Thank you —

for reading our privacy policy

21 June 2018

Calm Ray (we, our, us) have made this policy to show you how we control and process your personal data. This includes data we collect about you, and data you share with us via our website or other means. This policy also explains the rights you have with regard to this data collection and processing.

This privacy policy relates to your use of our website at: https://calmray.com.

For the purpose of GDPR compliance the data controller is: Calm Ray Ltd, Registered Number: 7618833, Registered Office: 1 Juniper Court, Quickley Lane, Chorleywood, Rickmansworth, Hertfordshire, WD3 5PG

This privacy notice is provided in an indexed format so you can access directly the sections set out below:

  1. Personal data we may collect about you
  2. The legal basis for processing your personal data
  3. How we use your data
  4. Links to other websites
  5. Disclosure of your data
  6. Third-party marketing
  7. Opting-out
  8. Security and storage of your personal data
  9. Your rights
  10. Access to the personal data we hold about you
  11. Changes to this privacy policy
  12. Contacting us
  13. Cookies we use on our website

Personal data we may collect about you

Data you give us

You may give us data by completing the contact form on our website, or by corresponding with us by email or via communication apps (such as Slack, GoToMeeting, Skype). You may provide us with a variety of personal data, including (but not limited to) your name, address, email address and phone number. If you contact us, we may keep a record of that correspondence. Types of data we may collect include personal data that can identify you, contact data that allows us to contact you, usage data about how you use our website and we may also use third party sources to collect useful data to help us complete the work you contract to us.

Data we collect about you

Details of how you interact with our website including: location data, session duration, pages access data, referral data, other analytical dimensions and metrics, the type of device you use to access our website, the IP address your device uses to connect to the Internet, your OS and your browser type. This information is automatically collected when you visit our website and consent to cookie usage.

Sometimes we also may use third party data sources to improve information we hold about you, e.g.: we may access data sources like LinkedIn to confirm and improve contact information, or we may refer to data held at Companies House and other publicly available information.

The legal basis for processing your personal data

The General Data Protection Regulation

The General Data Protection Regulation (GDPR) requires a clear relationship between the lawful basis (the appropriate and proportionate rationale) for processing your personal data, the type of data being processed and the processing activity/purpose (e.g.: to be able to complete the work you have asked us to do).

These are the types of legal basis for processing that we refer to in this policy:

  • The processing is necessary to complete the work you have contracted for us to do for you.
  • It is in our legitimate interests to do the processing. (Legitimate interest is a formal basis as illustrated by the ICO, please read here for more details)
  • Where we need to comply with a legal obligation.

In addition, when you visit our website we will rely on your consent to process cookie derived personal data and this will be indicated to you with an opt-in consent acknowledgement.

We retain personal information that you provide to us where we have a valid or legitimate business need to do so (for example, to fulfil our contractual obligations with you, or to notify you of services that we offer that are similar to those which you have contracted us to supply). Where we no longer have a legitimate business need to process your personal information, we securely delete the data.

How we use your data

We may use information held about you in the following ways:

Data that identifies you and allows us to contact you
  • Processing this data is necessary to complete the work you have contracted us to do for you or to carry out our obligations arising from contracts between us.
  • We use this data to identify you and manage any contact with you or to carry out our obligations arising from contracts between us.
Data about how you use the website
  • Processing this data is in our legitimate interest.
  • We may use website usage data to analyse website traffic, and to diagnose issues relating to website functionality.
  • We may use this data to provide you with information about other goods and services we offer that are similar to the services you have contracted us to deliver, or we feel may interest you.

We may also combine different types of data when we analyse website traffic. This type of combined data may be derived from your personal data but does not reveal your identity, for example, we may aggregate the data about your usage of the website to understand the amount of visitors looking at a specific website page. Our approach is to consider this combined data as personal data and therefore subject to conditions of this privacy policy.

Links to other websites

Our website may include links to other people's and organisation's websites. Clicking on those links may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we suggest you to read the privacy notice of every website you visit.

Disclosure of your data

We may disclose your personal information to any member of our company, or authorised agent working on behalf of our company.

We may disclose your personal information to third parties, internal and external:

  • External third parties to whom we may choose to sell, transfer, or merge parts of our business. If a change happens to our business, then the new owner(s) may use your personal data in the same way as set out in this privacy policy.
  • Who help us deliver contracted work to you (internal third parties).
  • In order to enforce the terms of the contract between us.
  • In order to protect our rights.
  • If we are required to share your personal data to be able comply with any legal or regulatory obligation.

Third-party marketing

Typically, Calm Ray Ltd does not engage in third-party marketing activities. In the event that this changes, based on a benefit analysis of/to our client groups, we will get your explicit opt-in consent before we share your personal data with any company outside our group of companies for marketing purposes.

Opting out

You can ask us to stop sending you marketing messages at any time by contacting us at: privacy@calmray.com. Where you opt out of receiving marketing messages, this will not apply to personal data provided to us as a result of communications conducted to satisfy our contractual obligations to you.

Security and storage of your personal data

The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (EEA), including services provided by companies such as Microsoft (Azure hosting), Atlassian (Issue tracking and project management), GoToMeeting (voice and video conferencing). It may also be processed by staff operating outside the EEA on behalf of our suppliers. By submitting your personal data, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy.

