ENSEK WEBSITE AND GENERAL PRIVACY NOTICE (V3.0 2024-05-17)
This document is our privacy notice for the purposes of Articles 13 and 14 of the UK GDPR, with respect to personal data concerning website users, Ignition users, and our marketing database.
1. WHO IS THIS PRIVACY NOTICE FOR?
2. WHAT THIS THIS PRIVACY NOTICE ABOUT?
3. WHO IS THE CONTROLLER OR PROCESSOR OF YOUR DATA?
4. WHAT DATA DO WE HOLD ABOUT YOU?
5. HOW DO WE OBTAIN YOUR DATA?
6. WHAT IS OUR LAWFUL BASIS FOR PROCESSING YOUR DATA??
7. WHAT PURPOSES DO WE PROCESS YOUR DATA FOR?
8. WHO DO WE SHARE YOUR DATA WITH?
9. WHERE DO WE KEEP YOUR DATA?
10. HOW LONG DO WE KEEP YOUR DATA FOR?
1. WHO IS THIS PRIVACY NOTICE FOR?
This privacy notice is addressed to the types of individuals listed below (the data subjects). PLEASE ENSURE THAT YOU READ THIS NOTICE.
Contacts
(1) Individuals who are contacts for our clients, contractors or other third parties we may deal with.
(2) Contractors include development companies, professional services companies, and software and system suppliers.
(3) We hold this data as controller.
Energy Supply Customers
(1) Individuals who are supply customers of our clients, whose data is processed in our SaaS systems.
(2) Your energy supplier is the controller, and we are their data processor.
(3) We hold this data as processor.
Enquirers
(1) Individuals who make a sales or other enquiry with us, including by submitting a contact or request form through our website.
(2) Individuals who we include on our marketing database.
(3) We hold this data as controller.
Users
(1) Individuals who are given a log-in or account to any system of ours, such as individuals given access to our product help system or SaaS systemsor support ticket system.
(2) Individuals who are given a sharing link to access any resources on any system of ours, including SharePoint files, Trello boards, or a user interface testing service.
(3) This is mainly staff of our clients who are using our systems on behalf of our clients.
(4) This does not include our staff or contractors, as they are covered by separate privacy notices, but the same type of data is held for them as well.
(5) We hold this data as processor (for our clients) and controller (with respect to feedback, usage and logging data).
Visitors
(1) Individuals who visit and browse our website.
(2) Individuals who visit our offices or attend meetings we arrange.
(3) Individuals who join any video or audio conference call that we may set up.
(4) We hold this data as controller.
Not Listed?
(1) We have separate privacy notices for staff, job applicants, and contractors.
(2) These are available on request.
Any Questions?
If you have any questions, please contact our HR team in the first instance, and then our data protection officer if your question has not been resolved.
2. WHAT THIS THIS PRIVACY NOTICE ABOUT?
This privacy notice explains what personal data we hold about you, how we collect it, how we use it, who we share it with, and what your rights are. We are required to notify you of this information, under data protection legislation. Set out below are some general points to note before reading further.
What is the applicable law?
(1) This document is a privacy notice is published to comply with Article 13 and Article 14 of the UK GDPR.
(2) You can find out more information through the useful links section of this document.
What is our commitment as controller?
(1) The controller of your data is the person ultimately responsible for the processing of your data.
(2) As the controller of your data, we are committed to complying with our legal obligations as controller of your personal data, and to transparency about what we use your data for.
(3) Our legal obligations are set out in: the UK GDPR and Data Protection Act 2018 (supplements the UK GDPR).
(4) As controller, we comply with the data protection principles when gathering and using personal information. We seek to ensure that our information collection and processing is always proportionate.
(5) We will inform you of any material changes to information we collect or to the purposes for which we collect and process it.
What is our commitment as processor?
(1) The processor of your data is the person who is processing data on behalf of the controller (such as a sub-contractor).
