last updated, november 11, 2021
WE DO NOT MARKET TO OR ENTER INTO CONTRACTS WITH CHILDREN NOR DO WE COLLECT PERSONAL DATA FROM ANY PERSON UNDER 18 YEARS OF AGE. PLEASE DO NOT ACCESS OR USE THE WEBSITE OR SERVICES IF YOU ARE UNDER 18 YEARS OF AGE.
This Policy sets out what personal data we might collect, how we process and protect that data, the lawful grounds for that processing, and your related rights. We always seek to comply with the data protection laws in line with the GDPR, the world-standard for data protection laws, inspiring legal developments around the world.
We collect or are provided personal data in the normal course of business. For example:
- you may provide us with your details when you become a customer, such as your name, email and employer (‘Account Data’),
- we may receive personal data from our customers when using our Services, such as names of team members or data entered into the Services (‘Service Data’),
- you may provide us with your details when you ask about buying our products or services (through the Website, by email or otherwise) and we may otherwise lawfully obtain contact details of potential customers for our Services for our marketing purposes, for example from publicly available business contact information or your business website (‘Marketing Data’),
- when you visit the Website, we may collect information about your visit such as your IP address and the pages you visited and when you use our Services we may collect information on how you use those Services (‘Improvement Data’), and
- you may provide us with your CV and other personal data when you apply for a position (‘Recruitment Data’) (through the Website, by email or otherwise)
According to GDPR, we are the ‘controller’ of Account, Marketing, Improvement and Recruitment Data as we determine for what purpose and how it is collected and processed. We proces Service Data, but the customer keeps control over Service Data. We only process Service Data to fulfil our contract with the customer and on their instructions.
Your Provision of Personal Data
When you provide us with personal data about yourself or another person, for example a colleague or a contact, you are confirming to us that you have their consent or are otherwise authorised to provide us with that information and that any personal data you give us is accurate and up-to-date.
Provision of personal data to us is never a requirement, however if you do not provide us with the personal data necessary for us to carry out an action at your request or under a contract with or relating to you, for example to respond to your query or provide Services to you, we may not be able to respond to your query or provide Services to you.
Special Categories & Crime
Given the nature of our business, we do not ask for ‘special categories of personal data’ such as information about your health, political opinions, racial origins or sexual life, or personal data relating to criminal convictions and offences – and we would ask you not to send any to us or upload any into the Services.
We do not collect or process any bank or debit or credit card data ourselves. Any such data is collected and processed by our payment processors, to process the relevant payments, as independent controllers. We will at all times comply, and choose payment providers who comply with codes and laws regarding security and retention of such data, for example the Payment Card Industry Data Security Standard.
Our payment processors and links to their Privacy Policies along with additional information are provided for your convenience:
How do we use personal data?
We use personal data in the normal course of our business, including to provide, secure, manage and improve our Services and to meet any binding contractual or legal obligations. This includes:
- to respond to enquiries about our Products and Services, to provide Websites and Services, to provide advice and support. Lawful basis: Legitimate Interests or Contract.
- to analyse and improve the Website, our Products and Services, for example for technical or security purposes and to improve the customer experience. Lawful basis: Legitimate Interests, however where for example applicable law requires your consent to use certain cookies, we will ask for your Consent having provided you with relevant information.
- to market our Products and Services – if we do so, we will provide you with an easy and free way to opt-out of receiving such communications in the future.
- in certain circumstances, to share it with a limited number of third parties as described in this policy, for example for operational requirements and business continuity purposes.
- to manage our recruitment activities, including that the Recruitment Data will only be reviewed by those with a need to know as part of that recruitment.
Electronic Direct Marketing
Where we carry out electronic direct marketing – including phone calls, automated phone calls, emails, SMS and IM – we will comply with the relevant, applicable laws including the EU e-Privacy Directive, which has been implemented by national laws across the EEA and in the UK. This means for example that we will, where required, check national do-not-call registers and obtain your prior specific and informed consent, particularly where you are acting as a consumer.
Sharing Data & International Transfers
We will not give, sell or rent your personal data to third parties so they can market their services to you. Nor do we accept advertising from third parties on the Website. We may share personal data in the following limited circumstances.
- For provision of the Services, and for our own disaster recovery and business continuity purposes, we may store or transmit personal data to or through third party providers, such as with our contractors and advisors to help us operate, secure and analyse our business. Lawful basis: Legitimate Interests or Contract.
- We may be obliged to disclose your personal data to comply with a law, order or request of a court, government authority, other competent legal or regulatory authority or any applicable code of practice or guideline. Lawful basis: Legal Obligation.
In each case, we share the minimum personal data necessary and we have written contracts in place incorporating relevant wording to safeguard that personal data and comply with applicable laws, and we will only share such data as is necessary for the purpose in question. Our starting position is always to keep personal data within the UK or European Economic Area (‘EEA’) where the UK GDPR or EU GDPR applies respectively. However, in order to carry out the above purposes, we may use third parties and their facilities outside the EEA. In all such cases we will ensure that appropriate security measures are in place to protect your personal data and a valid legal basis for the transfer applies.
As a default position, we will only retain personal data for any statutory retention period, then a reasonable period (if any) necessary for the above purposes. This is subject, for example, to any valid opt-out or withdrawal of consent where processing is based on consent, or other valid exercise of your data subject rights.
The security of data is very important to our business. In accordance with our legal obligations, we take appropriate technical and organisational measures to protect your personal data and keep those measures under review. However, we can only be responsible for systems that we control and we would note that the internet itself is not inherently a secure environment.
Third Party Services
Under the EU and UK GDPRs, you have the following rights (some of which may be subject to conditions set out in the relevant GDPR):
- to know if we process any personal data about you and, if we do, with certain limitations, to request a copy of that personal data,
- to ask us to remove or correct any of that personal data that is inaccurate,
- to object to certain processing,
- to withdraw any consent you may have given us for any processing of your personal data,
- to ask us to restrict processing certain of your personal data,
- to ask us to erase your personal data, and
- to ‘port’ certain of your personal data to you or another provider, provided in each case that we have such data and certain conditions are met.
You have the right, at any time, to object to the processing of your personal data for direct marketing.
If you’ve any questions you can always contact us at the address above or by email to firstname.lastname@example.org. You have the right, at all times, to notify a complaint to any regulator such as the Data Protection Commission. We always welcome the opportunity to discuss and resolve any complaint with you first.