We endeavor to protect your protect your personal information as follows;
- We never ask for credit card or debit card numbers.
- We use regular Virus and Malware Scanning.
- Personal information is stored on secure networks and is only accessible by a
limited number of persons who have special access rights to such systems and
who are contractually required to keep all such information confidential.
- Any sensitive/credit information supplied to us is encrypted via Secure Socket
Layer (SSL) technology.
- All transactions are processed through a gateway provider and are not stored or
processed on our servers.
- A variety of security measures are automatically implemented when a user enters,
submits, or accesses their information to maintain the safety of your personal
protect or otherwise handle personal information in connection with our website.
Client Data means Personal Data regarding our Client(s) and prospective clients including key
Controller is a legal term described in the General Data Protection Regulation (GDPR) and it
means the party responsible for deciding what Personal Data to collect and how to use it.
Customer Data means Personal Data uploaded by a Permitted User on to the Software other
than Permitted User Data.
Data Subject means the individual who can be identified from Personal Data
Our Client means whoever purchased the user licence to use Software
Permitted User means a user designated by our Client
Permitted User Data means Personal Data about a Permitted User given to us by our Client
Personal Data this is data that may be used to identify a living individual. This could be a name
and address or it could be a number of details which when taken together make it possible to
deduce who the information concerns. It may include information about the identifiable
Processor is a legal term set out in the GDPR, and it is the party who has agreed to process
Personal Data on behalf of the Controller.
Prospective Client Data means Personal Data regarding prospective clients including key
Software means a software tool that enables the capture, process and reproduction of data.
2.1. To use our services and products we may occasionally need to process Personally
Identifiable Information which may be used to identify someone which may be a service
user or others.
2.2. Personal Data is held on 4 groups of people (Data Subjects) as follows;
- Client Data: this is Personal Data about a Client and may including key contact data
- Prospective Client Data: this is Personal Information about prospective clients including
contact information who have not yet entered into a contract with us.
- Permitted User Data: this is Personal Data about Permitted Users.
- Customer Data: this is Personal Data uploaded by a Permitted User onto the licenced
2.3. Our Software enables users to share information with other people and this policy only deals
users responsibility to ensure the recipient(s) of any Personal Data sent to them will use the
information as intend.
2.5. Any queries or concerns about this policy, should be communicated by mail or email to the
address found in our contact details.
3.0 A CONTROLLER OR A PROCESSOR
(a) We are a Controller in respect of any Client Data we hold which may include Personal Data
about our Clients and prospective clients including their key contacts.
(b) We are a Controller in respect of any Prospective Client Data including Personal Data about
prospective clients and their key contacts.
(c) We may hold Permitted User Data which is Personal data about Permitted Users provided
by Clients as both a Controller and a Processor. Which one, will depend on the data and the
(d) We are a Processor in respect of any Customer Data which is Personal Data uploaded by a
Permitted User. This means that we are only processing that data at the request of the
Permitted User and we are not making decisions about what data to collect or its use.
4.0 PERSONAL DATA
4.1 Personal Data about you may be stored by us, collected as follows:
(i) Information you provided where our services or software was requested, licensed or
purchased. This information could include;
- name and contact details.
- financial details.
- account preferences and settings.
- information sent or received using our Software.
(ii) Where you are a nominated Permitted User by a Client, we may receive information
concerning you from a Client who purchased the user licence to use the Software. This could
- your name, contact information including email addresses.
- your administrative rights.
(iii) Information concerning you which other Permitted Users uploaded on to the Software
system. This could include;
- details of works recorded or executed.
(iv) Cookies may also be used to collect information about;
- how you use the Software including your user preferences and interests.
- in-app purchases you make.
- details about user visits.
- details about the device(s) used to access the Software.
The company Cookies Policy can be found on the website.
5.0 HOLDING CLIENT AND PROSPECTIVE CLIENT DATA AND THE LAW
5.1 Client Data may be held and processed making us a data Controller and we must have a
‘lawful basis’ for doing so, as follows;
(i) IN ORDER TO PROVIDE OUR SERVICES: to provide this Software including support
and maintenance of any account using the Software where such processing is necessary for
the performance of the contract for the provision of our services or software or for taking
steps necessary to enter into a contract.
(ii) ADMINISTRATION AND DISPUTE RESOLUTION: We may also need to process
Personal Data to meet our internal administration requirements and for matters such as
dispute resolution. Such processing is necessary for the purposes of our legitimate interest,
which is in this case is to function as a business. We consider such use will not exceed
anything a Data Subject would reasonably expect and is likely to align with the Data
Subject’s interests by allowing us to provide a sustainable business model and is unlikely to
be detrimental to the fundamental rights and freedoms of any Data Subject.
(iii) MARKETING: We may periodically contact clients by mail, email or telephone about
updates to our services or software, or new features or functions or to introduce new
products. These communications may be tailored to what we think your interests are and this
may be based upon data collected using cookies and from looking at past transactions. The
right to opt out shall always be included in any such correspondence.
