Privacy Policy

This policy is provided by ParaCode Ltd, Unit 8, The Long Yard, Ermin Street, Shefford Woodlands, Hungerford RG17 7EH.

ParaCode Ltd (ParaCode) believes in the importance of protecting personal information from misuse and is committed to upholding the principals of the GDPR legislation.

This policy set out details of ParaCode’s privacy policy under the terms of the GDPR legislation, effective from 25^th May 2018.

Your rights as an individual with regard to the protection of your personal details are defined on the ICO website here.

Data controller

ParaCode acts as a data controller (as defined by GDPR) for the purposes of handling the personal details of our website users, enquiries, customers and employees.

Website Users

Our website uses cookies in line with our cookie policy .

Like many website, we use Google Analytics to view statistical information about the usage of our site. This does not provide us with any personally identifiable information.

We don’t retain any other information for regular web users nor do we undertake any automated profiling of web users to affect the content that we provide.

Enquiries

If you are a potential customer of ParaCode and provide your data in connection with an enquiry about using our services then we ask you to give Consent to hold your personal information, which gives us a lawful basis to store your details in our GDPR-Compliant CRM system. We are not able to service any enquiry unless we have this consent.

The information we request via our website and telephone is first name, last name, email address, telephone number and company name. If you also consent to our contacting you subsequently then, from time to time, we may contact you by post, email and telephone with information about offers, our activities and services.

Customers

If you are a customer of ParaCode then our lawful basis for holding your details is our Legitimate Interest arising as a result of our contract with you, which requires us to hold and process certain personal information to carry out whatever services you have contracted us to deliver. As part of our business as usual processes we will hold your details in our CRM & Support systems, our job tracking and accounting systems (see below). We may contact you by post, telephone and email in connection with the work that we are doing for you.

Employees

ParaCode employee details are also held in our HR system on the basis of our employment Contract.

Your Rights

You have several rights under the data privacy legislation, This includes under certain circumstance, the right to:

• Request access to your personal data
• Request correction of your personal data
• Request erasure of your personal data
• Request restriction of processing of your personal data
• Request the transfer of your personal data
• Object to processing of your personal data
• Request human intervention for automated decision making

If you wish to exercise any of these rights please email us at [email protected].

Request access to your personal data

You have the right to obtain a copy of the personal data we hold about you and certain information relating to our processing of your personal data.

Request correction of your personal data

You are entitled to have your personal data corrected if it is inaccurate or incomplete.

Request erasure of your personal data

This enables you to request that ParaCode deletes your personal data, where there is no good reason for us continuing to process it. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.

Request restriction of processing of your personal data

You have a right to ask ParaCode to suspend the processing of your personal data in certain scenarios, for example if you want us to establish the accuracy of the data, or you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it. Where processing is restricted, we are allowed to retain sufficient information about you to ensure that the restriction is respected in future.

Request the transfer of your personal data

You have the right to obtain a digital copy of your personal data or request the transfer of your personal data to another company. Please note though that this right only applies to automated data which you initially provided consent for us to use or where we used the data to perform a contract with you.

Object to processing of your personal data

You have the right to object to the processing of your personal data where we believe we have a legitimate interest in processing it (as explained above). You also have the right to object to our processing of your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your data which override your rights and freedoms.

Request human intervention for automated decision making and profiling

You have the right to request human intervention where we are carrying out automated decision making when processing your personal data. This form of processing is permitted where it is necessary as part of our contract with you, providing that appropriate safeguards are in place or your explicit consent has been obtained.

We will try to respond to all legitimate requests within one month. Occasionally, it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated. We may need to request specific information from you to help us confirm your identity and ensure your right to exercise any of the above rights. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.

Right to lodge a complaint

If you have any concerns or complaints regarding the way in which we process your data, please email us directly at [email protected]. You also have the right to make a complaint to the ICO (the data protection regulator in the UK). We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please do contact us in the first instance.

Sensitive Data

ParaCode Ltd will not collect data relating to minors as defined under UK law. Minors are not permitted to use the services of ParaCode including its website, paracode.net.

Data Retention

ParaCode will retain personal information for as long as you are a customer of ParaCode Ltd.

After you cease to be a customer, we may keep your data for up to 10 years in order to:

• To respond to any questions or complaints.
• To comply with legal requirements.

Data processor

ParaCode acts as a data processor (as defined in GDPR) for the purposes of the following services that we provide to our customers. Our Lawful basis for this type of activity is our Legitimate Interest arising from your contracting ParaCode Ltd to provide:

Web site & application hosting – ParaCode provides hosting for websites and applications that we build. In most cases our customers are acting as Data Controllers, using our services to store personal details on whatever lawful basis they have asserted. Storage of these personal details are  outsourced to one of our GDPR-compliant sub-processors listed below. Information that is held within these sites is processed within the terms of our Data Processing Addendum and managed under our GDPR-compliant processes for the purposes of the services that we are contracted to provide, which include storing, analysing, backing-up and transmitting data.

Website & application development, maintenance & testing – ParaCode holds customer’s data for the purposes of fulfilling our role as software developer, tester and support provider of their systems. Information that is held with these system and processed within the terms of our Data Processing Addendum and managed under our GDPR-compliant processes. This includes converting data from one system format to another, importing data into a system, investigating faults, and testing solutions.

We act as data processors under the terms of our Data Processing Addendum.

ParaCode has implemented robust policies to ensure the security of all personal data that falls under its stewardship as a data processor, including encryption, anonymisation, redaction and timely destruction, which will be used wherever appropriate.

Any requests made by data subjects regarding data that we hold in our capacity as data processor will be referred to the relevant data controller for action.

Data Retention

As a data processor, we will only retain data for as long as we are required to do so and by default will destroy all customer data with 90 days of termination of our contract to provide hosting, development or support services.

We will also delete or retain any specific data upon request by the relevant data controller.

Disclosure to 3rd parties

ParaCode does not provide personal details to any 3^rd party other than:

• to sub-processors (as defined by GDPR) for the purposes of carrying on ParaCode’s business in pursuit of the lawful basis set out below,
• when reasonably required to do so to comply with any law,
• to a 3^rdparty in the event that the business or part of the business is purchased. In this event your details may be transferred to the purchaser as an asset forming part of the sale.

Sub-processors

All data that ParaCode stores is held in GDPR-compliant, EU-based datacentres.

Following is a list of sub-processors that ParaCode uses in the execution of its business:

• WPEngine
• Digital Ocean
• Memset
• ZOHO (CRM & Support system)
• Mailchimp
• HR Software
• Quickbooks
• Microsoft (Office 365)
• Google (Analytics)

ParaCode Ltd may update this list from time to time as our systems and operations evolve and inform you accordingly.

Security

We have put in place appropriate security procedures for implementing the policies described above and for safeguarding the personal data we collect. However, the secure transmission of information via the internet is outside our control and cannot be guaranteed. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our website; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

We follow generally accepted standards to protect the personal data submitted to us, both during transmission and once it is received.

Data Protection Officer

The CEO of ParaCode holds responsibility for data protection compliance.

Amendments

From time to time we may update this policy by publishing a new version on our website.

You should check this page occasionally to ensure you are happy with any changes to this policy.

We may notify you of changes to this policy by email.