(2) If we are the processor of your data, we are committed to complying with our legal obligations as processor of your personal data, and to transparency about what we use your data for.
(3) Our legal obligations are set out in: the UK GDPR and Data Protection Act 2018 (supplements the UK GDPR).
(4) As a processor, our main obligations are to keep your data secure, and only to process it in accordance with the instructions of the controller.
Energy Supply Customers
(1) If you are a customer of an energy supplier, and any personal data relating to you (and your energy supply) is processed by us in our cloud service for your supplier, then please read the following.
(2) We are only the data processor. Your supplier is the controller of the personal data we hold. You should ask your supplier for their privacy notice. Your rights in this document should be exercised against your supplier, who will contact us if we need to be involved.
(3) The majority of this document does not apply to you, but please note that we do owe our security obligations to you and the controller, and you still have the right to complain about us to the Information Commissioner directly.
(4) For information, we process a large range of data relating to your energy supply contract. for the supplier. This includes your supply contract details, your contact, meter and address details, meter readings, prices, bills, payments, debt, and complaints. We only process these according to the instructions of your supplier.
Must you provide data?
(1) There is no obligation to provide the data referred to in this privacy notice.
(2) However, if you are a customer of an energy supplier, then they will need data relating to your supply in order to make the supply of energy to you.
Contracts
When we refer to a contract in this privacy notice, we mean any contract for supply of services between you and us, and any non-disclosure agreement or heads of terms between you and us.
Processor and Controller
This privacy notice sets out whether we, or any person we transfer your data to, are: (a) controller (ultimately responsible); (b) processor (handle data for someone else).
3. WHO IS THE CONTROLLER OR PROCESSOR OF YOUR DATA?
The controller (or where applicable, processor) of your data is ENSEK LTD, and our contact details are set out blow.
Our Company Name
ENSEK Ltd
Our Company Number
UK Companies House: 07167027
Our Country of Registration
England and Wales
Our Registered Office
(1) Hounds Gate, 30-34 Hounds Gate, Nottingham, England, NG1 7AB.
(2) This is also our postal address and head office.
Our Website
Data Protection Email
Our Data Protection Officer
Our Data Protection Officer can be contacted through the email address provided above
4. WHAT DATA DO WE HOLD ABOUT YOU?
This section lists what data we hold about you in connection with your dealings with ENSEK Ltd.
CCTV
(1) You may be captured on CCTV if you visit our premises.
(2) There is CCTV located in the main building reception and the car park. It is owned and operated by the landlords of the building.
(3) There is CCTV located in our communications room, where our servers and other equipment are located. This is owned and operated by ourselves.
Communications
Any emails and messages, and notes of any calls, between you and us.
Company Name
The name of any company or other organisation you are representing or work for.
(1) Web Download in Email - image download email.
(2) Direct Messages from linked in or other social meter, phone calls.
Email Address
This will be the email address that is supplied to us, so it could be a work or private email address depending on what is supplied.
Enquiries
Any queries and other enquiries that you raise with us, and responses that we give to you.
Feedback
Any feedback you provide.
Job Title
Your job title or role at the company or other organisation you represent or work for.
Log-Ins
(1) Log-in and account details where you are given access by us to any system (e.g. SaaS system) or resource (e.g. user guides).
(2) Data concerning your logging in to and use of our systems, to tack and monitor correct usage, and to support our clients in dealing with wrongful usage.
Name
Your first name, middle names, and last names.
Phone Number
Your telephone number supplied to us, and/or any public telephone number published by any company or organisation you represent.
Product Testing Information
(1) If you are asked to participate in any user interface, user feedback or other product testing and feedback activities then me may capture and store information concerning that testing and the results of any testing and feeback which is used solely to improve our products and services.
(2) This may comprise: (a) how you interacted with user interface designes; (b) audio, written or viisual feedback you provide on user interface designs.
