This policy (together with any other documents referred to on it) sets out the basis on which any personal data we collect from you, or that you provide to us via the marketing website at www.clixifix.com ("Website"), and the web application at https://app.clixifix.com ("The Web Application"), will be processed by us.
Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
By using the Website and The Web Application, you indicate that you consent to the collection, storage, use and disclosure of information obtained by us via this Website.
You shall obtain from Your Customers any consent required in order for us to use any data supplied by Your Customers in order for us to provide the Services to you. You may choose to do this by including a privacy statement on your site, which provides an opportunity for Your Customers to provide appropriate consents.
1. ABOUT US
This Website and the Web Application is operated by clixifix® Limited ("we / clixifix®").
We are registered in England and Wales under company number 08039614 and have our registered office at Durhamgate Suite 1, Green Lane, Spennymoor DL16 6FY.
clixifix® is committed to safeguarding and respecting your personal information and privacy. We are registered with the Information Commissioner under the Data Protection Act 1998 with registration number A1023248 and are compliant with European General Data Protection Regulation (EU 2016/679) (the “Regulation”) (GDPR).
clixifix recognizes that the European Union (“EU”) has a data protection regime established pursuant to the European General Data Protection Regulation (EU 2016/679) (the “Regulation”) (GDPR).
Among other things, the Regulation generally requires “adequate protection” for the transfer of personally identifiable information about clixifix Employees in the European Union (“EU Employee Data”) and individual contacts of clixifix third party service providers, customers, suppliers and vendors in the European Union (collectively, “Third Party Contact Data”) to clixifix operations or affiliated companies outside of the EU.
clixifix accordingly adheres to the requirements of the Regulation with respect to International Transfers of Personal Data, for both EU Employee Data and Third Party Contact Data, to clixifix operations outside of the EU.
clixifix maintains reasonable security measures to safeguard Employee and Third Party Contact Data from loss, misuse, unauthorized access, disclosure, alteration or destruction under the requirements of applicable local and international law.
clixifix also maintains reasonable procedures to help ensure that such Employee and Third Party Contact Data is reliable for its intended use, only used for the purpose it was collected, accurate, complete, current and only retained as long as the purpose requires.
clixifix may engage third parties to provide background check services (in accordance with applicable law), and storage and other processing services, including IT support (e.g., software application, development, and maintenance). Such third parties will be required to treat Employee and Third Party Contact Data solely in accordance with clixifix’s instructions, and to implement appropriate technical and organizational measures to protect the security and confidentiality of such Employee and Third Party Contact Data.
Any employee, third party service provider, customer, supplier or vendor contact in the EU who cannot resolve his or her issue directly with clixifix may contact the local data protection authority for further assistance and information.
cONFIDENTIALITY AND PERSONAL DATA;
ROLES & RESPONSIBILITIES.
We (clixifix) will at all times keep confidential all information acquired as a consequence of the Agreement in respect of You (Our Clients / Subscribers) or Your business, except for information already in the public domain or information which We (jointly clixifix and our Clients / Subscribers) are required to disclose by law, requested by any Regulator or reasonably required by Our professional advisors for the performance of their professional services.
You will at all times keep confidential all information acquired as a consequence of the Agreement in respect of Us, the Service, except for information already in the public domain or information which You are required to disclose by law, requested by any Regulator or reasonably required by Your professional advisors for the performance of their professional services.
Each of Us will comply with all applicable requirements of the General Data Protection Regulations (the GDPR).
This clause is in addition to, and does not relieve, remove or replace, a party’s obligations under the GDPR.
The parties acknowledge that for the purposes of the GDPR, We are the 'Data Processor' and the You are the 'Data Controller'.
Without prejudice to the generality of this clause, You will ensure that You have all necessary appropriate consents and notices in place to enable lawful storage and transfer of all End-User Data, including names / addresses / mobile telephone numbers and emails of Your end-users , (as applicable) as a consequence of making the Service available to Your End-Users.
