CCI Connect Privacy Policy
Data Controller Contact
CCI IT Ireland Ltd
Platform 94, Mervue Business Park
Galway, H91 D932, Ireland
Tel: +353 91 413 298
Website: cciglobal.com
Email: [email protected]
Introduction
CCI IT Ireland Ltd (“CCI IT Ireland”, “we”, “our”, “us”) operates the CCI Connect platform, which includes the mobile applications and web versions of the application (collectively, “CCI Connect”). This Privacy Policy describes how we collect, use, store, disclose, and protect your personal information.
CCI Connect is intended exclusively for authorised employees of CCI Global group of companies. By downloading, registering for, or using CCI Connect, you acknowledge that you have read and understood this Privacy Policy.
Controller / Responsible Party
CCI IT Ireland Ltd is the Data Controller for purposes of the General Data Protection Regulation (GDPR) and the Responsible Party for purposes equivalent to those under the Protection of Personal Information Act (POPIA). All core processing and hosting activities for CCI Connect are carried out in Ireland under its control.
Accessing Entities (Not Controllers)
Employees may access CCI Connect from jurisdictions in which the CCI Global Group of Companies operates, including:
🌍 South Africa | United Arab Emirates (Dubai) | Ethiopia | Ghana | Rwanda | Kenya | Botswana | Egypt
These entities are not Data Controllers. They access and process personal data strictly under the authorisation, governance standards, and security requirements established by CCI IT Ireland Ltd. Users accessing CCI Connect from these jurisdictions remain subject to the data protection laws applicable in their country of residence or operation.
Platform Structure
🔒 Hosting
CCI Connect is hosted entirely on a secure, access-controlled WordPress platform within CCI IT Ireland’s internal server infrastructure located in Ireland.
📱 Mobile Apps
The iOS and Android mobile applications function as wrappers that display the platform using a secure embedded webview. No external cloud hosting providers (e.g., AWS, Azure, Google Cloud) are used.
👤 Access
Only authenticated and authorised employees may access the system.
Personal Information We Collect
Required for Registration
- Employee number
- First name and last name
- Email address or registration ID
- Activation code, one-time password, or password
- Business unit or organisational assignment (where configured)
Your employee number and activation codes are never made visible to other users.
Automatically Collected
- IP address; dates and times of access
- Device type, operating system, and browser type
- Authentication logs, access logs, error logs, and performance diagnostics
✅ CCI Connect does not use advertising technologies, behavioural tracking, or cross-site tracking mechanisms.
Platform Rendering
The CCI Connect mobile apps use embedded browser technologies — Apple WebKit (WKWebView) on iOS and Android System WebView on Android — to render the platform. These components act purely as rendering engines and do not independently process personal information except what is technically required.
CCI Connect does not include third-party analytics SDKs, advertising libraries, or external tracking components. Users may manage cookies and cached data through their device settings.
User-Generated Content
Users may upload images, videos, text posts, comments, and reactions. Content is stored solely on CCI IT Ireland’s internal servers in Ireland.
Users must ensure uploaded content is lawful, does not infringe rights, and complies with internal policies. Uploading prohibited or inappropriate content may result in disciplinary action.
Content Licence
By uploading or submitting any content to CCI Connect, you grant CCI IT Ireland Ltd and the wider CCI Global group a perpetual, irrevocable, worldwide, royalty-free licence to use, reproduce, distribute, modify, adapt, publish, translate, display and communicate such content in any media for any legitimate business purpose, including internal communications, training, public relations, and external promotional materials.
Withdrawal of Consent
If you withdraw consent for CCI’s use of your identifiable user-generated content in external marketing, CCI will cease any new use of such content. This does not require CCI to recall materials already lawfully published, but CCI will take reasonable steps to remove or restrict content from CCI-controlled channels going forward where feasible.
Device Permissions
To upload user-generated content, the app may request permission to access your camera, photo library, video library, or microphone. Permissions must be explicitly granted and may be revoked at any time through your device settings. The app only processes media you intentionally upload.
User Obligations and Platform Integrity
- Users must not interfere with, disrupt, or attempt to compromise the security or functionality of CCI Connect.
- Users must comply with all applicable laws, regulations, and internal company policies.
- Users must keep login credentials confidential and notify CCI IT Ireland immediately if they suspect unauthorised access.
Purposes of Processing
Personal information is processed to:
- Authenticate users and provide access to platform features
- Enable communication, engagement, posting, and content sharing
- Monitor security and resolve technical issues
- Meet legal obligations and support operational needs
Legal Basis for Processing (GDPR)
Performance of a Contract
To provide employees with access to, and the functionality of, the CCI Connect platform.
Legitimate Interests
To operate, secure, maintain, and improve the platform; enable internal communication; and ensure the integrity and safety of CCI’s systems.
Compliance with Legal Obligations
To meet statutory, regulatory, audit, and record-keeping requirements applicable to CCI Global operations.
Consent (Device Permissions)
For device-level permissions where required by operating systems (e.g., camera, photos, notifications). Such consent can be withdrawn at any time through device settings.
Hosting, Transfers & Cross-Border Access
🔒 All data is stored on CCI-owned servers in Ireland within a secure, access-controlled private VLAN. No third-party cloud hosting providers are used.
All cross-border access complies with GDPR Chapter V, POPIA Section 72, applicable local laws, and internal governance requirements. All access to the platform is encrypted, authenticated, logged, and role-restricted.
Compliance with International Data Protection Laws
In addition to GDPR and POPIA, CCI IT Ireland Ltd complies with applicable data protection laws including:
UAE
Federal Decree-Law No. 45 of 2021 — Personal Data Protection Law, covering lawful processing, data subject rights, and cross-border access controls.
Kenya, Rwanda, Ghana, Ethiopia, Botswana & Egypt
Applicable local data protection laws covering rights of individuals, breach notification, and safeguards for cross-border data access.
Security
CCI IT Ireland Ltd implements robust technical and organisational measures including:
- Private VLAN hosting and network segmentation
- Firewalls and intrusion detection
- Continuous monitoring and access logging
- Encryption in transit and at rest
- Role-based access controls
While industry-standard measures are applied, no method of electronic transmission is completely secure, and absolute security cannot be guaranteed.
Data Retention
Personal information is retained only as long as necessary for operational, legal, regulatory, and security purposes. User-generated content remains until deleted by the user, removed for violation, or archived per retention policies.
⚠️ When you delete content, it may remain stored in system backups or audit logs for a limited period as required for security, forensic, or compliance purposes, after which it is permanently deleted.
Your Rights
Under GDPR
- Access & rectification
- Erasure (“right to be forgotten”)
- Restriction of processing
- Data portability
- Object to processing
- Withdrawal of consent
- Lodge a complaint
Under POPIA
- Access to information
- Correction of records
- Deletion of records
- Object to processing
- Processing information rights
Employees in UAE, Kenya, Rwanda, Ghana, Ethiopia, Botswana and Egypt may have additional rights under their applicable national data protection laws.
External Links, Surveys & Updates
External Links: CCI Connect may contain links to external websites. CCI IT Ireland is not responsible for external privacy practices.
Surveys & Contests: Participation is voluntary. Information collected is used only for the stated purpose.
Policy Updates: CCI IT Ireland Ltd may update this Privacy Policy. Changes will be communicated through CCI Connect or internal channels.
Questions about this policy?
Contact us at [email protected] | +353 91 413 298
CCI IT Ireland Ltd, Platform 94, Mervue Business Park, Galway, H91 D932, Ireland