This privacy notice was last updated on: 16th July 2019
- What does this Privacy Notice cover?
(b) PF DIRECTOR are the “controller” (as such term is defined in the GDPR) of any Personal Information collected via the Website and our contact details are set out below in Section 7 below.
- What information does PF DIRECTOR collect?
(a) We gather various types of Personal Information from our users, as explained more fully below.
We use your Personal Information to:
i. allow our users to set up a user account and profile;
ii. personalise and improve the Services – we analyse and log user login patterns, threats, risks, location and device data to identify and prevent security breaches. We also track user activity to better understand user behaviour and improve the Services;
iii. manage user accounts and provide customer service – we log activity notes and email conversations in order to provide users with an enhanced experience. The Personal Information we collect includes user location, number of clients, requested features, accountancy package, lead source and company size in order to optimize our relationship with users. We also use a live chat feature which stores conversations we have with our users along with user location, device operating system, page last browsed on our website and details of when the user was last contacted or contacted us. We do this to maximise our efficiency so that our service to users is seamless;
iv. process payments and for other billing purposes – we take payments using third party software. We collect user email, billing email, name and location. We also use this information for internal processes such as account management, sales and customer support and marketing;
v. send users product-related communications and marketing communications – PF DIRECTOR uses user email, name and status (business owner or accountant) to facilitate product-related communications and marketing communications. Please see Section 2.4 below for more information on this and your right to object to marketing;
vi. contact users in relation to the Website and the Services;
vii. fulfill your requests for the Service;
viii. analyse how users utilise the Website, and as otherwise set forth in this Privacy Notice;
ix. provide account management, education, success and engagement services. We analyse and log activity across our Services and with our team, such as login pattern, number of users added, number of organisations added, number of Certification modules completed, last contacted point, billing patterns and subscription details.
We collect the types of information below.
(a) Information you provide to us
i. Your Personal Information:We receive and store any information you knowingly provide to us. For example, we collect Personal Information such as your name, email address, and browser information. You can choose not to provide us with certain information such as your credit card information, but then you may not be able to register with us or to take advantage of some of our features.
ii. Your users’ Personal Information:In order to provide you with the Services, we also receive and store any information you choose to provide us with respect to your users (“End Users”). The End User information (“End User Information”) we receive and store includes names and email addresses of your users and will consist of any other information you choose to provide us with.
(b) Information collected automatically
(c) E-mail, marketing and other communications
We may use your Personal Information to contact you, by email about your use of the Website or the Services. If you provide us with your consent to subscribe to our newsletter or marketing emails, we will use your name and email address to send the newsletter to you via email. You may choose to stop receiving our newsletter or marketing emails by following the unsubscribe instructions included in these emails. Please note that if you do not want to receive newsletter or marketing emails from us, we may still send you legal notices which will govern your use of the Website and you are responsible for reviewing such legal notices for any changes.
- Where do we store your personal information?
(a) If you are a British or EU citizen and have informed us as such, your Personal Data will be processed on servers based in the European Economic Area (“EEA”, on servers based in countries which comply with the European Commission’s adequacy decisions or in the US in accordance with the EU-US Privacy Shield. If you are not a British or EU citizen and have informed us as such, your personal Data will be processed on servers based in the European Economic Area (“EEA”), on servers based in countries which comply with the European Commission’s adequacy decisions or in the US in accordance with the EU-US Privacy Shield.
(b) PF DIRECTOR uses various cloud-based systems and tools, including certain customer relationship management and marketing automation services (“Tools”) to allow us to provide the PF DIRECTOR Tool to our users quickly and efficiently. As part of our use of the Tools, certain limited client and user profile information is sent to the providers of the Tools, some of whom are based outside the EEA. Where users’ Personal Information is sent by PF DIRECTOR to Tool providers based outside the EEA, we ensure such transfers are conducted in accordance with PF DIRECTOR’s obligations under the Data Protection Act 1998 and from the 25 May 2018, the GDPR.
(c) By accepting this Privacy Notice, users’ acknowledge that their Personal Information will be sent outside the EEA in accordance with the practices described in this Privacy Notice. We will take all steps reasonably necessary to ensure that such Personal Information is kept confidential, secure and only used for the purposes that we have specified and informed you of in this Privacy Notice.
- Will PF DIRECTOR share any of the Personal Information it receives?
