A R E M I S

2.1.   To use our services and products we may occasionally need to process Personally Identifiable Information which may be used to identify someone which may be a service user or others.

2.2.   Personal Data is held on 4 groups of people (Data Subjects) as follows;

•  Client Data: this is Personal Data about a Client and may including key contact data
•  Prospective Client Data: this is Personal Information about prospective clients including contact information who have not yet entered into a contract with us.
•  Permitted User Data: this is Personal Data about Permitted Users.
•  Customer Data: this is Personal Data uploaded by a Permitted User onto the licenced Software.

2.3.   Our Software enables users to share information with other people and this policy only deals with our use of Personal Data and any Recipients are not bound by this privacy policy. It is the users responsibility to ensure the recipient(s) of any Personal Data sent to them will use the information as intend.

2.4.   This Privacy Policy may be subject to periodic revision which shall be displayed on the website.

2.5.   Any queries or concerns about this policy, should be communicated by mail or email to the address found in our contact details.

3.0   A CONTROLLER OR A PROCESSOR

(a)   We are a  Controller  in respect of any Client Data we hold which may include Personal Data about our Clients and prospective clients including their key contacts.

(b)   We are a  Controller  in respect of any Prospective Client Data including Personal Data about prospective clients and their key contacts.

(c)   We may hold  Permitted User Data  which is Personal data about Permitted Users provided by Clients as both a Controller and a Processor. Which one, will depend on the data and the processing activity.

(d)   We are a  Processor in respect of any  Customer Data  which is Personal Data uploaded by a Permitted User. This means that we are only processing that data at the request of the Permitted User and we are not making decisions about what data to collect or its use.

4.0   PERSONAL DATA

4.1   Personal Data about you may be stored by us, collected as follows:

(i)  Information you provided where our services or software was requested, licensed or purchased. This information could include;

• name and contact details.
• financial details.
• account preferences and settings.
• information sent or received using our Software.

(ii)  Where you are a nominated Permitted User by a Client, we may receive information concerning you from a Client who purchased the user licence to use the Software. This could include;

• your name, contact information including email addresses.
• your administrative rights.

(iii) Information concerning you which other Permitted Users uploaded on to the Software system. This could include;

• details of works recorded or executed.

(iv) Cookies may also be used to collect information about;

• how you use the Software including your user preferences and interests.
• in-app purchases you make.
• details about user visits.
• details about the device(s) used to access the Software.

The company Cookies Policy can be found on the website.

5.0   HOLDING CLIENT AND PROSPECTIVE CLIENT DATA AND THE LAW

Clients

5.1   Client Data may be held and processed making us a data Controller and we must have a ‘lawful basis’ for doing so, as follows;

(i) IN ORDER TO PROVIDE OUR SERVICES:  to provide this Software including support and maintenance of any account using the Software where such processing is necessary for the performance of the contract for the provision of our services or software or for taking steps necessary to enter into a contract.

(ii) ADMINISTRATION AND DISPUTE RESOLUTION: We may also need to process Personal Data to meet our internal administration requirements and for matters such as dispute resolution. Such processing is necessary for the purposes of our legitimate interest, which is in this case is to function as a business. We consider such use will not exceed anything a Data Subject would reasonably expect and is likely to align with the Data Subject’s interests by allowing us to provide a sustainable business model and is unlikely to be detrimental to the fundamental rights and freedoms of any Data Subject.

(iii)  MARKETING:  We may periodically contact clients by mail, email or telephone about updates to our services or software, or new features or functions or to introduce new products. These communications may be tailored to what we think your interests are and this may be based upon data collected using cookies and from looking at past transactions. The right to opt out shall always be included in any such correspondence.

The lawful basis for any processing is where it is necessary for the purpose of our legitimate business interest. We will endeavor not to exceed anything a Data Subject could reasonably expect and is likely to align with a Data Subject’s interests and have an opt out option and is unlikely to be detrimental to the fundamental rights and freedoms of the Data Subject.

(iv) AGGREGATE DATA:  Aggregate data about Permitted Users and about Client transactions or interactions may be collected and stored and any such data will be anonymized and may be used for business and market research purposes.

Prospective Clients

5.2   Prospective Client Data may be used for marketing purposes or to take steps to enter into a contract where we have been requested to do so.

(i) MARKETING BY ELECTRONIC COMMUNICATIONS:  Information obtained by way of discussion regarding our products or services, then we may contact you periodically by email or telephone about updates or changes to our services or products. These communications may be tailored on what we think your interests are and we may deduce this from our communications with you. The right to opt out will be included in any such correspondence. The lawful basis for such processing is that it is necessary for the purpose of our legitimate business interest.

