1.1 Projonix Ltd ("we" or "us") take the privacy of your information very seriously. This Privacy and Data Protection Policy is designed to tell you about our practices regarding the collection, use and disclosure of personal information which may be collected in person from you, obtained via our website or collected through other means such as by an online form, email, other written correspondence or telephone communication.
1.2 This policy applies to 'personal data'. Personal data means any information relating to an identified or identifiable natural person, who may be identified, directly or indirectly by reference to an identifier such as a name, an identification number, location data, online information (e.g. an IP address) or to one or more factors relating to that person.
1.3 This policy applies to personal information provided to us by clients, users, suppliers, contractors, business contacts and other individuals with whom we interact directly or indirectly in the course of carrying out our services. In this policy "you" refers to any individual whose personal data we hold or process.
1.4 This policy is governed by the EU General Data Protection Regulation (the "GDPR").
2. Personal data we collect and how we process this data
2.1 Below we have set out the categories of data we collect, the legal basis we rely on to process the data and how we process the data:
2.1.1 Contact and personal identity information such as names, email addresses, phone numbers and addresses ("Contact Information"). We process this information when we communicate with you on the basis of our legitimate interest in providing consultancy services or on the basis of the performance of a contract with you.
2.1.2 Bank account and credit card details and other payment processing information including a record of such financial transactions ("Payment Information"). We process this information when necessary to enable us to collect and process payments to and from you as part of the performance of our contract with you and on the basis of our legitimate interest in facilitating transactions for the effective provision of our services.
2.1.3 A record of any correspondence or communication between you and us ("Communication Information"). We process this information when we monitor our relationship with you and provide services to you on the basis of the performance of our contract with you and on the basis of our legitimate interest in providing our consultancy services.
2.1.4 A record of responses, contributions, opinions and replies that you may have provided as part of the services we supply or products and tools we provide to clients and users ("Services Information"). We process this information when we communicate with you on the basis of our legitimate interest in providing consultancy services to our clients and users.
2.1.5 Marketing information we may hold about you in order to provide information about our services which may include names, email addresses, phone numbers, addresses, and other information ("Marketing Information"). We process this information in order to communicate with you about our products and services on the basis of our legitimate interests in communicating with you about our services or on the basis that you have consented to receive the information.
2.2 We will collect information either from you directly or from a third party. If we do obtain your personal data from a third party your privacy rights under this policy are not affected and you are still able to exercise the rights contained within this policy.
3. Data Retention
3.1 Our current data retention policy is to delete or destroy (to the extent we are able to) personal data after the following periods:
3.1.1 Records relating to contracts with us - 7 years from the end of the contract, being the length of time following a breach of contract in which a contract party is entitled to make a legal claim.
3.1.2 Records for marketing or business development - 3 years from the last date on which you have interacted with us.
3.1.3 Records relevant for tax purposes - 8 years from the end of the tax year to which the records relate.
3.2 Notwithstanding the retention periods referred to above, we carry out periodic reviews of the personal data we are holding. Following such review, we may contact you if you have not used our services or we have not heard from you for more than a year and ask if you would like us to retain or delete your personal data. If you do not respond when contacted we may decide to delete your personal data if we believe it is appropriate for us to do so.
3.3 For any category of personal data not specifically defined in this policy, and unless otherwise specified by applicable law or deleted in accordance with paragraph 3.2 above, the retention period for any personal data will be deemed to be 7 years from the date of receipt by us of that data.
3.4 We may provide information to third party service providers such as online hosting and cloud storage providers (see paragraph 4 below) who may, as part of their services, backup the information they are holding. If we decide to delete information in accordance with this paragraph 3 we will attempt to ensure that any such backed up data is similarly deleted by the third party service provider. There may however be circumstances in which we cannot access the data directly and so its retention and deletion is not within our immediate control.
3.5 The retention periods stated in this policy can be extended or shortened as may be required (for example, in the event that legal proceedings apply to the data or if there is an on-going investigation into the data).
