Privacy Policy - last updated 20th November 2018

This is the privacy notice of Adelante Software Ltd. In this document, "we", "our", or "us" refer to Adelante Software Ltd. 

We are registered in England and Wales, our registered company number is 4450760 of 3 Switchback Office Park, Gardner Road, Maidenhead, SL6 7RJ, England. 

In this privacy notice "our website" means https://www.adelante.co.uk/  application programming interfaces (API's) and development tools that enable third parties to integrate our payment gateway and all other software, web pages controlled by us. 


Introduction

This privacy policy is addressed to every person whose personal data comes through our software systems, whether as a result of our business as data processors or as a result of our relationship with you or your employees and associates, as our client. Specifically, that includes data received from any third-party business or organisation with whom we enter into a contract to process data and that contract does not involve any contact or communication with the data subject. 

We take seriously the protection of your privacy and confidentiality. This document will tell you how we look after the personal information we collect from you or that you provide to us. It will also tell you about your privacy rights and how the law protects you. 

Our policy complies with the Data Protection Act 2018 ("Act") incorporating the EU General Data Protection Regulation (GDPR). 

In the United Kingdom, regulation and compliance relating to personal data is managed by the Information Commissioner's Office ("ICO"). 

Except as set out below, we do not share, or sell, or disclose to a third party, any information collected through our software.


Data Protection Officer

We have appointed a data protection officer (DPO) who is responsible for overseeing questions in relation to this privacy notice. If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact us at: 

Email address: support@adelante.co.uk 

Postal address: 3 Switchback Office Park, Gardner Road, Maidenhead SL6 7RJ 

Telephone:  01628 820500


Contents

  1. Summary of the data we collect
  2. What are anonymous and aggregated data?
  3. You give your personal information to us
  4. If you do not provide the personal information we need
  5. Your payment information - data, policy and security
  6. Technical Information
  7. Third parties or publicly available sources
  8. Cookies
  9. How we use cookies
  10. Special personal information
  11. Lawful bases set out in Article 6 of the GDPR
  12. Quick guide to our use of your personal information
  13. Change of purpose
  14. Job application and employment
  15. We have a legitimate interest
  16. External third parties
  17. We have a legal obligation
  18. Third party advertising, access and links
  19. Safeguards for data transferred or processed outside the European Union
  20. Request access to your personal information ("Data Subject Access Request")
  21. Request correction of the personal information that we hold about you
  22. Request deletion of your personal information
  23. Object to processing of your personal information
  24. Request restriction of processing of your personal information
  25. Request the transfer of your personal information to you or to a third party
  26. Withdraw consent at any time where we are relying on consent to process your personal information
  27. Compliance with your data request
  28. For how long we keep your data
  29. Complaint about your privacy or data
  30. Other terms and conditions


How we collect and use your personal information.


1. Summary of the data we collect

Personal information, or personal data, means any information about an individual from which that person can be identified. 

We may collect, process, use, store and transfer different kinds of personal information about you. However, most of the personal information we process is not provided to us through our direct communication with you but passed to us as data to be processed and delivered automatically to a third party in the UK banking system. 

Identity

first name, last name, username, title, date of birth - and identifiers which you may have provided at some time.

Your contact information

billing address, delivery address, email address, telephone numbers and any other information you have given to us for a communication or meeting purpose

Your financial data

usually only bank account, merchant account and payment card details.

Transaction data

details about payments or communications to and from you and other details of products and services you have purchased from us.

Technical data

internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.

Your profile

your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses.

How you use our website

information about how you use our website, products and services.

Marketing and communications data

your preferences in receiving marketing from us; communication preferences; responses and actions in relation to your use of our services.

Return to Contents


2. What are anonymous and aggregated data?

We may aggregate anonymous data such as statistical or demographic data for any purpose. Anonymous data is data which cannot contribute to identifying an individual. Data which consists exclusively in aggregated data may be derived from your personal data but is not considered personal information in law as this data does not reveal your identity. 

That means we may aggregate your usage data to calculate the percentage of users accessing a specific page of our website or total interest in a product or service. However, if we were to combine or connect aggregated data with your personal information so that you could be identified from it in any way, we would treat the whole of the combined data as personal information and it would be used only in accordance with this privacy policy. We would not normally have any interest in doing this. 

Return to Contents


3. You give your personal information to us

If you are an individual customer for any Adelante service, or you might tell us who you are, how we can contact you and possibly some financial data by filling in forms or by corresponding with us. You probably send us this data when you: 

3.1. apply for our products or services;
3.2. create an account on our website; 
3.3. apply for a job with us; 
3.4. subscribe to our service or publications; 
3.5. request marketing to be sent to you; 
3.6. enter a competition, promotion or survey; 
3.7. post a message on our forum; 
3.8. click a box or icon to convey your choice or agreement, or disagreement or thanks; 
3.9. send us feedback.

