Any information which is provided by you to us will be treated in accordance with the provisions of (i) the Data Protection Act 1998, (ii) on and with effect from its effective date, the General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and Council of 27 April 2016) and any consequential national legislation (iii) the Privacy and Electronic Communications (EC Directive) Regulations 2003, and (iv) any guidance and / or codes of practice issued by the UK Information Commissioner’s Office or other relevant supervisory authority, including, without limitation, the European Data Protection Board, in each case as amended, supplemented or replaced from time to time (the “Data Protection Laws”).
- Understand what data we collect;
- Understand why we collect this data; and
- Understand what we do with the data;
2. Principles of Data Protection
Any processing of personal information will comply with the principles of compliant processing of personal information as set out in the Data Protection Laws. These are that personal information will be:
- processed fairly and lawfully and in a transparent manner;
- processed for specified, explicit and legitimate purposes;
- adequate, relevant and limited to what is necessary for the purpose;
- kept in a form which permits identification of you for no longer than necessary for the purpose it was collected; and
- kept secure.
3. Information Collected
We collect personal information to implement and improve our services. The data we collect is:
- personal information you provide to us, such as your name, address, email address, phone number, payment information and profile-related information;
- personal information provided to us by third parties, such as user ratings or API from websites such as LinkedIn, Google, Facebook.
- information generated by the use of our services, including, but not limited to:
- any personal information or comments that you may provide to us through the toolkits or chatbots;
- login details, including time;
- settings / preferences;
- details of your use of our website or other services and information collected through cookies and other tracking technologies, including but not limited to your IP address and device information (such as your mobile operating system name and version, phone make and model, etc);
- data that may be cached locally for performance improvements and offline use; and
- the internet browser and operating system used (website).
This data may be stored in our database and captured as part of our logs or analytics systems. This information may be associated with your user account and is considered private.
4. How we use your information
Any personal information collected from you will be processed for the purposes of performing our contract with you, for legitimate business reasons, to comply with our legal obligations or where you have consented to our use of your information. We may use your personal information for the following purposes:
- to improve our services;
- to provide better recommendations;
- to complete financial transactions using payment information;
- to show profile information such as your email address, name and profile picture;
- when you contact us we may store a record of our communication including your profile information;
- for compliance with our legal obligations; and
- we may use your email to inform you about our services or to notify you about important changes or developments to our website, apps or services;
With your consent, we may send you offers or marketing emails by email. We may market to you by e-mail, SMS, push notifications, post or telephone. Where required by law, we will ask for your consent at the time we collect your data to conduct any of these types of marketing. We will provide an option to unsubscribe, or opt-out of further communication on any electronic marketing communication sent to you or you can let us know by contacting us using the details set out below.
5. Do we share? With whom and why?
We may otherwise share your information with any third party for the reasons set out above or, if necessary, for the following reasons:
- where the disclosure is necessary to enable us to provide our services to you;
- to comply with the law, any legal process or any governmental or law enforcement enquiry. Any such request will be reviewed by our team and may be appealed against if such request does not follow standard procedure or unnecessarily compromises user privacy;
- Where the disclosure is to third party service providers, on the understanding that they will keep the personal information confidential; or
- to solve technical or security issues; or
- investigations such as possible cases of fraud, violation of terms and service, or to protect the rights of public or idp Group Limited and our clients in compliance with the law.
6. Third Party Services
Where we provide links to third party websites, these links are provided for your information only. Such links should not be interpreted as approval by us of those linked websites or information you may obtain from them.
We have no control over the contents of these third party services or websites.
At idp Group Limited we take security seriously and our technical and privacy experts work day and night to protect your confidential and personal information against unauthorised access, modification, disclosure or destruction. We will implement appropriate technical and organisational measures to ensure an appropriate level of security, including the pseudonymisation and encryption of personal information and the ability to restore the availability and access to personal information in a timely manner in the event of a physical or technical incident. For example:
- We encrypt communications with our services where appropriate.
- We have strong guidelines of how personal information of users’ and customers’ may be accessed by our employees and contractors.
