At I.T. Associates Ltd (“ITA”) we are committed to protecting and safeguarding the privacy of your data. ITA are Data Controllers registered with the UK Information Commissioner’s Office (ICO). You can find details on the Public Register of Data Controller’s on the ICO website at (www.ico.org.uk).
This Personal Data may be collected from you:
- as a registered user of Procim® who is or has been part of a company Subscription (“Procim Users”),
- or when you visit or choose to provide to us with information when you register on our ITA website (“Website Visitors”).
The provision of the Procim® Subscription service, and other related Procim information and service whether independently of, or through our website, will be referred to collectively as our (“Services”).
Processing of Personal Data
We may collect or hold three types of Personal Data:
What We Collect
Information which may be made available to us, or collected automatically through your use of our Services. This information may or may not enable us to identify you from the data collected and is referred to as (“Usage Data”). Usage Data may consist of technical, aggregated or non-aggregated information, such as your browsing activity on our Services, logged data trace actions, session information and non-identifying information regarding your device, operating system, internet browser type and version, screen resolution, language and keyboard settings, etc.
Why We Collect
We collect, store and process Usage Data for the following purposes:
- To acquire information that facilitates our provision of ongoing assistance and support for Procim Users;
- To create aggregated statistical data and other aggregated and/or inferred Non-Personal Data, which we may use to provide and improve our Services;
- To enhance our data security capabilities.
COMPANY PERSONAL DATA
What We Collect
Individually identifiable data, namely data that identifies you as an individual or may with reasonable efforts allow you to be identified as an individual is collected and is referred to as (“Company Personal Data”). Company Personal Data is collected where our Services are provided as a part of a paid Subscription to Procim and may consist of user account information, employee information, contact details, e.g., e-mail address or phone number, physical address or other private or sensitive information.
Company Personal Data may also consist of information held related to support queries as well as transactions you conduct on the Service including approvals, actions on projects, budgets, documents, etc. Although some of this information may be non-personal in nature, it is treated as Personal Data once it is connected or linked to other Company Personal Data that is personal in nature, if such connection or linkage exists.
Why We Collect
We store and process Company Personal Data to fulfil our obligation to provide and operate our Services under the Procim Software Subscription Agreement. This information is stored and processed solely on behalf of your company (organisation) and at their direction.
In these circumstances ITA serves, and shall be considered as a “Processor” and not as the “Controller” (as both such capitalized terms are defined in the European Union General Data Protection Regulation) of such Company Personal Data.
Your company (who is party to the Procim Subscription Agreement) shall be considered as the “Controller” of, and is solely responsible for the input, accuracy, quality, and legality of personal information and the means by which it is acquired. They are also responsible for complying with all laws and regulations that may apply to the collection and control of personal information, including all privacy and data protection laws in all relevant jurisdictions.
If you wish to access, correct, amend, or delete your Company Personal Data processed by ITA on behalf of your company, please direct your query to the relevant person within your company (who is the “Controller” of the data).
If requested to remove any Company Personal Data, we will respond to such requests after first notifying your company as the Controller of your Personal Data and will act on their instruction.
Removing your Company Personal Data will mean removing (over-writing so that it is no longer retrievable) any individually identifiable data, namely data that identifies you as an individual, or may with reasonable efforts allow you to be identified as an individual, including removing any links to non-personal information.
PERSONAL CONTACT DATA
What We Collect
Either after filling out a form (registering) on our website or as a part of your company’s paid Subscription to Procim, limited individually identifiable data, namely data that identifies you as an individual or may with reasonable efforts allow you to be identified as an individual (“Personal Contact Data”) may be collected. This Personal Contact Data is restricted to contact details (such as name, email address, company, office, company phone no and job role). Additionally, we may collect information that allows us to determine whether a Procim User is internal or freelance, whether active or inactive and the type of licence that is assigned (Full or T&E).
Why We Collect
We collect, store and process Personal Contact Data for the following purposes:
- To further develop, customize and improve our Services, based on Website Visitors’ and Procim Users’ experiences and difficulties;
- To provide Procim Users with ongoing customer assistance and technical support;
- To be able to contact our Procim Users with general or personalised Procim related service information such as Procim documentation and instructions, release notes and newsletters;
- To provide Website Visitors with information relating to our Services that you request from us; and
- To comply with any applicable laws and regulations.
