- 1. Introduction
We are Apomatix Limited, a company incorporated in the United Kingdom, with our registered office at Soverign House, 212-224 Shaftsbury Avenue, London, United Kingdom, WC2H 8HQ (No. 10240032).
We are registered as a Data Controller with the Information Commissioner’s Office, with the registration number: ZA192435.
We are committed to protecting and respecting your privacy and we are required to follow the data protection laws and regulations in the UK and other jurisdictions in which we operate.
- Why we are able to process your information
- What purpose we are processing it for
- Whether you have to provide it to us
- How long we store it for
- Whether there are any other recipients of your personal information
- Whether we intend to transfer it to another country, and
- Whether we do automated decision-making or profiling.
Apomatix Limited is the controller for the personal information we process, unless otherwise stated.
- 2. Personal Information (legal basis of processing, collection of personal data, categories of personal data, use of personal data, and retention periods)
Personal Information is information about a living individual and includes, but is not limited to, a living individual’s name, email address, phone number, postal address, age, birth date, gender, Internet Protocol (“IP”) address, username, password and other registration information, personal description, photograph and other information with which it is possible to identify a living individual (“Personal Information”).
Legal basis of processing
Apomatix may process Personal Data relating to users of our Services if one of the following applies:
Users have given their consent for one or more specific purposes. Note: Under some legislations the Apomatix may be allowed to process Personal Data until the User objects to such processing (“opt-out”), without having to rely on consent or any other of the following legal bases. This, however, does not apply, whenever the processing of Personal Data is subject to European data protection law;
provision of Data is necessary for the performance of an agreement with the user and/or for any pre-contractual obligations thereof;
processing is necessary for compliance with a legal obligation to which the Apomatix is subject;
processing is related to a task that is carried out in the public interest or in the exercise of official authority vested in the Apomatix;
processing is necessary for the purposes of the legitimate interests pursued by the Apomatix or by a third party.
In any case, Apomatix will gladly help to clarify the specific legal basis that applies to the processing, and in particular whether the provision of Personal Data is a statutory or contractual requirement, or a requirement necessary to enter into a contract.
Collection of personal information
While using our Services (Platform and Website), we may ask you to provide us with certain Personal Information.
For the Platform this includes information you directly provide:
- when you register to use the Services;
- when you pay for the Services;
- when you download or register the Services;
- when you use or interact with the Services; or
- when you contact us, such as to report a problem with our Platform.
- when we ask you certain scoping questions prior to commencement of your use of the Apomatix technology;
- when we ask you to complete certain questionnaires to allow Apomatix provide its services and to allow the Apomatix technology to be used for its purpose.
- When we provide online calendar and other tools to help you manage identified risks, tasks, communication and deadlines’
We also collect:
- information that your device sends whenever you use the Services (“Log Data”). This Log Data may include information such as the IP address, location, the time and date of your use of the Services, and key words used on the Services.
For the Website this includes information you directly provide:
- when you contact us via our contact form or live chat
- when you sign up to our mailing list
We also collect:
Categories of personal information
For the platform we process the following Personal Information you directly provide:
- 2. Full Name
- 3. Email Address
- 4. Phone Number (only used for two factor authentication), and
- 5. Country.
- 6. Payment information
- o Credit, Debit or Payment Card information
- o Billing Address
- o Bank details
- o Full name of Cardholder
We also process Log Data:
- IP Address
- Time and date of your use of the Platform
For the website we process the following Personal Information you directly provide:
- Full Name
- Email Address
We also process:
Use of personal information
We may use Personal Information in the following ways:
- for providing and improving the Services, including to improve, test and monitor the effectiveness of our Services, extract metrics (e.g. number of visitors, traffic and demographic patterns), to test and develop new products and features, or to fix technology problems;
- by aggregating it with any other category of information for the purposes of internal analytics.
- When you initiate an assessment or a similar process of one of your suppliers (also known as third party supplier, vendor) or other projects, the Apomatix platform will send invitations, notifications, reports or messages generated by you to the selected person(s) using your Username (or Name, Full Name or company / organization name) as the requestor of an assessment. This allows the third party you have request to identify the request as being generated by you.