Whenever we send data to countries that do not enjoy the same type of protection as General Data Protection Regulation (GDPR), we only do so if appropriate safeguards are in place. For example, where we use providers based in the US, data transfer can benefit from similar levels of personal data protection as GDPR, as part of the Privacy Shield.

Inherently, transmission of data via the Internet cannot be guaranteed to be secure; we will do our best to protect your personal data, but we cannot guarantee the security of your data transmitted via our website or any other third party application or service that we may use to facilitate client communications - any transmission is at your own risk.

We have put in place processes to prevent your personal data from being lost, used or accessed in an unauthorised way, altered or disclosed. We limit access to your personal data to our employees, agents, contractors and other third parties who have a business need to know/access your data – and only for the maximum duration mandated to satisfy the work you have contracted for us to do for you. They will only process your personal data on our instructions and they are subject to a duty of confidentiality and NDA controls. We have put in place procedures to deal with any identified or suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

We keep your personal information for as long as we need to for the purposes for which it was collected or, (if longer) for any period for which we are required to keep personal information to comply with our legal and regulatory requirements.

Your rights

You have the right to ask us not to process your personal data for marketing purposes. We will inform you (before collecting your data) if we intend to use your data for such purposes. You can exercise your right to prevent such processing by Calm Ray, at any time by contacting us at: privacy@calmray.com. Similarly, if we are relying on your consent, you can withdraw your consent to our processing of your personal data (including any direct marketing) by contacting us at: privacy@calmray.com. If we are relying on legitimate interests for direct marketing, you can also object to receiving such direct marketing.

A précis of your rights as outlined by the Information Commissioner’s Office:

Your right of access

You have the right to ask us for copies of your personal information. This right always applies. There are some exemptions, which means you may not always receive all the information we process.

Your right to rectification

You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. This right always applies.

Your right to erasure

You have the right to ask us to erase your personal information in certain circumstances.

Your right to restriction of processing

You have the right to ask us to restrict the processing of your information in certain circumstances.

Your right to object to processing

You have the right to object to processing if we are able to process your information because the process forms part of our public tasks, or is in our legitimate interests.

Your right to data portability

This only applies to information you have given us. You have the right to ask that we transfer the information you gave us from one organisation to another, or give it to you. The right only applies if we are processing information based on your consent or under, or in talks about entering into a contract and the processing is automated.

You can read more about your rights at the Information Commissioner’s Office (ICO) website. If you have a concern or complaint about the way we handle your data, we ask that you contact us in the first instance to allow us to investigate and resolve the matter as appropriate.

Accessing the personal data we hold about you

The General Data Protection Regulation (GDPR) gives you the right to access information held about you. We have made a Subject Access Request (SAR) policy so that you can request access to your data. If you wish to make a SAR, you need to do this in writing via email (to privacy@calmray.com) or by writing a letter – to the address listed above. When we receive your SAR we may ask you for more information to confirm your identity and describe more about your SAR. You will not normally be charged for a SAR except in certain circumstances where the SAR is clearly inappropriate or repetitive.

Changes to this privacy policy

This version was last updated on 21st June 2018. Any further changes we may make to our privacy policy will be updated on this page and on other documentation that uses this policy content.

Contacting us

Questions, comments and requests regarding this privacy policy are welcomed and should be addressed to privacy@calmray.com, using the email subject line: Enquiry about the Calm Ray Privacy Policy.

Cookies used on our website

Our website uses cookies, a ubiquitous technology that is necessary for optimal website operation and experience. Cookies are small files that are installed on your computer or mobile device when you visit websites.

Cookie benefits:

  • Makes websites function as expected.
  • Remembers settings during and between visits to the website.
  • Improves the performance and security of the website.
  • A delicious tea-time accompaniment.
  • Collect any personally identifiable information unless you permit that.
  • Pass data to advertising networks.
  • Pass personally identifiable data to third parties.

We use a soft opt-in cookie permission operator on our website. When you first visit our website our content will be available and you will be provided with an option to accept the cookie usage (and this policy is made available to you).

Our website is showcase for our work and services; content is purely informational. As such, we have defined two categories of cookie: Necessary and Third Party. Necessary cookies are required for the normal function of the website, if they are disabled (consent withheld) you will be unable to access our website correctly. We only use one category of Third Party cookies, to support Google Analytics usage – please see below for more information on these cookies and their purpose.

Google Analytics

Category: Third party
Name: _gat, _gid, _ga
Purpose: Google Analytics uses these cookies to provide Calm Ray with analytical information about the use of our website.

Category: Necessary
Name: ARRAffinity
Purpose: A cookie used to manage the instance of the hosting service the website is served from.

Google Analytics - Google analytics is a web service provided by Google Inc. which utilises javascript and cookies to collect data relating to your visits and views of this website. Like almost all websites we use Google Analytics to compile website visitor statistics. This may include information about:

  • Unique visitor numbers, such as how many people have visited our website
  • The type of device the visitor is using
  • How long a visitor stays on a specific page of the website
  • How visitors arrived at our website

Please visit this page if you would like to learn more about Google Analytics.

If you wish you can configure your browser not to use/accept cookies. However, this is will mean that access to (and functionality of) our website will be impaired, as will any other website you choose to visit.