We are InChorus Group Ltd, a company registered with Companies House in England and Wales under number 11755917 (“InChorus”/“we”/“us”/”our”). We are committed to protecting your privacy.
This policy sets out the basis, under applicable data protection law (including the General Data Protection Regulation (EU 2016/679) and the UK GDPR), on which we will collect and process personal information through your use of the InChorus online software platform and the accompanying software App (together the “Platform”). It applies to our Clients, App Users, Client Users, Marketing Contacts, our website visitors and to other individuals whose data we may process, except for our employees (“you”/”your”).
IN THE NORMAL COURSE OF OUR BUSINESS WE COLLECT AND PROCESS DATA IN THE FOLLOWING WAYS:
When we refer to “personal data” in this policy, we mean any information relating to you from or in relation to which you may be identified (directly or indirectly).
OUR STATUS AND RESPONSIBILITIES
In the case of App Users, Client Users, and Marketing Contacts, we are the data controller in respect of your personal data.
We are also the data controller in respect of contact information for each client contact which we hold for account and contract management purposes, including for contract queries and billing purposes.
We may act as joint data controller with our clients for some App Users data under some circumstances. In these cases, we have set out a joint controller arrangement which reflects our respective roles and responsibilities. You can ask for further information about this by contacting us at firstname.lastname@example.org
INFORMATION WE COLLECT ABOUT YOU
For App Users and Client Users will collect and process the following data about you:
• IP address;
• the type of browser used(e.g. Chrome or Safari browser);
• the number of sessions per browser on each device;
• the type of device (eg Samsung) and operating system (eg Android) used;
• referrer information;
• time zone;
• user preferences; and
• which pages were visited.
Please see the cookies section below to learn more about how we process this data.
For Marketing Contacts, we will collect and process personal data which you provide when you complete an enquiry via a website or register for a trial or otherwise contact us to request information about our products and services. We will typically obtain contact information such as your name, employer, work email address and work telephone number. We may also receive further personal data about you which is publicly available, such as your seniority, years of experience and employment history and similar work-related background, from third party service providers. We shall also store and process data relating to your communications with us and your responses to our marketing emails and attendance at our events.
WHAT DO WE DO WITH THE PERSONAL DATA WE COLLECT ABOUT YOU? WHAT IS OUR LEGAL BASIS FOR DOING SO?
Where we have collected or generated personal data from or about you, we may use this for the purposes, and on the legal bases, as set out below.
We use the information you provide to us to:
• enable us to provide the Services;
• ensure that content from our Website is presented in the most effective manner for you and for your device to achieve the most user-friendly navigation experience;
• defend our servers against malicious attacks
Where we propose using your personal information for any other uses we will ensure that we notify you first and gather your consent where relevant. Where you provide us with your consent in these cases, you will also be given the opportunity to withhold or withdraw your consent for the use of your personal information for purposes other than those listed above. Please note that the withdrawal of consent will not affect the processing which took place before the withdrawal.
For Client Users
For these purposes, we rely on contract and consent as applicable.
For App Users – our use of aggregated and pseudonymized information
If you are an App User, we will gather your consent in order to process your data in the ways described in this section . We note that the processing of special categories of data, such as ethnicity, sexual orientation, or disability, are subject to explicit consent, so you can always choose not to provide those. For this purpose, we will provide you with a full and clear consent statement in compliance with the applicable data protection law at the point of data gathering. You can withdraw your consent at any time by contacting us at email@example.com , provided we are able to reliably re-identify you._Please note that the withdrawal of consent will not affect the processing based on consent before the withdrawal.
For Marketing Contacts
We rely on contract for these purposes.
Please see the cookies section below. Except for the strictly necessary cookies, we will only process this data based on your consent.
3. THE BASIS FOR THE PROCESSING OF YOUR DATA
We will process your personal data based on the lawful bases defined above for each category of data subject. Apart from these, we may process your personal data if the following applies:
- Processing is necessary to comply with a legal or regulatory obligation to which we are subject.