4. Sharing you information
4.1 We may disclose information to third parties in the following circumstances:
4.1.1 as part of our services we may provide information to our third party service providers (such as online hosting and cloud storage providers, website and software developers, IT support providers, and other sub-contractors);
4.1.2 for the purposes of verifying your identity;
4.1.3 if we are under a duty to disclose or share your personal data in order to comply with any legal obligation (for example, if required to do so by a court order or for the purposes of prevention of fraud or other crime);
4.1.4 in order to enforce any terms and conditions or agreements for our services that may apply;
4.1.5 we may transfer your personal information to a third party as part of a sale of some or all of our business and assets to any third party or as part of any business restructuring or reorganisation, but we will take steps with the aim of ensuring that your privacy rights continue to be protected;
4.1.6 to protect our rights, property and safety, or the rights, property and safety of our users or any other third parties and this includes, without limitation, exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction).
4.2 If we do supply your personal information to a third party we will take steps to ensure that your privacy rights are protected and that such third party complies with the terms of this policy. These steps may include entering into data processing agreements or other terms with the third party where appropriate (for example, in the case of our online hosting service provider).
5. Cookies and IP address
5.1 A cookie is a piece of data stored locally on your computer and contains information about your activities on the Internet. The information in a cookie does not contain any personally identifiable information you submit to our website.
5.3 Once you close your browser, our access to the cookie terminates. You have the ability to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. To change your browse settings you should go to your advanced preferences.
5.5 If you choose not to accept the cookies, this will not affect your access to all of our services and information available on our website but you will not be able to make full use of our online services.
5.6 An Internet Protocol (IP) address is a number assigned to your computer by your Internet Service Provider (ISP), so you can access the Internet. While we may use your IP address to record which parts of our website have been used and diagnose problems with our server we do not use it to identify or track individual users.
6.1 We will take all reasonable steps to ensure that appropriate technical and organisational measures are carried out in order to safeguard the information we collect from you and ensure it is held securely and protected against unlawful access and accidental loss or damage.
7. Your privacy rights
7.1 With respect to your personal data, you have the right to:
7.1.1 request that your personal data will not be processed;
7.1.2 ask for a copy of any personal data that we have about you;
7.1.3 request a correction of any errors in or update of the personal data that we have about you;
7.1.4 request that your personal data will not be used to contact you for direct marketing purposes;
7.1.5 request that your personal data will not be used for profiling purposes;
7.1.6 request that your personal data will not be used to contact you at all;
7.1.7 request that your personal data be transferred or exported to another organisation, or deleted from our records; or
7.1.8 at any time, withdraw any permission you have given us to process your personal data.
7.2 All requests or notifications in respect of your above rights may be sent to us in writing at the contact details listed below. We will endeavour to comply with such requests as soon as possible but in any event we will comply within one month of receipt (unless a longer period of time to respond is reasonable by virtue of the complexity or number of your requests).
7.3 If personal data we hold about you is subject to a breach or unauthorised disclosure or access, we will report this to the Information Commissioner’s Office (ICO) and/or our data protection manager.
7.4 If a breach is likely to result in a risk to your data rights and freedoms, we will notify you as soon as possible.
8. Transferring your information outside of Europe
8.1 We will not transfer your personal data in a systematic way outside of the European Economic Area ("EEA") but there may be circumstances in which certain personal information is transferred outside of the EEA, in particular:
8.1.1 If you communicate with us while you are outside the EEA, your information may be transferred outside the EEA so that we can communicate with you and carry out our business activities effectively;
8.1.2 We may communicate with individuals or organisations outside of the EEA when carrying out our activities and those communications may contain personal information (such as Contact Information);
8.1.3 From time to time your information may be stored in devices which are used by our staff outside of the EEA (but staff will be subject to our internal data protection policies).
8.2 If we transfer your information outside of the EEA, and the third country or international organisation in question has not been deemed by the EU Commission to have adequate data protection laws, we will provide appropriate safeguards and we will be responsible for ensuring your privacy rights continue to be protected as outlined in this policy.
9. Notification of changes to the contents of this policy
9.1 We will notify you of any changes to this Privacy and Data Protection Policy by email to help ensure you are always aware of the information we collect, how we use it, and in what circumstances, if any, we share it with other parties
10. Contact us
10.1 If at any time you would like to contact us with your views about our privacy practices, or with any enquiry or complaint relating to your personal information or how it is handled, you can do so by us using the details below:
Address: The Data Protection Officer, Projonix Limited, 26, Morley Road, Twickenham, TW1 2HF, United Kingdom. Email: firstname.lastname@example.org
11.1 If we are unable to resolve any issues you may have or you would like to make a further complaint, you can contact the Information Commissioner’s Office by visiting http://www.ico.org.uk/ for further assistance