This privacy policy has been compiled to provide clear information to those who are concerned with how their ‘Personally Identifiable Information’ (PII) is being used online. PII, as described in Isle of Man (IOM), United Kingdom (UK) and United States (US) privacy law and information security, is information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context. Please read our privacy policy carefully to get a clear understanding of how we collect, use, protect or otherwise handle your Personally Identifiable Information by our company.

What personal information do we collect from the people that visit our blog, website or applications?

When ordering or registering on our site, as appropriate, you may be asked to enter your name, email address, phone number or other details to help you with your experience.

When do we collect information?

We collect information from you when you place an order, subscribe to a newsletter, fill out a form, Use Live Chat, Open a Support Ticket or enter information on our site. We also collect information in accordance with the schedules of the GDPR which are explained in more detail below.

How do we use your information?

We may use the information we collect from you when you register, make a purchase, sign up for our newsletter, respond to a survey or marketing communication, surf the website, or use certain other site features in the following ways:

• To personalize your experience and to allow us to deliver the type of content and product offerings in which you are most interested.
• To allow us to better service you in responding to your customer service requests.
• To quickly process your transactions.
• To send periodic emails regarding your order or other products and services.
• To follow up with them after correspondence (live chat, email or phone inquiries)

How do we protect your information?

Our website is scanned on a regular basis for security holes and known vulnerabilities to make your visit to our site as safe as possible.

We use regular Malware Scanning.

Your personal information is contained in secured networks and is only accessible by a limited number of persons who have special access rights to such systems, and are required to keep the information confidential. Also, all sensitive/credit information you supply is encrypted via Secure Socket Layer (SSL) technology.

We implement a variety of security measures when a user places an order enters, submits, or accesses their information to maintain the safety of your personal information.

All transactions are processed through a gateway provider and are not stored or processed on our servers.

Do we use ‘cookies’?

Yes. Cookies are small files that a site or its service provider transfers to your computer’s hard drive through your Web browser (if you allow) that enables the site’s or service provider’s systems to recognize your browser and capture and remember certain information. For instance, we use cookies to help us remember and process the items in your shopping cart. They are also used to help us understand your preferences based on previous or current site activity, which enables us to provide you with improved services. We also use cookies to help us compile aggregate data about site traffic and site interaction so that we can offer better site experiences and tools in the future.

We use cookies to:
• Help remember and process the items in the shopping cart.
• Understand and save user’s preferences for future visits.
• Compile aggregate data about site traffic and site interactions to offer better site experiences and tools in the future. We may also use trusted third-party services that track this information on our behalf.

You can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies. You do this through your browser settings. Since the browser is a little different, look at your browser’s Help Menu to learn the correct way to modify your cookies.

If users disable cookies in their browser:

If you turn cookies off, Some of the features that make your site experience more efficient may not function properly.Some of the features that make your site experience more efficient and may not function properly.

Third-party disclosure

We do not sell, trade, or otherwise transfer to outside parties your Personally Identifiable Information.

We do not include or offer third-party products or services on our website.

Google

Google’s advertising requirements can be summed up by Google’s Advertising Principles. They are put in place to provide a positive experience for users. https://support.google.com/adwordspolicy/answer/1316548?hl=en

We use Google AdSense Advertising on our website.

Google, as a third-party vendor, uses cookies to serve ads on our site. Google’s use of the DART cookie enables it to serve ads to our users based on previous visits to our site and other sites on the Internet. Users may opt-out of the use of the DART cookie by visiting the Google Ad and Content Network privacy policy.

We have implemented the following:
• Demographics and Interests Reporting

We, along with third-party vendors such as Google use first-party cookies (such as the Google Analytics cookies) and third-party cookies (such as the DoubleClick cookie) or other third-party identifiers together
Improve our product and service offerings

Opting out:
Users can set preferences for how Google advertises to you using the Google Ad Settings page. Alternatively, you can opt out by visiting the Network Advertising Initiative Opt-Out page or by using the Google Analytics Opt-Out Browser Add-on.

California Online Privacy Protection Act

CalOPPA is the first state law in the nation to require commercial websites and online services to post a privacy policy. The law’s reach stretches well beyond California to require any person or company in the United States (and conceivably the world) that operates websites collecting Personally Identifiable Information from California consumers to post a conspicuous privacy policy on its website stating exactly the information being collected and those individuals or companies with whom it is being shared. – See more at http://consumercal.org/california-online-privacy-protection-act-caloppa/#sthash.0FdRbT51.dpuf

According to CalOPPA, we agree to the following:
Users can visit our site anonymously.
Once this privacy policy is created, we will add a link to it on our homepage or as a minimum, on the first significant page after entering our website.
Our Privacy Policy link includes the word ‘Privacy’ and can easily be found on the page specified above.

You will be notified of any Privacy Policy changes:
• On our Privacy Policy Page
Can change your personal information:
• By emailing us
• By calling us
• By logging in to your account
• By chatting with us or by sending us a support ticket

How does our site handle Do Not Track signals?
We honour Do Not Track signals and Do Not Track, plant cookies, or use advertising when a Do Not Track (DNT) browser mechanism is in place.

Does our site allow third-party behavioural tracking?
It is also important to note that we do not allow third-party behavioural tracking

COPPA (Children Online Privacy Protection Act)

When it comes to the collection of personal information from children under the age of 13 years old, the Children’s Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, United States’ consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children’s privacy and safety online.

We do not specifically market to children under the age of 13 years old.
Do we let third-parties, including ad networks or plug-ins, collect PII from children under 13.

