This policy covers the following:
- what we collect
- data retention
- what we do with the information we gather
- controlling your personal information
Sandgate Systems Ltd is committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified, then it will only be used in accordance with this privacy statement and the purpose for which it was collected. We may on specific occasions provide additional information about how your data is used and this policy will supplement those other notices and is not intended to override them.
Sandgate Systems Ltd may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes. This policy is effective from 25th May 2018.
What we collect
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed which is often known as anonymous data. The personal data we collect for our own purposes may include the following:
- name and job title
- contact information including employer, address of employment, email address, IP Address, phone number
- nature of enquiry
- demographic information such as postcode, industry and sector
- other data that could directly or indirectly identify you
- the dates and times you used our services
- the internet browser and devices you have used
- ‘live chat’ and telephone records
- any information within correspondence you send to us
- any marketing preferences you have told us about
The majority of this information will be collected directly from you or from publicly available sources such as directories. We may also collect data on your usage of our website through our use of analytical tools, which helps us to track traffic across our website, allowing us to develop our site for a better user experience.
We only collect information which is necessary, relevant and adequate for the purpose you are providing it for, which are described in more detail below.
The systems we provide enable customers to store data which may, depending on the way in which the customer uses the systems, include personal data. We act as a data processor in respect of this information and it is the customer’s responsibility to ensure that such data is collected and processed legitimately.
What we do with the information we gather
We may use and process your personal information where this is necessary to enter into or perform a contract with you and to fulfil and complete your orders, purchases and other transactions entered into with us.
We may use and process your personal information where it is necessary for us to carry out activities for which it is in our legitimate interests as a business to do so. This includes our legitimate interests in using the contact details of an individual within a school or other organisation in the course of our sales and marketing activity, and using such details for the purposes of ongoing support and customer services in line with our contract with our customer.
Marketing and customer updates
We send information about promotions, events, products and services to our customers and may also send marketing material to schools and other organisations using publicly available data. We do not send marketing material to consumers. We carry out marketing on the basis that it is in our legitimate interests to do so, but allow recipients to opt out of further communications. You can do this at any time by contacting us or by using the unsubscribe option included in the footer of any of our messages.
If we have your consent to do so, we may use your personal information to send you promotional information about third parties we think you may find interesting. You have the right to withdraw this consent at any time.
Data we hold as the Data Controller:
We will keep your personal information for as long as you or your employer are a customer of Sandgate Systems Ltd so that we can communicate with you about your use of the systems.
We retain personal data only for as long as necessary to provide the Services the customer has requested and thereafter for legitimate legal or business purposes. These might include retention periods:
- mandated by law, contract or similar obligations applicable to our business operations;
- for preserving, resolving, defending or enforcing our legal/contractual rights; or
- needed to maintain adequate and accurate business and financial records.
After you stop being a customer, we may keep your data for up to 10 years for the following reasons:
- To respond to any questions or complaints.
- To comply with the legal requirements.
Data we hold as the Data Processor:
Our customers are responsible for setting and managing retention periods for any personal data which they enter into and store using our systems although we will provide functionality to facilitate this.
After a customer contract terminates, we will delete the data which that customer has entered into our system after 60 days from the point when the contract has ceased. During this period, we will be able to provide the data in a suitable format if requested.
The exceptions to the periods mentioned above are where:
- Copies may remain in our back-ups following deletion from the live system until those back-ups have been deleted as part of our normal back-up cycle;
- the law requires us to hold personal information for a longer period, or delete it sooner;
- A data subject exercises their right to have the information erased (where it applies), and the request is valid in which case we will delete the data sooner
- We collect: name, email address, IP address, device information, demographics and interests, your interactions with our website and information provided by third parties, cookies and similar technology.
- We retain this website data for a period of up to 14 months. If a user initiates a new session every month, then that user’s identifier is refreshed every month and never reaches the 14-month expiry. If the user doesn’t initiate a new session before the retention period expires, then that user’s data is deleted. We use this data to develop our website, make informed decisions and report on the performance of our website.
- In addition, we use Google Signals which provides information regarding cross-platform reporting, and user demographics and interests of users signed into their Google accounts who have turned on Ads Personalisation.
- A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
- We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.
- Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
- You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.
Controlling your personal information
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online. We also have processes for detecting data breaches and notifying them where we are legally required to do so.
Controlling your personal information
We may share your personal data with the following third parties:
- Professional advisers including lawyers, bankers, auditors and who provide consultancy, banking, legal, insurance and accounting services to us.
- HM Revenue & Customs, regulators and other authorities who require reporting of processing activities in certain circumstances.
- Our third party service providers and business partners who assist with the running of our services and products including hosting providers, payment processing partners, software service providers and backup and support services providers. Our third party service providers and business partners are subject to security and confidentiality obligations and are only permitted to process your personal information for specified purposes and in accordance with our instructions.
We may transfer personal data which we hold as data controller outside the EEA to recipients with Privacy Shield or adequate data protection agreements in place. Please contact us using the details below if you require further information on these safeguards. We do not transfer the data which we hold on behalf of customers as a data processor outside the EEA, and our contracts with customers contain restrictions on such transfers.
You have the right to:
- Ask for a copy of the information that we hold about you;
- Correct and update your information;
- Withdraw your consent (where we rely on it). Please see further ‘What we do with the information we gather’;
- Object to our use of your information (where we rely on our legitimate interests to use your personal information) provided we do not have any continuing lawful reason to continue to use and process the information. If you object to our use of your data for direct marketing, we will always comply with your right to object;
- Ask us to erase your information (or restrict the use of it), provided we do not have any continuing lawful reason to continue to use and process that information;
- Request the transfer of your information in a structured data file (in a commonly used and machine-readable format), where this is data provided by you and where we rely on your consent to use and process your personal information or need to process it in connection with your contract.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
You can exercise the above rights and/or manage your information by contacting us using the details below:
By post: Sandgate Systems Ltd, 4th Floor, 76 Wellington Street, Leeds, LS1 2AY
By email: [email protected]
Links to other websites
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
Data Protection Officer
Although not required to do so by GDPR, Sandgate Systems Ltd has chosen to designate a Data Protection Officer (DPO) on the Executive Board, who has full responsibility for all matters relating to data protection and GDPR compliance.
The DPO ensures that Sandgate Systems Ltd is accountable and transparent to all relevant authorities.
To contact the DPO please email [email protected]
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.