Purpose

This privacy notice provides you with information on how we collect and process your personal data when you use our website, or when you purchase our FinPlan software or another service from us. We recommend that you read the Privacy Notice carefully so that you are fully aware of how and why we are using your data. Our services and websites have not been created/intended for children and we are not attempting to collect data relating to children.

This version of the Privacy Policy has been published on 24 May 2018.

Controller

Bluecoat Software is the trading name of The Big Blue Trading Company Ltd.

If you have any questions about how we process your personal data, any general questions about the Privacy Statement or you would like to obtain a historical version of the Privacy Notice, please use the following contact details:

Data Protection Officer, Bluecoat Software, 25 St Thomas Street, Winchester, Hampshire, SO23 9HJ

Phone: 0845 226 0720

Email: [email protected]

Our website may contain links to third parties. These third-party websites may collect/share data about you. We are not responsible for the third-party websites, the way in which they process your data, or for their privacy statement(s). It is therefore recommended that you read any privacy statement once you have left our website.

The data that we collect about you

Personal data is defined as any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier. It, therefore, does not include aggregated or anonymised data, where the individual cannot be identified from the data.

We collect the following information:

• Identity Data – includes first name, last name, username, title, and gender.
• Contact Data – includes billing address, postal address, email address and telephone numbers.
• Financial Data – includes bank account and previous payment information.
• Technical Data – includes your login data, browser information, operating system, internet protocol (IP) address, and the type of device used to browse and access the website.
• Usage Data – includes information about how you use our website and other services.
• Communications/Marketing Data – includes your preferences in receiving marketing from us.
• Profile Data – includes your username and passwords, previous orders made by you, requests for support and feedback.

Using personal data

We will only use your personal data where it is legal. We will use personal data:

• To execute a contract that has been agreed with you or to propose a contract with you for our software and/or services;
• To comply with legal and/or regulatory obligations;
• If you have consented to us processing your personal data; or
• If it is necessary for our legitimate interests.

Collecting personal data

We use the following methods to collect data from and about you including through:

Direct communication – You may give us data directly by phone, email, requesting a demo on the website or another contact method.

Automated methods – Through using our website, we may automatically collect Technical Data about your equipment and browsing actions.

Third-party sources – We may receive personal data about you from various third parties and public sources, namely Companies House.

The purpose for using your personal data

The table below describes what we will use personal data for and the legal bases for doing so. If you want further information on which specific lawful bases we are using to process your personal data, please contact us. There may be instances where we will process your personal data without your consent.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

Cookies

We use cookies because it enables us to track visits to our site. This doesn’t tell us who you are or store any personal information about you. We don’t sell the information collected by cookies, nor do we disclose the information to third parties.

If you don’t want to receive cookies, you can also modify your browser so that it notifies you when cookies are sent to it or you can refuse cookies altogether. You can also delete cookies that have already been set. Please review our Cookie Policy for further information.

Marketing

If you, or the business you work for, currently receive our software and/or services then you will automatically receive our marketing communications unless you have previously opted out.

You can ask us to stop sending you marketing messages at any time by contacting us. Where you opt-out of receiving these marketing messages, we will stop sending you marketing messages. Please be advised that we will still need to process your personal data if you are a FinPlan customer for the purpose of supplying you with the software and other additional services.

Data security

We have security measures in place to ensure that there is no unauthorised access to data and to ensure that it is not disclosed. Personal data is only accessible by third parties and employees where necessary. Personal data breaches or any suspected personal data breaches will be notified to you and any applicable regulator where legally required.

Third parties

We may have to share your personal data with third parties such as:

• Lawyers and auditors;
• Companies House, HM Revenue & Customs, and regulators;
• Service providers act as processors who provide IT services.

We will ensure that all third parties are aware of the security of your personal data. The third parties will only use the data for specified purposes in accordance with our instructions.

Data retention

We will retain personal data for as long as we need to fulfill the purposes of what the data was originally collected for. Please contact us if you would like further information regarding how long personal data is retained.

Your legal rights

You have a number of rights relating to your personal data under data protection laws in certain circumstances:

• Right of access – This is your right to receive a copy of the personal data that we hold on you. You will not have to pay a fee for this, but a reasonable fee may be charged if the request is repetitive, excessive, or unfounded. Requests may also be refused on these grounds. We will try to respond to legitimate requests within one month unless it is a particularly complex request.
• Right to rectification – This is a right for you to have inaccurate personal data rectified, or completed if it is incomplete.
• Right to erasure – This is also known as ‘the right to be forgotten’ and is a right for your personal data to be erased. Please be advised that we may not always be able to comply with this request for specific legal reasons which will be notified to you when you make the request.
• Right to object – This gives you the right to object to the processing of your personal data. Please be advised that there may be legitimate grounds to process your information that override this right.
• Right to restrict processing – This is your right to request the restriction of personal data. Please be advised that there may be legitimate grounds to continue processing your personal data.
• Right to data portability – This is your right to obtain and reuse your personal data, your personal data will be provided in a structured, machine-readable format.
• Right to withdraw consent – This is applicable where we are relying on consent to process your personal data. Any processing prior to withdrawing the consent remains lawful. If you withdraw your consent, we may not be able to provide our services to you. You will be advised of this at the time. You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO). The ICO is the UK supervisory authority for data protection (www.ico.org.uk). However, we would appreciate the chance to help you with your concerns before you approach the ICO, so please contact us in the first instance.

Glossary

Legitimate interest – This is defined as us managing our business in a way that will enable you to get the best possible service and experience. Before processing data based on legitimate interests, an assessment of the impact on your rights will be made. Please contact us for further information regarding legitimate interest.

Performance of a contract – This means processing your data to enable us to comply with a contract to which you are a party or to take steps at your request before entering into any contract such as this.

Complying with a legal or regulatory obligation – This means processing your personal data where it is necessary in order for us to comply with a legal or regulatory obligation that we are subject to.