- Who are we?
- What is personal data?
- When will we process your data?
- When do we collect your data?
- What data do we collect?
- How do we use your data?
- Who do we share data with?
- What security measures do we take to protect your data?
- What will happen if you choose not to share your data with us?
- How long will we keep your data?
- What rights do you have?
- How can you get a copy of your data?
- How will we keep you up to date on changes to this policy?
- How can you contact us or make a complaint?
1. Who are we?
We are Vortex Commerce (“Vortex”, “we”, or “us”). We are the controller of the personal data collected.
About our Data Protection Officer
All data protection inquiries will be directed to an internally nominated Data Protection Officer. In order to ensure that the role of Data Protection Officer at Vortex can effectively monitor internal compliance, they will:
- Receive professional training in order to develop expert knowledge of data protection;
- Report directly to our highest level of management and be given the independence to perform their duties;
- Be involved in all issues relating to the protection of personal data;
- Not be penalised for performing their duties; and
- Not perform other duties that may result in a conflict of interests with their role as a Data Protection Officer.
The duties of our Data Protection Officer include:
- Monitoring compliance with GDPR and other data protection laws, and our data protection policies;
- Ensuring that our employees have sufficient awareness of data protection;
- Advising and informing us about our data protection obligations;
- Making or confirming decisions regarding the lawful basis under which we control or process personal data; and
- Understanding the risk associated with data processing.
Our Data Protection Officer is easily accessible as a point of contact for employees, individuals and the Information Commissioner’s office using one of the contact methods described in (14) How can you contact us or make a complaint?
2. What is personal data?
Personal data (“personal information”, or “your data”) can be any information relating to an identified or identifiable person. In other words, it can be any information that could allow us to identify you both directly and indirectly (like, for example: your name, email address, IP address or billing address).
3. When will we process your data?
We will only use and process your personal data if we have one of the following reasons for doing so:
- As a contractual or pre-contractual requirement (for example: to provide you with a quote);
- It is our legal duty (for example: for bookkeeping);
- It is in our legitimate interest (for example: to understand who visits our website); or
- You consent to it (for example: when you subscribe to our newsletter)
4. When do we collect your data?
We collect personal data about you when you use our website or our services, including in the following situations:
- When you use our website contact form;
- When you call use to inquire about our services; or
- When you enter a contract with us.
5. What personal data do we collect?
When you contact us using our website contact form, call us, or enter a support or production contract with us, we collect the personal data that you explicitly provide to us:
- Email address; and
- Phone number.
6. How do we use your data?
We may use your personal data to:
- Further our relationship with you;
- Process, evaluate and respond to your requests and inquiries;
- Fulfil support and development contracts with you;
- Determine the effectiveness of our marketing and advertising;
- Learn about who visits our website; or
- Comply with legal requirements.
If you have consented for us to do so, we may also use your personal data to communicate with you about our services or relevant, related opportunities.
We will not use your personal data for any other purpose than for the reason that it was originally collected.
Cookies are bits of text that are placed on your computer’s hard drive or mobile device when you visit certain websites. Cookie technology holds information a site may need to personalise a visitor’s experience. Cookies may also be used for security purposes and to gather website statistical data, such as which pages are visited, what is downloaded, and the paths taken by visitors to our website as they move from page to page.
You may opt out of Google Analytics by visiting https://tools.google.com/dlpage/gaoptout?hl+en=GB.
7. Who do we share your data with?
We do not sell or otherwise disclose personal data we collect about you, except as described in this policy or otherwise disclose to you at the time the data is collected.
To be able to provide you with high quality services, we will sometimes share your personal data with other organisations. We will only do so if our partners can demonstrate the same high level of security we provide ourselves, and can ensure that they comply with data protection regulations.
We may share your personal data with the following partners:
- Our sister companies, CoreFinity and Eralis;
- Software-as-a-Service providers that we use to operate our business (for example: cloud-based CRM, ticketing and project management providers);
- Advertising partners that we use to understand and improve the effectiveness of our marketing (for example: Google and Facebook); and
- Data security partners that we use to ensure we are lawfully processing personal data controlled by our clients
We may also disclose personal information about you under the following circumstances:
- If we are required to do so by law, regulation or legal process;
- In response to requests by government agencies, such as law enforcement authorities; or
- When we believe disclosure is necessary or appropriate to prevent physical harm or financial loss or in connection with an investigation of suspected or actual illegal activity.
