Idox Group Privacy Statement
Introduction
Welcome to Idox Group’s privacy policy.
We respect your privacy and are committed to protecting your personal data. This privacy policy will inform you as to how we process your personal data through your use of this website, including any data you may provide through this website when you sign up to our marketing communications. We will also tell you about your privacy rights and how the law protects you.
Idox’s processing of personal data is in accordance with the UK General Data Protection Regulation (“UK GDPR”). In this policy, “Data Protection Legislation” refers to the UK GDPR, and the Data Protection Act 2018 to the extent that it relates to the processing of personal data and privacy and all applicable privacy laws.
1. Who we are
Idox Group is made up of different legal entities, details of which can be found here. This privacy policy is issued on behalf of the Idox Group, so when we mention Idox, “we”, “us” or “our” in this privacy policy, we are referring to the relevant company in the Idox Group responsible for processing your data.
Throughout this Privacy Policy we’ll refer to our corporate website and any other Idox brand websites or subdomains and country-level domain variants that link to this Privacy Policy collectively as our “Site”.
2. The data we collect about you
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
- Identity data including your full name, email address, personal and work address, telephone number, job title, place of employment and business address;
- Technical data including details of your visits to our Site and the resources that you access, including, but not limited to, traffic data, location data, weblogs, IP address, operating system, access times, what browser you are using and other communication data;
- Usage data including about how you use our Site and products;
- Profile data including your username and password, interest, preferences, and feedback responses; and
- Marketing data including your preferences in receiving marketing communication from us and our third parties and your communication preferences.
We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences. This Site is not intended for children, and we do not knowingly collect data relating to children.
3. How your personal data is collected
We use different methods to collect data from and about you including through:
Direct interactions. You may give us your contact by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:
- create an account on our Site;
- register for events and webinars;
- subscribe to our service or publications;
- request marketing to be sent to you;
- enter a competition, promotion, or survey; or
- give us feedback or contact us.
Automated technologies or interactions. As you interact with our Site, we will automatically collect technical data about your equipment, browsing actions and patterns. We collect this personal data by using cookies and other similar technologies. Please see our cookie policy for further details.
Third parties or publicly available sources. We will receive personal data about you from various third parties and public sources as set out below:
- third party providers such as Oscar Research, Wilmington Healthcare, Slintel and Harte Hanks;
- analytics providers, such as Google Analytics; and
- identity and contact data from publicly available sources such as Companies House, the Electoral Register, the website of your business or LinkedIn.
This data will be used in accordance with the provider’s data privacy policy. All email communications using third party data will reference the data source and provide a link to that provider’s policy/ transparency policy.
4. How we use your personal information
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
- Where we need to perform the contract, we are about to enter into or have entered into with you;
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests; and
- Where we need to comply with a legal obligation.
We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so.
Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground, we are relying on to process your personal data where more than one ground has been set out in the table below.
| Purpose/Activity | Lawful basis for processing including basis of legitimate interest |
|
To communicate with you about:
|
Necessary for our legitimate interests (to study how customers use our products/services, to develop them and grow our business). |
| Registration, authentication and administration of user accounts. | Performance of a contract with you. |
| To send you newsletters which provides you with information about current trends and event highlights in the IT industry, special offers, new products, services and important dates for IT decision-makers. | You have consented to receive such newsletters; or Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy). |
| Notifying you about changes to our terms or privacy policy. | Necessary to comply with a legal obligation. |
| To enable you to participate in a prize draw, competition or complete a survey. | Necessary for our legitimate interests (to study how customers use our products/services, to develop them and grow our business). |
| To administer and protect our business and this Site (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data). | Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise). |
| To use data analytics to improve our Site, products/services, marketing, customer relationships and experiences. | Necessary for our legitimate interests (to define types of customers for our products and services, to keep our Site updated and relevant, to develop our business and to inform our marketing strategy). |
| To make suggestions and recommendations to you about goods or services that may be of interest to you. | Necessary for our legitimate interests (to develop our products/services and grow our business). |
| Provision of demo products and services as well as trials for marketing purposes. | Necessary for our legitimate interests (to develop our products/services and grow our business). |
| Providing seminars, webinars, training sessions or other organised by Idox. | Necessary to perform our contract with you; or Necessary for our legitimate interests (to develop them and grow our business). |
5. Marketing and Promotions
Promotional marketing
We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising. We may use your personal data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you (we call this marketing).
In our email communications we may use web beacons that track your IP address (until you opt-in to receive communications you remain anonymous), to help us identify and monitor how visitors interact with our brand (e.g. website visits, content downloads, emails opened, social media engagement and which forms they’ve filled in).
