We may collect and receive information about users of our Services ("users," "you," or your") from various sources, including: (i) information you provide through your user account on the Services (your "Account") if you register for the Services; (ii) your use of the Services; and (iii) from third party websites, services, and partners.
1. INFORMATION WE COLLECT
1.1. Information You Provide
1.1.1. Account Registration. When you register for an Account, we may ask for your contact information, including items such as name, company name, address, email address, and telephone number.
1.1.2. Payment Information. When you add your financial account information to your Account, that information is directed to our third-party payment processor. We do store your financial account information on our systems to enable billing for the services you have requested; we have access to, and may retain, subscriber information through our third-party payment processor.
1.1.3. Communications. If you contact us directly, we may receive additional information about you such as your name, email address, phone number, the contents of the message and/or attachments you may send us, and any other information you may choose to provide. We may also receive a confirmation when you open an email from us. The personal information that you are asked to provide, and the reasons why you are asked to provide it, will be made clear to you at the point we ask you to provide your personal information.
1.2. Information We Collect When You Use Our Services.
1.2.1. Cookies and Other Tracking Technologies. As is true of most websites, we gather certain information automatically and store it in log files. In addition, when you use our Services, we may collect certain information automatically from your device. This information may include internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, clickstream data, landing page, and referring URL. To collect this information, a cookie may be set on your computer or device when you visit our Services. Cookies contain a small amount of information that allows our web servers to recognise you. We store information that we collect through cookies, log files, and/or clear gifs to record your preferences. We may also automatically collect information about your use of features of our Services, about the functionality of our Services, frequency of visits, and other information related to your interactions with the Services. We do not track your use across different websites and services. Our cookies are session cookies and have a limited life.
1.2.2. Usage of our Services. When you use our Services, we may collect information about your engagement with and utilisation of our Services, such as storage capacity, navigation of our Services, and system-level metrics. We use this data to operate the Services, maintain and improve the performance and utilisation of the Services, develop new features, protect the security and safety of our Services and our customers, and provide customer support. We also use this data to develop aggregate analysis and business intelligence that enable us to operate, protect, make informed decisions, and report on the performance of our business.
1.3. Information We Receive from Third Parties.
1.3.1. Third-Party Accounts. If you choose to link to our Services through a third party account, we will receive information about that account, such as your authentication token from the third-party account, to authorise linking. If you wish to limit the information available to us, you should visit the privacy settings of your third-party accounts to learn about your options.
1.3.2. Third-Party Partners. We may also receive publicly available information about you from our third-party partners and combine it with data that we have about you.
2. HOW WE USE INFORMATIONWe use the information we collect in various ways, including to:
3. HOW WE SHARE INFORMATION
We may share the information we collect in various ways, including the following:
3.1. Vendors and Service Providers. We may share information with third-party vendors and service providers that provide services on our behalf, such as helping to provide our Services, for promotional and/or marketing purposes, and to provide you with information relevant to you such as product announcements, software updates, special offers, or other information.
3.2. Aggregate Information. Where legally permissible, we may use and share information about users with our partners in aggregated or de-identified form that can’t reasonably be used to identify you.
3.3. Third-Party Partners. We also share information about users’ use of the services with third-party partners, with whom you have linked your account, in order identify your use of the services and to carry out billing for your services usage.
3.5. Business Transfers. Information may be disclosed and otherwise transferred to any potential acquirer, successor, or assignee as part of any proposed merger, acquisition, debt financing, sale of assets, or similar transaction, or in the event of insolvency, bankruptcy, or receivership in which information is transferred to one or more third parties as one of our business assets.