We will transfer any personal data we have about you in the event that we sell or transfer all or a portion of our business or assets (including in the event of a reorganisation, dissolution or liquidation).
8. What security measures do we take to protect your data?
We maintain administrative, technical and physical safeguards designed to protect the personal information you provide against accidental, unlawful or unauthorised destruction, loss, alteration, access, disclosure or use.
We have an internal data protection process to ensure that data controls are understood, updated and enforced. To request specific information about our data protection process please contact our Data Protection Officer using one of the contact methods described in (14) How can you contact us or make a complaint?
9. What will happen if you choose not to share your data with us?
We may need to collect personal data to be able to fulfil our legal obligations or fulfil the terms of a contract we have with you or to be able to provide you with services. If you choose not to give us this data, it may prevent us from meeting our obligations. It may also mean that we cannot provide you with services. Any data collection that is optional will be clearly indicated as such at the point of collection.
You may opt out of Google Analytics by visiting https://tools.google.com/dlpage/gaoptout?hl+en=GB.
10. How long will we keep your data?
We will keep your personal data for as long as you are a client of Vortex. We will delete all data that is no longer necessary after a reasonable period. For example, contact data for previous or prospective clients will be deleted after a period of two years unless contact is renewed within that period. We will also keep it for longer if we cannot delete it for legal or regulatory reasons.
We may keep your data for longer for research or statistical purposes. If we do, we will make sure your information is anonymised and non-traceable to you as a person.
We will also delete or provide a copy of your personal data on request.
11. What rights do you have?
You have certain rights regarding the personal data we collect about you and how we use that information or use it to communicate with you.
To enforce your rights you can contact our Data Protection Officer using using one of the contact methods described in (15) How can you contact us or make a complaint?
We will do our best to answer your request in a timely manner but please note that it may take up to one week for us to respond. Please note that if we cannot identify and guarantee who you are, we might as you to provide us with additional information. We will not act on any of your rights if we are unable to verify that you are the rightful owner.
Right to rectification
You can request that we update inaccurate or incomplete personal data that we have collected. We will respond to let you know that your data has been updated within one calendar month.
Right to erasure
You can request that we erase personal data related to you. We will erase your data upon request provided that it is no longer necessary for the purpose for which it was collected or we have a legal obligation to store that personal information.
Right to restrict processing
You can ask us to restrict our processing of your personal data if you contest the accuracy of the data, if the processing is unlawful but you do still not want us to erase the data, if the data is no longer needed to fulfil the purpose it was collected for, or you have informed us that you do not consider us to have a legitimate interest for certain processing.
Right to object
You can object to the processing of your personal data on grounds related to your particular situation. Please note that if you object to us processing your personal data, it may restrict the services or the effectiveness of the services that we can provide to you.
You can unsubscribe to newsletters you have previously opted-in to by following the instructions in the footer of the newsletter you receive.
12. How can you get a copy of your data?
You can request a copy of the personal data collected by Vortex by contacting our Data Protection Officer using using one of the contact methods described in (14) How can you contact us or make a complaint?
In order to ensure that we clearly understand your request, please make it clear that you are making a “Subject Access Request” under your Right of Access.
If you request access to personal data that is being processed automatically and that data is in accordance with a contract between you and Vortex, or based on your consent, you may request that the data is provided in a structured, commonly used and machine-readable format and you may also request that the personal data is transmitted to another controller, if this is technically feasible.
13. How will we keep you up to date on changes to this policy?
14. How can you contact us or make a complaint?
If you have any questions or want to know more about how we use your personal data, please contact us by completing our contact form using the subject “Request User Data”.
If you would like to contact us about your personal data using our physical address, please write to:
113 The Headrow
15. Where can you get further information?
Information about the privacy rights of EU residents can be found on: https://www.eugdpr.org.