(3) PLEASE NOTE THAT THIS IS NOT FOR THE PURPOSES OF MONITORING YOU, BUT RATHER TO IMPROVE OUR SOFTWARE PRODUCTS.
Product Usage Information
(1) We capture information about visits to the web based user interfaces for our SaaS products. This will be visits by client staff who have accounts in our SaaS products, or by our own staff.
(2) This comprises: (a) page views; (b) browser name; (c) browser version; (d) server name; (e) first visit; (f) last visit; (g) sample group; (h) client you work for; (i) language; (j) your user roles; (k) number of days active; (l) average usage per day; (m) total usage time; (n) usage trend; (o) quantity of events; (p) page usage time; (q) feature clicks.
(3) PLEASE NOTE THAT THIS IS NOT FOR THE PURPOSES OF MONITORING YOU, BUT RATHER TO IMPROVE OUR SOFTWARE PRODUCTS.
Relationship
Your relationship with us, such as whether you are a client, potential sales opportunity, supplier, visitor or other.
Support Comments
Any support ticket descriptions, comments, and feedback you provide.
Task Audit Information
(1) If you are given user rights to access any of our systems, then we may record and store information about your use of those systems, including APIs called and tasks undertaken in the systems.
(2) THIS IS TO MAINTAIN AN AUDIT RECORD OF WHAT WAS DONE / CHANGED IN OUR SYSTEMS.
Video Call Recordings
Your image and voice may be captured if you allow your video feed or audio to feature in any video call or conference we arrange and record. For instance a business update, or training, conference to which you are invited.
Website Usage Information
(1) We capture and record information about visits to our website, and our cookies notice gives further information on this.
(2) This may include when you visited, the IP address you visited from, browser information, your location in the globe, the pages you visited, the parts of the pages you viewed, and server session information concerning any processes you are undertaking through our website.
(3) This information may be captured by means of JavaScript, and by cookies or other local browser storage technologies, which are detailed further in our cookies notice.
(4) This is not recorded against you personally, and is stored and used in an anonymous form, except that if you are added to our marketing database HubSpot, the information may be linked to you at that point.
5. HOW DO WE OBTAIN YOUR DATA?
This section sets out how we obtain your data, including from you and other sources.
From Forms You Complete
We obtain it from forms you complete, including any general enquiries, sales, media contacts, demo requests forms on our website, any newsletter sign-up, any surveys or interviews your participate in, and any testing web pages you participate in.
From Your Documents
From files and documents you provide to us, and emails and messages you send, and from your public LinkedIn account.
From Conversation With You
We obtain it from conversation with you, which may include phone calls and video calls, emails, and instant messaging.
From Your Web Browser and Email Client
(1) From data automatically supplied by your web browser when you visit our website.
(2) From data we collect through your browser by means of cookies, JavaScripts and other technologies on our website.
(3) From tracking images downloaded in our marketing emails, that capture when the email was opened and whether you clicked on links in it.
From Our SaaS Systems
Where we are collecting analytics concerning usage of our SaaS systems by staff of our client or our own staff, we will again collect data from your web browser (including on any work or personal equipment you use to access our systems} and we may also collect data from events in our SaaS system that are associated with your user account.
From Our Back Office Systems
Where you are provided with a link to any back office system, file sharing service or other resource of ENSEK, that system may monitor and log your access, viewing, downloading or other use of that resource.
6. WHAT IS OUR LAWFUL BASIS FOR PROCESSING YOUR DATA??
To be able to process your data we need to have a lawful basis for doing so under the law.
Contract
To enter into or perform a contract with you or your employer or company.
Criminal Records
(1) We do not process any data concerning your criminal convictions.
(2) However, we may do so if you are a job applicant or employee or contractor - and you should see our separate privacy notices for those roles.
Legal Obligation
We need to do so to comply with a legal obligation or exercise a legal right. This could be a statute.
Our Legitimate Interests
(1) We do so for our "legitimate interests".