Fair Information Practices

The Fair Information Practices Principles form the backbone of privacy law in the United States and the concepts they include have played a significant role in the development of data protection laws around the globe. Understanding the Fair Information Practice Principles and how they should be implemented is critical to comply with the various privacy laws that protect personal information.

To meet and exceed Fair Information Practices and the General Data Protection Regulation (GDPR) we will take the following responsive action, should a data breach occur:
We will notify you via email
• Within seven business days
We will notify the users via in-site notification
• Within seven business days

We also agree to the Individual Redress Principle which requires that individuals have the right to legally pursue enforceable rights against data collectors and processors who fail to adhere to the law. This principle requires not only that individuals have enforceable rights against data users, but also that individuals have recourse to courts or government agencies to investigate and prosecute non-compliance by data processors.

How we mitigate privacy infringement risks

We strictly limit how much processed data we hold, and retain GDPR Article 6(1) Legitimate Interests records for a maximum of three (3) years’ before automated deletion. We do not perform decision-making automated or otherwise on the data we store and where practicable, we anonymise all data.

How to file a Subject Access Request (SAR) or a Data Subject Request

Please contact us, using one of the options on our website, or file a ticket on our helpdesk.

How we use Contract as the basis for processing

Sometimes we need to process personal data to do what is reasonably requested of us by our customers.
We occasionally need to process someone’s personal data to fulfil our contractual obligations to them; or because they have asked us to do something before entering into a contract (e.g. to provide a quotation).

How we use Consent as the basis for processing

  • We have checked that consent is the most appropriate lawful basis for processing.
  • We have made the request for consent prominent and separate from our terms and conditions.
  • We ask people to positively opt in.
  • We don’t use pre-ticked boxes or any other type of default consent.
  • We use clear, plain language that is easy to understand.
  • We specify why we want the data and what we’re going to do with it.
  • We give separate distinct (‘granular’) options to consent separately to different purposes and types of processing.
  • We name our organisation and any third party controllers who will be relying on the consent.
  • We tell individuals they can withdraw their consent.
  • We ensure that individuals can refuse to consent without detriment.
  • We avoid making consent a precondition of a service.
  • We keep a record of when and how we got consent from the individual.
  • We keep a record of exactly what they were told at the time.
  • We regularly review consents to check that the relationship, the processing and the purposes have not changed.
  • We have processes in place to refresh consent at appropriate intervals, including any parental consents.
  • We consider using privacy dashboards or other preference-management tools as a matter of good practice.
  • We make it easy for individuals to withdraw their consent at any time, and publicise how to do so.
  • We act on withdrawals of consent as soon as we can.
  • We don’t penalise individuals who wish to withdraw consent.

How we use Legitimate Interests as the basis for processing

For payroll related data: We process data on behalf of our customers’ employees, directors, agents, and associated entities for the purposes of providing a payroll electronic filing bridging service (not to be confused with a payroll service or bureau) under the condition of ‘legitimate interest’. The processing we undertake is necessary for the purposes of ensuring accurate and timely information is submitted to HM Revenue & Customs in order to comply with payroll and other regulations. The data we store is limited, encrypted, stored in the EEA and is limited to only what is required to meet the legitimate interest of the data subject with the most minimal impact on privacy and data storage.

For all data processed under legitimate interests:

  • We have checked that legitimate interests is the most appropriate basis.
  • We understand our responsibility to protect the individual’s interests.
  • We have conducted a legitimate interests assessment (LIA) and kept a record of it, to ensure that we can justify our decision.
  • We have identified the relevant legitimate interests.
  • We have checked that the processing is necessary and there is no less intrusive way to achieve the same result.
  • We have done a balancing test, and are confident that the individual’s interests do not override those legitimate interests.
  • We only use individuals’ data in ways they would reasonably expect, unless we have a very good reason.
  • We are not using people’s data in ways they would find intrusive or which could cause them harm, unless we have a very good reason.
  • If we process children’s data, we take extra care to make sure we protect their interests.
  • We have considered safeguards to reduce the impact where possible.
  • We have considered whether we can offer an opt out.
  • If our LIA identifies a significant privacy impact, we have considered whether we also need to conduct a DPIA.
  • We keep our LIA under review, and repeat it if circumstances change.
  • We include information about our legitimate interests in our privacy information.

How we use Legal Basis as the basis for processing

Sometimes personal data must be processed to comply with common-law or statutory obligations.

CAN-SPAM Act

The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations.

We collect your email address to:
• Send information, respond to inquiries, and other requests or questions
• Process orders and to send information and updates about orders.
• Send you additional information related to your product and service
• Market to our mailing list or continue to send emails to our clients after the original transaction has occurred.

To abide by CAN-SPAM, we agree to the following:
• Not use false or misleading subjects or email addresses.
• Identify the message as an advertisement in some reasonable way.
• Include the physical address of our business or site headquarters.
• Monitor third-party email marketing services for compliance, if one is used.
• Honor opt-out/unsubscribe requests quickly.
• Allow users to unsubscribe by using the link at the bottom of each email.

If at any time you would like to unsubscribe from receiving future emails, you can email us at
• Follow the instructions at the bottom of each email.
Moreover, we will promptly remove you from ALL correspondence.

Contacting Us

If there are any questions regarding this privacy policy, you may contact us using the information below.

www.evolvedsoftware.com
Evolved Software Studios Ltd
Isle of Man, IM73HP
[email protected]
+44 208 191 7797