- When you are a third party supplier, vendor or provider of services to an Apomatix client (customer or user) and they (the requesting party) have initiated and invited you to participate and complete an online questionnaire to allow Apomatix to provide its services to you and to your client (the requesting party) in form of assessing and managing your risks as a supplier to the client (the requesting party). In such a case, Apomatix will allow your client (the requesting party) to view your risk assessment and management results. This allows your client (the requesting party) to understand and manage risks that your relationship to them as a supplier may pose to their own business.
- When you are a third party supplier, vendor or provider of services to an Apomatix client (customer or user) and they (the requesting party) have initiated and invited you to participate and complete an online questionnaire we may use your Username (or Name, Full Name or company / organization name) in the notifications, reports or your messages sent to your client (the requesting party). This allows your client (the requesting party) to identify the messages, reports, or notifications as being generated by you.
- System notifications will be sent to the email address you have provided during sign-up or edited in your settings page or asked us to amend.
- When subscribing to Apomatix, we may request your credit, debit or payment card details, billing address, bank account details, name on the card or other information to allow us to process your payments for the Apomatix service and subscription. Financial and related information will be held by third parties and will be specified on the payment form.
Personal information retention periods
We will not keep personal data longer than is necessary for the purpose or purposes for which they were collected. We will take all reasonable steps to destroy, or erase from our systems, all data which is no longer required.
- 3. Recipients of your personal information
We use three 3rd parties to process your personal information (we have contractual agreements in place with all of them).
- 1. Microsoft Azure – for hosting services
- 2. Sendgrid – for email fulfilment
- 3. Help Scout – for live chat and ticketing services
- 4. Disclosure of your information
|Compliance With Laws||We will disclose Personal Information where required to do so by law or in accordance with an order of a court of competent jurisdiction, or if we believe that such action is necessary to comply with the law, in accordance with the reasonable requests of law enforcement or to protect the security or integrity of our Service.|
- 5. Data Subject Rights
Data subjects may exercise certain rights regarding their data processed by Apomatix.
In particular, data subjects have the right to do the following:
Withdraw their consent at any time. Data subjects have the right to withdraw consent where they have previously given their consent to the processing of their Personal Data.
Object to processing of their Data. Data subjects have the right to object to the processing of their Data if the processing is carried out on a legal basis other than consent.
Access their Data. Data subjects have the right to learn if Data is being processed by Apomatix, obtain disclosure regarding certain aspects of the processing and obtain a copy of the Data undergoing processing.
Verify and seek rectification. Data subjects have the right to verify the accuracy of their Data and ask for it to be updated or corrected.
Restrict the processing of their Data. Data subjects have the right, under certain circumstances, to restrict the processing of their Data. In this case, the data subject will not process their Data for any purpose other than storing it.
Have their Personal Data deleted or otherwise removed. Data subjects have the right, under certain circumstances, to obtain the erasure of their Data from Apomatix.
Receive their Data and have it transferred to another controller. Data subjects have the right to receive their Data in a structured, commonly used and machine readable format and, if technically feasible, to have it transmitted to another controller without any hindrance. This provision is applicable provided that the Data is processed by automated means and that the processing is based on the data subject’s consent, on a contract which the data subject is part of or on pre-contractual obligations thereof.
Lodge a complaint. Data subjects have the right to bring a claim before their competent data protection authority.
Any requests to exercise data subject rights can be directed to the Data Protection Lead by emailing firstname.lastname@example.org. These requests can be exercised free of charge and will be addressed by Apomatix as early as possible, and always within one month. Please note that if you ask us to delete Personal Information you have supplied, we may no longer be able to provide the Service to you and may terminate your license to use the Services in accordance with our Terms.
- 6. International Transfers
The Services are global. Your information, including without limitation, Personal Information you submit, may be transferred to and maintained on computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction.
If you are located outside United Kingdom and choose to provide information to us, please note that we transfer the information, including Personal Information, to United Kingdom and process it there.
- 7. Automated decision making
Our services do not involve any automated decision making or profiling.
- 8. Cookies
- 10. Governing Law and Jurisdiction
Last Updated: 5th February 2019