In any other circumstances, we will only contact you by telephone, mail or email or other electronic communications where we have obtained your consent which will be our lawful basis for processing purposes. Our communication may be tailored in a way we think may interest you and we may deduce this from information collected about you from cookies or other similar technologies.

(ii)  MARKETING BY TELEPHONE:  We always try to develop business and to locate new customers who may be interested in our services or products. Our sales team may research this online and we may contact you by email or telephone to gauge interested in discussing our services or products. Such processing is necessary for the purpose of our legitimate business interest. Such use will go no further than a Data Subject would reasonably expect and is likely to align with a Data Subject’s interests and contain an opt out option and is unlikely to be detrimental to the fundamental rights and freedoms of the Data Subject.

6.0   USE OF PERMITTED USER DATA

6.1.   Permitted User Data would be used as follows;

(i) TO PROVIDE OUR SERVICES:  we would use the contact information and details provided to us by our Client(s) for the purpose of providing access to our Software and this may include support and maintenance of your account on the Software. We do this solely on the basis of our Client’s instructions and we are acting as a Processor in this regard.

(ii)  UPDATES AND NEW FUNCTIONALITY COMMUNICATIONS:  We may periodically use the contact details received from Clients upon entering into a contract to receive our services or products to send emails to Permitted Users regarding updates to our services and new functionality available in the Software. Clients are normally informed of this marketing service before entering into an agreement with us, and they have the option to opt out at that point. Should a Client choose not to opt out we normally promptly send an email to each Permitted User to notify them that we have been given their details and that they will receive such communications unless they opt out. Each communication will include an easy opt-out option. We are acting as a Controller in this regard. We are relying on the fact that such processing is necessary to achieve our legitimate interest of providing an up-to-date software solution for our Clients and their Permitted Users.

Anyone requiring further details on this use of your Personal Data, or if you would like to tell us not to use your Personal Data for that purpose, please contact us at the email or contact form on our website.

6.2.   We may collect aggregate data about how a Permitted User uses our software. Any such data is normally anonymised and should not identify a Permitted User.

7.0   CUSTOMER DATA - USING PERSONAL DATA UPLOADED AS PART OF A SURVEY OR ENQUIRY

7.1.   We act as a processor in respect of any Customer Data you upload which means we are processing the data only on the basis of our Client’s instructions. Except for technical processes like storage or maintenance purposes, we do not access or make any decisions about uses of Customer Data.

7.2.   We may collect aggregate data from the information uploaded but this data will be anonymised so that an individual cannot be identified from that data.

8.0   DISCLOSING PERSONAL DATA TO A THIRD PARTY

Other Users

8.1.   This Software enables users to transfer and to share information with their customers and other Permitted Users. If our Client has so requested, the data uploaded on to the Software, may be accessible by other Permitted Users.

Third Parties

8.2.   We may disclose Personal Data to third parties only for the following purposes;

(a) To our licensors, employees and third parties including professional advisors, such as lawyers and accountants who are contracted to assist our business to provide the Software and to operate our business. We currently use Amazon Web Services and other similar third parties to provide hosting services. Any such licensors, employees and/or data processors contracted to us will be subject to strict contractual requirements to use Personal Data in accordance with our Privacy policy. Should you require further information on third party processors please contact us using the contact information on our webpage.

(b) Where there is a duty to disclose or share Personal Data in order to comply with any legal obligation or in order to enforce or apply our terms of use and other agreements or to protect the operation of our website, or the rights, property, or safety of us, our customers or others.

(c) To third parties should we decide to sell, transfer or merge parts of our business or assets. Should any change(s) happens to our business, then the new owners will only be entitled to use Personal Data in accordance with the provisions set out in this privacy policy.

9.0   SECURITY PROCEDURES

Other Users

9.1.   We understand the importance of confidentiality and electronic, physical and managerial procedures are in place to safeguard and secure the data uploaded onto our software.

(a) All staff members enter into and abide by a strict confidentiality agreement in respect of how it handles all content. Contents of User Data remain confidential without your explicit instruction to the contrary, and all data uploaded onto our software remains strictly confidential.

(b) Robust security measures are in place to protect the information you upload on to our software. All data is hosted on a UK cloud server, which offers a high level of security. Our secure infrastructure includes encryption, firewalls and access control, and our current hosting company is accredited by the following industry standard bodies:

• ISO 27001:2005 (Information Security)
• ASEA 3402 Type II (Service Organisation Control)
• ISO 14001:2002 (Environmental Management)

(c) Periodically we may use certain third party products or services to help us manage our data, including CRM and accounting software. We will only ever work with companies who are contractually bound to implement high standards of security measures. If you would like further information about what third party processors we use, please contact us using the contact information listed on our website or email info@aremiscm.com

9.2.   Here are some steps that can be taken to help ensure that your data is protected.

(a) if contacting us with a query or complaint please use your work details rather than personal contact details.

