This is the privacy notice of Adelante Software Ltd. In this document, "we", "our", or "us" refer to Adelante Software Ltd.
We are registered in England and Wales, our registered company number is 4450760 of 3 Switchback Office Park, Gardner Road, Maidenhead, SL6 7RJ, England.
In this privacy notice "our website" means https://www.adelante.co.uk/ application programming interfaces (API's) and development tools that enable third parties to integrate our payment gateway and all other software, web pages controlled by us.
We take seriously the protection of your privacy and confidentiality. This document will tell you how we look after the personal information we collect from you or that you provide to us. It will also tell you about your privacy rights and how the law protects you.
Our policy complies with the Data Protection Act 2018 ("Act") incorporating the EU General Data Protection Regulation (GDPR).
In the United Kingdom, regulation and compliance relating to personal data is managed by the Information Commissioner's Office ("ICO").
Except as set out below, we do not share, or sell, or disclose to a third party, any information collected through our software.
Data Protection Officer
We have appointed a data protection officer (DPO) who is responsible for overseeing questions in relation to this privacy notice. If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact us at:
Email address: email@example.com
Postal address: 3 Switchback Office Park, Gardner Road, Maidenhead SL6 7RJ
Telephone: 01628 820500
- Summary of the data we collect
- What are anonymous and aggregated data?
- You give your personal information to us
- If you do not provide the personal information we need
- Your payment information - data, policy and security
- Technical Information
- Third parties or publicly available sources
- Special personal information
- Lawful bases set out in Article 6 of the GDPR
- Quick guide to our use of your personal information
- Change of purpose
- Job application and employment
- We have a legitimate interest
- External third parties
- We have a legal obligation
- Third party advertising, access and links
- Safeguards for data transferred or processed outside the European Union
- Request access to your personal information ("Data Subject Access Request")
- Request correction of the personal information that we hold about you
- Request deletion of your personal information
- Object to processing of your personal information
- Request restriction of processing of your personal information
- Request the transfer of your personal information to you or to a third party
- Withdraw consent at any time where we are relying on consent to process your personal information
- Compliance with your data request
- For how long we keep your data
- Complaint about your privacy or data
- Other terms and conditions
How we collect and use your personal information.
1. Summary of the data we collect
Personal information, or personal data, means any information about an individual from which that person can be identified.
We may collect, process, use, store and transfer different kinds of personal information about you. However, most of the personal information we process is not provided to us through our direct communication with you but passed to us as data to be processed and delivered automatically to a third party in the UK banking system.
first name, last name, username, title, date of birth - and identifiers which you may have provided at some time.
Your contact information
billing address, delivery address, email address, telephone numbers and any other information you have given to us for a communication or meeting purpose
Your financial data
usually only bank account, merchant account and payment card details.
details about payments or communications to and from you and other details of products and services you have purchased from us.
internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses.
How you use our website
information about how you use our website, products and services.
Marketing and communications data
your preferences in receiving marketing from us; communication preferences; responses and actions in relation to your use of our services.
We may aggregate anonymous data such as statistical or demographic data for any purpose. Anonymous data is data which cannot contribute to identifying an individual. Data which consists exclusively in aggregated data may be derived from your personal data but is not considered personal information in law as this data does not reveal your identity.
If you are an individual customer for any Adelante service, or you might tell us who you are, how we can contact you and possibly some financial data by filling in forms or by corresponding with us. You probably send us this data when you:
3.1. apply for our products or services;
3.2. create an account on our website;
3.3. apply for a job with us;
3.4. subscribe to our service or publications;
3.5. request marketing to be sent to you;
3.6. enter a competition, promotion or survey;
3.7. post a message on our forum;
3.8. click a box or icon to convey your choice or agreement, or disagreement or thanks;
3.9. send us feedback.
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your relationship with us.
Where we need to collect personal information by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform that contract (for example, to provide you with services). In that case, we may have to cancel a service you have with us and we will notify you of this at the time.
5.1. We store information about your means of payment when you first provide it to us.
5.2. To protect your financial data, we keep your payment information encrypted on our servers.
5.3. We do not keep all your payment information. That helps to:
5.3.1 prevent the possibility of our duplicating a transaction without a new instruction from you;
5.3.2 prevent any other third party from carrying out a transaction without your consent.
5.4. Access to your payment information is restricted to authorised staff only.
Information we collect through automated systems
Please note that this information is not collected by us or saved by us with some particular intention. It is simply in the nature of the Internet and the software that gives us access; that somewhere in our system or in the servers used by our host or cloud provider, this data is stored. Much of it is available to us through analytics programmes, which we could use for management
and marketing in one way or another, without associating any data with your name or other data which could identify you.
Data of these sorts is very rarely used in connection with data which could identify you. If we did wish to use it in that way, we would have to explain our purpose to you and ask your permission specifically.
