Effective as of 22/05/2018
Concept Software Limited and subsidiaries, Iplicit Limited, understands that your privacy is important to you and that you care about how your personal data is used.
1. Personal Data
Personal data is defined by the General Data Protection Regulation (EU Regulation 2016/679) (the “GDPR”) as ‘any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier’.
Personal data is, in simpler terms, any information about you that enables you to be identified. Personal data covers obvious information such as your name and contact details, but it also covers less obvious information such as identification numbers, electronic location data, and other online identifiers.
The personal data that we use is set out in Part 3, below.
2. Individuals Rights
Under the GDPR, you have the following rights, which we will always work to uphold:
a. The right to be informed about our collection and use of your personal data.
b. The right to access the personal data we hold about you.
c. The right to have your personal data rectified if any of your personal data held by us is inaccurate or incomplete.
d. The right to be forgotten, i.e. the right to ask us to delete or otherwise dispose of any of your personal data that we have.
e. The right to restrict (i.e. prevent) the processing of your personal data.
f. The right to object to us using your personal data for a particular purpose or purposes.
g. The right to data portability. This means that, if you have provided personal data to us directly, we are using it with your consent or for the performance of a contract, and that data is processed using automated means, you can ask us for a copy of that personal data.
h. Rights relating to automated decision-making and profiling. We do not use your personal data in this way.
Further information about your rights can also be obtained from the Information Commissioner’s Office or your local Citizens Advice Bureau.
If you have any cause for complaint about our use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office.
3. How we collect Personal Data
We will collect and process information about you including the following;
• Information that you provide by filling in forms on our websites. This includes information provided at the time of registering to use our websites and subscribing to services. This may include your name, address, email address and telephone number.
• Place an order using our websites, application or services; this may include your name (including business name), address, contact (including telephone number and email address) and payment details;
• Complete online forms or participate in any other interactive areas that appear on our website or within our application or service
• Interact with us using social media
• Contact us offline, for example by telephone, fax SMS, email or post
4. How we use Personal Data
Under the GDPR, we must always have a lawful basis for using personal data. This may be because the data is necessary for our performance of a contract with you, because you have consented to our use of your personal data, or because it is in our legitimate business interests to use it. Your personal data may be used for one of the following purposes:
• Manager and administer your use of applications, products and services you have asked us to provide
• Supplying our products and services to you. Your personal details are required in order for us to enter into a contract with you and carry out those obligations under that contract
• Personalising and tailoring our products and services for you and communicating these changes
• Manage our relationship with you. This may include responding to emails or calls from you
• Supplying you with information by email or post that you have opted-in to (you may unsubscribe or opt-out at any time by contacting us at firstname.lastname@example.org.
• Provide you with any information that we are required to send you to comply with our regulatory or legal obligations
• Contact you to see if you would like to take part in our customer research, for example, feedback on your use of our applications, products and services.
Our website, applications (including mobile applications), and services may contain technology that enables us to:
• check specific information from your device or systems directly relevant to your use of the websites, applications, or services against our records to make sure the websites, applications, or services are being used in accordance with our end-user agreements and to troubleshoot any problems;
• obtain information relating to any technical errors or other issues with our website, applications, and services;
• collect information about how you and users use the functions of the features of our website, applications, and services; and
• gather statistical information about the operating system and environment from which you access our applications or services
With your permission and/or where permitted by law, we may also use your personal data for marketing purposes, which may include contacting you by email or post with information, news, and offers on products and services. You will not be sent any unlawful marketing or spam. We will always work to fully protect your rights and comply with our obligations under the GDPR and the Privacy and Electronic Communications (EC Directive) Regulations 2003, and you will always have the opportunity to opt-out.
5. Retaining personal data
Concept Software and subsidiaries will retain personal data for as long as your account is active; as needed to provide you products or services; as needed for the purpose outlined in this Policy or at the time of collection; as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements; or to the extent permitted by law.
At the end of the retention period, Concept Software and subsidiaries will delete your personal information in a manner designed to ensure that it cannot be reconstructed or read.
6. Protecting and storing personal data
We will only store or transfer your personal data within the European Economic Area (the “EEA”). The EEA consists of all EU member states, plus Norway, Iceland, and Liechtenstein. This means that your personal data will be fully protected under the GDPR or to equivalent standards by law.
The security of your personal data is very important to Concept Software and subsidiaries. We use physical, electronic, and administrative safeguards that are designed to protect your personal data from loss, misuse and unauthorised access, disclosure, alteration and destruction.
In addition, Concept Software and subsidiaries use standard security protocols and mechanisms to exchange the transmission of sensitive data.
In the event that your personal data is acquired, or is reasonably believed to have been acquired, by an unauthorised person Concept Software and subsidiaries, will notify you promptly by e-mail or mail. We will determine the scope of the breach and investigate and restore the integrity of the data system.
7. Sharing your Information
We may share your information with:
• Our service providers and agents (including their sub-contractors) or third parties which process information on our behalf (i.e. internet service and platform providers, payment processing providers and those organisations we engage to help us send communications to you)
• Third parties used to facilitate payment transactions, for clearing house, clearing system and transaction beneficiates
• Third parties where you have a relationship with that third party and you have consented to use sending information (i.e. social media sites)
• Law enforcement agencies so that they may detect or prevent crime or prosecute offenders
8. Accessing Personal Data
If you want to know what personal data we have about you, you can ask us for details of that personal data and for a copy of it (where any such personal data is held). This is known as a “subject access request”.
All subject access requests should be made in writing and sent to the email or postal address below. There is not normally any charge for a subject access request. If your request is ‘manifestly unfounded or excessive’ (for example, if you make repetitive requests) a fee may be charged to cover our administrative costs in responding.
We will respond to your subject access request within 30 days. We aim to provide a complete response, including a copy of your personal data within that time. In some cases, however, particularly if your request is more complex, more time may be required up to a maximum of three months from the date we receive your request. You will be kept fully informed of our progress.
9. Contacting us about Privacy
Data Compliance Officer
1-3 Yorkton Street
London E2 8NH
10. Changes to this Privacy Notice
This policy is subject to change. Any changes we may make to this policy in the future will be posted on this page and your continued use of our websites, applications and services following the posting of changes will mean you accept those changes.