3.7. With Your Consent. We may share information with your consent.
4. LEGAL BASIS FOR PROCESSING PERSONAL INFORMATION Our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it. However, we will normally collect personal information from you only (i) where we need the personal information to perform a contract with you; (ii) where the processing is in our legitimate interests and not overridden by your rights; or (iii) where we have your consent to do so. We have a legitimate interest in operating our Services and communicating with you as necessary to provide these Services, for example when responding to your queries, improving our platform, undertaking marketing, or for the purposes of detecting or preventing illegal activities. In some cases, we may also have a legal obligation to collect personal information from you or may otherwise need the personal information to protect your vital interests or those of another person. If we ask you to provide personal information to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not (as well as of the possible consequences if you do not provide your personal information).
5. THIRD-PARTY SERVICES
5.1. You may access other third-party services through the Services, for example by clicking on links to those third-party services from within the Services. We are not responsible for the privacy policies and/or practices of these third-party services, and we encourage you to carefully review their privacy policies.
6.1. Private Client is committed to protecting your information. To do so, we employ a variety of security technologies and measures designed to protect information from unauthorized access, use, or disclosure. The measures we use are designed to provide a level of security appropriate to the risk of processing your personal information. However, please bear in mind that the Internet cannot be guaranteed to be 100% secure.
7. DATA RETENTION
7.1. We retain personal information we collect from you where we have an ongoing legitimate business need to do so (for example, to provide you with a service you have requested or to comply with applicable legal, tax, or accounting requirements).
7.2. When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
8.1. If you are a registered user, you may access certain information associated with your Account by logging into our Services or emailing [email protected].
8.2. To protect your privacy and security, we may also take reasonable steps to verify your identity before updating or removing your information. The information you provide us may be archived or stored periodically by us according to backup processes conducted in the ordinary course of business for disaster recovery purposes. Your ability to access and correct your information may be temporarily limited where access and correction could: inhibit Private Client's ability to comply with a legal obligation; inhibit Private Client's ability to investigate, make or defend legal claims; result in disclosure of personal information about a third party; or result in breach of a contract or disclosure of trade secrets or other proprietary business information belonging to Private Client or a third party.
9. YOUR DATA PROTECTION RIGHTS UNDER THE GENERAL DATA PROTECTION REGULATION (GDPR)
If you are a resident of the EEA, you have the following data protection rights:
9.1. If you wish to access, correct, update, or request deletion of your personal information, you can do so at any time by emailing [email protected].
9.2. In addition, you can object to the processing of your personal information, ask us to restrict the processing of your personal information, or request portability of your personal information. Again, you can exercise these rights by emailing [email protected].
9.3. You have the right to opt-out of marketing communications we send you at any time. You can exercise this right by clicking on the "unsubscribe" or "opt-out" link in the marketing emails we send you. To opt-out of other forms of marketing, please contact us by emailing [email protected].
9.4. Similarly, if we have collected and process your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect the processing of your personal information conducted in reliance on lawful processing grounds other than consent.
9.5. You have the right to complain to a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authority. We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.
10. YOUR CHOICES
11. CHILDREN'S PRIVACY
13. INTERNATIONAL DATA TRANSFERS
14. Contact Us
GDPR Data Processing Agreement
This Customer Data Processing Agreement reflects the requirements of the UK Data Protection Regulation ("GDPR") that came into effect on 1st January 2021. Private Client´s products and services offered in the UK are GDPR ready and this DPA provides you with the necessary documentation of this readiness. This Data Processing Agreement ("DPA") is an Appendix of the Terms and Conditions of Use ("Agreement") between Private Client Systems Limited, ("Private Client") and your organisation, as defined in this Agreement. All capitalised terms not defined in this DPA shall have the meanings set forth in the Agreement. You enter into this DPA on behalf of your organisation and, to the extent required under Data Protection Laws, in the name and on behalf of any Users which you choose to grant access to the Services through your organisations registered account.
The parties agree as follows:
1. Scope and Applicability of this DPA
1.1. This DPA applies where and only to the extent that Private Client processes Personal Data on behalf of the Customer in the course of providing the Services and such Personal Data is subject to Data Protection Laws of the European Union, the European Economic Area and/or their member states, Switzerland and/or the United Kingdom. The parties agree to comply with the terms and conditions in this DPA in connection with such Personal Data.
