Privacy Notice for Southalls a Citation Business
What is this and who is it for?
This notice gives you information about Southalls which is a business within Citation, our approach to data protection and provides you with information about how we manage your personal data and the importance data protection plays in how we operate as a company.
Southalls and Citation are part of the Citation Group and Citation Ltd is the data controller for information covered in this privacy notice.
Our data protection approach is supported from the top of the business and is a core competence of how we operate, it is a fundamental which we continually strive to improve on. You can read more about our approach here
Citation as a data controller
For the purposes of this notice Citation is the data controller unless it has been specifically noted otherwise.
This notice relates to the collection and processing of personal data for Southalls a Citation brand, it does not cover processing we do in relation to the service we provide to our clients, in that regard Citation are the data processor acting on the instruction of our clients. To that end, as a data processor we offer broadly the following services: (1) the Safety Cloud platform to enable the management of Health and Safety for clients, (2) On-site Health and Safety support. There are also elements of these services where we also operate as a data controller.
Processing activities that are covered
This notice applies to the processing of personal data collected by us when you:
- Visit our website (https://www.southalls.com/)
- Visit our social media pages
- Visit our offices
- Receive communications such as emails and phone calls
- Register for and/or attend events where we participate or host
- Are an applicant to join us
- For sales and marketing
- For the understanding, development, growth, and administration of our business and service offerings.
Where we use social media or where you click a social media icon on our website, be aware that these companies are independent to Citation, they manage their own affairs and they will be a data controller in their own right. If you have any questions pertaining to how they process your personal data, you should review their privacy notices which will be available on their websites.
Finally, our websites may contain links to other websites for your ease and convenience, we are not responsible for them, how they operate or their security provision.
The personal data we collect
We collect personal data directly from you when:
- You express an interest in our products and services either over the phone, via email, social media, webforms, webinar attendance, contact us provision, when signing up to newsletters and other communications, when downloading certain content from our websites, at events we attend or host or through the live chat on our websites. The information we may require is contact information, name, phone number, email address, job title, company name, company address.
- If you contact our helpline you may be asked for you name, company name and confirmation of security credentials.
- When you make a purchase of any of our products we will require financial information for invoicing and collection purposes, this may include bank details, credit card information, invoice name, address and point of contact.
- If you attend an event where we are participating, you may have given additional consents to be contacted by us following the event. This information may include name, phone number, email address, company name and job title.
- If you connect with us through a social media channel, we will know your social media handle and any other information including photos you make available through our interactions and your profile.
- If you use our websites or email’s we will have details about your usage of our sites through cookies, beacons, and similar technologies. This information may include IP address and information about your visit. This is also the case when you use our SaaS products, we may collect information about your usage.
- If you complete surveys or enter competitions they may require contact information such as name, phone number, email address, company name and job title.
- If you complete a registration form on our website when downloading content, we will ask for details such as name, email, company name and phone number
- When you interact with live chat we will need name and email address for the functionality to work.
- If you are an applicant for a role with is we will require information relating to your career history which could include name, address, phone number and email address along with the positions you held and the date range you held those positions in different companies along with any qualifications.
- If you visit one of our offices, we may have CCTV in certain locations which may capture your image. You will be asked to provide your name, signature, company name and possible car registration.
- When you use the Safety Cloud product, data relating to your job role and how this influences your interaction with the platform and the client journey may be combined with other information relating to your organisation. We also process data relating your session in our Safety Cloud platform to understand how it is used. For clarity, is generic and does not relate to you as specifically.
- If you participate in our referral program, we strongly advise you to give our details to the individual you want to refer to use and facilitate the process that way. If you decide to provide us with their details you represent that you have their authority to do so, act in accordance with data protection legislation and in accordance with this privacy notice.
- If we are delivering a Health and Safety service where our qualifications or role for your company requires an authorised person or in dealing with an accident, we may require information such as name, health information, working patterns, contact information such as address, phone number. The information we may require will be specific for that scenario and will be advised in full. We will only ask for the information that is necessary to fulfil our purpose and in many cases is a legal requirement. This may also be information we gather from your employer if you are involved in an accident or incident.
Personal data we collect from other sources
We will also gain personal information from other sources, this includes third parties we purchase data from to help us identify and grow our business which could include a greater degree of personalisation. Additionally, we may combine these records with other publicly available information to ensure that our records are accurate and up to date.
We also obtain information from other companies within the Citation Group in order to provide a greater level of service and service offering or to better understand clients and the industries we operate in or where synergies apply to our business and to yours. We also obtain information from services to help us comply with data protection laws.
