Privacy Policy – Software as a Service
We wanted you to know that we have made some changes to our privacy policy in line with new EU General Data Protection Regulations (from 25th May 2018).
NT Assure Ltd is committed to protecting the privacy of anyone using our services. We understand the importance you place on the privacy and security of information that personally identifies you, and we take this very seriously. This privacy policy explains how data, including personal information is collected on behalf of our clients, how we use it, and how we protect it.
Who we are?
We are NT Assure Limited, hereafter we may also refer to NT Assure Limited as 'We', 'Our' or 'Us'.
Our address is 1st Floor, Unit 3 Stanton Close, Finedon RD Ind Est, Wellingborough, Northamptonshire, NN8 4HN.
By providing our professional business to business services we are required to process data and act as 'Data Processors' on behalf of our clients who are the 'Data Controllers'.
What personal data do we hold?
Businesses are required to register an account with NT Assure Limited to access our software services and to do this business's can create user profiles to administer the account and provide information about their company, products and services to their customers or suppliers.
To create a business user the software requires information such as the user's name, business email address, job title and telephone number, so that other users of the software services can communicate and collaborate to procure products, share relevant information and demonstrate compliance.
Occasionally users may get in touch with our helpdesk via our feedback form, email or by telephone for support requests. We will ask users to provide their name, company name and email address so that we can identify them. We may also request a contact number in case we need to get back in touch to help resolve an issue or action a request.
When a user places a support request we make a note of their details and the nature of the enquiry so that we can respond to them and we periodically analyse this data to improve our services.
In some instances these contact details may be classed as 'personal data'.
What is the source of the personal data we hold?
User information is provided by our clients (who are the 'Data Controllers') or the users themselves when creating an account. Once an account has been created users may add personal data such as name(s), email address(es), job title(s) and telephone number(s) of their colleagues.
Using my data: the legal basis and purposes
The lawful basis for processing user's personal data within our software has been defined as legitimate interest.
Our users have a legitimate interest in collaborating and sharing information about their company, products and services that they buy or sell for commercial success and to demonstrate compliance to statutory requirements. Our users also have a legitimate interest in ensuring that this information is accessible in the future as evidence of compliance or for review.
We share these legitimate interests with our users.
What will we use user personal data for?
We will only process data that is necessary to provide users our software services or to respond to user enquiries. We will not hold any additional personal data that we would not require to fulfil this objective.
We share user personal data with customers and / or suppliers which are connected to your business profile, so that users can collaborate and share information about your company, products or services.
We will not transfer personal data outside of the United Kingdom or European Economic Area (EEA) for the delivery of our software services.
User rights
The GDPR regulations provide individuals with the following rights;
The right to be informed, right of access, right to rectification, right to erasure, right to restrict processing, right to data portability, right to object and the rights related to automated decision making including profiling.
Should a user wish to exercise their rights please write to our data protection officer at the address in our 'contact us' section below. We shall verify your details, share your request with the Data Controller(s), review and respond to user requests within one month of receipt of the notification.
Data retention
We shall retain user data for our software services whilst it is in use by our clients (the Data Controllers) to ensure traceability and for auditing purposes, should they require access to this information in the future to demonstrate due diligence.
We shall assess the data that we hold from time to time and information which is no longer required shall be erased.
Privacy by design
We actively limit the type of personal data that we hold to minimise the impact of a data breach should an incident occur. We do this by applying the 'privacy by design' model which requires that principles of data protection are taken into account at the product development phase rather than after data is being processed.
By implementing appropriate technical and organisational measures, taking into account the nature and sensitivity of data types that will be processed, and ensuring that appropriate data minimization measures are implemented at the product (and feature) development phase, personal data is protected at all stages of its life cycle.
Data breaches
We have a robust data security breach plan in place to manage incidents, which details the measures we take to lower the risk of a data breach by as far as reasonably practicable. The plan also identifies how we would identify and investigate a breach should one occur to minimise the impact to our users.
Additional information
Please note we may change our privacy policy from time to time and when changes are made to the policy these changes shall be updated in our privacy notice available within our software.
Contact us
If you have any questions or queries about this privacy information notice please write to our Data Protection Officer (DPO) at NT Assure Limited, 1st Floor, Unit 3 Stanton Close, Finedon RD Ind Est, Wellingborough, Northamptonshire, NN8 4HN.
You are also within your rights to contact the information commissioner's office should you wish to speak directly to them regarding your data protection rights.