(2) This is flexible ground which we must prove.
(3) It requires a judgement on our part, but is typically doing something you would normally expect, or there is a compelling justification.
(4) You have a right to object if you don't agree with our judgement (see later in this notice), and we must stop if it is clear you have overriding reasons for asking us to stop.
(5) Most of our processing would fall within legitimate interests or contract performance, such as: (a) operating a proper and secure procurement process; (b) verification of identity; (c) assessment of suitability; (d) security checks; (e) making informed decisions; (f) negotiating contracts; (g) managing the supply of services to us and monitoring that it is in accordance with the contract; (h) monitoring use of our networks, systems, and offices; (i) performing our contractual commitments with our clients; (j) securing work and services outputs; (k) financing and insuring our business; (l) and improving our products and services.
Sensitive Data
(1) We do not process any data concerning your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetics, biometrics, health, or sex life or sexual orientation.
(2) However, we may process health data if you are a job applicant or employee or contractor - and you should see our separate privacy notices for those roles.
Your Consent
(1) If the above do not apply, we would need to get your consent to the specific use.
(2) This could be an explicit documented consent, or it could be implicit because you have requested some action to be taken involving your data.
Your Interests
We need to do so, to protect you vital interests.
This could include care for your health and safety.
7. WHAT PURPOSES DO WE PROCESS YOUR DATA FOR?
This part sets out the key purposes we use your data for.
Enquiry Follow-Up
PURPOSE | For the purposes of following up on an enquiry or request you made, including any follow-up sales processes.
EXAMPLES | (1) Telephoning or emailing you following an enquiry by you. (2) Arranging meetings and video conferences with you. (3) Providing a demonstration to you. (4) Pursuing a sales process with you. (5) Preparing and signing an NDA or heads of terms for a sale discussion or proposed contracts. (6) Providing information you have requested.
LAWFUL BASIS | Legitimate Interest- We are responding to an enquiry you made, as you would expect, and you have implicitly requested our response by submitting your form.
Marketing
PURPOSE | For the purposes of marketing our products to you or the business or organisation you represent or work for.
EXAMPLES | (1) Email marketing messages. (2) Linked-in campaigns.
LAWFUL BASIS | (1) Consent- We will have asked for your consent, including in any website forms. (2) You have the right to ask for this to stop.
Newsletter
PURPOSE | Where you have signed-up, we will use your data to send to our regular newsletter until you ask us to stop.
LAWFUL BASIS | (1) Consent- You requested by submitting your email. (2) You have the right to ask for this to stop.
Product Improvement
PURPOSE | (1) Our main products are SaaS products, which are accessed by our clients using a web user interface. (2) The quality of that user interface determines how well and efficiently our clients and their staff are able to use our products. (3) We therefore, as with a web site, we seek to capture information about how our SaaS products and their interfaces are used by our staff, which we then use to consider and improve the design of our products and the user guidance we provide.
LAWFUL BASIS | (1) Legitimate interest - To be able to improve our products. (2) Contract - To be able to deliver SaaS products that meet the standards expected by our clients in their contracts with us.
Relationship Management
PURPOSE | To manage our business or other relationship with you or the company or organisation you work for.
EXAMPLES | Client account management, contract management, support, and delivery purposes, to deal with matters arising in relation to a service contract with us, and to deliver on the service contract with us.
LAWFUL BASIS | (1) Contract- To perform and manage a contract between you and us, or between the company or organisation you work for and us. (2) Legitimate Interest- We would not be able to manage our contracts properly without being able to contract our client or other party to the contract.
Physical Security
PURPOSE | We use CCTV to monitor access to our offices for security monitoring purposes.
EXAMPLES | To check if any unauthorised persons are accessing our premises.
LAWFUL BASIS | Legitimate Interest- The protection of the security of our property and assets.
System Management
PURPOSE | To be able to manage access to and use of the systems you are given access to.