Return to Contents


4. If you do not provide the personal information we need

It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your relationship with us. 

Where we need to collect personal information by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform that contract (for example, to provide you with services). In that case, we may have to cancel a service you have with us and we will notify you of this at the time.

Return to Contents


5. Your payment information - data, policy, and security

5.1. We store information about your means of payment when you first provide it to us. 
5.2. To protect your financial data, we keep your payment information encrypted on our servers. 
5.3. We do not keep all your payment information. That helps to: 
       5.3.1 prevent the possibility of our duplicating a transaction without a new instruction from you; 
       5.3.2 prevent any other third party from carrying out a transaction without your consent.
5.4. Access to your payment information is restricted to authorised staff only. 

Return to Contents


Information we collect through automated systems

6. Technical information

Please note that this information is not collected by us or saved by us with some particular intention. It is simply in the nature of the Internet and the software that gives us access; that somewhere in our system or in the servers used by our host or cloud provider, this data is stored. Much of it is available to us through analytics programmes, which we could use for management 

and marketing in one way or another, without associating any data with your name or other data which could identify you. 

Data of these sorts is very rarely used in connection with data which could identify you. If we did wish to use it in that way, we would have to explain our purpose to you and ask your permission specifically. 

Examples of such information are: 

6.1. the IP address from which you access our website;
6.2. the address ("URL") of the website from which you accessed our website; 
6.3. the type of browser and operating system used to visit our website; 
6.4. your geographical location, your Internet service provider and your IP address; 
6.5. Requests by your web browser to our servers for web pages and other content on our website; 
6.6. the date and time of your visit(s) to our website; 
6.7. clickstream data which reveals the activities of visitors around this website (for example the web pages you access, and products browsed). 

Such data is used to analyse trends, administer and improve our website and the services we offer, track movement through our website and gather statistical information about visits to the website

Return to Contents


7. Third parties or publicly available sources

This paragraph applies only to an Adelante service whereby we accept information directly from a person who is a client of that service. 

We may receive personal information about you from various third parties and public sources both inside and outside the EU, as follows: 

7.1. technical data from analytics providers such as Google; 
7.2. identity and contact data from Experian Identity Hub to check identity details; 
7.3. identity and contact data from data brokers or aggregators; 
7.4. identity and contact data from publicly available sources such as Companies House and the UK Electoral Register. 

Return to Contents


8. Cookies

We receive information through cookies. There are many uses for cookies. 

8.1. Cookies are small text files that are placed on your computer's hard drive by your web browser when you visit any website. They allow information gathered on one web page to be stored until it is needed for use on another, allowing a website to provide you with a personalised experience and the website owner with statistics about how you use the website so that it can be improved. 
8.2. Some cookies may last for a defined period of time, such as one day or until you close your browser. Others last indefinitely. 
8.3. Your web browser most probably allows you to delete any cookie you choose. It also should allow you to prevent or limit their use. 
8.4. When you first visit our website, we ask you whether you wish us to use cookies. If you choose not to accept them, we shall not use them for your visit except to record that you have not consented to their use for any other purpose. 
8.5. If you choose not to use cookies or you prevent their use through your browser settings, you will not be able to use all the functionality of our website. 

Return to Contents


9. How we use cookies

We are not restricted in how we use cookies. For example, it may be that some new feature we add to our range of services, requires new cookies. Here are some examples of how we use them today: 

9.1. to track how you use our website; 
9.2. to record whether you have seen specific messages we display on our website; 
9.3. to enable you to stay signed in to our website; 
9.4. to make our websites work more effectively 

Return to Contents


10. Special personal information

10.1. We do not intentionally collect any information about you which includes: details about your race or ethnicity, religious or philosophical beliefs, sex life, gender orientation, political opinions, trade union membership, information about your health and genetic and biometric data (special personal information). We do not collect any information about criminal convictions and offences. 
10.2. However, any customer of ours may send information to us which fits any of the categories listed above. Because we deal only via automated systems, we would access and identify such information only in response to some statutory or other legal authority.

