This webpage sets out when and how we use your personal information that you or others provide to us. Your privacy is of the utmost importance to us. We want to make sure you fully understand the terms and conditions surrounding the capture and use of that information, whether we receive it directly from you, a third party or via the Safepoint App (“App”) or Safepoint website (“Website”). This privacy notice describes what information we collect about you, how we use it, and the rights you have in relation to that collection and usage.
If you have any questions about this privacy notice, please contact our customer support team on email@example.com
WHO WE ARE
We are TECHSHIFT LIMITED t/a Safepoint, a private limited company incorporated and registered in England and Wales with the company number 11652803 whose registered office is at The Enterprise Centre, University of East Anglia, Norwich Research Park, Norwich, England, NR4 7TJ (Safepoint).
For the purposes of the Data Protection Act 2018 and any other applicable data protection and privacy laws and regulations (“Data Protection Legislation”), Safepoint will be the ‘data controller’ for all personal information we determine the means and purpose of processing.
By “Personal Data” we refer to information collected or held by Safepoint, that identifies and relates to you as an individual.
Occasionally, Safepoint will act solely as the data processor for some of our clients. If you are the employee of one of these clients we will be the data processor for some or all of your personal information and your employer will be the controller. If you wish to discover how your data is handled under Data Protection Legislation, please refer to the privacy notice belonging to your employer.
INFORMATION WE COLLECT AND USE AT SAFEPOINT
We gather and use Personal Data in the following circumstances.
When you have expressed an interest in our services:
If you have opted in via our website or other form of media to receive marketing communications from us, we will handle your personal information for example (your name, email address and postal address and telephone number) to provide you with marketing communications in line with any preferences you have told us about.
You are not under any obligation to provide us with your Personal Information for marketing purposes.
When we send marketing emails to our clients and service users, we rely on consent to contact you for marketing purposes. If we consider that you may genuinely have an interest in benefitting from our service, we may make business to business approaches under our legitimate interests. Every email we send to you for marketing purposes will also contain instructions on how to unsubscribe from receiving them. You always reserve the right to our processing under legitimate interests, please see
“YOUR RIGHTS UNDER DATA PROTECTION LAWS” below.
When we send you marketing material in the post, we rely on our legitimate interest to let you know about our latest offers and services.
You can tell us that you do not want your personal information to be processed in this way at any time by contacting us at firstname.lastname@example.org or, where relevant, by following the unsubscribe link shown in every marketing communication you receive from us.
When you register with us:
As a user of Safepoint we gather your Personal Data in the following circumstances:
By registering your account on our App or through the Website and using the App functions we will collect your:
email and contact details;
data regarding your role entered by your employer.
When using the App we collect the following Personal Data on your phone called log data, this includes:
GPS location data;
Time and date of your App usage;
Internet Protocol (IP) address; and
Mobile device ID and OS information.
Where we do not require this information as a necessity of providing our service, we collect and use this information under our legitimate interest to provide a secure and consistent product by ensuring we can identify and correct and errors that may occur by incorrect data being passed to us.
As a client of Safepoint we collect and use your:
business contact information (including email, phone number and postal address);
the nature of your business and your role within it;
information required to invoice/receive payment (excluding the details in “What we don’t collect”); and
transactional data regarding the services you request from us.
If you contact our helpdesk service as a user or client, we will collect your name, contact details, nature of your request and any supplementary information you choose to provide us. We will only retain the Personal Data pertinent to resolving your issue.
When you visit the Website:
We use Google Analytics to collect standard internet log information (please see the “COOKIES” section below) and details of visitor’s behaviour patterns. We do this to help identify the number of visitors to the site and the pages they visit. We do not record, and we do not allow Google to make any attempt to identify the individual identities of those who visit our pages.
This information is stored and used for aggregated and statistical reporting. The collected information is used to provide an overview of how people are accessing and using the Website. Any Personal Data gathered from interactions on our Website is processed under our legitimate interest to promote the success of the business and ensure the security of the Website.
You can prevent us from using your personal information in this way by using the 'do not track' functionality in your internet browser. If you enable do not track functionality, our site may be less tailored to your needs and preferences.
What we don’t collect:
Card payment details taken for our services are processed and managed via Stripe. Further details regarding Stripe can be found at https://stripe.com/gb. Safepoint do not hold any card detail information as part of the Personal Data we handle on your behalf.
If you fail to provide us with Personal Data
You always reserve the right to withhold your personal information, but this may affect how we provide our services.
Where we need to collect personal information by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you. In this case, we may have to cancel a service you have with us but we will notify you if this is the case at the time.
LAWFUL BASIS OF PROCESSING
We will only process your information for as long as we have a relevant legal basis to do so. This is usually in order to provide you with the services you have requested from Safepoint and unless stated, all of the above processing is conducted under the legal basis of performance of a contract.
If we have collected sensitive personal data as part of our service provision, we will always ensure that we either request explicit consent from you or document the appropriate exemption to allow the processing of this data.