EXAMPLES | (1) To be able to give you the access intended. (2) To authenticate and authorise your access, and revoke your access. (3) To communicate with you about your access. (4) To maintain access logs and audit trails for the purposes of recording what you do in our systems.
LAWFUL BASIS | (1) Contract- To perform a contract with a client whom you work for. (2) Legitimate Interest- To protect the rights interests of our clients' in relation to their data you may have access to. (3) To protect our rights and interests in relation to our data and information in the system. (4) To maintain the security of our systems and be able to detect and evidence wrong-doing.
System Security
PURPOSE | We use various monitoring tools and services to monitor and log access to our systems for security management purposes.
EXAMPLES | To check if any unauthorised persons are accessing our systems, and to verify that our systems are being used correctly.
LAWFUL BASIS | Legitimate Interest- The protection of the security of our property, assets and systems.
Training and Information Sharing
PURPOSE | (1) We may use your video and voice call recordings for the purposes of keeping evidence of the call, and incidentally in connection with the sharing of that video or call in our business. (2) We would not record a video or voice call without making you aware at the time.
EXAMPLES | (1) Recording a meeting for the purposes of capturing the details of that meeting so that its information can be communicated to others not able to be present, can be actioned correctly, and evidence is maintained. (2) Recording of a training, event, or other type of meeting for the purposes of training or providing business information and updates internally.
LAWFUL BASIS | (1) Legitimate Interest- To be able to share training and business updates in our business to those not able to attend. (2) To be able to keep a proper record for the effective performance of our business.
Visit Management
PURPOSE | To manage your visits with us.
EXAMPLES | Arranging and administering face-to-face meetings and visits, and virtual meetings through videos.
LAWFUL BASIS | Legitimate Interest- To be able to manage the day to day operation of our business effectively, and know who we are dealing with.
Website Improvement
PURPOSE | We use website usage information to be able assess the use of our website and improve it so that it is visited and used more, and has better rankings in search engines.
EXAMPLES | Capturing how many unique visitors there are and how often they are visiting and which parts of the site are used most.
LAWFUL BASIS | Legitimate Interest- To be able to promote and grow our business through an effective and relevant website.
8. WHO DO WE SHARE YOUR DATA WITH?
This section details who we may share your information with. We will normally share in confidence unless the law requires otherwise
Auditors
PURPOSE | (1) We may share your personal data with any third party that is auditing our business and controls, including our security measures and operational controls, for the purposes of evidence, but only to the extent reasonably required for such evidence. (2) It will be shared securely, and under a non-disclosure agreement; and is shared normally to the auditors secure evidence repository.
RECEIVED AS | They use it as our sub-processor, to provide audit services to us.
Our Clients
PURPOSE | We may share any feedback information, support ticket information, and information concerning your use of our systems with your employer / the company you work for, for the purposes of assessing our software and performance, and audit, logging and investigation purposes.
RECEIVED AS | They will receive it as a controller, and not our processor.
Systems Providers
PURPOSE | We store your data with our systems providers noted in the next part below, but they are not expected to access or use it other than to provide the system functionality to us (e.g. reports) - the data just resides on the systems as part of their cloud service, and is encrypted at rest.
RECEIVED AS | They will receive it as our sub-processor.
9. WHERE DO WE KEEP YOUR DATA?
Your data is kept in the systems referred to below. We no longer keep any paper records and all of your data is created, stored, and retained electronically.
HubSpot
We host our website and manage our customer relationship datase, contacts, enquiries and forms in Hubspot.
https://legal.hubspot.com/security
Microsoft 365 and SharePoint
(1) ENSEK uses Microsoft 365, Exchange, and SharePoint for its general email, messaging, document creation, document storage and document sharing.
