POLÍTICA DE PRIVACIDAD

We take your privacy very seriously. We also take regulatory obligations very seriously and are fully compliant with GDPR (General Data Protection Regulation), LGPD (Lei Geral de Proteção de Dados), PCI DSS (Payment Card Industry Data Security Standard) and HIPAA (Health Insurance Portability and Accountability Act).

We ask that you read this Privacy Policy carefully as it contains important information about what to expect when we collect personal information about you and how we will use your personal data.

This policy applies to information we collect about:

• Visitors to our website;
• People who register for our services and applications;
• And organisations who register for our services and applications.

We have appointed a Data Protection Officer (DPO) and designated personnel to oversee our data protection practices, ensure compliance with applicable laws, safeguard personal information, and manage data-related queries. If you have any questions or concerns about this Privacy Policy, please contact the DPO at the following email address:

[email protected]

Products and services

We collect or use the following information to provide and improve products and services for clients:

  • Names and contact details
  • Transaction data (including details about payments to and from you and details of products and services you have purchased)
  • Usage data (including information about how you interact with and use our website, products and services)
  • Information relating to compliments or complaints
  • Records of meetings and decisions
  • Account access information
  • Website user information

Customer accounts

We collect or use the following personal information for the operation of client or customer accounts:

  • Names and contact details
  • Purchase or service history
  • Account information, including registration details
  • Information used for security purposes
  • Technical data, including information about browser and operating systems

Information updates and marketing

We collect or use the following personal information for information updates or marketing purposes:

  • Names and contact details
  • Marketing preferences
  • Purchase or account history
  • Website and app user journey information
  • IP addresses

Legal Requirements

We collect or use the following personal information to comply with legal requirements:

  • Name
  • Contact information
  • Client account information
  • Other information required to comply with legal obligations

Under EU, UK and Brazilian data protection laws, we must have a “lawful basis” for collecting and using your personal information. Which lawful basis we rely on may affect your data protection rights which are set out in brief below:

  • Your right of access - You have the right to ask us for copies of your personal information. You can request other information such as details about where we get personal information from, and who we share personal information with.
  • Your right to rectification - You have the right to ask us to correct or delete personal information you think is inaccurate or incomplete. 
  • Your right to erasure - You have the right to ask us to delete your personal information.
  • Your right to restriction of processing - You have the right to ask us to limit how we can use your personal information. 
  • Your right to object to processing - You have the right to object to the processing of your personal data.
  • Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you.
  • Your right to withdraw consent – When we use consent as our lawful basis you have the right to withdraw your consent at any time.

If you make a request, we must respond to you without undue delay and in any event within one month.

To make a data protection rights request, please contact us using the contact details at the top of this privacy notice. No fee will be charged for standard requests.

Our lawful bases for the collection and use of your data

Products and services

Our lawful bases for collecting or using personal information to provide and improve products and services for clients are:

  • Contract – we have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object.
  • Legitimate interests – we’re collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability. Our legitimate interests are:
    • We collect and use personal data based on our legitimate interest to provide, maintain, and improve our products and services to our clients and customers. This includes ensuring the functionality, performance, and security of our products and services, enhancing user experience, analysing usage patterns to optimize our offerings, and developing new features that meet the evolving needs of businesses across various sectors. We process this data in a manner that is proportionate, necessary, and aligned with applicable privacy laws, including the EU GDPR, UK GDPR, and Brazil LGPD, while implementing safeguards to protect the rights and freedoms of our clients and customers.

Customer accounts

Our lawful bases for collecting or using personal information for the operation of client or customer accounts are:

  • Contract – we have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object.

Information updates and marketing

Our lawful bases for collecting or using personal information for information updates or marketing purposes are:

  • Legitimate interests – we’re collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability. Our legitimate interests are:
  • We process personal data based on our legitimate interest to provide clients and prospective clients with relevant updates about our solutions, industry insights, and marketing communications. This includes sending information about product features, improvements, promotions, and events that may benefit their organisation. We ensure that this processing is proportionate, respects clients' privacy rights, and complies fully with applicable data protection laws, including the EU GDPR, UK GDPR, and Brazil LGPD. Clients can opt out of receiving such communications at any time by following the unsubscribe instructions in our emails or by contacting us directly.

Legal requirements

Our lawful bases for collecting or using personal information to comply with legal requirements:

  • Legal obligation – we have to collect or use your information so we can comply with the law. All of your data protection rights may apply, except the right to erasure, the right to object and the right to data portability.