Return to Contents


Legal authority for processing your personal information

11. Lawful bases set out in Article 6 of the GDPR

In order to be allowed to "process" personal information of any sort, we have to be able to justify doing so on one of six grounds. At least one of these must apply whenever we process personal information. They are: 

11.1. Contract: the processing is necessary in order to enable us to provide you with the service you want. 
11.2. Consent: you have given clear consent for us to process your personal information for a specific purpose. 
11.3. Legal obligation: the processing is necessary for us to comply with the law (not including contractual obligations). Example: tax purposes, HMRC record. 
11.4. Vital interests: the processing is necessary to protect someone's life. 
11.5. Public task: the processing is necessary for you to perform a task in the public interest or for your official functions, and the task or function has a clear basis in law. 
11.6. Legitimate interests: the processing is necessary for your legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual's personal data which overrides those legitimate interests. (This cannot apply if you are a public authority processing data to perform your official tasks.) 

Return to Contents


How we use your data in practice

12. Quick guide to our use of your personal information

We have set out below, in a table format, a description of the ways we plan to use your personal information, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate. 

Purpose

Type of data

Lawful basis for our using it

To register you as a new customer

(a) Identity
(b) Contact
(c) Financial

Performance of a contract with you

To process and deliver your order including:
(a) Manage payments, fees and charges
(b) Collect and recover money owed to us

(a) Identity
(b) Contact
(c) Financial
(d) Transaction 
(e) Marketing and Communications

(a) Performance of a contract with you
(b) Necessary for our legitimate interests (to recover debts due to us)

To manage our relationship with you which will include:
(c) Notifying you about changes to our terms or privacy policy

(a) Identity
(b) Contact
(c) Accounts
(d) Marketing and communications

(a) Performance of a contract with you
(b) Necessary to comply with a legal obligation
(c) Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services)

To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support,

(a) Identity
(b) Contact
(c) Technical

(a) Performance of a contract with you
(b) Necessary to comply with a legal obligation
(c) Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services)
(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)
(b) Necessary to comply with a legal obligation

To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support,

(a) Identity
(b) Contact
(c) Technical

(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)
(b) Necessary to comply with a legal obligation

To use data analytics to improve our website, products/services, marketing, customer relationships and experiences

(a) Technical
(b) Usage

Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and our marketing strategy)

To make suggestions and recommendations to you of services that may be of interest to you

(a) Identity
(b) Contact
(c) Technical
(d) Usage
(e) Profile

Necessary for our legitimate interests (to develop our products/services and grow our business)

Return to Contents


13. Change of purpose

13.1. We will only use your personal information for the purpose for which you gave it to us, unless we consider that we need to use it for another reason that is compatible with the original purpose. 
13.2. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. 
13.3. Please note that we process your personal information without your knowledge or consent, in compliance with the above rules, as the law allows. 

Return to Contents


14. Job application and employment

14.1. If you send us information in connection with a job application, we may keep it for up to one year in case we decide to contact you at a later date. 
14.2. If we employ you, we collect information about you and your work from time to time throughout the period of your employment. This information will be used only for purposes directly relevant to your employment. After your employment has ended, we will keep your file for six years before destroying or deleting it. 

Return to Contents


15. We have legitimate interest

We may process information on the basis there is a legitimate interest, either to you or to us, of doing so. Where we process your information on this basis, we do after having considered: 

15.1. whether the same objective could be achieved in some other way; 
15.2. whether processing (or not processing) might cause harm to you; 
15.3. whether you would expect us to process your data, and whether you would, in the round, consider it reasonable to do so. 

Examples of legitimate interest 

For example, we may process your data on this basis for: 
record-keeping to manage our business; 
responding to your messages; 
protecting and asserting the legal rights of any party; 
insuring against or obtaining professional advice that is required to manage organisational or business risk. 

Return to Contents


16. External third parties

For clarification, please understand that all our systems are automated. Our systems are designed in ways that make it impossible for us to reach out and identify data without substantial programming time and skill. 

We can obtain access to your data if you are a direct client of ours or some person whose data we acquire in the course of business other than as referred to above. 

The information below complies with the Act, and is correct, but the chance of human or machine action being taken in a way that discloses who you are, is minimal. Nonetheless, where reasonably possible, we will ask for your explicit consent to pass your data to any third party who could conceivably obtain data from it which is personal data under the Act. Here are some examples of third parties to whom we might disclose some of your data for a specific purpose, without your consent: 

16.1. other service providers who provide IT, telecoms and system administration services; 
16.2. professional advisers including lawyers, bankers, auditors and insurers based in the UK who provide consultancy, banking, legal, insurance and accounting services; 
16.3. HM Revenue & Customs, regulators and other authorities based in the UK who require reporting of processing activities in certain circumstances; 
16.4. third parties whom we may wish to deal with in connection with change to the structure or ownership of our business or organisation. No such change will affect our obligations or practice relating to your personal information. 
16.5. credit reference agencies (see below for more information); 
16.6. market research companies; 
16.7. fraud prevention and credit reference agencies to enable us to protect our rights, property, customers, or others; 
16.8. governmental organisations who have statutory or implied rights to receive such information.