(b) if sending any financial details or sensitive information, consider sending it in separate emails or using encrypted, password protected documents.

(c) please ensure that all passwords associated with your software account with us remain secure.

10.0   PERSONAL DATA STORAGE

10.1.   Data uploaded using our Software is held on a cloud server within the UK or European European Area. Unless requested to do so, or it is strictly required in order to provide our services we will not transfer any such data outside the UK or EEA.

10.2.   Any users based outside the EEA who would like further information about where we hold their data, may contact us using the contact information listed on our website or email info@aremiscm.com

10.3.   Client Data retention policies are as follows;

Client Data Retention

(i) data related to financial transactions may be stored for up to 7 years to ensure that we hold sufficient records for accounting and taxation purposes.

(ii) data relating to negotiations, contracts agreed, payments made, disputes raised and use of our software, may be stored for up to 6 years to protect ourselves in the event of a dispute arising between us,

(iii) data may be stored in aggregate and without limitation as it cannot identify any individual.

Permitted User Data and Customer Data

(i) Permitted User Data and Customer Data shall be retained for as long as the user licence for the Software remains valid. Upon termination such data shall be securely delete within 30 business days.

(ii) Aggregate data relating to the uses made of the Software by Permitted Users may be retained without limitation. Such data shall be anonymised and it shall not identify any individual.

Prospective Client Data

(i) Prospective Client Data may be retained for up to one year from the date of collection, or longer if you requested to be added onto our mailing list or if the parties are engaged in negotiations, then such data may be held for a longer period, to facilitate discussions or to keep you informed of products and services. Data shall be deleted upon receiving a written request to do so.

11.0   RIGHTS REGARDING PERSONAL DATA HELD

11.1.   Data Subjects have the following rights regarding Personal Data relating to them which can be enforced against whoever is the Controller. This will be us in respect of Client Data and any Permitted User Data which we hold as a Controller, and our Client in respect of Permitted User Data and Customer Data.

(a)Right to be informed: You have the right to be informed about what Personal Data the Controller collects and stores about you and how it is used.

(b)Right of access: You have the right to request a copy of the Personal Data held as well as confirmation of the following;

• the purposes of the processing
• the categories of personal data
• the recipients to whom the personal data has/will be disclosed,
• duration of any storage
• where the data was not collected directly from you, information about the source.

(c) Right of rectification: the right to require the Controller to correct any Personal Data held about you which is inaccurate or incomplete.

(d) Right to be forgotten: in certain circumstances, the right to have the Personal Data held about you erased from the Controller’s records.

(e) Right to restriction of processing: the right to request the Controller to restrict the processing carried out in respect of Personal Data relating to you. You might want to do this, for instance, if you think the data held by the Controller is inaccurate and you would like to restrict processing the data has been reviewed and updated if necessary.

(f) Right of portability: the right to have the Personal Data held by the Controller about you transferred to another organisation, to the extent it was provided in a structured, commonly used and machine-readable format.

(g) Right to object to direct marketing: the right to object where processing is carried out for direct marketing purposes including profiling in connection with that purpose.

(h) Right to object to automated processing: the right not to be subject to a decision based solely on automated processing including profiling which produces legal effects or other similar significant effects on you.

11.2.   Should you wish to avail of any of the above rights please contact us using the contact information listed on our website or email info@aremiscm.com.

If we are not the Controller, we shall transfer your request to the Controller only with your consent. If you do contact us with a request, we will also need evidence that you are who you say you are to ensure compliance with data protection legislation.

12.0   RIGHTS REGARDING THE PROCESSING OF PERSONAL DATA

12.1.   We can be notified at any time that Personal Data about you should not be processed for particular purposes or for any purposes whatsoever. This decision may have an impact on the services or product(s) you receive from us because you will no longer be able to access the Software since we would not be able to identify you.

12.2.   Any request to stop receiving direct marketing would not impact on your ability to access the Software.

12.3.   If your Personal Data is being held by us as a Processor then to facilitate your request we may need to pass your request onto the Controller and we would only do so with your consent.

13.0   COMPLAINTS POLICY

13.1.   Any questions or concerns regarding the use of Personal Data please contact our Data Protection Officer immediately using the contact information listed on our website or email info@aremiscm.com. If we are processing Personal Data about you on behalf of our Client, we will need to pass your complaint to our Client and shall only do so with your consent.

13.2.   Any complaint about how we have handled Personal Data you may lodge a complaint with the Information Commissioner’s Office by following this link: https://ico.org.uk/concerns/.

Last edited June 2020