Grounds for Processing Your Personal Data
We will only use your Personal Data if we have a lawful basis for doing so. Lawful bases for processing include consent, contractual necessity, and “legitimate interests” as further described below.
Contractual Necessity: Processing of Personal Data is necessary to perform a contract or take steps to enter into a contract with you (e.g. to provide you with Procim, to provide you with support and technical assistance or to provide other information relevant to your use of Procim).
Legitimate Interests: We process Personal Data on the grounds of legitimate interests as it is necessary to improve our Services by identifying user trends, effectiveness, technical issues and help us to market our products. We will always conduct this in a way that is proportionate, and that respects your data privacy rights.
Consent: In some cases, we process Personal Data based on the consent you expressly grant to us at the time we collect such data (e.g. filling out a form on our website). When we process Personal Data based on your consent, it will be expressly indicated to you at the point and time of collection.
Other Processing Grounds: From time to time we may also need to process Personal Data to comply with a relevant legal or regulatory obligation, if it is necessary to protect the vital interests of you or other data subjects, or if it is necessary for a task carried out in the public interest.
Storing Your Personal Data
Data that we collect and hold for you is stored on our secure servers that are managed by our dedicated hosting provider. Our Procim hosted server infrastructure is located within the European Union (“EU”). If we do transfer or move Personal Data for Procim Users outside the EU, we will first notify you or your company. In such circumstances, we will take all reasonable precautions to make sure that your data remains secure and is always handled in accordance with relevant legal or regulatory obligations.
Procim data transmitted over the internet is always encrypted using SSL. As we cannot however guarantee the security of data transmission over the internet, this data transmission is therefore entirely at your own risk. Where we have given you (or where you have chosen) a password for Procim, you are responsible for keeping this password confidential. Password authentication is by default based on a minimum password requirement set within Procim.
We may use certain monitoring and tracking technologies (such as cookies). These technologies are used to maintain, provide and improve our Services on an ongoing basis, and to provide our Website Visitors and our Procim Users with an improved experience.
Cookies: For some of these technologies to work properly, a small data file (“cookie”) must be downloaded and stored on your device. By default, we use persistent cookies for purposes of session and user authentication.
Third Party Links and Access to Data, Social Media
ITA engage a dedicated UK based company UKFAST to provide the infrastructure (core power, networking, cloud management infrastructure, security & monitoring services) for Procim. Where your Procim data is hosted within our infrastructure, UKFAST acts as a sub-processor in this regard.
You may find links to third party websites or social media portals on our Services. These websites or portals will have their own privacy policies which you should check before using them. As we do not have any control over data submitted on third party websites or portals, we cannot accept any responsibility or liability for the data submitted on these websites or portals.
We may utilise selected services providers whose services and solutions complement, facilitate and enhance the delivery of our Services. These may include data and cyber security services, communications delivery networks, billing and payment processing services, fraud detection and prevention services, e-mail distribution and monitoring services, and our legal and financial advisors among others. Collectively these are referred to as “Third Party Service(s)”.
Access to Your Personal Data and Other Data Subject Rights
You have certain rights with respect to your Personal Data, and we want to help you review and update your information to ensure it is accurate and up-to-date. We may limit or reject your request in certain cases, such as if it is frivolous or extremely impractical, if it jeopardizes the rights of others, if it is not required by law, or if the burden or expense of providing access would be disproportionate to the risks to your privacy in the case in question.
In some cases, we may also need you to provide us with additional information, which may include Personal Data, to verify your identity and the nature of your request. We will take reasonable steps to respond to all requests within 30 days.
Access: You can request more information about the Personal Data we hold about you and request a copy of such Personal Data.
Rectification: If you believe that any Personal Data we are holding about you is incorrect or incomplete, you can request that we correct or supplement such data.
Erasure: You can request that we erase some or all your Personal Data. Please note that if you request the deletion of information required to provide our Services to you, you may lose access to all or part of our Services.
Portability: You can ask for a copy of your Personal Data in a machine-readable format. You can also request that we transmit the data to another Controller where technically feasible.
Where you are a Procim User, if you wish to access, correct, amend, delete or transfer Personal Data processed by ITA (who is the “Processor” of such data), on behalf of your company (who is the “Controller” of such data) please direct your query to the relevant person within your organisation.
Copyright ©, I.T. Associates Limited 2018 | All Rights Reserved