Typically, the personal information we get from third parties includes name, phone number, email address, company name, job title, contact preferences.
Data from your devise, usage of our website and applications
When you access our website or use our Safety Cloud product, we use tools such as cookies, beacons and similar technologies to automatically collect information which may contain personal data from your devise and usage of our site and services. The nature of what these tools collect differ between website and Safety Cloud product but still fall into similar categories.
This information may include IP address, application or system identification number, browser you are using, pages you have searched, files you have looked at and actions you have taken. There is also the time and date that these actions were taken or association with your browsing. We use this information to help us improve our service or your experience, to improve how you and others view the site or locations within our applications, to improve functionality, engagement and performance, to help us identify opportunities to develop our services further, our compliance with applicable usage terms and for overall security of Citaiton products, services and applications. The collection of this type if data may either on its own, or when combined with other data we have become personal data. It will be used primarily to identify the uniqueness of each user for security and identification of user purposes.
Where our Safety Cloud applications are concerned, we have two other types of technologies which are not strictly functional. The first is for feedback if the user is having technical difficulties and need to provide feedback. The second to provide us with an understanding of how the site is used, how people navigate the site, which areas do and don’t get much use. This to help us ensure it is intuitive, user friendly and we deliver appropriate communications and servicers through the platform. In this regard the data is anonymised and you cannot be identified from it.
Cookies, beacons and similar technologies on our website and in email communications
We use session cookies which expire after the session is closed, we also use persistent cookies which remain on your computer when you close the browser or turn your computer off. We also use beacons and pixels in our email communications and on our website, this enables us to understand if our communications are useful to you or not and how you then interact with the website or our service as a result of those email communications.
The cookies we use fall are:
Purpose for processing and the legal bases for processing we rely on
We collect and process personal data for the following purposes and with the following legal bases engaged:
- Where our website is concerned, we are processing your personal data with your consent if it is required and for other elements of our website we are processing based on the legitimate interest to operate and administer the site. Where site security is concerned and the activities through our cookies that enable a secure site, this is administered as a legitimate interest.
- To download some content from our site you are required to complete a form, this is done with your consent. We may also get in touch with you either by email and/or phone as a result of the download.
- The recording of phone calls by default on all calls is done as a legitimate interest in protecting both your interests and citations. Call recording are used for security, monitoring and training purposes.
- We may ask you for personal data when dealing with enquires, this data would be processed as a legitimate interest in being able to effectively follow up on your enquiry. This is also the case where it relates to a service enquiry or complaint, unless of course it is linked to a contractual obligation, in which case it is processed as part of the fulfilment of our contract.
- Setting up and managing your journey as a client is again done as part and parcel of the performance of the contract. This is also the case when it comes to good administration of matters relating to your contract with Citation.
- Managing your payments and payments relating to the service we provide. This also includes the entirety of the payment process in line with the terms and conditions of our service. We may also from time to time have to escalate this process to a third-party debt collection service. This disclosure of such data would be as a legitimate interest and further processed as part of the contractual terms.
- The identification of opportunities both with prospects and opportunities within our existing client base is done in the furthering the legitimate interests of the business. Any sharing of data internally within Citation Group companies is also a legitimate interest when it is done for similar purposes. This data may also be used to improve user experience and our understanding of both the client journey and appropriateness of products and services at different points of client lifecycle either within Citation or across the Group.
- Registering your information as a visitor to one of our offices will be done as a legitimate interest to protect our building, business and colleagues. It may also be used to administer non-disclosure and confidentiality agreements.
- If you provided a testimonial of our service, you will be doing so of your own free will and will be retained until you ask us to remove it.
- If we provide our health and safety services where we are investigating and accident, liaising with the HSE and acting as a competent individual we will do so under the performance of a contract.
- Where you have applied as a candidate for a role with us we will process your information in order to progress you application, contact you with updates, asses your qualities and capabilities against the requirements of the role and against other candidates. You will also be asked for proof of qualifications, references and other right to work information such as identification documents. This processing is done under the contract lawful basis as the information is necessary for prior to entering into a contract. We may also use recruitment companies from time to time, where data is shared with these organisations we will both be data controllers and you will have been referred to us from them. Further data protection information regarding their activities can be gained from them.
- We may use personal data relating to usage of Safety Cloud products for reporting and analytical purposes, this is a legitimate interest in trying to improve or offering and further the growth of the business.
- We will send sales and marketing communications such as emails or phone calls related to our services and those services of other companies in the Citation Group only if we can do so in line with data protection legislation.
- There are legal obligations that we must comply with, these could be tax related or generally dealing with local or national government, authorities, agencies or courts and professional advisors. It may be in our legitimate interest to protect our rights and if necessary, to disclose information for the protection of these rights or complying with court orders.
