Version: 1.0 Date of last update: 16th May 2018
|“the Company”, “Ortoo”, |
“we”, “us”, “our”
|means Ortoo Limited.|
|“Personal Data”, “Personal Information”||means data relating to a living individual who can be identified either from said data, or from that data together with any other information in the possession of the Company.|
– Customer End User’s
– Visitors to our website
– Prospective Customer End User’s
– Data Protection Act 1998
– Human Rights Act 1998
– Computer Misuse Act 1990
– International information Security Standards
– General Data Protection Regulations 2018
Personal Data That We Collect
– Our Website visitors
– Prospective and current customers
– Suppliers (service providers)
– Other 3rd parties and public sources
The information we collect via the Website may include:
Any personal details you knowingly provide us with through forms and our email, such as name, address, telephone number, etc.
In order to effectively process credit or debit card transactions it may be necessary for the bank or card processing agency to verify your personal details for authorisation outside the European Economic Area (EEA). Such information will not be transferred out of the EEA for any other purpose.
Your preferences and use of email updates, recorded by emails we send you (if you select to receive email updates on products and offers).
A string of numbers unique to your computer that is recorded by our web server when you request any page or component on the Website. This information is used to monitor your usage of the Website.
Source: Prospective and Current Customers, Suppliers and other 3rd Parties
Personal Information may be submitted to Ortoo in a number of ways. The following list is not exhaustive but covers some key sources:
1. Directly via email communication with Ortoo
2. Through information submitted by an individual’s organisation to us, that enables Ortoo to fulfil our service agreement to that organisation
3. Via social media (e.g. LinkedIn) and publicly available sources of information (articles, magazines, websites, etc.)
4. Directly to Ortoo through the course of engagement for business, for example: In the course of providing Ortoo with a service, or requesting a service from Ortoo
Ortoo’s Salesforce apps run 100% in the customer’s own SFDC instance, and Ortoo does not have access to customer data where the apps run, except when temporary access is explicitly provided to Ortoo by the customer, e.g. for support or implementation purposes. Therefore Ortoo is neither Data Processor or Data Controller of customer data when access hasn’t been provided.
In circumstances where Ortoo has been provided access to an organisation’s data by the organisation (e.g. by a Customer for application support or implementation purposes) then Ortoo is the Data Processor and the organisation is the Data Controller in all circumstances other than the retention of Personal Information by Ortoo for key contacts in the Organisation, which will be held in our CRM database for the purposes of carrying out legitimate business functions, such as billing.
Personal Information we collect from prospective and current customers, suppliers and other 3rd parties include:
– Contact Information: May include an individual’s name, contact details, title, address, and any details of their engagement with Ortoo.
Source: Publicly Available Data
For the legitimate purposes of carrying out business transactions, providing business services, and promoting the products and services that Ortoo supply, we may make use of publically available data from social media, Companies House (UK) and other legitimate public data sources.
Our website uses certain technologies to collect information about its use, distinguish between users and help us provide a good experience to visitors of our website. When you visit our website, cookies or similar technologies will be placed on your computer or other device (e.g. mobile, laptop, tablets). Some examples of the cookies we use include, but not limited to:_atuvc, _atuvs, _ga, _gid
What are cookies?
Small text files that are placed on your device (computer, phone, laptop, tablet, etc.) when you visit our website. A cookie file is stored on your device and allows us, or our third party partners to recognise you each time you revisit our website.
Cookies allow us to recognise users (where appropriate), and helps us improve the user experience. Without certain types of cookies enabled, we can’t guarantee that the website and your experience of it are as we intended it to be.
This includes where available, your IP address and pseudonymous identifiers, operating system and browser type and, depending on the cookie, also includes the reporting of statistical data about our users’ browsing actions and patterns.
Types of cookies
The length of time a cookie stays on your device depends on its type. There are two main types of cookies used by the majority of sites, including our website:
1. Session cookies Also called a transient cookie, a cookie that is erased when the user closes the Web browser. The session cookie is stored in temporary memory and is not retained after the browser is closed. Session cookies do not collect information from the user s computer.
2. Persistent cookies Also called a permanent cookie, or a stored cookie, a cookie that is stored on a user s hard drive until it expires (persistent cookies are set with expiration dates) or until the user deletes the cookie..
How you can control and delete cookies
Cookies help you get the most out of our website. You can however set up your browser to delete or refuse some or all of them, or to notify you when you are sent a cookie and therefore choose whether or not to accept it. You may also delete or refuse, some or all of the cookies, on our website at any time.