  • Directly from you
  • Publicly available sources
  • Providers of marketing lists and other personal information
  • Suppliers and service providers

The following outlines the types of personal data we collect, the purpose of its collection, and the duration for which it is retained. We ensure compliance with EU GDPR, UK GDPR, and Brazil LGPD by retaining personal data only for as long as necessary to fulfil the purposes for which it was collected or as required by law:

 

Type of Personal Data Purpose Retention Period
Client Contact Information To establish and maintain business relationships, provide services, and send updates and marketing. Retained for the duration of the client relationship and up to 3 years after termination unless further retention is required for legal obligations or legitimate interests.
User Account Data To provide access to the SaaS platform, manage user accounts, and ensure security. Retained for the duration of the user's account and up to 1 year after account deletion unless required for audits or dispute resolution.
Billing and Payment Information For processing payments, invoicing, and complying with financial regulations. Retained for 7 years to comply with tax and financial record-keeping obligations.
Technical Support Data To resolve user issues and improve our services. Retained for 2 years from the date of issue resolution unless further retention is needed for training or audits.
Website Analytics Data To analyse website usage, improve functionality, and enhance user experience. Retained for up to 2 years in anonymized form, where possible, or as long as necessary for analytics purposes.
Job Applicant Data For recruitment purposes and maintaining records of hiring decisions. Retained for 6 months after the recruitment process unless the applicant consents to longer retention for future opportunities.
Incident and Security Logs To detect, prevent, and respond to cybersecurity incidents and comply with legal obligations. Retained for 12 months unless further retention is required for investigation or legal reasons.

 

We use secure storage practices to safeguard personal information:

  • Encryption - Data is encrypted at rest and in transit using AES-256 and TLS protocols.
  • Access Controls - Role-based access controls (RBAC) ensure that only authorised personnel can access personal data.

We periodically review our data retention practices to ensure they comply with current legal requirements and privacy best practices. Personal data that is no longer needed is securely deleted or anonymized.

 Data processors

  • Cloud Service Providers: for cloud computing and storage, including Infrastructure-as-a-Service (IaaS) and Platform-as-a-Service (PaaS). Primarily located in the EU, UK, and other countries with adequacy decisions or equivalent safeguards under GDPR and LGPD.

    Our cloud service providers deliver essential infrastructure, storage, and computing resources that enable us to host, manage, and deliver our SaaS solutions. They provide secure and scalable environments for processing and storing client data, running applications, and ensuring service availability. Additionally, these providers may offer backup services, disaster recovery solutions, and tools to optimize performance, enabling us to maintain robust operations while safeguarding sensitive data. 

  • IT and System Maintenance Providers: for information technology and system support, including managed IT services, system integration, and software maintenance. Primarily EU and UK-based providers, or providers with robust data protection measures.

    Our IT and system maintenance providers support us by ensuring our technical infrastructure and software applications operate efficiently and securely. They help us conduct penetration testing, manage system updates, troubleshoot technical issues, and optimize performance to maintain business continuity. These providers also assist us in deploying new technologies, enhancing our system capabilities, and safeguarding our solutions against vulnerabilities.

  • Marketing and Analytics Services: for marketing technology and data analytics, including email marketing platforms, analytics tools, and campaign management systems. Primarily located in the EU, UK, and other jurisdictions compliant with international data transfer requirements.

    Our marketing and analytics service providers support us by delivering tools and expertise to plan, execute, and analyse marketing campaigns. They help collect and interpret data on customer engagement, website traffic, and campaign performance, enabling us to optimize our outreach efforts. These providers may also assist us with audience segmentation, personalized messaging, and identifying trends to improve the effectiveness of marketing strategies and enhance our market presence.

  • Payment Processing Providers: for financial technology, including payment gateways and financial transaction processors. Primarily located in the EU, UK, and countries meeting GDPR and LGPD adequacy standards.

    Our payment processing providers facilitate secure and efficient transactions between us and our clients. They handle the authorisation, processing, and settlement of payments, ensuring compliance with financial regulations and data security standards. These providers also offer fraud detection and prevention services, enabling us to manage subscription fees or service payments while safeguarding sensitive financial data.

  • Customer Support Platforms: for customer relationship management (CRM), including helpdesk software and ticketing systems. Primarily located in the EU, UK, or equivalent jurisdictions that implement stringent data protection protocols.

    Our customer support platform service providers enable us to manage and deliver efficient customer support services. They offer tools for tracking client inquiries, managing support tickets, and facilitating real-time communication through channels like chat, email, or phone. These platforms also provide analytics to monitor customer satisfaction and improve service delivery, helping us to maintain strong relationships with our clients and promptly address their needs.

    Others we share personal information with

  • Insurance companies, brokers or other intermediaries
  • Professional or legal advisors
  • Regulatory authorities
  • Organisations we’re legally obliged to share personal information with

If you have any concerns about our use of your personal data, you can make a complaint to us using the contact details at the top of this privacy notice.

If you remain unhappy with how we’ve used your data after raising a complaint with us, or if you think we have processed your personal information unfairly or unlawfully, or we have not complied with your rights under data protection laws, you have the right to complain to a national data protection regulator.

United Kingdom

In the United Kingdom, complaints about how we process your personal information can be directed to the Information Commissioner’s Office:

Information Commissioner’s Office
Wycliffe House, Water Lane, Wilmslow
Cheshire SK9 5AF

United Kingdom

Telephone: +44 0303 123 1113

E-mail: [email protected]

Website: https://www.ico.org.uk/make-a-complaint

Brasil

In Brasil, complaints about how we process your personal information can be directed to the National Data Protection Authority (ANPD):

Autoridade Nacional de Proteção de Dados (ANPD)

Setor Comercial Norte, Quadra 6, Conjunto A, 

Edifício Venâncio 3000, Bloco A, 9º Andar

CEP 70716-900 Brasília

Brazil

Telephone: +55 (61) 2025 8101

E-mail: [email protected]

Website: www.gov.br/anpd