The lawful basis for any processing is where it is necessary for the purpose of our legitimate
business interest. We will endeavor not to exceed anything a Data Subject could reasonably
expect and is likely to align with a Data Subject’s interests and have an opt out option and is
unlikely to be detrimental to the fundamental rights and freedoms of the Data Subject.
(iv) AGGREGATE DATA: Aggregate data about Permitted Users and about Client
transactions or interactions may be collected and stored and any such data will be
anonymized and may be used for business and market research purposes.
5.2 Prospective Client Data may be used for marketing purposes or to take steps to enter into a
contract where we have been requested to do so.
(i) MARKETING BY ELECTRONIC COMMUNICATIONS: Information obtained by way
of discussion regarding our products or services, then we may contact you periodically by
email or telephone about updates or changes to our services or products. These
communications may be tailored on what we think your interests are and we may deduce
this from our communications with you. The right to opt out will be included in any such
correspondence. The lawful basis for such processing is that it is necessary for the purpose
of our legitimate business interest.
In any other circumstances, we will only contact you by telephone, mail or email or other
electronic communications where we have obtained your consent which will be our lawful
basis for processing purposes. Our communication may be tailored in a way we think may
interest you and we may deduce this from information collected about you from cookies or
other similar technologies.
(ii) MARKETING BY TELEPHONE: We always try to develop business and to locate new
customers who may be interested in our services or products. Our sales team may research
this online and we may contact you by email or telephone to gauge interested in discussing
our services or products. Such processing is necessary for the purpose of our legitimate
business interest. Such use will go no further than a Data Subject would reasonably expect
and is likely to align with a Data Subject’s interests and contain an opt out option and is
unlikely to be detrimental to the fundamental rights and freedoms of the Data Subject.
6.0 USE OF PERMITTED USER DATA
6.1. Permitted User Data would be used as follows;
(i) TO PROVIDE OUR SERVICES: we would use the contact information and details
provided to us by our Client(s) for the purpose of providing access to our Software and this
may include support and maintenance of your account on the Software. We do this solely on
the basis of our Client’s instructions and we are acting as a Processor in this regard.
(ii) UPDATES AND NEW FUNCTIONALITY COMMUNICATIONS: We may periodically
use the contact details received from Clients upon entering into a contract to receive our
services or products to send emails to Permitted Users regarding updates to our services and
new functionality available in the Software. Clients are normally informed of this marketing
service before entering into an agreement with us, and they have the option to opt out at that
point. Should a Client choose not to opt out we normally promptly send an email to each
Permitted User to notify them that we have been given their details and that they will receive
such communications unless they opt out. Each communication will include an easy opt-out
option. We are acting as a Controller in this regard. We are relying on the fact that such
processing is necessary to achieve our legitimate interest of providing an up-to-date software
solution for our Clients and their Permitted Users.
Anyone requiring further details on this use of your Personal Data, or if you would like to
tell us not to use your Personal Data for that purpose, please contact us at the email or
contact form on our website.
6.2. We may collect aggregate data about how a Permitted User uses our software. Any such data
is normally anonymised and should not identify a Permitted User.
7.0 CUSTOMER DATA - USING PERSONAL DATA UPLOADED AS PART OF A
SURVEY OR ENQUIRY
7.1. We act as a processor in respect of any Customer Data you upload which means we are
processing the data only on the basis of our Client’s instructions. Except for technical
processes like storage or maintenance purposes, we do not access or make any decisions
about uses of Customer Data.
7.2. We may collect aggregate data from the information uploaded but this data will be
anonymised so that an individual cannot be identified from that data.
8.0 DISCLOSING PERSONAL DATA TO A THIRD PARTY
8.1. This Software enables users to transfer and to share information with their customers and
other Permitted Users. If our Client has so requested, the data uploaded on to the Software,
may be accessible by other Permitted Users.
8.2. We may disclose Personal Data to third parties only for the following purposes;
(a) To our licensors, employees and third parties including professional advisors, such as
lawyers and accountants who are contracted to assist our business to provide the Software
and to operate our business. We currently use Amazon Web Services and other similar third parties
to provide hosting services. Any such licensors, employees and/or data processors
contracted to us will be subject to strict contractual requirements to use Personal Data in
processors please contact us using the contact information on our webpage.
(b) Where there is a duty to disclose or share Personal Data in order to comply with any legal
the operation of our website, or the rights, property, or safety of us, our customers or others.
(c) To third parties should we decide to sell, transfer or merge parts of our business or assets.
Should any change(s) happens to our business, then the new owners will only be entitled to
9.0 SECURITY PROCEDURES
9.1. We understand the importance of confidentiality and electronic, physical and managerial
procedures are in place to safeguard and secure the data uploaded onto our software.
(a) All staff members enter into and abide by a strict confidentiality agreement in respect of
how it handles all content. Contents of User Data remain confidential without your
explicit instruction to the contrary, and all data uploaded onto our software remains
(b) Robust security measures are in place to protect the information you upload on to our
software. All data is hosted on a UK cloud server, which offers a high level of security.