- We carefully review security measures taken by any third parties used to implement or improve our services.
- We regularly review our security policies with regards to the storage, processing and collection of personal information.
- We provide awareness and training to employees and contractors.
Although we take every reasonable measure to protect our users’ information and its integrity, we do not guarantee complete security of our applications, services or the security of any third parties involved in the implementation or improvement of our services. Moreover, devices or communication channels may be compromised, and as such any submission of information is done at your own risk.
9. Age-Related Issues
We do not knowingly collect or solicit personal information from anyone under the age of 18 or knowingly allow such persons to register for the Services. If you are under 18, please do not attempt to register for the Services or send any information about yourself to us, including your name, address, telephone number, or email address. No one under age 18 may provide any personal information to us or on the Services. In the event that we learn that we have collected personal information from a child under age 18, we will delete that information as quickly as possible. If you believe that we might have any information from or about a child under 18, pleasewrite to us at the address specified below.
Cookies are files with small amount of data, which may include a unique anonymous identifier. Cookies are sent to your browser from a website and stored on your computers hard drive.
Our website uses cookie data to improve the website and your experience. When you use our website, you agree to our use of cookie data. Otherwise, you may choose not to use our website. For more information on the types of cookies we use, please review our Cookies Policy.
11. Storage and Transfer of Data
To provide our service, your personal information may be transferred outside the European Economic Area (the “EEA”), to implement and improve our service.
Many of the countries will be within the EEA or will be ones which the European Commission has approved, and will have data protection laws which are the same as or broadly equivalent to those in the United Kingdom.
However, some transfers may be to countries which do not have equivalent protections, and in that case, we shall use reasonable efforts to implement contractual protections for the personal information. While this will not always be possible where we are required to transfer the information in order to comply with and perform our contract with you or where we have a legal obligation to do so, any transfers will be done in accordance with applicable data protection laws, including through the implementation of appropriate or suitable safeguards in accordance with such applicable data protection laws.
For the avoidance of doubt, safeguards in the form of [EU Commission approved standard contractual clauses / binding corporate rules adopted by the recipient / the EU- US Privacy Shield for transfers to the United States] will be implemented where personal information is transferred by us to our service providers for processing.
13. Data Retention
We will keep your information as long as necessary for the processing purpose that it was collected and any other permitted linked purpose, including legal, regulatory and legitimate business purposes.
Our retention periods are based on our business needs and your personal information that is no longer needed is either irreversibly anonymised or securely destroyed. In general, we (or our service providers on our behalf) will hold this information for a period of seven years, unless we are obliged to hold it for a longer period under law or applicable regulations.
14. Updates to your personal information
We will use reasonable efforts to keep your personal information up to date. However, we need you to notify us without delay in the event of any change in your personal circumstances so that we can keep your personal information up to date.
15. Your Rights
You may at any time request a copy of your personal information from idp Group Limited. This right can be exercised by writing to the company at the address specified below.
You also have the right to correct any inaccuracies in, and in certain circumstances, to request erasure, or restriction on the use, of your personal information, and to object to certain uses of your personal information, in each case subject to the restrictions set out in applicable data protection laws.
In any case, where we are relying on your consent to process your personal information, you have the right to change your mind and withdraw your consent by writing to us at the address specified below.
Where we are relying on our legitimate purpose in order to use and disclose your personal information, you are entitled to object to such use of your personal information, and if you do so, we will cease to use and process your personal information for that purpose unless we can show there are compelling legitimate reasons for us to continue or we need to use the personal information for the purposes of legal claims.
In limited circumstances, you may also have the right to data portability in respect of certain of your personal information, which means you can request that we provide it to you or your third-party nominee.
You also have the right to lodge a complaint with the Information Commissioner’s Office about the processing of your personal information.
18. Contact Details
Any queries or complaints regarding the use of the personal information by us and the exercise of individual rights should be addressed to idp Group LTD at firstname.lastname@example.org.
Effective Date 1st March 2018
17. Governing Law