- Processing is necessary for the purposes of the legitimate interests pursued by us or by a third party. Where this basis applies, we have undertaken the relevant Legitimate Interest Assessment to demonstrate that our compelling legitimate interest overrides the interests or the fundamental rights and freedoms of the affected data subjects. You can request further information about this by reaching us at firstname.lastname@example.org
WHO DO WE SHARE YOUR INFORMATION WITH?
We will only share your information with other organisations where we have your permission to do so in accordance with this Policy or where we believe it is necessary for a legitimate reason connected with the Website or our Services. Accordingly, we may share your personal information with service providers, for example of IT services, business partners, suppliers and/or sub-contractors, cloud-based communications, analytics, storage, and other services, for the performance of any contract that we enter into with your employer (such as the Client Agreement) or in the course of undertaking marketing activities. We require all our third party service providers and all other companies within our group to take appropriate and stringent security measures to protect your personal data in line with our policies. We do not allow our third party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes in accordance with our instructions and the agreement we have with them.
We may also disclose your personal data to other third parties in the following circumstances:
Except as explained above, we will not disclose your personal data to any third parties for any other purpose unless we have a legal right or obligation to do so.
Cookies are small pieces of data that are stored on your computer, mobile phone or other device. Pixels are small blocks of code on web pages that do things like allow another server to measure viewing of a Web page and are often used in connection with cookies. HTML5 Local Storage is a small database located inside your browser which web pages can use to store data to speed up their processing.
We will ask you for your consent to use the cookies as you visit our website.
INTERNATIONAL DATA TRANSFERS
-transferring your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission;
-entering into specific contractual terms which have been approved by the European Commission and which give personal data the same protection as within the EEA. In these cases we will undertake a Data Transfer Impact Assessment where required pursuant to the Schrems II decision in order to verify, on a case-by-case basis, whether the law in the recipient country ensures adequate protection for personal data transferred under this tool.
For further information on the safeguards used, please contact us at email@example.com
SECURITY OF INFORMATION
Where you are an App User, you will only require your company email address and company code to gain access to the InChorus App. Where we have given you a username, password and/or security information which enables you to access particular features of the Platform as a Client User you are responsible for keeping these access credentials confidential. You must not share these details with anyone, or store them in a way that may allow a third party to access them.
We maintain appropriate technical and organisational measures to ensure that an appropriate level of security in respect of all personal data we process. Once we have received your information, we will use strict procedures and security features which are appropriate to the type of personal data you have provided to try to prevent unauthorised access or inadvertent disclosure.
RETAINING YOUR INFORMATION
We will not store your personal data for longer than is reasonably necessary to use it in accordance with this policy or with our legal rights and obligations. For the avoidance of doubt, aggregated and anonymised data and any information other than personal data can be stored indefinitely.
We think it is important that you are able to control your personal information.
You have the following rights in regards to your personal information:
You can exercise any of these rights by contacting us at firstname.lastname@example.org
THIRD PARTY PROPERTIES ACCESSED FROM THE WEBSITE EG OTHER WEBSITES
Our Website and Services may contain links to and from the online properties of third parties. If you follow a link to any of these online properties, please note that these online properties have their own privacy policies which will govern use of any personal information that they process. Please check these policies carefully before you click on any links and/or submit any personal information to these online properties.
CHANGE OF CONTROL
If the ownership of our business changes, we may transfer your information to the new owner so they can continue to operate the Website and provide the Services. The new owner will be obliged to comply with this Policy.
Any changes we may make to this Policy will be posted on this page. Where it makes sense because the changes are material, we will notify you by e-mail or in another appropriate manner such as when you next interact with the Website.
CONTACTING US IS EASY AND WE WANT TO HEAR FROM YOU
We really do welcome any questions, comments and requests you may have regarding this Policy. You can contact us by emailing us at email@example.com
We have also appointed a Data Protection Officer who you can contact using the contact details below:
Attn: Data Protection Officer
163 City Road, London,
DPO Telephone: +44 20 3917 4158
Email address: firstname.lastname@example.org