1.2. Role of the Parties. As between Private Client and the Registered Organisation, Registered Organisation is the Controller of Personal Data and Private Client shall process Personal Data only as a Processor on behalf of Registered Organisation. Nothing in the Agreement or this DPA shall prevent Private Client from using or sharing any data that Private Client would otherwise collect and process independently of Registered Organisation’s use of the Services.
1.3. Customer Obligations. Customer agrees that (i) it shall comply with its obligations as a Controller under Data Protection Laws in respect of its processing of Personal Data and any processing instructions it issues to Private Client; and (ii) it has provided notice and obtained (or shall obtain) all consents and rights necessary under Data Protection Laws for Private Client to process Personal Data and provide the Services pursuant to the Agreement and this DPA.
1.4. Private Client Processing of Personal Data. As a Processor, Private Client shall process Personal Data only for the following purposes: (i) processing to perform the Services in accordance with the Agreement; (ii) processing to perform any steps necessary for the performance of the Agreement; and (iii) to comply with other reasonable instructions provided by Registered Organisation to the extent they are consistent with the terms of this Agreement and only in accordance with Registered Organisation’s documented lawful instructions. The parties agree that this DPA and the Agreement set out the Registered Organisation’s complete and final instructions to Private Client in relation to the processing of Personal Data and processing outside the scope of these instructions (if any) shall require prior written agreement between Registered Organisation and Private Client.
1.5. Nature of the Data. Private Client handles Data provided by Registered Organisation. Such Data may contain special categories of data depending on how the Services are used by Registered Organisation. The Data may be subject to the following process activities: (i) storage and other processing necessary to provide, maintain and improve the Services provided to the Registered Organisation; (ii) to provide customer and technical support to Customer; and (iii) disclosures as required by law or otherwise set forth in the Agreement.
1.6. Private Client Data. Notwithstanding anything to the contrary in the Agreement (including this DPA), Registered Organisation acknowledges that Private Client shall have a right to use and disclose data relating to and/or obtained in connection with the operation, support and/or use of the Services for its legitimate business purposes, such as billing, account management, technical support and product development. To the extent any such data is considered personal data under Data Protection Laws, Private Client is a Controller of such data and accordingly shall process such data in compliance with Data Protection Laws.
2. Further Processing
2.1. Authorised Data Controllers and Sub-processors. Registered Organisation agrees that Private Client may engage Data Controllers and Sub-processors to process Personal Data on Registered Organisation's behalf. The Data Controllers and Subprocessors currently engaged by Private Client and authorized by the Registered Organisation are shown in Appendix 3.
2.2. Sub-processor Obligations. Private Client shall: (i) enter into a written agreement with the Sub-processor and the Sub-processor shall protect the Personal Data to the standard required by Data Protection Laws; and (ii) remain responsible for its compliance with the obligations of this DPA and for any acts or omissions of the Sub-processor that cause Private Client to breach any of its obligations under this DPA.
2.3. Changes to Data Controllers and Sub-processors. Private Client shall provide Registered Organisation reasonable advance notice (for which email shall suffice) if it adds or removes Data Controllers and Sub-processors.
2.4. Objection to Data Controllers and Sub-processors. Registered Organisation may object in writing to Private Client’s appointment of a new Sub-processor on reasonable grounds relating to data protection by notifying Private Client promptly in writing within five (5) calendar days of receipt of Private Client’s notice in accordance with Section 2.3. Such notice shall explain the reasonable grounds for the objection. In such event, the parties shall discuss such concerns in good faith with a view to achieving commercially reasonable resolution. If this is not possible, either party may terminate the applicable Services that cannot be provided by Private Client without the use of the objected-to-new Sub-processor.
3.1. Security Measures. Private Client shall implement and maintain appropriate technical and organisational security measures to protect Personal Data from Security Incidents and to preserve the security and confidentiality of the Personal Data.
