Privacy Policy
In order to provide our services we collect, store and use personal information about individuals. This policy describes how we process that data.
In the below where we refer to ourselves or to Durell we mean Durell Software Ltd, registered with the Information Commissioner’s Office (ICO) under registration number Z8125659. Durell is the ‘data controller’ of the personal information processed in accordance with this policy and we are responsible for complying with data protection laws.
We have appointed a data protection officer to oversee our handling of personal information. If you have any questions about how we collect, store or use personal information, please contact our data protection officer using the details set out in the ‘Contact us’ section.
This policy was last updated on 25 May 2018 but may change from time to time. The most recent version will always be available from the link in the footer of our website, and can also be accessed from the link in any of our email signatures.
Other people
We may collect information from you about other people, for example members of staff at your company. If you give us information about another person it is your responsibility to ensure and confirm that:
- you have told the individual who we are and how we use personal information, as set out in this privacy policy; and
- where necessary you have permission from the individual to provide that personal information to us and for us to use it, as set out in this privacy policy.
Contact us
Please email
-
dataprotectionofficer@durell.co.uk
or write to
-
Data Protection Officer
Durell Software Ltd
Castle Lodge, Castle Green, Taunton, Somerset, TA1 4AD
Complaints
You have the right to make a complaint at any time to the ICO, the UK supervisory authority for data protection issues. More information can be found on the Information Commissioner’s Office website: https://ico.org.uk/. This will not affect any other legal rights or remedies that you have. If possible though, please give us the chance to deal with your concerns using the details set out in the ‘Contact us’ section before approaching the ICO.
Who this privacy policy applies to
This privacy policy applies to everyone whose personal information we collect, store and use, which includes:
-
a. business contacts at our clients,
b. clients who are sole traders, partnerships or owner managers,
c. business contacts at service providers and partners;
In the above ‘clients’ is taken to mean existing and prospective clients.
Please review the section below that best describes our relationship with you.
Business contacts
How we collect your personal information
You or your colleagues provide the personal information we hold when you or the company you work for becomes a client, fills out the enquiry form on our website or enquires about our services by any other means, or becomes contractually involved with us in any other way.
What information we hold
We hold very limited personal information about our business contacts, typically this will be limited to name and business contact details such as phone number, email address and postal address.
In the case of sole traders, partnerships or owner managers we may hold home contact details if these are what were provided.
How we use the information
We collect and use your personal information in order to carry out our business as a software provider. Primarily this includes developing and providing support for our software and the day to day operation of our business.
From time to time we may provide access to our files for audit, review or other quality assurance checks by our clients, auditors, professional advisers and certification bodies (for example for ISO accreditation). Where appropriate this will be under a Non Disclosure Agreement and we will take all reasonable steps to ensure any recipient has sufficient measures in place to protect your information.
Our lawful grounds for doing so
In the case of sole traders, partnerships or owner managers our lawful basis for processing personal information is contractual. For other business contacts our lawful basis for processing personal information is our legitimate business interests, typically arising from contractual terms with the associated business.
Sharing your information
Please be aware that we may be required to use or pass your personal information to a third party to comply with our legal obligations or make disclosures to government, regulatory or other public bodies.
Typically we do not share your personal information with any other third party, and where we do so we will always obtain your consent.
Marketing activities
We carry out limited marketing activities but where we do so, our lawful basis for processing personal information is the legitimate business interests of Durell or our affiliated service providers. Typically we will only be making existing clients aware of additional services offered that are relevant to those already provided.
This means that for any marketing activity we endeavour to use your data in a way that is proportionate, has a minimal privacy impact, and you would not be surprised or likely to object to what we are doing. However if you do object please tell us by using the details set out in the ‘Contact Us’ section and where reasonable we will exclude you from such communications.
Data retention
Please be aware that for our reference and to meet any legal obligations we retain business contacts’ personal information for 6 years following the termination of our relationship, unless the personal information is held for more than one purpose. For example where it forms part of another contact’s records such as in correspondence with that contact.
