Privacy policy

Privacy Statement

This Privacy Statement describes our policies and procedures on the collection, use, and disclosure of your information when you use our platform services. It also outlines your privacy rights and how the law protects you.

We take privacy and the protection of personal and sensitive information seriously and are committed to safeguarding your data and complying with data regulations to their full extent. Our Privacy Statement explains how we use and protect your personal information, demonstrating our adherence to the GDPR/UK GDPR and the Data Protection Act 2018.

When collecting this information, we act as a data controller and, by law, are required to provide you with information about us, why and how we use your data, and the rights you have over your data. We are CoreStream GRC Ltd. Our address is CoreStream GRC Ltd, 20 Grosvenor Place, London, SW1X 7HN. You can contact us by mail at the above address, by email at info@corestream.co.uk, or by phone at +44 207 100 4378.

The UK GDPR requires every organization that processes personal information to be registered with the Information Commissioner’s Office (ICO). Our registration number is ZA154741, and you can find us on the Information Commissioner’s register by searching for us using our registration number.

Our promise to you

We are committed to being fair, lawful, and transparent when it comes to managing your information. We strive to make our processing activities clear and easy to understand, and we welcome your feedback. We promise that:

  • We will do everything possible to keep your information secure and confidential.
  • You control how we communicate with you – and you can change your preferences at any time by contacting us.
  • We will train our staff to ensure they know how to manage your information appropriately and in line with regulations.
  • We will not transfer your data to third parties, except for trusted partners who perform specialist processing (e.g., accountants, banks for financial transactions).
  • We have verified that any third parties we use comply with data protection legislation and will only work with them if they take your privacy seriously.

When we process personal data, we will only do so if we have identified a legal basis in accordance with the UK GDPR.

Generally, for personal data, we rely on consent, contract, or legitimate interest, depending on the purpose of processing. We will delete or anonymize your data as soon as it is no longer needed and not required by law.

Personal data that we process

The information we collect and store depends on the service you have requested or are interested in requesting and whether we are entering into a contract.

We always collect the minimum data necessary for the purpose of the requested services. For more information about the individual categories and purposes of data we collect, please see the relevant section below.

Employees

If you work for us, we will only collect the information necessary to pay you and maintain a working relationship, as required by law. Our legal basis for processing this data is contract.

Where you provide additional information voluntarily, we rely on your consent for processing. You can withdraw your consent at any time, although this may affect your employee benefits.

We will retain your data in accordance with statutory requirements, after which it will be securely destroyed, in line with the storage limitation principle.

It is your responsibility to inform us of any changes to your personal information so we can keep it accurate in line with data protection principles.

When processing special category data, we will only do so if we have a legal obligation or you have given explicit consent. In either case, we will only process it if we have identified an additional condition for processing, as specified in Article 9 of the UK GDPR.

For employment purposes, your personal details will be processed on the legal basis of contract and special category data under the additional condition for processing of employment.

Clients

If you procure one or more of our platform modules, you will be entering into a contractual relationship with us. We will collect your organization’s details, your contact details, and any contacts you provide us with to fulfill our contractual obligations.

We will also process commercial, confidential, and sensitive information you provide us with for the purposes specified in the contract and data processing agreement. We will process financial details for invoicing and financial transactions.

When our contract ends, we will follow all instructions per our contract with you regarding all personal and other data we have processed on your behalf. The legal basis we use is contract.

Sales inquiries

If you inquire about our platform modules and services, we will collect the personal details you provide. This information will be collected either via a web form or email, depending on your preferred contact method.

As you provide this information voluntarily, we rely on your consent for the purposes specified in your inquiry.

In some cases, we may contact you regarding other services, relying on legitimate interest to process your data. This will only occur when we can identify a legitimate interest and only if you have not asked us not to contact you for other purposes.

You can request the deletion of your information at any time. If you do so, we will delete it securely and ensure it cannot be retrieved. Otherwise, we will retain your data in line with statutory requirements.

Job applications

If you apply for a job with us, we will hold your information in accordance with statutory or recommended retention periods. We will contact you with any relevant job roles that become available. For job applications, we use consent as the legal basis for processing.

Third-party sharing

We will not share your information with any third parties for direct marketing purposes.

We use third parties to support our services, which are considered data processors under GDPR/UK GDPR. These third parties include our hosting partner, accountancy services, banking services, and freelancers.

Your data protection rights

Under data protection law, you have certain rights regarding your personal data, including:

  • The right to request copies of your personal information.
  • The right to request correction of inaccurate or incomplete information.
  • The right to request erasure of your personal information in certain circumstances.
  • The right to request restriction of processing in certain circumstances.
  • The right to object to processing based on public tasks or legitimate interests.
  • The right to data portability, allowing you to request the transfer of your data to another organization or directly to you, when applicable.

Your rights are not absolute in all cases—exemptions and/or restrictions may apply. You can find more details about your rights on the ICO website.

How to Complain

If you have any concerns about our use of your personal information, you can make a complaint by emailing us at info@corestream.co.uk or by calling +44 207 100 4378.

You also have the right to complain to the ICO if you are unhappy with how we use your data.

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Helpline number: +44 303 123 1113
ICO Website