3.2. Confidentiality of Processing. Private Client shall ensure that any person who is authorised by Private Client to process Personal Data (including its staff, agents and subcontractors) shall be under an appropriate obligation of confidentiality (whether a contractual or statutory duty).
3.3. Security Incident Response. Upon becoming aware of a Security Incident, Private Client shall notify the Registered Organisation without undue delay and shall provide timely information relating to the Security Incident as it becomes known or as is reasonably requested by the Registered Organisation.
3.4. Updates to Security Measures. Registered Organisation acknowledges that the Security Measures are subject to technical progress and development and that Private Client may update or modify the Security Measures from time to time provided that such updates and modifications do not result in the degradation of the overall security of the Services purchased by the Registered Organisation.
4. Security Reports and Audits
4.1. Private Client shall maintain records of its security standards. Upon Registered Organisation's written request, Private Client shall provide (on a confidential basis) details of relevant information security management compliance, audit report summaries and/or other documentation reasonably required by Registered Organisation to verify Private Client's compliance with this DPA. Private Client shall further provide written responses (on a confidential basis) to all reasonable requests for information made by the Registered Organisation, including responses to information security and audit questionnaires, that Customer (acting reasonably) considers necessary to confirm Private Client's compliance with this DPA, provided that Registered Organisation shall not exercise this right more than once per year.
5. International Transfers
5.1. Processing Locations. Private Client stores and processes EU Data (defined below) in data centres located inside and outside the European Union. Private Client shall implement appropriate safeguards to protect the Personal Data, wherever it is processed, in accordance with the requirements of Data Protection Laws.
5.2. Transfer Mechanism: Notwithstanding Section 5.1, to the extent Private Client processes or transfers (directly or via onward transfer) Personal Data under this DPA from the European Union, the European Economic Area and/or their member states and Switzerland ("EU Data") in or to countries which do not ensure an adequate level of data protection within the meaning of applicable Data Protection Laws of the foregoing territories, the parties agree that Private Client shall provide appropriate safeguards for such data by ensuring the processing of such data is in accordance with Data Protection Laws. Registered Organisation hereby authorises any transfer of EU Data to, or access to EU Data from, such destinations outside the EU subject to these measures having been taken.
6. Return or Deletion of Data
6.1. Upon deactivation of the Services, all Personal Data shall be deleted, save that this requirement shall not apply to the extent Private Client is required by applicable law to retain some or all of the Personal Data, or to Personal Data it has archived on back-up systems, which such Personal Data Private Client shall securely isolate and protect from any further processing, except to the extent required by applicable law.
7.1. To the extent that Registered Organisation is unable to independently access the relevant Personal Data within the Services, Private Client shall (at Customer's expense) taking into account the nature of the processing, provide reasonable cooperation to assist Registered Organisation by appropriate technical and organisational measures, in so far as is possible, to respond to any requests from individuals or applicable data protection authorities relating to the processing of Personal Data under the Agreement. In the event that any such request is made directly to Private Client, Private Client shall not respond to such communication directly without Registered Organisation's prior authorisation, unless legally compelled to do so. If Private Client is required to respond to such a request, Private Client shall promptly notify Customer and provide it with a copy of the request unless legally prohibited from doing so.
7.2. To the extent Private Client is required under Data Protection Law, Private Client shall (at Registered Organisation's expense) provide reasonably requested information regarding Private Client's processing of Personal Data under the Agreement to enable the Registered Organisation to carry out data protection impact assessments or prior consultations with data protection authorities as required by law.
8.1. This DPA is a part of and incorporated into the Terms and Conditions of Use so references to "Agreement" in the Agreement shall include this DPA.
8.2. In no event shall any party limit its liability with respect to any individual's data protection rights under this DPA or otherwise.
8.3. This DPA shall be governed by and construed in accordance with governing law and jurisdiction provisions in the Agreement, unless required otherwise by Data Protection Laws.