Last updated: 1st April 2019
This notice is set out to give guidance and help you understand what information we collect at SmartSpace Global (A SmartSpace Software Plc company), how we use it, and what choices you have.
Any questions relating to this document should be sent to: email@example.com
SmartSpace Global is part of SmartSpace Software Plc. Where below we refer to ‘group’ we are referring to SmartSpace Software Plc and its subsidiary companies. Where we refer below to, ‘we’, ‘us’ or ‘our’ we are referring to SmartSpace Global LTD.
We have taken every step to ensure compliance with the General Data Protection Regulations with respect to collection, use and retention of data.
We may change this policy from time to time, and if we do we will post any changes on this page. Unless stated otherwise, the change will apply from the date that we upload the revised policy.
If you continue to use our services after those changes are in effect, you agree to the revised policy.
What Personal Data do we collect
Content and information submitted by yourself to SmartSpace Global is referred to in this notice as ‘personal data’.
There are three main categories of personal data we collect, hold and process:
1. Account Data is personal data we collect about you in connection with the creation or administration of a customer account.
The Account Data we collect may include your name, your company, job title, phone numbers, email addresses, your location, billing information, your IP address and/or other device identifying data, and other information required to provide a service or information you have requested from us.
The legal basis of our processing of Account Data is necessity for the performance of a contract to which you or your employer are a party.
2. Visitor or Employee Data is personal data about a Customer’s visitors or employees that is input into SmartSpace applications.
Visitor and Employee Data may include visitors’ and employees’ names, phone numbers, email addresses, locations, company name, department, vehicle information (such as number plates), dietary requirements or preferences and any other information that a Customer decides to capture about its visitors and employees.
We will not disclose, move, access, process or use Visitor or Employee Data except as expressly instructed by our Customer in line with our contract with them or as per further written instructions as may be provided by the Customer.
We require our Customers to comply with applicable privacy and data protection laws.
3. Website Data. We collect, and store information about all visitors who come and take a look at our website.
Whether you actively provide us with information by filling in an enquiry form or are merely browsing, the IP address of the computer you are using, the browser software and operating system, the date and time you access our website and the internet address of the website from which you visited website.
This information is really helpful to us and lets us track website usage, measure the number of visitors to the different sections of our website and helps us make the content we provide for you more useful.
For the purposes of GDPR:
• We are the Data Controller (as defined in the GDPR) when processing Account Data, and Website Data;
• We act as a Data Processor on behalf of our Customers (who are the Data Controller) when processing Visitor and Employee Data.
We shall only process Visitor and Employee Data in line with our contract with our Customer and as per any further written instructions which they may provide.
How we use your Personal Data
We will use your personal data:
• To verify your identity;
• To provide services and products to you;
• To market our services and products to you;
• To understand and improve the services and products that we provide to you;
• For billing and account management;
• To complete credit checks against your company;
• To respond to communications from you;
• To conduct research and statistical analysis (on an anonymised basis);
• To protect and/or enforce our legal rights and interests, including defending a claim;
• For any other purpose authorised by you, or as may be permitted under applicable law;
Other data uses
It’s in SmartSpace Software PLC’s legitimate business interest to keep its customers, website visitors and business contacts informed of our latest content, products and services.
We process customer and contact data and use direct marketing as part of this legitimate interest.
It’s necessary for us to use a variety of direct marketing channels and messages to ensure our contacts are kept informed of our products, services and content, and wherever possible we make sure the messages we send are targeted and relevant.
Any direct marketing we undertake complies with e-privacy rules on consent.
In particular you could expect to receive from us:
• Occasional email updates highlighting our website content, downloadable reports, and forthcoming events or webinars.
• Occasional direct mailings or telemarketing calls about our forthcoming events or latest content
• Occasional content updates on Twitter, LinkedIn or Facebook, based on the pages you visit on our website
• You can manage your preferences and unsubscribe from any or all of these different types of messages at any time.
As part of a larger group of companies, one of our other companies may be better placed to offer you the services you have requested or provide you with additional information.
In these situations, it’s in our legitimate interest to share your data with them so they can assist you.
Disclosing and transferring your Personal Data
Personal data will not be transferred to third parties unless one of the following situations apply. Where we do need to pass on data, we will only provide the minimum amount of information necessary.
We may disclose your personal data to:
• Any courier in order for them to be able to make any requested delivery to you.
• Any other company within our group of companies or affiliates for the purposes described in this policy.