How We Use Personal Data We Collect
We use this information to communicate with individuals, e.g. respond to queries submitted by the named user, or their organisation on their behalf, and to continue a dialogue with individuals in respect to service supply/delivery and after-sales service, including advising on updates and enhancement/extension options to the products or services supplied.
We may need to pass the information we collect to other companies for administrative purposes, or to supply/deliver products or services you have purchased, and/or to provide after-sales service. We may use third parties to carry out certain activities, such as processing and sorting data, monitoring how customers use the Website and issuing our e-mails for us. Third parties & associated software companies will not be allowed to use your personal information for their own purposes. In some circumstances third parties we share data with may reside outside of the European Economic Area (EEA) and therefore not be bound by the European GDPR framework.
Any personal data we do keep on record will be regularly reviewed in 12 month intervals. During those reviews any personal data we do not deem necessary to keep will be deleted and users can request that data be withdrawn or deleted at any given time. If a customer ends their contractual relationship with Ortoo Limited, then any customer data stored on our systems will be deleted within 6 months
Lastly, we occasionally post some individual details of customers as testimonials or case studies, either on our Website or via other communications and advertisements, such as social media posts and other marketing collateral and activities. Usually this is limited to names and titles, and we always obtain the consent of each individual and customer organisation prior to publishing any such information where the individual could be identified via the information.
Data Retention Policy
This section outlines the basic criteria by which we will assess the retention of Personal Data only, and applies to all business units within the Company.
1. We retain Personal Data for a period of time consistent with the original purpose of collection.
2. We will decide, on the basis of reason or law (e.g. Trade law, Tax law, Employment law or Administrative law) whether we need to keep that data for the purposes of carrying out legitimate business functions.
a. We will review data retained on an at least annual basis, to decide if it is necessary to retain based on above.
3. No customer’s end user Personal Data, for which we are the Data Processor, will be removed or destroyed for as long as the Customer remains in contract with Ortoo, or until such time that the customer (the Data Controller) asks us to remove an End User’s Personal Data.
4. No Personal Data will be removed or destroyed within any statutory period (usually up to 6 years, depending on the type of data) for which it needs to be held (unless we are requested to do so and are able to, or it is no longer required to perform a function of the business/comply with UK or EU law where applicable).
5. Non-customer, non-employee and customer Personal Data, for which we are the Data Controller (generally limited to name, role/title, work email address, and work phone number) will be retained whilst we may be actively prospecting or in communication with that individual/organisation and retained until that individual unsubscribes or requests to be removed from the system.
Any other websites which may be linked to by our website are subject to their own policy, which may differ from ours.
Your Rights (any Data Subject)
1. The right to be informed how we use your data when you supply it.
2. The right of access to the data we hold for a legitimate reason.
3. The right to rectification, if you would like for us to remove data, or amend information we hold, given that it is reasonable and we are legally able to.
4. The right to erasure of any data we hold about a data subject, but only if there is no legal, contractual or statutory reason not to.
5. The right to request that we restrict processing, such that we may store but not use your data, if we are able to comply with this request.
6. The right to data portability (only where we are the data controller for your data). This only applies to information you have given us. You have the right to ask that we transfer the information you gave us from one organisation to another, or give it to you. We can supply your data in a common and readily available format, usually CSV.
7. The right to object to processing of personal data in certain circumstances, such as direct marketing, where you may unsubscribe at any time.
8. Rights in relation to automated decision making and profiling. At present, we do not carry out any automated decision-making or profiling, but in the event that we do, this information can be provided and human intervention requested.
Any Data Subject may expect a response from Ortoo to any legitimate, reasonable request within one calendar month. You have the right to lodge a complaint with the Information Commissioners Office (ICO, https://ico.org.uk/global/contact-us/) if our response to a request is considered unreasonable.
How to Control Your Personal Data
Any individual who believes that we may hold their personal data may contact Ortoo, in writing, to request details of the data held. They may also request that their data is updated or removed from our systems or to opt out of communications from Ortoo, unless it is essential that we have their data to run services for the organisation to which they are an employee, and where Ortoo are also the Data Processor for that organisation.
Notification of Changes
Further questions regarding this Privacy Statement or any requests relating to Personal Data, please direct to Ortoo by writing to us at: firstname.lastname@example.org