When we refer to our “services” in this policy, we are referring to our online workplace, ThingTrax app and productivity tools and platforms ,and how ThingTrax collects and uses data in relation to the use of the website and app.
It does not extend to any websites that can be accessed from our website including, but not limited to, any links we may provide to social media platforms.
2. WHAT INFORMATION DO WE COLLECT?
ThingTrax collects information to provide a better service to all our users and visitors. We use the information to provide, maintain, protect and improve our website. This enables us to protect our users.
Without any limitation, any of the following data may be collected by our website where a customer is applying to use our services.
As a customer you can request information regarding storage of your data, deletion, sharing and retention of customer data which may apply to your use of the services.
What ThingTrax requests as personal data:
- Request for demo: the personal data you give us could include:
- Telephone number
- Email address
- Company profile
- Location Information
3. HOW DO WE USE THE INFORMATION THAT WE COLLECT
ThingTrax will only use your data to engage with you regarding a demo request or as a customer. We collect technical data through a secure password access portal in order to support and advise as and when required.
We are committed to protecting your personal information and protecting your privacy. We only process your personal data when you access our sites and services and they include:
- Marketing/contact communication: viewing or subscribing to our website and social media functions. With your permission, we collect your personal data upon request for a demo or other means of wanting to collaborate with ThingTrax. We use your data to issue news and product updates. You as the customer will acknowledge by giving consent.
- Retention: we will retain personal data stored on our services for as long as necessary to fulfil the purpose we collect it for, including for the purpose of satisfying any legal, accounting, or reporting requirements. We may have a requirement to retain your personal data for a reasonable period afterwards to allow us to respond to any follow-up enquires or complaints.
We may anonymise your personal data (so that it can no longer be associated to an individual) for research or statistical purposes.
In some circumstances, you can ask us to delete your data from your account.
But please note: (1) there might be some latency in deleting this information from our servers and back-up storage; and (2) we may retain this information if necessary to comply with our legal obligations, resolve disputes, or enforce our agreements.
- Billing and other information: when you subscribe and sign up to our service(s), we may collect your personal data, contact information (such as name, e-mail address, mail address, IP address, or phone number of the account admin/manager), billing information (such as credit card number and billing address), and username and account number.
Subject to this we will use such data, including without limitation, to:
- Provide you the service(s);
- Send you communication direct from the service(s);
- Assess the needs of your business to determine or provide suggestions of suitable services(s);
- Respond to customer services requests, questions and concerns; and
- Administer your account.
4. INFORMATION WE PASS ON TO THIRD PARTIES AND OTHER DATA SHARING
Like many businesses, we contract other companies to perform certain business-related services. We may disclose personal information to certain types of third party companies, but only to the extent needed to enable them to provide such services. The types of companies that may receive personal information and their functions are mail services (hard copy and email); hosting services; database management/back-up services; monitoring services; customer support and customer relationship management services; accounting services; and payment processors.
Our website uses analytics services provided by Google, Auth0 and Hubspot. Website analytics refers to a set of tools used to collect and analyse usage statistics, enabling us to better understand how users use the website. This, in turn, enables us to improve the website and the products and/or services offered through it. You do not have to allow us to use these Cookies, as detailed below, however, whilst our use of them does not pose any risk to your privacy or the safe use of the website, it does enable us to continually improve our business.
All such third parties function as our agents, performing services at our instruction and on our behalf pursuant to contracts. The sites and services are part of our regulatory compliance. We require all third parties to respect the security of your personal data and to treat it in accordance with the law.
We do not allow any third party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instruction.
Third party integrations: we may engage with third party companies or individuals as service providers or business partners to process Other information and support our business. These third parties may, for example, provide virtual computing and storage services.
Customer access: ThingTrax, as the owner and administrator, can carry out any action from a user’s service account and other customer representatives and personnel may be able to access, modify or restrict access to Other Information where there is a requirement.
With consent: ThingTrax requires the consent of you, as the customer, where there may be a requirement to use or share Information with third parties. Some applications are controlled by different organisations which enable us to deliver specific services.
5. DATA TRANSFER OUTSIDE THE EEA
The data we collect from you may, on occasions, be processed at a destination outside the European Economic Area (EEA). It may be processed by organisations operating outside the EEA who work for us or supply a type of service we require. These organisations may be engaged in the fulfilment of your request, and the provision of support.
Where we use certain service providers, we may use specific contracts approved by the European Commission which give the personal data the same protection it has in Europe. Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between Europe and the US.
6. LEGAL BASIS AND PURPOSE OF PROCESSING YOUR PERSONAL DATA
- You have given consent to the processing of your personal data;
- Necessity for the purpose of a contract, which you are a party of, or at your request in order to take the steps prior to entering into a contract;
- Necessary in order to protect your vital interest; and
- Necessary for the performance of a task.
Your Data Protection Officer (Controller & Processor) is Aman Gupta; please email firstname.lastname@example.org
Data security is of great importance to ThingTrax and to protect your data we have put in place suitable physical, electronic and managerial procedures to safeguard and secure data collected via our website.
7. LEGITIMATE INTERESTS
At times we have a legitimate interest to process some personal data where it is not practical to obtain consent, if it is fair and within your reasonable expectations. We will ensure that we use your personal information in ways that are not unduly intrusive or unfair, such as:
- Reporting criminal or suspicious acts with law enforcement agencies
- External & Internal audit for financial or regulatory compliance
- Statutory reporting
- Maintenance of consent “do not contact”
- Physical and network maintenance
- Financial management control
- General governance & compliance “housekeeping”
8. YOUR DATA PROTECTION RIGHTS
Right to be informed: you have the right to be told how your personal information will be used. This policy is used to communicate this to you and is intended to be a clear and transparent description of how your data may be used.
Subject access request: you can email the Data Protection Officer and request in writing what information we hold on you. We will have 30 days to respond to you once we are satisfied you have the rights to see the requested records and we have successfully confirmed your identity.
Right to erasure: from May 25th, 2018, you have the right to be forgotten (personally identifiable data deleted). However, we may not always be able to comply with your request for specific legal reasons, which will be notified to you.
Right of rectification: if you think our records are inaccurate, you have the right to ask for those records to be updated.
Right to opt out: you have full control of when and how we contact you. If you wish to opt out then please email email@example.com
Right to data portability: where we are processing your personal data under your consent, the law allows you to request data portability from us to another service provider. Please note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Right to object: you have a right to stop the processing of your personal data for direct marketing purposes. You can “unsubscribe” via the website or contact us directly firstname.lastname@example.org . We will amend your contact preferences as per your instruction. You have a right to opt out at any time.
Right not to be subject to automated decision-making profiling: ThingTrax does not carry out any automated individual decision-making (making a decision solely by automated means without any human involvement); we do not use personal data to carry out profiling.
If you have queries or requests about the above please contact us using the contact details in section 10.
9. DATA BREACHES
Data breach means a breach of security leading to accidental or unlawful destruction/loss or unauthorised disclosure of or access to personal data, when personal data has been accessed.
Any individual who accesses, uses or manages ThingTrax information is responsible for reporting data breach and any information security incidents immediately to the Data Protection Officer at: email@example.com
If a breach occurs or is discovered outside normal working hours, it must be reported as soon as possible using the contact details in section 10
10. Contact Details
69 Wilson Street
London EC2A 2BB