We may also use tracked hyperlinks in our email broadcasts, which help us monitor which parts of our emails our audience are most interested in. We may use this data to develop future communications and promotions which we hope will be more relevant to you. The information we collect is used to help us segment our database by profiling our customers using marketing automation tools.
We use this information to identify audiences and to target future messages according to your preferences and personal experiences which enables us to deliver personalised, tailored, and targeted content and messages that match your specific wants and needs.
You will receive marketing communications from us if you have requested information from us or your company has purchased services from us and you have not opted out of receiving that marketing.
Third-party marketing
We will get your express opt-in consent before we share your personal data with any third party for marketing purposes.
Opting out
You can ask us or third parties to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or by contacting us at any time.
Events and webinars
If you attend an event run by us, we will gather personal information as part of the registration process. This information may be used to track event attendance, relay any details before, during or after the event, gather feedback, and for future communications with you, in accordance with this policy.
Cookies
You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly. For more information about the cookies we use, please see here.
6. Sharing information
We may share your personal data with the following third parties for the purposes set out in the table above:
- Service providers: Trusted third party service providers contracted by us may also receive personal data in order to provide us with support in relation to IT Services, communications, hosting, data analysis, event management and archives.
- Subsidiaries and affiliates: We may share your personal data within Idox Group which includes our Idox-branded subsidiaries and/or affiliates globally, if and to the extent this is necessary for answering or otherwise complying with your requests and will be bound to maintain that personal data in accordance with this Privacy Policy.
- Business transfers: As we develop our business, we might sell or buy businesses or assets. In the event of a corporate sale, merger, reorganisation, dissolution or similar event, personal data may be part of the transferred assets. You acknowledge and agree that any successor to or acquirer of Idox (or its assets) will continue to have the right to use your personal data and other information in accordance with the terms of this Privacy Policy.
- Professional advisors: These include lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services; and
- Regulators: These include the ICO, HMRC and other authorities based who require reporting of processing activities in certain circumstances.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
7. International transfers
All personal information collected from you is stored on servers in the United Kingdom and other countries within the European Economic Area (“EEA”).
With regards to our Engineering Information Management customers (only), your personal information may be transferred outside of the EEA and stored on servers in the US. It may also be processed by staff operating outside the EEA who work for us or a member of Idox Group.
We may transfer your personal data to third countries (e.g. countries that require additional safeguards by applicable data protection regulations) only and insofar as this is necessary or required for the fulfilment of the purposes described in this privacy statement, there is a legal basis for the data transfer and appropriate data transfer mechanisms are implemented.
Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the UK.
8. Data security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
9. Data Retention
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
Data, which is no longer required, will be deleted, provided that there are no legal storage and documentation obligations that would require a longer retention.
10. Your privacy rights
You can exercise any of your rights by contacting us at [email protected] or by post to Data Protection Officer, Idox Software Ltd, Unit 5, Woking 8, Forsyth Road, Woking, Surrey, GU21 5SB, UK.
Any requests received by us will be considered under applicable data protection legislation. If you remain dissatisfied, you have a right to raise a complaint with the Information Commissioner’s Office at ico.org.uk.
| Right to be informed | This Privacy Notice informs you about the collection and use of your personal information. |
| Right to access | You have a right to request access to the personal information that we hold about you by making a “subject access request”. |
| Right of rectification | If you believe that any of the personal information that we hold about you is inaccurate or incomplete, you have a right to request that we correct or complete that personal information. |
| Right of erasure | If you wish us to delete the personal information that we hold about you, you may request that we do so in certain circumstances. |
| Right to restrict processing | You have a right to request that we restrict the processing of the personal information that we hold about you for specific purposes. |
| Right to object | You have a right to object to us processing your personal information in certain circumstances. |
| Right to portability | You have a right to obtain and reuse the personal information that we hold about you for your own purposes in certain circumstances. |
| Rights related to automated decision-making | Where we undertake any automated decision-making and profiling, you have certain rights in relation to such processing. |
11. Links to other sites
This site contains links to other sites. We do not control the information collection of sites that can be reached through links from our sites. If you have questions about the data collection procedures of linked sites, please contact those organisations directly.
12. Changes to this statement
We may change this Privacy Statement from time to time. If we make any changes, we will post these on this page and change the “Last Updated” date. We encourage you to check this Privacy Statement frequently to stay informed of the latest modifications.
Policy Statement Version: 1.6
Previously updated: 13 March 2023
Last updated: 1 August 2023