Overview of our privacy statement

This statement explains the personal information we collect, the purpose we collect the information for, the legal basis we rely on, who we share the information with, how we protect the information, and how you can exercise your rights in relation to your personal data.

The personal information we collect

By visiting our website, we collect your web browser's User Agent and your current IP address. This information is recorded in our web log files. These log files are analysed to identify performance and security improvements that can be made to our operating environment. The legal basis for this information is our legitimate interest. We balance our legitimate interest in operating a secure performing system with users fundamental rights to privacy, by anonymising the performance data and purging the log files regularly.

If you want our Sales Team to contact you, we ask for your email address. We optionally also ask for your name, the organisation you work with, the role or function you have in that organisation, and your requirements for a management system. We use this information to shape the contact our Sales Team will have with you. Our legal basis for this information is consent.

If you want our Support Team to contact you, we ask for your email address and a description of the issue you for which you require assistance. The legal basis for this information is contractual.

If you ring us, and none of our call agents are available to take your call, you will have the option to leave a voice message. The voice message will be stored until it has been actioned by a call agent. Our legal basis for processing voice messages is legitimate interest.

If you participate in video call, and you wish to receive a copy of the call, with your consent the call may be recorded. On completion of the call, the recording will be processed and cleaned up, and a copy of the call will be made available to you. Our legal basis for recording video calls is consent.

Who we share the information with

We do not share or disclose personal information to third parties.

We do engage vendors to perform tasks as agents on our behalf. Where the vendor processes personal data, we take appropriate technology measures, supported with legal protections to ensure that the personal data is processed within the European Union, at certified secure sites, and only under our direction.

Technical and Organisational Measures to protect personal data

We have appointed a qualified Data Protection Officer. We have appointed a Cybersecurity team. We require the Data Protection Officer and the Cybersecurity team to complete annual Continuous Professional Development (CPD) appropriate to their qualifications and role.

We classify data sets as containing Personal Identifiable Information (PII).

We perform impact assessments for any changes that affect PII data sets.

We only use ISO 27001 certified data centers for processing and storage of PII data sets.

We provide mandatory ongoing data protection and cybersecurity training for all staff, who have access to PII data sets.

We perform frequent regular vulnerability scans of our computing environment to ensure we are not exposed to known cybersecurity threats.

We provide ongoing cybersecurity awareness for all staff.

We conduct regular reviews and audits to provide assurance that our policies and procedures are appropriate and are embedded in our operations.

Your personal data rights

The Charter of Fundamental Rights of the European Union specifically recognises each individual's right to the protection of their personal data which includes how the data is collected, processed; how the person can access the personal data or rectify errors held in the personal data, and the oversight of these rights by an independent authority.

You can exercise any of your personal data rights by completing this form, and a representative of our Data Protection team, will respond as soon as possible.

Version 2.1.1 - Last updated on 3 April 2024