To the extent that We act as Your data processor and on behalf of You, We shall, in relation to any End User Data processed in connection with the providing the Service:
i) process that End-User Data only for the Purpose and on Your instructions unless We are required by the laws of any member of the European Union or by the laws of the European Union applicable to Us to otherwise process End-User Data. Where We are relying on laws of a member of the European Union or European Union Law (Applicable Law) as the basis for processing End-User Data, We shall promptly notify the You of this before performing the processing required by the Applicable Laws unless those Applicable Laws prohibit such notice;
ii) ensure that We have in place appropriate technical and organisational measures to protect against unauthorised or unlawful processing of End-User Data and against accidental loss or destruction of, or damage to, End-User Data, appropriate to the harm that might result from the unauthorised or unlawful processing or accidental loss, destruction or damage and the nature of the data to be protected, having regard to the state of technological development;
iii) take all reasonable steps to ensure that all personnel who have access to and/or process End-User Data are legally obliged to keep the End-User Data. confidential; and
iv) not transfer any End-User Data outside of the European Economic Area unless such a transfer is on Your instruction and solely for the Purpose
v) assist you in responding to any reasonable request from a data subject (as defined in the GDPR) and in ensuring compliance with its obligations under the GDPR with respect to security, breach notifications, impact assessments and consultations with supervisory authorities or regulators;
vi) notify You without undue delay (and in any event within 36 hours) on becoming aware of a breach involving your End-User Data;
vii) at Your written direction, delete or return End-User Data and copies thereof to you on termination of the agreement unless required by law to store the End-User Data; and
viiii) maintain records and information to demonstrate its compliance with this clause .
G) You consent to Us appointing the below categories of third party processors for the purpose of providing our Services
i) Data Centre Operators for the purpose of storing the End-User Data and hosting the service.
H) We confirm that we have entered or (as the case may be) will enter with the third-party processor a written agreement incorporating terms, which are substantially similar to those, set out in this agreement.
We shall remain liable for the acts or omissions of any third-party processor, or those employed or appointed by the third party processor, appointed by Us pursuant to clauses G i).
2. INFORMATION WE MAY COLLECT FROM YOU
clixifix® collects the following information about you when you use the clixifix Web Application at https://app.clixifix.com:
• 2.1.1 information that you provide voluntarily, including but not limited to;
• (1.1.a)personal information (for example your user name, password and email address) when you or your employer registers to use the Website;
• (1.1.b) information you post when you interact via the Website (for example when you post comments on articles/ group discussions, if available);
• (1.1.c) information you provide when you contact us via the Website we may keep a record of that email or comment; and
• (1.1.d) information you provide when completing surveys for research purposes from time to time;
• 2.1.2 information transmitted by your computer when you use the Website. This may include your IP address, browser data, traffic and location data and information we receive from cookies or from our use of website analytics services.
The Marketing Web site at www.clixifix.com:
clixifix respects your privacy.
When you browse our Marketing Website, you do so anonymously. Information collected by our server regarding visits to our site, the pages viewed, average time spent, number of visitors per day, etc. is used in aggregate to monitor our site’s performance and make improvements in its content and navigation. None of this information identifies you as an individual.
Any personal contact information you enter in the site or its available application functionality, such as your name, address, phone number and e-mail address, enables us to respond to your inquiry, process your request or otherwise operate the sites functions. We do not otherwise rent, sell, nor share your personal contact information with any other company or organization, except for the purposes for which you entered the data, if required to do so by law or if disclosure is necessary to protect personal or public safety or property.
3.HOW WE MAY USE YOUR INFORMATION
We (or our agents or sub-contractors) may use information held about you in the following ways:
• 3.1.1 to process your registration to use the clixifix Web Application;
• 3.1.2 to identify you when you visit the Web application including to assist with logging you in;
• 3.1.3 to provide our services and to procure the provisions of any third party services required by or for you;
• 3.1.4 to provide our service(s) to you as a user of the Web application (including to send any newsletters/email updates), and to notify you about changes to our services/the Website;
• 3.1.5 to contact you for marketing purposes, unless you have withheld your consent for us to do so (e.g. by ticking the relevant boxes (for example on the log-in or registration form)), or if you subsequently notify us by email that you no longer wish to receive such messages;
• 3.1.6 to broadcast relevant advertising or messages to you when you access the Web application;
• 3.1.7 to monitor the pages you access on the web application to assist in providing a better service to you;
• 3.1.8 to ensure that content from the Web application is presented in the most effective manner for you and your computer;
• 3.1.9 to help diagnose problems with our systems and to administer the Web application.
• 3.1.10 for research and analysis purposes so that we can monitor and improve the services we provide to you on the web application;
• 3.1.11 to contact you to ask for your feedback and comments on our services and the web application.
clixifix® uses third party service providers and partners to provide necessary hardware, software, networking, hosting, storage and related technology and services required to run the Marketing Website and the Web application, which you acknowledge and accept.
