So you can understand what this all means in practice we’ve tried to present this policy in clear language without too much “legal jargon”.
Where we refer to "data controller" or "data processor", we give those terms the meanings they have in UK data protection law.
What personal information do we collect?
Information we collect directly from you
Information to provide services: We collect the personal information we need to offer you our services and manage our relationship with you as our customer.
This may include some or all of the following:
Registration information: You will also be asked to set up a user account which will allow you to log into and out of the Platform. You need to register a username and password to gain secure access to your account.
Other data you intentionally share: We may collect personal data if you submit it to us in other contexts such as via a third party website, email or phone. We may also collect anonymous data you provide in connection with the services that we provide.
Billing information: If you make a payment to us, we require you to provide your billing details, such as a name, address, email address and financial information corresponding to your selected method of payment (e.g. a credit card number and expiration date or a bank account number). If you provide a billing address, we will regard that as the location of the account holder.
Information we automatically collect about you
Like many website operators, each time you visit the Platform we may automatically collect the following information:
Technical information: including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;
Information about your visit: including the full Uniform Resource Locators (URL) clickstream to, through and from our site (including date and time); page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page.
Referral data: If you arrive on the Platform from an external source (such as a link on another website or in an email), we record information about the source that referred you to us.
Third party personal information collected to provide the Eval Plan services
The nature of the Eval Plan services means that you will typically need to send us datasets with information about a particular population (for example, charity supporters or council residents). This information should be sent over Kiteworks, a secure third party file transfer site or via another secure data transfer method agreed between us and you, and not over the Platform.
In most cases, it will be possible for us to provide our services using only anonymised information, or information which has been pseudonymised (i.e. identifying elements have been replaced with pseudonyms). It is your responsibility to anonymise or pseudonymise datasets before sending them to us, and we strongly recommend that you do so.
Where you do send us third party personal information in relation to the Eval Plan services, it is your responsibility to ensure that you are lawfully able to disclose the information to us for the purposes of us providing the Eval Plan services. Your organisation will remain the data controller of that information, which we will process as a data processor.
How do we use your personal information?
Generally, we use your personal information to create your customer account, to communicate with you, to carry out our obligations and exercise our rights in relation to any contract for Eval Plan services, to provide you with the Eval Plan services and to contact you regarding changes or updates to the services we provide.
We will only use your information in accordance with this Policy and an appropriate lawful basis under data protection law, which will normally be our legitimate interests as a business, except where where we are required or authorised by law to use or disclose your information to others, or where we have your consent to do so. Some more detailed information about the above activities is listed below.
1. To provide our services to you and manage our contract with you
We need to contact you to provide the Eval Plan services, and will keep records of all our current clients, as well as our past clients for an appropriate period of time.
2. To improve our services to you and the features of the Platform
We internally perform statistical and other analysis on information we collect on the Platform (including usage data, device data, referral data and question and response data) to understand how customers use our services, and to monitor, troubleshoot and improve our services, including to help us evaluate or devise new features.
We may also use your information:
(i) for internal purposes designed to keep our services secure and operational, such as for troubleshooting and testing purposes, and for service improvement and research and development purposes; or
(ii) for our internal purposes to create and provide new services, features or content.
3. To contact you about your account.
We occasionally send you communications of a contract or service related nature (e.g. service announcements, invoicing or invoice queries, changes to our services or policies, a welcome email when you first register).
Who else do we provide your personal information to?
We may provide your information to:
Our service providers: who process information on our behalf to help deliver the Platform, for example hosting services, file transfer sites and email service providers;
We take steps to ensure that third parties who have access to your personal information treat it with the same consideration that we do. For more information on where these organisations may be located see below.
Legal enforcement bodies: We may from time to time be required to disclose information about you to law enforcement bodies, agencies or third parties under a legal requirement or court order. We act responsibly and take account of your interests when responding to any such requests.
Our group companies: We may from time to time disclose information about you to a member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.
Future third party acquirers: In the event that we sell or buy any business or assets, in which case we will disclose your personal data to the prospective seller or buyer of such business or assets. If BIT or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
You understand that we may disclose or share personal information with third parties as outlined above. If you are concerned about these arrangements, you should not use the Platform.
No sale of personal data. BIT and you hereby acknowledge and agree that in no event shall the transfer of personal data constitute a sale of data, and that nothing in the terms shall be construed as providing for the sale of personal data.
How long do we keep your personal information for?
We keep your personal information for as long as required to deliver our services to you, where relevant, to manage and improve our services to you, and in accordance with legal, tax and accounting requirements.
Where your information is no longer required, we will ensure it is disposed of in a secure manner and, where required by applicable law we will notify you when such information has been disposed of.
Keeping your information
secure We are committed to handling your personal information and data with integrity and care and invest appropriate resources to protect your personal information, from loss, misuse, unauthorised access, modification or disclosure. However, no internet-based platform can be 100% secure and so there is always a risk of unauthorised or unintended access to your personal data by third parties that is beyond our control.
Storage and transfer of your personal data
Your information may be transferred to, stored at or processed by, organisations located in other countries around the world. For example, to allow the processing of payment details you provide or the provision of support services to help us deliver the Platform. By submitting your personal data, you agree to this transfer, storing or processing.
As privacy laws in other countries may not be equivalent to those in your home country, we only make arrangements to transfer data overseas where we are satisfied that adequate levels of protection are in place to protect any information held in that country or that the service provider acts at all times in compliance with applicable privacy laws. Where required under applicable laws we will take measures to ensure that personal information handled in other countries will receive at least the same level of protection as it is given in your home country.
Updating your account and preferences
If you register a user account with us please do keep your details up to date and notify us of any changes to the personal information. You can do this through your account login.
Your rights to your information
You may have certain rights under applicable data protection laws. Where these are available to you, you may be able to:
(i) request a copy of your personal information from us, together with details about how we use that information;
(i) if you think any of the personal information we hold about you is inaccurate, request it is corrected;
(ii) request that personal information be erased; and
(iii) object to our processing of personal information
If you want to take any of the above actions, or exercise any other rights which you believe are available to you, please write to Privacy, Eval Plan, 4 Matthew Parker Street, London, SW1H 9NP and we will endeavour to respond to your request within the required timeframe.
In certain circumstances (for example where required or permitted by law) we might not be able to comply with your request. If this is the case we’ll tell you the reasons why.
We keep this Policy under regular review and may update it from time to time but if we do this we will publish the changes on the Platform. So please check this policy regularly for changes. If you do not accept the amended Policy, please stop using the Platform.
Any Questions – Contact us!
If you have any questions about this Policy, or would like to exercise your rights with respect to your personal information, please contact us by emailing firstname.lastname@example.org.
Date: January 2022