Staff and job applicants
How we collect personal information
Typically you provide the personal information we hold when you apply for a job or during the course of your employment at Durell. We may also check public sources of information, including social media, verifying academic and career history and performing other background checks. Please be assured we will always obtain your consent where required or if it would be reasonable to do so.
What information we hold
We retain any information provided during the course of the original job application. For staff we hold name, business contact details, NI number, payroll details and a record of absences, date of birth and we may hold personal contact details such as phone numbers, home address and email address.
How we use the information
For job applicants we use the information to verify the applicant’s identity and the details provided in their application.
For staff we use the information to administer payments and otherwise carry out our contractual relationship.
Our lawful grounds for doing so
Our lawful basis for processing staff and job applicants’ data is contractual.
Sharing your information
Please be aware that we may be required to use or pass your personal information to a third party to comply with our legal obligations or make disclosures to government, regulatory or other public bodies.
We may also share your name and business contact details with our clients and other business contacts.
Data retention
Please be aware that for our reference and to meet any legal obligations we retain personal information:
- of job applicants for 6 months; and
- staff members for 6 years following the termination of employment, unless the personal information is held for more than one purpose. For example where it forms part of a client record such as in notes written by that staff member or in correspondence with the client.
Other ways we process personal information
CCTV
Our premises are protected by CCTV for the purposes of identifying individuals engaged in criminal activity. The length these recordings are stored depends on the amount of activity recorded but typically they will be kept for one month and will not be stored for longer than 6 months.
Using our website
As you browse our website, small text files called cookies are placed on your computer that allow us to:
- remember your settings and preferences for the next time you visit the website; and
- monitor the way our website is used – for this we use Google Analytics, a web analytics service provided by Google LLC (‘Google’).
The information generated by Google Analytics includes your IP address, which counts as personal information. This information is transmitted to and stored by Google on servers in the United States. Google uses this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. If you wish to completely opt-out of being tracked by Google Analytics across all websites visit tools.google.com/dlpage/gaoptout
Learn more about cookies at https://ico.org.uk/for-the-public/online/cookies
Sending your information abroad
Beyond the use of Google Analytics as described under ‘Using our website’, we are very unlikely to transfer your data outside of the European Economic Area (the EEA) and would only ever do so where we are satisfied that the transfer is in accordance with applicable data protection and privacy laws.
Automated decision making or profiling
We do not carry out any automated decision making or profiling.
Your rights
You have certain legal rights under UK data protection law and regulations, those applicable to our processing of your personal information are summarized below.
The right to be informed about our data processing activities, including through this privacy policy and any other notices we may issue. The most recent version of this policy will always be available from the link in the footer of our website and will be provided to you when we collect your personal information or when you make a subject access request.
The right of access to the personal information we hold about you. You may ask us to provide the personal information we hold about you, i.e. make a ‘subject access request’, using the details set out in the ‘Contact us’ section. You will typically not be charged for such a request and can expect a response within one month of our receipt of your request. [We will only charge you if your request is clearly unfounded, repetitive or excessive and you will be given due warning of the charge before we process the request.]
The right of rectification. You may ask us to correct any inaccurate or incomplete data we hold using the details set out in the ‘Contact us’ section. You can expect any correction to be made within one month of our receipt of your request.
The right to erasure and right to restrict processing. You have the right to have your personal data erased and to prevent processing except where we have a legal or contractual obligation to do so. You should bear in mind that by exercising this right you may hinder or prevent our ability to provide our services to you or your company. Please send any such request to us using the details in the ‘Contact us’ section and we will endeavor to comply or respond within one month of our receipt of your request.
Security and accuracy of your personal information
We are strongly committed to data security and we take reasonable and appropriate steps to protect your personal information from unauthorised access, loss, misuse, alteration or corruption. We have put in place physical, electronic, and managerial procedures to safeguard and secure the information you provide to us. These include firewalls to block unauthorised traffic to our servers, which are located in a secure location and can only be accessed by authorised personnel.
We also take reasonable steps to ensure that the personal information we hold about you is reliable for its intended use and as accurate and complete as is necessary. Please keep us informed if your personal information changes or if you believe the data we hold is inaccurate by using the details set out in the ‘Contact us’ section.