The technical processing and transmission of services via the Marketing Website and the Web application, which may include information you provide, may be transferred un-encrypted and involve transmissions over various networks and changes to conform and adapt to the technical requires of connecting networks or devices, which you acknowledge and accept.
4. DISCLOSURE OF YOUR INFORMATION
We may disclose your personal information to third parties in the following circumstances:
• 4.1.1 for marketing purposes provided always that you have consented to us sharing such data with third parties by notifying us via the Web Application (e.g. by ticking the relevant box(es) when you register or log-in) or via other communications with us;
• 4.1.2 to service providers who manage aspects of our operations (for example third parties who provide technical services (including hosting, data storage, website administration and cloud support) to the Web application, third parties who provide financial administration services; third parties who provide any service you require);
• 4.1.3 if clixifix® or substantially all of its assets are acquired by a third party, in which case personal data held by us about users of the Web application may be transferred;
• 4.1.5 to protect the rights, property or safety of clixifix® or any other third party.
We may also pass aggregate information on the use of this Web application to third parties but this will not include information, which could be used to identify you.
5. MARKETING COMMUNICATIONS
You will only receive communications from us or third parties if you have consented to this (for example by ticking the relevant box(es) on the Web application) in any communications with us.
You have the right at any time to ask us not to use your personal data for marketing purposes.
If you do not wish to receive such communications, please contact us at [firstname.lastname@example.org] or by post to the Data Controller, clixifix® Limited, Durham Gate Suite 1, Green Lane, Spennymoor, DL16 6FY.
6. IP ADDRESSES AND COOKIES
We may collect information about your computer, including where available your IP address, operating system and browser type, for system administration and to gather aggregate information.
We may also use such aggregate information to help us and/or advertisers reach the kind of audience they want to target. This is statistical data about our users' browsing actions and patterns, and does not identify you/any individual.
7. STORAGE OF YOUR INFORMATION
Although we will try and protect your personal information, we cannot guarantee the security of your data transmitted to our Marketing Web site and Web application and any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent access by unauthorised persons and any unlawful processing, accidental loss, destruction or damage.
8. LINKS TO OTHER WEBSITES
This Marketing Web site and Web application may contain links to other websites owned and operated by third parties. These third party websites will have their own privacy policies that will govern the use of any personal information you submit whilst visiting these. We do not accept any responsibility or liability for these policies or the privacy practices of such third party websites. Please check the policies before submitting any personal information to the Marketing Web site and Web application.
Your use of third party websites is at your own risk.
9.ACCESS TO INFORMATION
We aim to keep any personal information we hold up to date, accurate and error free. Please help us to keep your information accurate and up to date by notifying us of any relevant changes in the personal data we hold about you. You can also ask us to correct any personal data we hold about you on the clixifix Web application
You have certain rights to see information we hold about you. Any request for such information may be subject to a small fee to meet our costs in providing you with such details. Please contact us if you would like further information on this.
10. Transfers Outside The EEA
Owing to the global nature of the Internet infrastructure, unless you have notified us to the contrary, the information you provide may be transferred in transit to countries outside the European Economic Area including (i) countries that have been designated by the EC as having an adequate level of protection; (ii) countries that have a bilateral Privacy shield agreement with the EU; (iii) where the transfer is necessary for the performance of a contract between us and you or for implementation of measures taken in response to a request by you (iv) to a recipient with whom we have contractual arrangements ensuring an adequate level of data protection; (v) to recipients who we have determined have an adequate level of data protection following a risk assessment taking into account factors such as the nature of the data being transferred, how the data will be used, the laws and practices of the recipient’s country and the ability of data subjects to enforce their rights and obtain redress. We will obtain consent to transfer to any recipient outside the European Economic Area that we do not consider fall within the above categories and do not have similar protections in place regarding your data and its use as set out in this policy.
In particular we use a cloud application platform and support services provided by a third party provider who (and whose servers) are based outside the EEA, (currently in the US). We take reasonable endeavours to ensure that any such third parties provide an adequate level of protection in relation to any information you provide.
Our current website service providers, include a US based hosting company Heroku Inc (more information including their privacy and security policies can be seen at www.heroku.com).
By submitting your information you consent to any such transfers of any information outside of the EEA.