• Any business that supports our services and products, including any person that hosts or maintains any underlying IT system or data centre that we use to provide the website or SmartSpace applications and products; or that assists us with our marketing and customer care activities described in this policy.
• Any other company in the case of a change to our business structure, sale, merger, consolidation, liquidation, dissolution, reorganisation or acquisition; or steps in contemplation of such activities (e.g. due diligence).
• Any third party integration provider where you, or your company, has expressly requested such integration service. SmartSpace Global is not responsible for how the provider of an integration may collect, use and share such data.
• Comply with legal or regulatory requirements and to respond to lawful requests, court orders and legal processes for supervisory authorities or a law enforcement agency.
• Protect and defend the rights, property, or safety of us or third parties, including enforcing contracts or policies, or in connection with investigating and preventing fraud.
As part of our GDPR compliance obligations we are duty bound to check when considering sharing your personal data with any third parties that they apply the same or greater controls in terms of data protection.
All SmartSpace Global suppliers, affiliates and any other third parties that we may use to process your data are subject to a strict due diligence process to ensure they operate in accordance with GDPR, including the use of non-disclosure agreements.
Protecting your information - Security and Retention
We take reasonable and appropriate measures to ensure that any personal data collected from you is kept safe from loss, misuse, unauthorised access or disclosure. These steps take into account the sensitivity of the personal data we collect, process and store, and the current state of technology.
While we take reasonable steps to maintain secure internet connections, if you provide us with information over the internet, the provision of that information is at your own risk.
We are not responsible for their information collection practices or for the content of their sites.
All personal data is stored in accordance with SmartSpace Global’s retention policy and is only kept for as long as deemed necessary for the purpose of which it was used.
You can ask us to let you know what data we hold about you at any time.
Data Retention Policy
Account Data and Website Data that we collect and process will not be kept longer than necessary for the purposes for which it is collected, or for the duration required for compliance with applicable law, whichever is longer.
Visitor and Employee Data is processed and retained in line with our Customer (the Data Controller’s) written instructions to us.
International transfers of data
The Account Data and Website Data may be transferred to, and stored in, a country operating outside the European Economic Area (EEA).
Under the GDPR, the transfer of personal data to a country outside the EEA may take place where the European Commission has decided that the country ensures an adequate level of protection.
In the absence of an adequacy decision, we may transfer personal data provided appropriate safeguards are in place.
Some of the Account Data and Website Data we collect is processed in the United Kingdom (where our registered office is located).
Some of the Account Data and Website Data we collect is processed by third party data processors in other countries, including the United States.
These countries are not subject to an adequacy decision by the European Commission and instead, in transferring your personal data to these countries, we take other appropriate safeguards as prescribed by the GDPR.
We have verified that our data processors in the United States have self-certified under the EU-US Privacy Shield framework.
Your Data, Your Rights
Your rights in relation to your personal data under GDPR include:
i. Right to be informed. About how we collect and use your personal data
ii. Right of access. To what data we hold about you and how we are using it
iii. Right to rectification. If any personal data is incorrect you can ask us to update it
iv. Right to removal. If you wish us to remove your details from our systems, also referred to as the ‘right to be forgotten’
v. Right to restrict processing. You can request the restriction of how we process your personal data if certain criteria under the GDPR are met
vi. Right to data portability. Gives you the option to ask for your personal data if you wish to provide it to another provider
vii. Right to object. To us using your personal data for legitimate interests, direct marketing and research and statistics.
viii. Right to opt out of automated decision making. We don’t use computers to make our decisions for us, but if we did, you could ask that a suitably experienced professional reviews your information and makes a decision themselves instead.
You can withdraw your consent for receiving marketing content at any time by emailing us at firstname.lastname@example.org
If we do send you marketing emails, they will all have an ‘unsubscribe’ link at the bottom which will also allow you to update or withdraw your consent to receiving any future marketing correspondence.
If you wish to exercise your rights in relation to Visitor and Employee Data, as Data Processor we shall pass your subject access request to the relevant Data Controller and shall support the Data Controller in responding to your request.
If you have any questions about your personal data, our use of your personal data, or you wish to exercise your rights when it comes to any of the foregoing, contact us at email@example.com
We do not intend to collect personal data from children aged under 16. If you have reason to believe that a child under the age of 16 has provided personal data to use through our website and/or by using our applications, please contact us at: firstname.lastname@example.org
Post: Data Protection
SmartSpace Global LTD
Building 250, The Village,