Return to Contents


17. We have a legal obligation

17.1. We are subject to the law like everyone else. Sometimes, we must process your information in order to comply with a statutory obligation. 
17.2. For example, we may be required to give information to legal authorities if they so request or if they have the proper authorisation such as a search warrant or court order. This may include personal information. 

Return to Contents


Data security - "health" warning

18. Third party advertising, access and links

Every technical element of our website is accessible to a small number of third-party service providers such as Microsoft, Google, Apple and many others.  

Our website may contain links to enable you to visit other websites of interest easily. However, once you have used these links to leave our website, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question. 

That proposition also applies to our third-party advertisers, who might have been "placed" on our website either directly, or by an advertising intermediary or agent. 

What we do know is as follows: 

18.1. Our websites are hosted in the United Kingdom.
18.2. Data may be processed outside the European Union, particularly cloud-based storage and applications. 
18.3. We may also use outsourced services in countries outside the European Union from time to time in other aspects of our business. Accordingly, data obtained within the UK or any other country could be processed outside the European Union.

Return to Contents


19. Safeguards for data transferred or processed outside the European Union

We use the following safeguards, so far as they are available to us, and as appropriate. 

19.1. the data protection clauses in our contracts with data processors include transfer clauses written or approved by the ICO and we comply with a code of conduct approved by the ICO. 
19.2. the recipient of the personal data is regulated within the United States of America solely by the U.S. Department of Commerce, is certified under the EU/US Privacy Shield framework and continues to be certified for the period within which it processes the personal data.

Return to Contents


Your Legal rights

You have rights under the Act in relation to your personal information. You have the right to: 

20. Request access to your personal information ("Data Subject Access Request").

This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it. 

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made several requests. In this case, we will notify you and keep you updated.

Return to Contents


21. Request correction of the personal information that we hold about you.

 This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us. 

Return to Contents


22. Request deletion of your personal information.

 This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully, or where we are required to delete your personal information to comply with local law. If it happens that we are not able to comply with your request, we will tell you why not. 

Return to Contents


23. Object to processing of your personal information

Where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.

Return to Contents


24. Request restriction of processing of your personal information.

This enables you to ask us to suspend the processing of your personal information in the following scenarios: 

24.1. if you want us to establish the data's accuracy; 
24.2. where our use of the data is unlawful, but you do not want us to delete it; 
24.3. where you ask us to hold the data even if we no longer require it, in connection with a legal claim in which we are not involved; 
24.4. you have objected to our use of your data, but we need to verify whether we have overriding legitimate grounds to use it.

Return to Contents


25. Request the transfer of your personal information to you or to a third party.

We will provide your personal information to you, or a third party you have chosen, in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to enter into a contract with you.

Return to Contents


26. Withdraw consent at any time where we are relying on consent to process your personal information.

However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent. 

If you wish to exercise any of the rights set out above, please contact the DPO.

Return to Contents


27. Compliance with your data request

27.1. Because we work only with automated systems, we have no need to process your data in any form other than as a financial transaction. 
27.2. We will do our best to comply with any request by you. To do so, we shall require additional personal information in order to connect you to the data we hold. 
27.3. We cannot comply with a request which would breach our contractual and lawful arrangements with third parties. For example: we cannot cancel a card payment or delete it from our records. Any such requirement should be made of your own direct contractor (banker, card issuer or whatever). 
27.4. The law allows us to refuse your request if we think it is unreasonable, repetitive or excessive. If that happens, you may complain to the ICO. 

Return to Contents


Other data-related provisions

28. For how long we keep your data

28.1. To determine the appropriate retention period for personal information, we will consider: 
        28.1.1 the amount and nature of the personal information; 
        28.1.2 the potential risk of harm that any unauthorised use or disclosure may cause; 
        28.1.3 the purpose for which we process your personal information; and whether we can achieve that purpose through other means. We also consider any applicable legal requirements. 
28.2. In some circumstances we may anonymise your personal information (so that it can no longer be associated with you) for research or statistical purposes. In that case we may use this information indefinitely without further notice to you. 
28.3. Details of retention periods for different aspects of your personal data are available in our retention policy which you can request from us by contacting DPO. 

Return to Contents


29. Complaint about your privacy or data

If you are in any way dissatisfied about how we process your personal information, you have a right to lodge a complaint with the Information Commissioner's Office (ICO). This can be done at https://ico.org.uk/make-acomplaint/. We would, however, appreciate the opportunity to talk to you about your concern before you approach the ICO. 

Return to Contents


30. Other terms and conditions

You should read this policy in conjunction with our General Services terms and conditions

Return to Contents