to our use of your personal information

Your rights in relation to consent

We will, in certain circumstances, with your consent, send you direct marketing by email. You may, at any time, withdraw your consent to us using your personal information for that purpose.

We will rely on your browser settings to indicate your consent to the use of cookies on our website. To withdraw your consent, please adjust your browser settings. Please see our Cookies Policy for instructions.

To withdraw your consent (in all cases other than cookies), please contact us.

Please see:

Your right to object to our use of the "legitimate interests" basis for processing and to direct marketing: we consider that our use of your personal information to reach out to business about the goods and services we can offer is in our legitimate interests.

You may object to our use on that basis. To exercise your right, please contact us.

Please see:

3. Key information required by the GDPR

Here are important details about us and our use of your personal information.

a. Our identity and contact details

Data Protection Office
Manston Lane
Cross Gates
LS15 8AH
Tel: 113 225 5000

We are registered as a controller with the Information Commissioner. Our registration number is Z8978351.

It would be very helpful if you would tell us exactly why you are contacting us. For example to exercise a right, please put the name of the right in the subject line of the email. Thank you.

b. Data protection officer and queries

To contact our data protection officer, please use our contact details in the "Identity and contact details" section a.

c. Purposes and legal basis

Here is a summary of the purposes for which we use personal information and the legal bases for our use. You can find more details on the ICO website at

Our purposes Legal basis (all personal information)
Here’s a key to this second column:
  • Consent

    your consent to one or more specific purposes

  • Contract

    entering into a contract with you or performing a contract with you

  • Legal obligation

    we're required by law to do this

  • Vital interests

    to protect your own or another individual's vital interests (e.g. life or death situation)

  • Legitimate interests

    we've identified this as a legitimate interest of ours or a third party; we consider that use of your personal information is necessary to achieve that legitimate interest; and we've balanced all that against your interests, rights and freedoms

Additional legal basis (sensitive personal information)

This column gets a bit more technical. Where we're dealing with sensitive personal information we need not one legal basis but two, from a different list (and the list is a lot longer).

The main ones are:
  • Explicit consent

    your explicit consent to one or more specific purposes

  • Legal claims

    to establish, exercise or defend a legal claim

  • Prevention/detection of unlawful acts

    this is where we must use personal information without consent so as not to prejudice preventing or detecting unlawful acts

  • Public domain

    you've deliberately put your sensitive personal information into the public domain

  • Vital interests

    that's the same as column 2 except it has to be where the individual is incapable (physically or legally) of giving consent.

Advertising, marketing and public relations
  • Consent
  • Legitimate interests
Accounts and records
  • Legal obligation
  • Legitimate interests
  • Legal claims
  • Prevention/detection of unlawful acts
Administration of membership records
  • Legitimate interests
  • Explicit consent
  • Legal claims
Consultancy and advisory services
  • Contract
  • Legitimate interests
  • Explicit consent
  • Legal claims
Crime prevention and prosecution of offenders
  • Legitimate interests
  • Prevention/detection of unlawful acts
  • Legitimate interests
  • Archiving, research and statistics

d. Legitimate interests

Our legitimate interests are:

  • Client relationship management
  • Fraud prevention
  • Direct marketing
  • Internal administration of client and supplier personal information within our group
  • Network and information security
  • Reporting possible criminal acts/threats to competent authorities
  • Non-repetitive transfers of a limited number of individuals' personal information (see section g)

e. Personal information collected indirectly – categories

We collect the following categories of personal information indirectly (e.g. from third parties):

  • Name and contact details
  • Basic employment details, including name of employer and job title

f. Recipients

  • We may share personal data with your permission, so we can perform services you have requested. For example, we may use a third party provider to deliver e-newsletters.
  • In order to meet our regulatory, contractual and legal duties, we may be required to share personal data with our external audit function
  • We may need to share personal with other recipients as permitted or required by applicable law.

g. Transfers outside of the European Economic Area (EU member states, Norway, Iceland and Liechtenstein) (EEA)

We do not transfer any personal information to third countries or international organisations.

h. Storage period

The period for which we will store personal information is based on our need to fulfil our legitimate business needs, comply with applicable law, resolve disputes, and enforce our agreements. To view a copy of our Retention Schedule, please contact the Data Protection Office.

i. Individual rights

You have rights to make a request to us:

  • for access to your personal information
  • for rectification or erasure of your personal information
  • for restriction of processing concerning you
  • to object to our processing which is based on legitimate interests
  • to object to direct marketing
  • to object to archiving in the public interest, research and statistics
  • to port (transfer) personal information you have provided to us, either to you or to another provider.

These rights are more complicated than the simple summary above. To find out more about them, please visit the Information Commissioner's website. To exercise your rights, please contact us: our contact details are in the Identity and contact details" section a. Please make it clear which right(s) you want to exercise, for example by heading your letter “right to object" if you wish to exercise the right to object. Thank you.

j. Withdrawal of consent

You have a right to withdraw any consent you give us at any time.

This will not affect the legality of our consent-based use before you withdrew consent.

To exercise your right to withdraw, please contact us. Our contact details are in the "Identity and contact details" section a. Please make it clear you want to exercise this right, for example by heading your letter "Withdrawal of consent". Thank you.

k. Complaints

You have a right to complain to the Information Commissioner, whose contact details are:

Information Commissioner's Office
Wycliffe House
Water Lane
Telephone: 0303 123 1113 (local rate) or 01625 545 745 (national rate).
Website: which sets out email addresses and an email form.

l. Information collected directly – legal or contract requirement

Not applicable

m. Sources of personal information collected indirectly

The sources of the personal information we collect indirectly are:

  • Publicly accessible sources of business to business data.

n. Automated decision-making

We do not conduct automated decision-making

4. Cookies and similar technologies