(a) We do not rent nor sell your Personal Information or your End Users’ Personal Information to anyone. However, we may share such Personal Information with third parties for the purposes described below.
i. To assist us in providing the Services and/or the Website
We employ other companies and people to perform tasks on our behalf and may need to share your Personal Information with them to provide the Services to you. Unless we tell you differently in this Privacy Notice, such third parties do not have any right to use the Personal Information we share with them beyond what is necessary to assist us and they shall only process your Personal Information in accordance with this Privacy Notice. These third parties include third party companies and individuals employed by us to facilitate the Services and our Website, including the provision of maintenance services, database management, Web analytics and general improvement of the Services.
ii. Users’ accountants and bookkeepers
If a user is using a PF DIRECTOR product that has been made available to them by a service provider who has signed as one of our partners (e.g., their accountant or bookkeeper), then all Personal Information uploaded by such users will be available to that partner and its authorised employees and agents who have access to the relevant partner dashboard site.
iii. Business transfers
We may choose to buy or sell assets. In these types of transactions, customer information (including Personal Information) is typically one of the business assets that is transferred. Also, if we (or substantially all of our assets) are acquired, or if we go out of business, enter bankruptcy, or go through some other change of control, Personal Information would be one of the assets transferred to or acquired by a third party. You will be notified via email and/or a prominent notice on our Website of any change in ownership or uses of your Personal Information, as well as any choices you may have regarding your Personal Information.
iv. Protection of PF DIRECTOR and others
We reserve the right to access, read, preserve, and disclose any information that we reasonably believe is necessary to comply with law or a court order; enforce or apply our conditions of use and other agreements; or protect the rights, property, or safety of PF DIRECTOR, our employees, our users, or others. This includes exchanging information with other companies and organizations for fraud protection and credit risk reduction. We also may be required to disclose Personal Information in response to a lawful request by public authorities, including meeting national security or law enforcement requirements.
v. With Your consent
Except as set forth above, you will be notified when your Personal Information may be shared with third parties, and will be able to prevent the sharing of this information where we need your “consent” to share your Personal Information, unless we have to disclose your Personal Information in the circumstances set out in this Privacy Notice or required by law.
- Is your Personal Information secure?
(a) Your account is protected by a password for your privacy and security. You must prevent unauthorized access to your account and Personal Information by selecting and protecting your password appropriately and limiting access to your computer or device and browser by signing off after you have finished accessing your account.
- What happens if there is a data breach?
(a) If we become aware of a data breach or are notified of a data breach, we shall notify the Information Commissioner’s Office (ICO) and provide details to them of the data breach where we are required to do so. In most cases we are not required to provide any Personal Information on our users, however the ICO may request contact details for users who are or may be affected. If we encounter a data breach users will be notified where there is likely to be a high risk of any harm or damage to them as a result of the data breach. Should we be requested to provide Personal Information as part of the data breach process we will notify those users who we believe are affected.
- What data subject rights do I have?
(a) Under the GDPR, from the 25 May 2018 individuals have a number of rights in relation to the processing of their Personal Information. Brief details of these rights are set out below and where these rights only apply from the 25 May 2018 this has been stated under each section and further details can be obtained from the sources set out in Section 7.2.
i. Right of access
You have the right to apply for a copy of the Personal Information we hold about you. This is called a data subject access request and you can make a request by writing to us at 11-13 Rhosddu Rd, Wrexham, LL11 1AT, United Kingdom or emailing firstname.lastname@example.org. We may require you to verify your identity before we can disclose any Personal Information to you.
ii. Right to rectification
You have the right to have any Personal Information which is inaccurate that PF DIRECTOR hold rectified, or any incomplete Personal Information which PF DIRECTOR hold completed. Alternatively, through your account settings, you may access, and, in some cases, edit or delete the following information you’ve provided to us:
- name and password
- email address
- telephone number
- profile photo
- company name
- credit card information
The information you can view, update, and delete may change as the Website changes. If you have any questions about viewing or updating information we have on file about you, please contact us at email@example.com. We will respond to your request to access.
iii. Right to erasure and to be forgotten
From the 25 May 2018, you have the right to require PF DIRECTOR to erase all Personal Information held about you in certain circumstances, for example, where PF DIRECTOR no longer require the Personal Information for the purposes for which it was collected.