Examples of such information are:
6.1. the IP address from which you access our website;
6.2. the address ("URL") of the website from which you accessed our website;
6.3. the type of browser and operating system used to visit our website;
6.4. your geographical location, your Internet service provider and your IP address;
6.5. Requests by your web browser to our servers for web pages and other content on our website;
6.6. the date and time of your visit(s) to our website;
6.7. clickstream data which reveals the activities of visitors around this website (for example the web pages you access, and products browsed).
Such data is used to analyse trends, administer and improve our website and the services we offer, track movement through our website and gather statistical information about visits to the website
This paragraph applies only to an Adelante service whereby we accept information directly from a person who is a client of that service.
We may receive personal information about you from various third parties and public sources both inside and outside the EU, as follows:
7.1. technical data from analytics providers such as Google;
7.2. identity and contact data from Experian Identity Hub to check identity details;
7.3. identity and contact data from data brokers or aggregators;
7.4. identity and contact data from publicly available sources such as Companies House and the UK Electoral Register.
We receive information through cookies. There are many uses for cookies.
8.1. Cookies are small text files that are placed on your computer's hard drive by your web browser when you visit any website. They allow information gathered on one web page to be stored until it is needed for use on another, allowing a website to provide you with a personalised experience and the website owner with statistics about how you use the website so that it can be improved.
8.2. Some cookies may last for a defined period of time, such as one day or until you close your browser. Others last indefinitely.
8.3. Your web browser most probably allows you to delete any cookie you choose. It also should allow you to prevent or limit their use.
9.1. to track how you use our website;
9.2. to record whether you have seen specific messages we display on our website;
9.3. to enable you to stay signed in to our website;
9.4. to make our websites work more effectively
10.1. We do not intentionally collect any information about you which includes: details about your race or ethnicity, religious or philosophical beliefs, sex life, gender orientation, political opinions, trade union membership, information about your health and genetic and biometric data (special personal information). We do not collect any information about criminal convictions and offences.
10.2. However, any customer of ours may send information to us which fits any of the categories listed above. Because we deal only via automated systems, we would access and identify such information only in response to some statutory or other legal authority.
Legal authority for processing your personal information
In order to be allowed to "process" personal information of any sort, we have to be able to justify doing so on one of six grounds. At least one of these must apply whenever we process personal information. They are:
11.1. Contract: the processing is necessary in order to enable us to provide you with the service you want.
11.2. Consent: you have given clear consent for us to process your personal information for a specific purpose.
11.3. Legal obligation: the processing is necessary for us to comply with the law (not including contractual obligations). Example: tax purposes, HMRC record.
11.4. Vital interests: the processing is necessary to protect someone's life.
11.5. Public task: the processing is necessary for you to perform a task in the public interest or for your official functions, and the task or function has a clear basis in law.
11.6. Legitimate interests: the processing is necessary for your legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual's personal data which overrides those legitimate interests. (This cannot apply if you are a public authority processing data to perform your official tasks.)
How we use your data in practice
We have set out below, in a table format, a description of the ways we plan to use your personal information, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
Type of data
Lawful basis for our using it
To register you as a new customer
Performance of a contract with you
To process and deliver your order including:
(a) Performance of a contract with you
To manage our relationship with you which will include:
(a) Performance of a contract with you
To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support,
(a) Performance of a contract with you
To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support,
(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)
To use data analytics to improve our website, products/services, marketing, customer relationships and experiences
Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and our marketing strategy)
To make suggestions and recommendations to you of services that may be of interest to you
Necessary for our legitimate interests (to develop our products/services and grow our business)
13.1. We will only use your personal information for the purpose for which you gave it to us, unless we consider that we need to use it for another reason that is compatible with the original purpose.
13.2. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
13.3. Please note that we process your personal information without your knowledge or consent, in compliance with the above rules, as the law allows.
14.1. If you send us information in connection with a job application, we may keep it for up to one year in case we decide to contact you at a later date.
14.2. If we employ you, we collect information about you and your work from time to time throughout the period of your employment. This information will be used only for purposes directly relevant to your employment. After your employment has ended, we will keep your file for six years before destroying or deleting it.
We may process information on the basis there is a legitimate interest, either to you or to us, of doing so. Where we process your information on this basis, we do after having considered:
15.1. whether the same objective could be achieved in some other way;
15.2. whether processing (or not processing) might cause harm to you;
15.3. whether you would expect us to process your data, and whether you would, in the round, consider it reasonable to do so.
Examples of legitimate interest
For example, we may process your data on this basis for:
record-keeping to manage our business;
responding to your messages;
protecting and asserting the legal rights of any party;
insuring against or obtaining professional advice that is required to manage organisational or business risk.
For clarification, please understand that all our systems are automated. Our systems are designed in ways that make it impossible for us to reach out and identify data without substantial programming time and skill.