(2) Your personal data may appear there in an ad-hoc form where there is follow-up activity following an enquiry.
https://www.microsoft.com/en-gb/microsoft-365/sharepoint/collaboration
Pendo
(1) SaaS product usage information for our SaaS product users, is stored in the Pendo solution (see useful links) in a pseudo anonymised form.
(2) We hash the user's email address and only store the hash in Pendo, along with the analytics information associated with that user.
(3) It is not possible for Pendo to link the data back to a person, only ENSEK Ltd can do that by using the original email address stored in ENSEK Ltd.'s SaaS systems.
Useberry
In April 2024 we have commenced using this product for testing and obtaining user feed back on our user interface and user interface design ideas, and this product will store the results of that testing.
https://www.useberry.com/privacy-policy/
10. HOW LONG DO WE KEEP YOUR DATA FOR?
This section covers our retention policy.
General Principle
We will only use your data for as long as it is required for the purposes for which it is processed.
Archiving Period - CCTV
CCTV recordings are held for 30 days, unless a recording is needed for evidence in relation to an incident that has happened, in which case the we will hold the data for a long as required for that incident, but no more than 7 years.
Archiving Period - Clients and Contractors
If you are (or you are staff of) a client or contractor of ENSEK, then your personal data will be retained for the duration of our relationship and contract with the client or contractor, and for 7 years thereafter.
Archiving Period - Other
In any other case, your data will be retained for 36 months.
11. HOW DO WE KEEP YOUR DATA SECURE?
This section covers our security measures.
General Principle
(1) We have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way.
(2) In particular we have the following measures to keep your data secure.
ISO 27001
We are certified to and aim to keep certified to ISO 27001, which requires us to have a security management system, and to maintain a wide range of security controls. See ISO 27001
ISO 27701
We are also certified to and aim to keep certified to ISO 277001, which is an extension to ISO 27701 for privacy information management. See ISO 27701
Other Standards
We have our security controls audited independently by an auditor under the SOC (service organisation controls) audit standards, as well as under the smart energy code, the retail energy code, and other standards.
Data Breach
(1) We have procedures in place to deal with any suspected data security breach affecting your data.
(2) We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
Other Measures and Controls
(1) The above standards and audits require and examine all our security and privacy measures and controls, which we have in place to protect against unauthorised use, access to, change to, or disclosure of your data, against viruses and other malicious software, and against unauthorised access to our equipment, offices, networks, cloud systems, and databases.
(2) These measures and controls cover areas such as office access controls, equipment log-in, cloud system log-in and associated roles and permissions, network and access monitoring, staff training, management, staff background checks, usage monitoring, anti-virus and other protective software and devices, and data segregation and encryption.
System Providers
Individual system providers listed in this document have their own separate security and controls with respect to your data in their systems, and we consider these prior to using those systems.
Cloud First
We operate on a "cloud first" basis, which means that your data is stored in secure and reputable cloud systems, rather than at any offices of ours.
Access Controls
We limit access to your personal information to those who have a genuine business need to know it.
Proportionate and Confidentially
Those processing your information will do so only in an authorised and proportionate manner and are subject to a duty of confidentiality.
12. WHAT ARE YOUR RIGHTS?
This section covers your rights in relation to our processing of your data.
Introduction
(1) You have the following rights in relation to our processing of your personal data, but please note that these rights may be subject to conditions and exceptions set out in the law.
(2) If you would like to exercise these rights, please contact the head of human resources or our data protection officer.
(3) If you are not sure, just email us using our contact details in this document.
Our Service Providers
If you ask for the following, we are obliged to pass this request down to the providers of the systems we use and anyone else we use to process your data, as needed. See Article 19 of the UK GDPR.
Right to be informed
(1) You have the right to be informed if your data is being used.
(2) This document is how we are informing you.
(3) See Article 13 and Article 14 of the UK GDPR.
Right to withdraw consent
If any processing is based on your consent, you have the right to withdraw it at any time. Just email using our contact details in this document.
Right to stop direct marketing
You have the right to stop direct marketing at any time.