iv. Right to restrict processing
From the 25 May 2018, you have the right to request PF DIRECTOR restrict or block the Processing of your Personal Information in certain circumstances. If you exercise this right we will cease processing your Personal Information however we will still retain a copy of your Personal Information whilst we process your request. Once we have processed your request we will only retain the minimum amount of Personal Information to ensure we comply with our obligations under the GDPR.
v. Right to data portability
From the 25 May 2018, you have the right to request that PF DIRECTOR transfers certain Personal Information which you have provided to us where the Processing is based on consent it is necessary for the Performance of a Contract or where the Processing is carried out by automated means.
vi. Right to object
You have the right to object to the processing of your Personal Information by PF DIRECTOR where the Processing is based on PF DIRECTOR’s legitimate interests, direct marketing or if PF DIRECTOR is processing Personal Information based on research or statistical purposes.
vii. Right relating to Profiling and automated decision making
From the 25 May 2018, you have the right to not be subject to a decision if that decision is based on automated processing and it produces a legal effect or significantly affects you. This is not an absolute right and the right will not apply if the decision is necessary for PF DIRECTOR entering into a contract with you, is authorized by law or is based on your explicit consent.
(a) For more information about your rights under the GDPR please see www.ICO.org.ukand Section 12 of this Privacy Notice.
(b) You can find out more information about your rights under the GDPR by emailing firstname.lastname@example.org .
(c) You also have the right to apply or a copy of the information we hold about you. This is called a data subject access request and you can make a request by writing to us using the contact details above. We may require you to verify your identify before we can disclose any Personal Information to you. If your request is repetitive or excessive you may be required to pay a reasonable fee for this service.
- Special categories of data
(a) We ask that users do not send us, and that users do not disclose, or upload any special categories of data about themselves or their End Users (e.g., social security numbers, information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background or trade union membership) on or through the Services.
- Testimonials and blogs
(a) We post customer testimonials/comments/reviews on our Website which may contain Personal Information. We will use the reviews that you have posted on review websites in relation to our Services and by using the Services you consent to this usage. Alternatively, we will post the comments that you have supplied to us after we have obtained your consent in order for us to do the same. To request removal of your Personal Information from Testimonials or comments please contact us at email@example.com the subject ‘Data Protection’.
(b) Our Website offers publicly accessible blogs. You should be aware that any information including Personal Information) you provide in these areas may be read, collected, and used by others who access them. To request removal of your Personal Information from our blog or community forum, contact us at firstname.lastname@example.org. In some cases, we may not be able to remove your Personal Information, in which case we will let you know if we are unable to do so and why.
- What choices do I have?
(a) You can always choose not to disclose Personal Information to us, but keep in mind some Personal Information may be needed to register with us or to take advantage of some of our special features.
(b) You may be able to add, update, or delete information (including Personal Information) as explained in Section 7 above. When you update information, however, we may maintain a copy of the unrevised information in our records.
(c) Except as set out in Section 7 above, we will retain your information (including Personal Information) for as long as your account is active or as needed to provide you Services.
(d) You may request deletion of your account and Personal Information by contacting us at email@example.com. Please note that some Personal Information may remain in our private records after your deletion of such information (including Personal Information) from your account due to our disaster recovery and backup purposes. We will retain and use your information and Personal Information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements but barring legal requirements, we will delete your Personal Information within 90 days.
(e) We may use any aggregated data derived from or incorporating your Personal Information after you update or delete it, but not in a manner that would identify you personally.
- Changes to this Privacy Notice
(a) We may amend or update this Privacy Notice from time to time and the date it was last updated will be shown at the top of the page. Use of Personal Information we collect now is subject to the Privacy Notice in effect at the time such Personal Information is used. If we make any significant changes or changes in the way we use Personal Information, we will notify you by posting an announcement on our Website or sending you an email prior to the change becoming effective. You are bound by any changes to the Privacy Notice when you use the Website after such changes have been first posted.
- Questions or concerns
(a) If you have any questions or concerns regarding our Privacy Notice, please send us a detailed message at firstname.lastname@example.org. We will make every effort to resolve your concerns.
(b) You also have the right to complain to the regulator, the UK Information Commissioner’s Office in relation to the Processing of Personal Information. You can do this by visiting www.ICO.org.ukor calling 0303 123 1113.