We are committed to ensuring that your personal data is kept confidential, and that it is only collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
We confirm our compliance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and Data Protection Act 2018.
Personal data may be collected, stored and used when visiting our website, registering for a trial, or placing an order. The personal information that you are asked to provide, and the reasons why you are asked to provide it, will be made clear to you at the point we ask you to provide your personal information.
a. When visiting our website or using our apps
If you choose to contact us through either of these sources, information you provide such as your name, email address or telephone number and any other information you choose to provide us with will also be stored.
b. Account registration
When registering for an account/trial, details that you provide us with to create a user and provide you with access to the applications. The registration requires you to provide us with personal contact information, such as your name, company name and email address.
c. Payment information
When paying for your order online, your financial information is directed to our third-party payment processor. We do not store your financial data on our systems.
d. Sign In App visitors
If you are a visitor that has signed into our application, the information provided, such as your name, your company, who you are visiting and other information that the customer you are visiting requires, i.e. the number plate of your vehicle.
a. When visiting our website or using our apps
Cookies do not provide us with access to your computer or any information about you, other than that which you choose to share with us.
However, please note that doing this may affect how our website functions. Some pages and services may become unavailable to you.
Your data will be processed for Specified, Explicit and Legitimate Purposes. We collect and process the personal data detailed above, and the purposes for which we process personal data will be informed to data subjects at the time that their personal data is collected.
We may, from time to time, use your personal data for reporting and for making improvements to our services; in such instances we will always ensure an individual cannot be identified.
Your personal data may be transferred to our trusted third party processors, this will be for purposes such as: Enabling payments, hosting of our servers, project management tools and customer relationship management system.
Our trusted third party processors are contractually bound by us to keep your information confidential and used only for specified, explicit, and legitimate purposes.
Some messages from us are service-related and necessary for customers. You agree that we can send you non-marketing emails or messages, such as those related to transactions, your account, security, or product changes/updates.
If we intend to use any data provided by yourself for marketing purposes, such as sending updates or information relating to the product, we will always make this clear and offer an ‘opt out’ should you wish not to receive such information.
If you have agreed that we can use your information for marketing purposes, you can change your mind easily, via one of these methods:
We will never lease, distribute or sell your personal data to a third party without requesting your prior permission. We will only transfer your data to other third parties without informing you separately beforehand in the exceptional cases where we are either legally required on important public interest grounds, or for the establishment, exercise or defence of legal claims.
Our legal basis for collecting and using the personal data described above will depend on the personal information concerned and the specific context in which we collect it. However, we will generally only collect personal information from you where either;
We have a legitimate interest in operating our services, for example when responding to your queries, improving our services, undertaking marketing.
If we ask you to provide personal information to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not.
Protecting personal data from access, loss or alteration is of the utmost importance to us. All visitor records, photos, account data, configuration data and contact information is stored in data centres within the EU. Servers are updated with the latest security patches during scheduled routine maintenance.
The app and online portal both access data using our secure API. The API exclusively uses TLS 1.2 to encrypt data in transit, and every request must include a time-limited authentication token generated by the authentication system. Visitor data is encrypted at rest. For support purposes, a limited number of senior engineers can access client data via a secure tunnel, controlled by private key-based secrets.
The app must be authenticated using a token generated from the devices section of your online portal. Portal users log in with an email address and password, managed from within the portal. User passwords are hashed at all times and can not be accessed.
There are two user levels that can be set, controlling access to user management and configuration options. For accounts with multiple sites, there is also the option to restrict individual users to only view data for a single site.
Visitor data collected via Sign In App will never be transferred out of the EEA, this data will always be securely stored within data centres within the EEA.
Sometimes we will need to share your personal data with third parties and suppliers outside the European Economic Area (EEA), this will be for purposes such as: Enabling payments, project management tools and our customer relationship management system.
Where your personal data is transferred outside the EEA, it will only be transferred to countries that have been identified as providing adequate protection for EEA data, where approved transfer mechanisms are in place to protect your personal data, i.e., by ensuring the entity is Privacy Shield certified (for transfers to US-based third parties). If you wish for more information about this please contact email@example.com.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
The length of time we keep your personal data depends on what it is and whether we have an ongoing business need to retain it - for example, to provide you with a service or to comply with applicable legal, tax or accounting requirements.
Data will be retained for as long as your account is active and for a period of time afterwards where we have an ongoing business need to retain it, in accordance with our data retention policy. Following that period, we’ll make sure it’s deleted or anonymised.
Please note that we are acting as a ‘data processor’, our customer will be the ‘data controller’ and will assume responsibility for the processing of personal data and how long that is held for. We have to act upon our customer’s instructions regarding data retention. Data will be stored in encrypted backups for 14 days after the retention period.
It’s your personal data and you have certain rights relating to it. When it comes to marketing communications, you can ask us not to send you these at any time – just follow the unsubscribe instructions contained in the marketing communication, or send your request to firstname.lastname@example.org.
You also have rights to:
If you’re not happy with how we are processing your personal data, please let us know by sending an email to email@example.com. We will review and investigate your complaint, and get back to you within a reasonable time frame. You can also contact the Information Commissioner’s Office on 0303 123 1113. They will be able to advise you how to submit a complaint.
This privacy statement was last updated: May 2019
If you have any questions about this privacy statement, or would like any further information regarding your data, please email firstname.lastname@example.org or write to:
All Things Code Ltd, 3A Green Lodge Barn, Roman Road, Northampton, NN7 4HD.