We can obtain access to your data if you are a direct client of ours or some person whose data we acquire in the course of business other than as referred to above.
The information below complies with the Act, and is correct, but the chance of human or machine action being taken in a way that discloses who you are, is minimal. Nonetheless, where reasonably possible, we will ask for your explicit consent to pass your data to any third party who could conceivably obtain data from it which is personal data under the Act. Here are some examples of third parties to whom we might disclose some of your data for a specific purpose, without your consent:
16.1. other service providers who provide IT, telecoms and system administration services;
16.2. professional advisers including lawyers, bankers, auditors and insurers based in the UK who provide consultancy, banking, legal, insurance and accounting services;
16.3. HM Revenue & Customs, regulators and other authorities based in the UK who require reporting of processing activities in certain circumstances;
16.4. third parties whom we may wish to deal with in connection with change to the structure or ownership of our business or organisation. No such change will affect our obligations or practice relating to your personal information.
16.5. credit reference agencies (see below for more information);
16.6. market research companies;
16.7. fraud prevention and credit reference agencies to enable us to protect our rights, property, customers, or others;
16.8. governmental organisations who have statutory or implied rights to receive such information.
17.1. We are subject to the law like everyone else. Sometimes, we must process your information in order to comply with a statutory obligation.
17.2. For example, we may be required to give information to legal authorities if they so request or if they have the proper authorisation such as a search warrant or court order. This may include personal information.
Data security - "health" warning
Every technical element of our website is accessible to a small number of third-party service providers such as Microsoft, Google, Apple and many others.
Our website may contain links to enable you to visit other websites of interest easily. However, once you have used these links to leave our website, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
That proposition also applies to our third-party advertisers, who might have been "placed" on our website either directly, or by an advertising intermediary or agent.
What we do know is as follows:
18.1. Our websites are hosted in the United Kingdom.
18.2. Data may be processed outside the European Union, particularly cloud-based storage and applications.
18.3. We may also use outsourced services in countries outside the European Union from time to time in other aspects of our business. Accordingly, data obtained within the UK or any other country could be processed outside the European Union.
We use the following safeguards, so far as they are available to us, and as appropriate.
19.1. the data protection clauses in our contracts with data processors include transfer clauses written or approved by the ICO and we comply with a code of conduct approved by the ICO.
19.2. the recipient of the personal data is regulated within the United States of America solely by the U.S. Department of Commerce, is certified under the EU/US Privacy Shield framework and continues to be certified for the period within which it processes the personal data.
Your Legal rights
You have rights under the Act in relation to your personal information. You have the right to:
This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made several requests. In this case, we will notify you and keep you updated.
This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully, or where we are required to delete your personal information to comply with local law. If it happens that we are not able to comply with your request, we will tell you why not.
Where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
This enables you to ask us to suspend the processing of your personal information in the following scenarios:
24.1. if you want us to establish the data's accuracy;
24.2. where our use of the data is unlawful, but you do not want us to delete it;
24.3. where you ask us to hold the data even if we no longer require it, in connection with a legal claim in which we are not involved;
24.4. you have objected to our use of your data, but we need to verify whether we have overriding legitimate grounds to use it.
We will provide your personal information to you, or a third party you have chosen, in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to enter into a contract with you.
26. Withdraw consent at any time where we are relying on consent to process your personal information.
However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
If you wish to exercise any of the rights set out above, please contact the DPO.
27.1. Because we work only with automated systems, we have no need to process your data in any form other than as a financial transaction.
27.2. We will do our best to comply with any request by you. To do so, we shall require additional personal information in order to connect you to the data we hold.
27.3. We cannot comply with a request which would breach our contractual and lawful arrangements with third parties. For example: we cannot cancel a card payment or delete it from our records. Any such requirement should be made of your own direct contractor (banker, card issuer or whatever).
27.4. The law allows us to refuse your request if we think it is unreasonable, repetitive or excessive. If that happens, you may complain to the ICO.
Other data-related provisions
28.1. To determine the appropriate retention period for personal information, we will consider:
28.1.1 the amount and nature of the personal information;
28.1.2 the potential risk of harm that any unauthorised use or disclosure may cause;
28.1.3 the purpose for which we process your personal information; and whether we can achieve that purpose through other means. We also consider any applicable legal requirements.
28.2. In some circumstances we may anonymise your personal information (so that it can no longer be associated with you) for research or statistical purposes. In that case we may use this information indefinitely without further notice to you.
28.3. Details of retention periods for different aspects of your personal data are available in our retention policy which you can request from us by contacting DPO.
If you are in any way dissatisfied about how we process your personal information, you have a right to lodge a complaint with the Information Commissioner's Office (ICO). This can be done at https://ico.org.uk/make-acomplaint/. We would, however, appreciate the opportunity to talk to you about your concern before you approach the ICO.
You should read this policy in conjunction with our General Services terms and conditions.