Introduction – General Data Protection Regulation (“GDPR”)
“Personal Data” or “Personal Information”: this means information capable of identifying an individual, being “personal data” as defined in the Data Protection Legislation.
“Processing” and related expressions: this means any operation SenseOn performs on Personal Data, such as collection, organising, storing, updating, using, disclosing and erasing it.
“You”, “your” and/or the “Data Subject”: this means an individual who can be identified from or as a result of the Personal Data.
Who we are and How to Contact Us
In relation to SenseOn’s processing of Personal Data or for any other data protection or data privacy matters, SenseOn contact details are as follows: brad@Senseon.io.
Typical Data Subjects
SenseOn typically (but without limitation) processes Personal Information relating to the following categories of data subject:
- individuals employed or otherwise engaged by its customers, suppliers and other businesses, organisations or authorities with whom it deals; and
- individuals whose details we collect from sources in a B2B context and contact because it is in our legitimate interests; and
- individuals who interact with SenseOn on their own account.
Types of Personal Data Typically Processed
SenseOn typically (but without limitation) processes Personal Data consisting of contact information, such as name, email address, physical address and, where the data subjects are themselves its customers or suppliers, bank account and payment card information.
Purposes for which SenseOn Processes Personal Data
SenseOn processes Personal Data for the following purposes.
- to manage its business and its relationship with its customers, including providing them with products and/or services, communicating with them and maintaining its relationship with them you effectively, lawfully and appropriately.
- to manage its relationship with its suppliers, including procuring products and/or services from them, communicating with them and maintaining its relationship with them
- to manage relationships with authorities, intermediaries and other third parties
- to inform customers and potential customers about its products and services, including by direct marketing
- to invite relevant individuals to events
- to inform suppliers and potential suppliers about its requirements
- to provide features on its websites
- to develop and improve its products and services
- for account and promotional purposes
- to comply with any legal obligations it may have including requests from Governmental Authorities, law enforcement agencies or to comply with legal processes
- for internal administration
- to detect and prevent fraud
- to ensure information and networking security
- to exercise its rights
- to protect the rights, property or personal safety of its employees, third parties, business partners and the general public
- in relation to its proposed corporate activities, such as a sale or merger
- in relation to recruitment processes.
Use of Intercom Services
Link – https://www.intercom.com/help/pricing-privacy-and-terms/privacy/updating-your-privacy-policy
Use of Fullstory Services
Legal bases for SenseOn’s processing of Personal Data
The legal bases on which SenseOn processes Personal Data are as follows, depending on the purpose of the processing:
- Legitimate Interests. In most cases, the purposes set out above represent the legitimate interests of SenseOn in operating its business and the processing is necessary to achieve them and does not override the interests, fundamental rights or freedoms of the individuals concerned.
- Performance of a contract. In certain cases, SenseOn needs to process Personal Data to perform a contract to which the data subject is a party or to take steps at the data subject’s request before entering into a contract, for example to provide goods or services to customers who are individuals or to purchase goods or services from suppliers who are individuals.
- Legal Obligation. SenseOn may need to process Personal Data to comply with a legal obligation, such as an enforceable request from Government.
- Consent – in certain specific situations, SenseOn may process Personal Data as a result of having obtained the specific freely given consent of the individual concerned. When doing so, SenseOn will inform the individual of the purpose of the processing and the individual can withdraw consent at any time.
Recipients of Personal Data
SenseOn may disclose or transfer Personal Data to the following recipients:
- third-party service providers for the purposes of providing services to SenseOn itself
- third-party service providers for the purposes of providing services to the customers and suppliers of SenseOn or other persons with whom it deals;
- [companies or organisations which are affiliated to SenseOn, for example affiliates or subsidiary companies or other companies or organisations under common ownership with Senseon, in either case for administrative or internal purposes [and/or so that they can contact individuals or those engaging them with information about products or services which may be of interest to them]
- authorities and other bodies who can compel SenseOn to do so under applicable law.
Transfer of Personal Data outside the UK
SenseOn may transfer Personal Data outside the UK, for example where any of the recipients described above are located outside the UK, where we share Personal Data within SenseOn group (including transfer of data to our USA branch) or in respect of any operations of SenseOn outside the UK from time to time. Whenever we transfer Personal Data out of the UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- The transfer is to a country that has been deemed to provide an adequate level of protection for Personal Data by the European Commission (e.g. any EU member-state); or
- Where we use certain service providers or transfer Personal Data within SenseOn group, we may use specific contracts approved for use in the UK which give Personal Data the same protection it has in the UK (such as standard contractual clauses).
Please contact us if you want further information on the specific mechanism used by us when transferring Personal Data out of the UK.
Period of storage of Personal Data
SenseOn only keeps Personal Data for the period necessary for the purposes for which it processes it. This is determined in accordance with its retention policy.
The criteria used to determine the retention periods of SenseOn include: (i) the nature of the Personal Data; (ii) the length of time SenseOn has a continuing relationship with the individual or the organisation engaging the individual; (iii) whether there is a legal obligation to which SenseOn is subject requiring it to retain the Personal Data (iv) whether retention for a period is advisable in light of the SenseOn’s legitimate interests (such as with regard to applicable statutes of limitations or regulatory investigations).
Based on the above, SenseOn’s policy is to retain Personal Data about individuals for 2 (two) years from the last contact with the individual or organisation concerned except where it relates to a transaction or includes financial data in which case SenseOn retains it for up to seven (7) years from the data of the transaction or last active use of the financial data, except where statutory, regulatory, legal or security reasons require a longer period.
Personal Data relating to recruitment processes will be kept for no longer than is necessary.
Rights of Individuals in relation to their Personal Data
Individuals have the following rights where SenseOn processes their Personal Data:
- to obtain confirmation as to whether or not SenseOn processes their Personal Data;
- to access a copy of their Personal Data that SenseOn does process;
- to request the correction of inaccurate Personal Data held by SenseOn;
- to request that SenseOn erases their data or to object to SenseOn continuing to process it;
- where SenseOn relies on having obtained consent for the purposes of the processing, the right to withdraw such consent, without affecting the lawfulness of processing before such withdrawal;
- in certain cases to receive Personal Data, which they have provided to SenseOn, in a structured, commonly used and machine readable format and to transmit it to another controller or have it directly so transmitted;
- to lodge a complaint with their local data protection regulator — in the UK, this is the Information Commissioner’s Office, https://ico.org.uk/.