Data Protection Framework
1. Customer and Citizen Data
You may decide to send us your personal information via this website if you are seeking more information, requesting a demonstration or trial of one of our services, or for other similar business administration or support purposes. Your decision to disclose your personal data is entirely voluntary, and by doing so, you are providing us with specific consent to use your personal data only in relation to the specific purposes for which you have disclosed it to us. InfoSaaS may access and use your Customer Data only for the purposes for which you have submitted it to us to (a) provide information to you, (b) contact you, (c) provide services to you, or (d) maintain the operations and security of the website and services we provide to you.
InfoSaaS customers may decide to send us your personal information via InfoSaaS applications during the normal course of their business activities. They acknowledge and agree that disclosing personal information into an InfoSaaS applications is voluntary (under an applicable legal basis as identified by each InfoSaaS customer), and any that is disclosed will only be used by InfoSaaS for our Legitimate Interests of provide a secure and stable environment for the hosting, processing and storage of each customer’s InfoSaaS environment. Further information is available on the InfoSaaS GDPR Statement.
We will not use your personal information for any other purposes, for example the communication of marketing material, unless we have your specific consent to do so, and all such communications (where issued) will have clear options for removing consent and unsubscribing. We will always handle and store your personal data in accordance with industry best practice aligned with ISO27001, the international standard for information security. This includes the activities and procedures undertaken by our own personnel and any third parties (see Section 5), and the technical controls which we have implemented to prevent the unauthorised access, compromise or theft of information from our InfoSaaS applications, supporting computer systems and operating premises.
2. Sensitive Personal Data
GDPR specifies a set of personal data categories which are “sensitive”, and which require special consideration by Data Controllers. This website, and any services available from this website, do not knowingly collect or process any sensitive personal data, and supporting Privacy Impact Assessments (also known as Data Protection Impact Assessments under GDPR) are available upon request from the InfoSaaS Data Protection Manager (see Section 9). There are no foreseeable circumstances where an InfoSaaS customer would need to upload or store sensitive personal data within an InfoSaaS application – also see Section 7 of the InfoSaaS GDPR Statement.
3. Children’s Personal Data
This website, and any services available from this website, are not directed to children under the age of 13. If you learn that a child under the age of 13 has provided us with their personal information without having parental consent, please contact the InfoSaaS Data Protection Manager (see Section 9) immediately so that we can take appropriate action. There are no foreseeable circumstances where an InfoSaaS customer would need to upload or store children’s personal data within an InfoSaaS application – also see Section 6 of the InfoSaaS GDPR Statement.
4. Customer and Citizen Data Rights
As prescribed within data protection regulations, you have several rights connected to the provision of your personal data to InfoSaaS using this website. These include your rights to request that we:
- confirm to you what personal data we may hold about you, if any, and for what purposes
- change the consent which you have provided in relation to your personal data
- correct any inaccurate or incomplete personal data which we may hold about you
- provide you with a complete copy of your personal data for you to move elsewhere
- stop processing your personal data, whilst an objection from you is being resolved
- permanently erase all your personal data promptly, and confirms to you that we have done so (there may be reasons why we may be unable to do this)
To contact InfoSaaS, please see Section 9 below. If we do not properly address your request or fail to provide you with a valid reason we are unable to do so, you have the right to contact the Information Commissioner’s Office to make a complaint. They can be contacted via their website (www.ico.org.uk) or by telephone 0303 123 1113.
If your enquiry relates to personal data which may present within an individual InfoSaaS application environment, you should enquire of the Data Controller (the specific InfoSaaS customer) who manages that environment and who has legal responsibility for any personal data which may have been uploaded into it – also see Section 5 of the InfoSaaS GDPR Statement.
5. Declaration of Sub-Processing
To make an informed decision on whether to provide your personal data to InfoSaaS using this website, we need to make you aware of any organisations that act as Data Processors for us in the provision of our services to you. These include Pipedrive (for sales administration and account management purposes), Mailchimp (for consented marketing communications), Stripe and Paypal (for payment processing activities).
The activities within which each of these Data Processors participates have been recorded within applicable Privacy Impact Assessments (also known as Data Protection Impact Assessments under GDPR). These are available upon request from the InfoSaaS Data Protection Manager (see Section 9).
6. Website Cookies
7. External Links
This website and InfoSaaS applications may include relevant hyperlinks to external websites not controlled by InfoSaaS. Whilst all reasonable care has been exercised in selecting and providing you with such links, you are advised to exercise caution before clicking any external links. We cannot guarantee the ongoing suitability of external links, nor do we continually verify the safety or security of the contents which may be provided to you. You are advised, therefore, that your use of external links is at your own risk and we cannot be responsible for any damages or consequences caused by your use of them.
9. Contacting InfoSaaS
This Version Finalised: 01.06.2020