Right to a copy
(1) You have a right to an update of the information in this document.
(2) You also have a right to a copy of the personal data we hold about you.
(3) See Article 15 - Paragraph 3 of the UK GDPR.
(4) You have the right to ask for your data in a computer readable for, so that you can use it elsewhere.
(5) See Article 20 of the UK GDPR.
Right to a correction
(1) You have the right to request correction of your data (a right to rectification).
(2) See Article 16 of the UK GDPR.
Right to erasure
(1) You have the right to request erasure of your data (also known as the right to be forgotten).
(2) However, there are a range of exceptions to this, which mean that we do not have to erase your data if there are good reasons for retaining a copy of it.
(3) See Article 17 of the UK GDPR.
Right to restriction
(1) You have the right to request that we stop using your data for some purposes.
(2) There are conditions that apply.
(3) This means that we might still hold your data, but we would be stopped from using it for certain purposes.
(4) See Article 18 of the UK GDPR.
Right to object to legitimate interests
(1) If the legal basis for our using your personal data is a "legitimate interest", or we are using your data to market to you, then you can object to the processing.
(2) See Article 21 of the UK GDPR.
(3) We must stop the processing, unless we can show that our interests should take precedence over yours.
Automated Decision Making
(1) If we are making important decisions about using a compute, without any human involvement, then you can ask us to stop, subject to conditions.
(2) See Article 22 of the UK GDPR.
Right to complain
(1) We hope that our head of human resources and data protection officer can resolve any quey or concern you have about our use of your personal data or your rights.
(2) In any case, you have the right to complain to the Information Commissioner at any time.
(3) Their details are: (a) Address - Information Commissioners Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF; (b) Helpline number - 0303 123 1113; (c) ICO website - https://ico.org.uk/make-a-complaint/
13. USEFUL LINKS
Data Protection Act 2018
Contains additional rules to support the UK GDPR.
https://www.legislation.gov.uk/ukpga/2018/12/contents/enacted
ENSEK Ltd
The processor of your data.
ICO | Complaints Page
Page for making a complaint to the ICO.
https://ico.org.uk/make-a-complaint/
ICO | Your Rights
ICO page on your rights.
https://ico.org.uk/your-data-matters/
Information Commissioners Office (ICO)
The UK regulator of privacy laws.
https://ico.org.uk/for-organisations/sme-web-hub/make-your-own-privacy-notice/
ISO 27001
International security controls standard.
https://www.iso.org/isoiec-27001-information-security.html
ISO 27701
International personal data management controls standard.
https://www.iso.org/isoiec-27001-information-security.html
Microsoft 365
Our back office business tools for email, messaging, calling, and file creation, storage and editing.
https://docs.microsoft.com/en-us/microsoft-365/enterprise/o365-data-locations?view=o365-worldwide
Pendo
A software analytics solution that collects data from our SaaS product web pages and
SOC (Service Organisation Controls)
Auditing standard for auditing of security and operational controls.
https://en.wikipedia.org/wiki/ISAE_3402
UK GDPR
The UK's copy of the GDPR following BREXIT.
https://www.legislation.gov.uk/eur/2016/679/contents
UK GDPR | Article 13
The provision of the GDPR requiring this notice.
https://www.legislation.gov.uk/eur/2016/679/article/13
UK GDPR | Article 14
The provision of the GDPR requiring this notice.
https://www.legislation.gov.uk/eur/2016/679/article/14
UK GDPR | Data Protection Principles
The fundamental rules we have to follow when processing your data.
https://www.legislation.gov.uk/eur/2016/679/article/5
UK GDPR | Lawful Basis
We must satisfy one of the grounds in this article to be able to process your data.
https://www.legislation.gov.uk/eur/2016/679/article/6
Useberry
A third party system use to test user interface designs with users and to obtain user surveys and feedback, used by us to improve and develop our user interface designs.