We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we consider the new purpose to be incompatible with the original purpose of collection, we will conduct a privacy impact assessment or contact you to request your consent for further processing. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us at email@example.com.
STORING YOUR DATA
The data that we collect from you will be stored in a location within the EU.
All information you provide to us is stored on our secure servers or those of our third party sub-contractors. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our Website or App, you are responsible for keeping this password confidential. You must not share your password with anyone.
SHARING YOUR INFORMATION WITH OTHERS
If and when we share your data, we always do so under a written agreement governing how your data must be protected.
We may be required to share your Personal Data with third parties to adequately provide our services. Please be assured that we will not share your information for any other reason unless we are required by law or permitted to do so under this Privacy Notice. The main circumstances in which we will be permitted or required to disclose this is by law will be by court order, to government bodies and law enforcement agencies.
However, sometimes we may share your information with third parties in the following ways:
we may use carefully selected sub-processors to help us collect, store or manage your information. This will always be managed under the terms of a written data processing agreement;
analytics and search engine providers that assist us in the improvement and optimisation of the Website; and
We will transfer your personal information to a third party if:
we sell or buy any business or assets, we will provide your personal information to the seller or buyer (but only to the extent we need to, and always in accordance with data protection legislation); or
if Safepoint or the majority of its assets are acquired by somebody else, in which case the personal information held by Safepoint will be transferred to the buyer.
We process your personal information for this purpose because we have a legitimate interest to ensure our business can be continued by the buyer. If you object to our use of your personal information in this way, the relevant seller or buyer of our business may not be able to provide services to you.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for Personal Information, we consider the amount, nature, and sensitivity of the Personal Information, the potential risk of harm from unauthorised use or disclosure of your Personal Information, the purposes for which we process your Personal Information and whether we can achieve those purposes through other means, and the applicable legal requirements.
PROTECTING YOUR DATA
We take our security obligations very seriously and constantly monitor for breaches and potential weaknesses.
Safepoint is committed to ensuring that data is stored, archived or disposed of in a safe and secure manner. We have procedures in place to try and prevent any unauthorised access or disclosures and to safeguard and keep secure the information that we collect.
We use computer safeguards such as firewalls and data encryption, we enforce physical access controls to our buildings and files, and we authorise access to Personal Data only for those employees who require it to fulfil their job responsibilities. All data at rest and in transit is encrypted and we employ TLS encryption for data transferring between our App and servers. We maintain detailed breach identification and mitigation plans and all staff are trained in managing potential compromise scenarios.
However, you should be aware that providing information over the internet can never be guaranteed as being completely safe and if you choose to send such information to us via the internet, you do so at your own risk.
YOUR RIGHTS UNDER DATA PROTECTION LAWS
You have various rights under the data protection laws, which you can exercise by contacting us. The easiest way to do this is by email at firstname.lastname@example.org.
Right of access
You are entitled to receive confirmation as to whether your personal information is being processed by us, as well as various other information relating to our use of your personal information.
You also have the right to access your personal information which we are handling.
Right to rectification
You have the right to require us to rectify any inaccurate personal information we hold about you. You also have the right to have incomplete personal information we hold about you completed, by providing a supplementary statement to us.
Right to restriction
You can restrict our processing of your personal information where:
you think we hold inaccurate personal information about you;
our handling of your personal information breaks the law, but you do not want us to delete it;
we no longer need to process your personal information, but you want us to keep it for legal reasons; or
we are handling your personal information because we have a legitimate interest, and are in the process of objecting to this use of your personal information.
Where you exercise your right to restrict us from using your personal information, we will then only process your personal information when you agree, except for storage purposes and to handle legal claims.
Right to data portability
You have the right to receive the personal information we hold about you in a structured, standard machine readable format and to send this to another organisation controlling your personal information.
Right to erasure
You have the right to require us to erase your personal information which we are handling in the following circumstances:
we no longer need to use your personal information for the reasons we told you we collected it for;
where we needed your consent to use your personal information and you have withdrawn your consent;
you object to our use of your personal information and we have no compelling reason to carry on handling your personal information;
our handling of your personal information has broken the law; or
we must erase your personal information to comply with a law we are subject to
Right to complain
You have the right to lodge a complaint with the Information Commissioner's Office, the supervisory authority for data protection issues in England and Wales.
Information regarding children
We do not intentionally market our services or collect information via this website from data subjects under the age of 16. We do not collect information regarding children for the provision of our services and will erase any data collected if informed by the parent or legal guardian of a child whose data we have erroneously collected.
CHANGES TO THIS PRIVACY NOTICE
Any changes we make to our privacy notice in the future will be posted on this page and, where appropriate, notified to you by e-mail or notification within the App.
Please check back frequently to see any updates or changes to our privacy notice.
Questions, comments and requests regarding this privacy notice are welcomed and should be addressed to email@example.com
This privacy notice was last updated 02/05/2019