Our secure infrastructure includes encryption, firewalls and access control, and our
current hosting company is accredited by the following industry standard bodies:
- ISO 27001:2005 (Information Security)
- ASEA 3402 Type II (Service Organisation Control)
- ISO 14001:2002 (Environmental Management)
(c) Periodically we may use certain third party products or services to help us manage our
data, including CRM and accounting software. We will only ever work with companies
who are contractually bound to implement high standards of security measures. If you
would like further information about what third party processors we use, please contact
us using the contact information listed on our website or email firstname.lastname@example.org
9.2. Here are some steps that can be taken to help ensure that your data is protected.
(a) if contacting us with a query or complaint please use your work details rather than
personal contact details.
(b) if sending any financial details or sensitive information, consider sending it in separate
emails or using encrypted, password protected documents.
(c) please ensure that all passwords associated with your software account with us remain
10.0 PERSONAL DATA STORAGE
10.1. Data uploaded using our Software is held on a cloud server within the UK or European
European Area. Unless requested to do so, or it is strictly required in order to provide our
services we will not transfer any such data outside the UK or EEA.
10.2. Any users based outside the EEA who would like further information about where we hold
their data, may contact us using the contact information listed on our website or email
10.3. Client Data retention policies are as follows;
Client Data Retention
(i) data related to financial transactions may be stored for up to 7 years to ensure that we hold
sufficient records for accounting and taxation purposes.
(ii) data relating to negotiations, contracts agreed, payments made, disputes raised and use of our
software, may be stored for up to 6 years to protect ourselves in the event of a dispute
arising between us,
(iii) data may be stored in aggregate and without limitation as it cannot identify any individual.
Permitted User Data and Customer Data
(i) Permitted User Data and Customer Data shall be retained for as long as the user licence for
the Software remains valid. Upon termination such data shall be securely delete within 30
(ii) Aggregate data relating to the uses made of the Software by Permitted Users may be
retained without limitation. Such data shall be anonymised and it shall not identify any
Prospective Client Data
(i) Prospective Client Data may be retained for up to one year from the date of collection, or
longer if you requested to be added onto our mailing list or if the parties are engaged in
negotiations, then such data may be held for a longer period, to facilitate discussions or to
keep you informed of products and services. Data shall be deleted upon receiving a written
request to do so.
11.0 RIGHTS REGARDING PERSONAL DATA HELD
11.1. Data Subjects have the following rights regarding Personal Data relating to them which can
be enforced against whoever is the Controller. This will be us in respect of Client Data
and any Permitted User Data which we hold as a Controller, and our Client in respect of
Permitted User Data and Customer Data.
(a)Right to be informed: You have the right to be informed about what Personal Data the
Controller collects and stores about you and how it is used.
(b)Right of access: You have the right to request a copy of the Personal Data held as well as
confirmation of the following;
- the purposes of the processing
- the categories of personal data
- the recipients to whom the personal data has/will be disclosed,
- duration of any storage
- where the data was not collected directly from you, information about the source.
(c) Right of rectification: the right to require the Controller to correct any Personal Data held
about you which is inaccurate or incomplete.
(d) Right to be forgotten: in certain circumstances, the right to have the Personal Data held
about you erased from the Controller’s records.
(e) Right to restriction of processing: the right to request the Controller to restrict the
processing carried out in respect of Personal Data relating to you. You might want to do
this, for instance, if you think the data held by the Controller is inaccurate and you would
like to restrict processing the data has been reviewed and updated if necessary.
(f) Right of portability: the right to have the Personal Data held by the Controller about you
transferred to another organisation, to the extent it was provided in a structured, commonly
used and machine-readable format.
(g) Right to object to direct marketing: the right to object where processing is carried out for
direct marketing purposes including profiling in connection with that purpose.
(h) Right to object to automated processing: the right not to be subject to a decision based
solely on automated processing including profiling which produces legal effects or other
similar significant effects on you.
11.2. Should you wish to avail of any of the above rights please contact us using the contact
information listed on our website or email email@example.com.
If we are not the Controller, we shall transfer your request to the Controller only with your
consent. If you do contact us with a request, we will also need evidence that you are who
you say you are to ensure compliance with data protection legislation.
12.0 RIGHTS REGARDING THE PROCESSING OF PERSONAL DATA
12.1. We can be notified at any time that Personal Data about you should not be processed for
particular purposes or for any purposes whatsoever. This decision may have an impact on
the services or product(s) you receive from us because you will no longer be able to access
the Software since we would not be able to identify you.
12.2. Any request to stop receiving direct marketing would not impact on your ability to access
12.3. If your Personal Data is being held by us as a Processor then to facilitate your request we
may need to pass your request onto the Controller and we would only do so with your
13.0 COMPLAINTS POLICY
13.1. Any questions or concerns regarding the use of Personal Data please contact our Data
Protection Officer immediately using the contact information listed on our website or email
firstname.lastname@example.org. If we are processing Personal Data about you on behalf of our Client,
we will need to pass your complaint to our Client and shall only do so with your consent.
13.2. Any complaint about how we have handled Personal Data you may lodge a complaint with
the Information Commissioner’s Office by following this
Last edited June 2020