Sign In App (together with its affiliated companies) is committed to ensuring the privacy and confidentiality of your personal information, and to protect it from unauthorised access and disclosure.
Sign In App complies with the Data Protection Act 1998, the UK GDPR and the General Data Protection Regulation 2016/679 (“GDPR”) and any local or European laws on data protection, as amended from time to time. Sign In App is registered as a data controller as defined in the UK GDPR with the data protection regulator in the UK, the Information Commissioner’s Office.
What information will we collect?
Personal data may be collected, stored and used when visiting our website, registering for a trial, or placing an order. The personal information that you are asked to provide, and the reasons why you are asked to provide it, will only be used in ways described in this policy.
Information you provide
- When visiting our website or using our apps If you choose to contact us through either of these sources, information you provide such as your name, email address or telephone number and any other information you choose to provide us with will also be stored.
- Account registration When registering for an account/trial, details that you provide to us to create a user account and provide you with access to the applications. The registration requires you to provide us with personal contact information, such as your name, company name and email address.
- Payment information When paying for your order online, your financial information is directed to our third-party payment processor. We do not store your financial data on our systems.
- Sign In App visitors If you are a visitor who has signed into our application, the information provided, such as your name, your company, whom you are visiting and other information that the customer you are visiting requires, i.e. a photograph or the number plate of your vehicle registration number.
Purpose for processing
Your data will be processed only for specified, explicit and legitimate purposes. We collect and process the personal data detailed in this policy, and the purposes for which we process personal data will be informed to data subjects at the time that their personal data is collected.
We may, from time to time, use your personal data for reporting and for making improvements to our services; in such instances we will always ensure an individual cannot be identified.
Your personal data may be transferred to our trusted third party processors, this will be for purposes such as: enabling payments, hosting of our servers, project management tools and customer relationship management system.
Our trusted third party processors are contractually bound to keep your information confidential and use it only for specified, explicit, and legitimate purposes.
Some messages from us are service-related and necessary for customers. You agree that we can send you non-marketing emails or messages, such as those related to transactions, your account, security, or product changes/updates.
If we intend to use any data provided by yourself for marketing purposes, such as sending updates or information relating to the product, we will always make this clear and offer an ‘opt out’ should you wish not to receive such information.
If you have agreed that we can use your information for marketing purposes, you can change your mind easily, via one of these methods:
- Send an email to: email@example.com
- Write to us at: Sign In App Ltd, 3A Green Lodge Barn, Roman Road, Northampton, NN7 4HD.
We will never lease, distribute or sell your personal data to a third party without requesting your prior permission. We will only transfer your data to other third parties without informing you separately beforehand in the exceptional cases where we are either legally required on important public interest grounds, or for the establishment, exercise or defence of legal claims.
If we collect your personal information from our Website, app or whilst providing services to you, we will process it in a way that is adequate, relevant and limited to what is necessary in relation to the purposes for why it is processed. We will maintain and update your information as necessary to keep it accurate or when you advise us that your personal information has changed. We will keep your information in a form which permits your identification for no longer than is necessary. We will hold personal information collected from web enquiry forms for a period of 12 months from when the enquiry is closed.
Lawful Basis for processing personal data
Our lawful basis for collecting and processing the personal data described in this policy will depend on the type of personal information concerned and the specific context in which we collect it. However, we will generally only collect personal information from you where either;
- We need the personal information to perform our obligations under a contract with you
- The processing is in our legitimate interest and not overridden by your rights
- You have given your consent to do so
We have a legitimate interest in operating our services, for example when responding to your queries, improving our services, or undertaking direct marketing.
If we ask you to provide personal information to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not.
Security of your data
Protecting personal data from unauthorised access, loss or alteration is of the utmost importance to us. All visitor records, photos, account data, configuration data and contact information is stored in AWS Tier 4 data centres. Servers are updated with the latest security patches during scheduled routine maintenance.
The app and online portal both access data using our secure API. The API exclusively uses TLS 1.2 to encrypt data in transit, and every request must include a time-limited authentication token generated by the authentication system. Visitor data is encrypted at rest. For support purposes, a limited number of senior engineers can access client data via a secure tunnel, controlled by private key-based secrets.
The app must be authenticated using a token generated from the devices section of your online portal. Portal users log in with an email address and password, managed from within the portal. User passwords are hashed at all times and can not be accessed.
There are two user levels that can be set, controlling access to user management and configuration options. For accounts with multiple sites, there is also the option to restrict individual users to only view data for a single site.
Where will your personal data be processed?
Sometimes we will need to share your personal data with third parties and suppliers outside the European Economic Area (EEA), this will be for purposes such as: enabling payments, project management tools, back office functions and our customer relationship or accounts management system.
Where your personal data is transferred outside the EEA, it will only be transferred to countries that have been identified as providing adequate protection for EEA data, where approved transfer mechanisms are in place to protect your personal data. If you wish for more information about this please contact firstname.lastname@example.org.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
How long will we hold your data?
The length of time we keep your personal data depends on what it is and whether we have an ongoing business need to retain it - for example, to provide you with a service or to comply with applicable legal, tax or accounting requirements.
Data will be retained for as long as your account is active and for a period of time afterwards where we have an ongoing business need to retain it, in accordance with our data retention policy. Following that period, we’ll make sure it’s deleted or anonymised.
Sign In App visitors
Please note that we are acting as a ‘data processor’, our customer will be the ‘data controller’ and will assume responsibility for the processing of personal data and how long that is held for. We have to act upon our customer’s instructions regarding data retention. Data will be stored in encrypted backups for 14 days after the retention period in a location selected by the customer.
Data subject rights
It’s your personal data and you have certain rights relating to it. When it comes to marketing communications, you can ask us not to send you these at any time – just follow the unsubscribe instructions contained in the marketing communication, or send your request to email@example.com.
You also have rights to:
- know what personal data we hold about you, and to make sure it’s correct and up to date
- request a copy of your personal data, or ask us to restrict processing your personal data or delete it
- object to our continued processing of your personal data
You can exercise these rights at any time by sending an email to firstname.lastname@example.org.
If you’re not happy with how we are processing your personal data, please let us know by sending an email to email@example.com. We will review and investigate your complaint, and get back to you within a reasonable time frame.
You can also contact the Information Commissioner’s Office on 0303 123 1113
or visit their website: https://ico.org.uk/make-a-complaint/.
Policy Review Statement
This policy may be reviewed at any time and at the request of either staff or management, but will automatically be reviewed 1 year from the initial approval and thereafter on an annual basis unless organisational changes, legislation, guidance or non-compliance prompt an earlier review.
For further information about Sign In App’s compliance with data protection law, please contact:
Operations Manager & Data Protection Officer
Tel: 44 1604 349759
Alternatively for further information about data protection law you can contact the information Commissioner's Office Directly on 0303 123 1113 or at https://ico.org.uk/