Last updated: 04 February 2019
This document sets out our views and practices regarding personal data.
Unless the context clearly indicates otherwise, throughout this document, terms in the singular form shall include the plural (and vice versa) and any gender form shall include all others. General words shall not be given a restrictive interpretation by reason of being preceded or followed by words indicating a particular class of acts, matters or things.
The terms “we”, “us” and “our” refer to Solviq Ltd, a limited company registered in England and Wales under company number 08040908 and having our registered office at Lytchett House, 13 Freeland Park, Wareham Road, Lytchett Matravers, Poole, Dorset, BH16 6FA, United Kingdom.
Our VAT registration number is GB 135 3924 15.
To contact us, please write to us at our registered address, telephone us on +44 29 2014 0800, fax us on +44 29 2014 0801, or e-mail firstname.lastname@example.org.
The term “personal data” means any identifiable information about you, such as (by way of example) your name, address or telephone number.
We are committed to protecting and respecting your privacy.
This policy sets out the terms on which we process any personal data we collect from you, or that you provide to us, or that you allow a third party to provide to us. It applies across all of our services, including our public-facing websites; for the purposes of this policy we will collectively refer to these as “our services”.
Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
1. By supplying personal data to us, you accept this policy
1.1. If you choose to supply your personal data to us, or you permit a third party to supply your personal data to us, you are accepting the practices described in this policy.
1.2. If you do not agree to this policy, you should not supply personal data to us or allow it to be supplied to us.
1.3. If you agree to this policy, but subsequently change your mind and disagree, your courses of action are covered in the section on “Your rights” below.
1.4. We recommend that you retain a copy of this policy for future reference.
2. We may make changes to this policy
3. Data controller
3.1. The data controller is Solviq Ltd, with registered address and contact details as given above.
3.2. As a small business, Solviq Ltd has chosen not to appoint a nominated Data Protection Officer.
4. Basis under which we process personal data
4.1. There are certain circumstances under which you will reveal personal details to us, and it is obvious from the context that you would like us to use these details in a particular way. These are set out in the section on “Implied uses of your personal details” below.
4.2. There are other circumstances when we will ask you to supply personal details to us, and when we do so, we will provide you with the opportunity to specify how we are permitted to use these details. These are set out in the section on “Explicit uses of your personal details” below.
4.3. There is some data that you may expose to us in the natural course of accessing and using digital services such as our websites, which does not directly identify you, but which could be indirectly connected to you with some effort. This is described in the section on “Data that could be indirectly linked to you” below.
4.4. There are some occasions on which we may like to share your personal data with other individuals or organisations. These circumstances are described in the section on “Sharing your personal data” below.
5. Implied uses of your personal details
5.1. If you contact us, you will usually reveal some personal details to us, and to various communications service providers, such as your e-mail address or telephone number. We may use these details to contact you in response to your enquiry.
5.2. If you request a quote for services from us, we may use personal details for the purpose of preparing and communicating that quote.
5.3. If you enter into a contract of supply with us, we may use personal details for the purpose of preparing and performing the contract, and we may retain these details for a period after termination of the contract in order to satisfy the contract and its terms.
5.4. When you request a service from us that requires payment, we will ask you to supply sufficient details to process the payment and to send an invoice or receipt to you. In addition to taking payment, this may result in some of your details being used for fraud prevention or credit risk reduction.
5.5. In the natural course of operating our business responsibly, we take data backups. This means that, even after your personal data has been deleted from our production systems, copies may persist for a short period, until the retention period of the backup expires.
6. Explicit uses of your personal details
7. Data that could be indirectly linked to you
7.1. There is some technical data that you expose to us in the natural course of accessing digital services such as our websites, and which you would reasonably expect us to log and process as part of day-to-day operation, maintenance and security. This technical data includes:
7.2.1. Any identifiers that the device you used to access our services sends to us;
7.2.2. The IP address that was used to connect your device to the Internet, from which it is often possible to deduce your approximate geographic location;
7.2.3. The calling line identity of a telephone or fax machine you have used to contact us, from which it is sometimes possible to deduce your geographic location;
7.2.4. Localization settings of your device, such as time zone or language.
7.2. Once you have personally identified yourself to us, for example by registering for an account on a website, it may be possible to indirectly associate some or all of this technical data with you.
7.3. It may be possible for you to adjust your device settings to obfuscate this data or to prevent this data from being exposed to us.
7.3. We may record anonymized analytics about your visit to and usage of our services, to enable us to improve the performance and user experience, including:
7.3.1. Your clickstream to, through and from our websites;
7.3.2. Your patterns of navigation and search for information;
7.3.3. Interaction statistics such as page load time, dwell time, scrolling, clicks/taps and mouse-overs.
8. Sharing your personal data
8.1. In general, we will never share your personal details with a third party without your permission. However we do work with some trusted third- party providers, whom we have engaged to enable us to operate our business and provide our services to you. This means they may process some of your personal data on our behalf. We have taken appropriate steps to ensure that this processing is conducted in accordance with this policy.
8.2. In order to supply our services to you, we may share your personal information with any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006. Naturally, these companies would adhere to this policy.