Who we share your data with?
We may share your personal data in the following circumstances:
- Where we are using contracted service partners for services such as IT, web conferencing, hosting and system administration, email communications, analytics and research, data enrichment and customer support. All these purposes and legal bases for processing are done in accordance with the information provided above.
- If you are a client we may share your details internally within the Citation Group in order to improve the service offering and range of services we provide, for the good administration and control of the business, marketing, reporting and account management Our Group companies are data controllers in their own right. Details of our Group Companies can be found here
- If you registering for events where we are partnering with another organisation or if a third party is running the event on our behalf, we may be required to share your details for the purpose of registration, security and administration of the event. This will be done in accordance with the legal bases noted above.To any competent law enforcement body, regulatory, government agency, court or other third party where we believe disclosure is necessary (i) as a matter of applicable law or regulation, (ii) to exercise, establish or defend our legal rights, or (iii) to protect your vital interests or those of any other person
- To a potential buyer (and its agents and advisers) in connection with any proposed purchase, merger or acquisition of any part of our business, provided that we inform the buyer it must use your personal information only for the purposes disclosed in this Privacy Notice;
- To enforce or apply our Terms of Service or other agreements or to protect Citation and its customers (including with other companies and organisations for the purposes of fraud protection and credit risk reduction)
- To any other person with your consent to the disclosure.
Finally we may share anonymised or aggregated data gathered in the normal course of the administration and good running of our business with third parties or service providers to enable greater analysis, improvements, industry or service related trends to be identified and action taken accordingly.
How long do we keep your data for?
We retain your data for as long as necessary to fulfil the purpose for its collection and processing. In some instances, this may be a sort period of time, for instance, as an unsuccessful job applicant we may retain your records for only 6 months once the process has concluded. In other instances, and especially where there is a legal obligation to retain your information for a certain period of time, we will do so in order to comply with the legal requirement; this is typically 6 years.
Once your data is no longer required it shall be deleted or if it is technically not possible to delete, we shall ensure sufficient controls are in place to put it beyond future use.
Our data is typically hosted In the UK and other parts of the EEA, there are however some of our contracted technical service providers that process from the US. Where these transfers and any other transfer than may occur in the future are concerned, we ensure that there is a legal bases for the transfer and a lawful transfer mechanism in place prior to any transfers in place.
Any such transfers currently done are done using either a transfer to a country with an adequacy ruling, using the EU-US Privacy shield or European Commission Standard Contractual Terms.
Under data protection legislation, you have rights as an individual which you can exercise in relation to the information, we hold about you.
These rights include:
- The Right of Subject Access – this is the right to access data we hold about you and, where required, an explanation of that data.
- The Right to Rectification – this is the right to have inaccurate or incomplete data rectified.
- The Right to Erasure – this is also known as the ‘right to be forgotten’ and means that in certain circumstances you have the right to ask us to delete data we hold on you.
- The Right to Restrict Processing – this is where you can request that we restrict/block processing of personal data (but still retain it)
- The Right to Data Portability – this allows people to reuse their personal data by requesting it in a useable format.
- The Right to Object – this right allows you to object to us processing your personal data. This is typically related to processing based on legitimate interest, performance of a task in the public interest, direct marketing, and processing for scientific or historical research
If you would like further information about your rights over your data or would like to submit a request, please use the contact details below.
Privacy Manager, Adam Francis firstname.lastname@example.org
Data Protection Officer, Melissa Ashdown-Hoff email@example.com
Security of personal data
We take every reasonable and commercially viable precaution to protect personal and commercial data. These are organisational, technical, and physical measures to protect against unlawful or accidental access, disclosure, loss or alteration.
Whilst we taken a robust stance to security no method of storage and transmission is 100% secure and, in some instances, out of our control. For that reason, you are entirely responsible for password security, controlling access to your devices, access to your environment in Safety Cloud and signing out and closing down web sessions once completed.
Complaints and queries
We try to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading, or inappropriate. We would also welcome any suggestions for improving our procedures.
Please use the contact details below for any comments, feedback or complaints.
Privacy Manager Adam Francis firstname.lastname@example.org
Data Protection Officer Melissa Ashdown-Hoff email@example.com
Or write to
If you want to make a complaint about the way we have processed your personal information, you can contact the Information Commissioner’s Office www.ico.org.uk/concerns.
Changes to this privacy notice
We keep our privacy notice under regular review and would encourage you to do also. This privacy notice was last updated on 1st April 2021.
Citation Fire and Electrical