8.3. In the event that we sell or buy any business or assets, your personal data may be one of the transferred assets of the sale or purchase.
8.4. We may disclose your information to third parties if we fall under a legal duty or obligation to do so, including (by way of example) for the purpose of law enforcement.
9. Data we do not collect
9.1. We do not collect any personal data that falls into the “special categories” of the General Data Protection Regulation, or which would typically be described as “sensitive personal data”, such as data relating to racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, health, sex life or sexual orientation.
9.2. We never store your financial or payment details. Instead we pass these details directly to our chosen payment processor, who may store them on our behalf as necessary to process immediate or future payments. To help us do this, please do not send financial details in e-mails or faxes, or discuss them in telephone calls.
9.3. We do not make automated decisions or conduct profiling that will produce legal or similarly significant effects on you.
10. Where we store and process your personal data
10.1. We are based in the United Kingdom (UK).
10.2. We store all information on secure servers within the UK or European Economic Area (EEA).
10.3. Some of our suppliers and partners have operations outside the UK and EEA. Therefore, the data that we collect from you may be transferred to, and stored and processed at, a location outside the UK and EEA.
10.4. Some of our suppliers and partners are headquartered outside the UK and EEA. We only work with suppliers or partners in territories that ensure an adequate level of protection for the rights and freedoms of individuals in relation to the processing of personal data.
10.5. The nature of the Internet means your data may pass through a number of countries before it reaches our servers or those of our suppliers or partners. While we go to considerable effort to protect your data within the boundaries of our infrastructure, please remember that we cannot control security beyond these boundaries. In particular, this means that any communications you send unencrypted, including (by way of example) e-mails and phone calls, are not secure and may be intercepted, seen or modified by a third party.
11. How we protect your privacy
11.1. We process data in a manner that ensures its security, by implementing appropriate technical and process controls to protect against unauthorized access or disclosure; malicious interception or interference; accidental loss, destruction or damage; loss of availability under partial failure conditions; and containment and recovery in the event of a breach.
11.2. Where a security breach leading to the destruction, loss, alteration or unauthorized disclosure of personal data is likely to result in a risk to your rights and freedoms, such as (by way of example) a breach that leaves you open to identity theft, we will report this to you and to the authorities.
11.3. We aim that data is not retained beyond the period for which it is useful. In particular, the aforementioned technical data and backups ar not retained for significant periods of time.
12. Cookies and similar technologies
12.1. A “cookie” is a small piece of information that is stored within your web browser or device, which can be used to identify your device or to remember preferences. For the purposes of this subsection, we will use the term “cookie” to encompass all technical mechanisms that provide equivalent functionality, including browser cookies, HTML5 local storage and local storage on mobile devices.
12.4. It is widely accepted, and acknowledged by the United Kingdom Information Commissioner’s Office and the European Union advisory body on data protection, that the above uses of cookies do not require your explicit consent. Your consent is implied by using or logging into our services.
12.6. It may be possible for you to configure your web browser or device to refuse some or all cookies, or to force cookies to be deleted when you exit the browser. Please be aware that some combinations of settings may degrade performance, functionality or experience.
13. Your rights
13.1. You have the right to be informed about how and why we process your personal data. This document lays out this information.
13.2. You have the right to ask us to confirm whether your personal data is being processed, to request a copy of the personal data we hold about you, and to reuse that copy for your own purposes.
13.3. Because we collect and hold your data electronically, we may respond to an access request in a machine-readable, electronic format. You are responsible for providing and configuring your information technology to access and interpret our response. We are under no obligation to adopt or maintain technical compatibility with others’ data formats.
13.4. The purpose of your right of access to your personal data is so that you may verify the lawfulness of data processing. If your request is manifestly unfounded, excessive or repetitive, or if you request further copies of data we have already provided, we are entitled to charge a reasonable fee to cover our administrative costs, or to refuse to respond.
13.5. When you request access to your personal data, we have a duty to verify your identity. To protect your privacy, we will refuse to respond to any requester who cannot satisfy us in this regard.
13.6. You have the right to ask us to erase personal data we hold about you when there is no longer a compelling reason for us to continue to hold it. Typically this means you would need to demonstrate that our use of your data is unfounded or unlawful.
13.7. Please bear in mind that, even after your personal data has been deleted from our production systems, copies may persist for a short period in our disaster recovery backups, until the retention period of the backup expires. In the unlikely event we need to invoke disaster recovery procedures, data that had previously been deleted may be restored, and may need to be deleted again.
13.8. You have the right to object to the way in which we process your personal data, for example if you think we have used your data in a way that you didn’t reasonably expect when the data was supplied to us.
13.9. You have the right to ask us not to process your personal data for direct marketing purposes. You can exercise this right by using the self- service opt-out feature within the marketing communication.
13.10. You have the right to request human intervention in a decision that will have a legal or similarly significant effect upon you, unless the automated decision making process is authorized by law, such as (by way of example only) for fraud prevention. We don’t believe this applies to our services, but if you think it does, you may exercise your right by contacting us using the details in this document.