Last updated 11 August 2020
The EU General Data Protection Regulation (GDPR), which was enforceable from 25th May 2018, provides new rights to individuals and requires organisations to provide information about their processing in a clear and transparent way. We have published this Privacy Notice to take into account new requirements and to explain how we collect, store and use personal data.
This Notice applies to the personal data collected by Appvia Ltd. of; website visitors, clients/customers, business partners, job applicants, and individuals associated with employees and consultants. Differing types of data will be collected, processed and stored depending on your relationship to us.
If you provide data of others (such as family members), please ensure that they are notified of the relevant content of this Notice.
If you are aware or become aware of anyone under the age of 13 that has provided Appvia with their personal data, please notify the Company immediately so that appropriate action can be taken.
Note: When we refer to “we,'' “us” or “our” in this Notice we mean Appvia Ltd. registered at Ground Floor, Cap House, 9 - 12 Long Lane, London, EC1A 9HA.
What Data is collected, how it is collected, and where it is stored
The Company collects a range of information about you including; name, telephone number, email address, company name, role, company size and GitHub ID. In addition, for those that show interest in working with us, we also ask for their level of knowledge and skill in certain IT software. The Company collects this information when you have provided your contact details to us when requesting information about our products, services, news updates, to work with us, or for an Appvia demo.
Data can either be collected by telephone, email, our online enquiry forms, or face-to-face. Appvia may also collect data from openly available public sources such as search engines or social media sites.
As a website visitor, we may collect data that your browser sends to us including; your computer's Internet Protocol (“IP”) address, the pages of our website that you visit, the date of your visit, and how long you used the website. Although Google Analytics records data such as this, none of this information personally identifies you aside from your computer's IP address, however Google do not grant us access to this.
Data is stored and processed in the third parties - Google Drive and in Salesforce, as applicable. Should you choose to contact us via email, the data you supply will be processed in the third party that we use for email, GMail.
The Company collects a small amount of personal data from business partners (individuals that work for business partner companies), mainly limited to names, telephone numbers and email addresses. We collect this information via telephone, email or from face to face meetings. In addition, sometimes we may receive personal data of individuals that work within business partner companies, from their colleagues. Data is stored and processed in Google Drive and, if we have communicated via email, in GMail also.
The Company collects a range of information about you including; your name, address and contact details, including email address and telephone number; details of your qualifications, skills, experience and employment history; information about your current level of remuneration, including benefit entitlements; whether or not you have a disability for which the Company needs to make reasonable adjustments during the recruitment process; and information about your entitlement to work in the UK. The Company may also ask you for other information if the position is subject to security clearance, to ensure you meet basic requirements before proceeding with your application.
The Company collects this information in a variety of ways. For example, data might be contained in application forms, CVs, obtained from your passport or other identity documents, or collected through interviews or other forms of assessment, including online tests.
The Company will also collect personal data about you from third parties, such as references supplied by former employers, information from employment background check providers and information from criminal records checks. The Company will seek information from third parties only once a job offer to you has been made.
Data will be stored and processed in Google Drive, a third party system for recruitment (Workable), a third party system for reference/security checking (CBS), and on other third parties that we use for email and communication (GMail and Slack as appropriate).
For full details of the privacy notice associated with job applicants and the recruitment process, please visit the privacy notice link available on our Workable careers page. It can also be found in the email sent to candidates when an application is received or in the signature of the email sent to sourced candidates when emails are sent via Workable.
Individuals associated with Employees and Consultants
We ask for the name and telephone number of an individual closely linked with the employee or consultant, which is more commonly a family member. This data is collected by email, in person or via application form, and is stored in Google Drive, the third party system used for employee and consultant data storage and processing (ClickTime), and other systems as applicable (including GMail and Slack).
In addition, one of our third parties may ask for information from employees including; name of the associated individual, relationship to the employee, home address and email address. The data is collected via their website and is stored on the third party’s system (AIG).
Why we use the Data
The Company processes your personal data as a website visitor/customer/prospective client at your request, prior to potentially entering in to a contract with you. For example, to fulfill a query, request for information (such as email updates) or services, or to request to work with us, which requires for us to identify you and be able to contact you.
The Company may also need to process your data in order to enter into a contract or agreement with you and to ensure its successful performance.
The Company has a legitimate interest in processing other data, allowing the Company to;
review our services with the aim to regularly improve them. Such as, for site visitation tracking, enabling us to track your use of our website, and to measure and monitor interaction with our newsletters, for example to understand which newsletter content is most popular with our email audience;
facilitate your attendance at one of our events or webinars;
facilitate access to one of our online courses;
record and maintain personal data of previous business partners and clients in the event that a contract may be entered into in the future;
to allow the Company to assess and confirm a business partners suitability to work with us;
in order to identify and assess any repeat custom;
to contact those clients in the future if the Company believes they are able to assist the client at a later date;
to contact you to ask if you might be interested in being a guest speaker, sponsoring one of our events or advertising on our website.
We use the data to fulfill the requirements of the contract such as the processing of invoices to ensure the business partner gets paid for the services that they provide. The Company has a legitimate interest in processing other data including; allowing both parties to deal with queries, facilitate their attendance where applicable, and assess the business partners services.
The Company needs to process data, to take steps at your request, prior to entering into a contract with you, as well as to enter into a contract with you if your application is successful.
In some cases, the Company needs to process data to ensure that it is complying with its legal obligations. For example, it is required to check a successful applicant's eligibility to work in the UK before employment starts, and it processes health information if it needs to make reasonable adjustments to the recruitment process for candidates who have a disability.
For some roles, the Company is obliged to seek information about criminal convictions and offences. Where the Company seeks this information, it does so because it is necessary for certain roles that are subject to security clearance (lawful basis - public task).
The Company has a legitimate interest in processing personal data during the recruitment process and for keeping records of the process. Processing data from job applicants allows the Company to manage the recruitment process, assess and confirm a candidate's suitability for employment, and decide to whom to offer a job. If your application is unsuccessful, the Company will keep your personal data on file for the retention period, in case there are future employment opportunities for which you may be suited.
The Company may also need to process data from job applicants to respond to and defend against legal claims.
Individuals associated to Employees and Consultants
The Company has a legitimate interest in storing emergency contact details for employees and consultants. This is data stored in order to contact the individual in the event that something happens to the employee or consultant, such as an accident or injury. The Company will use this data to notify the emergency contact with regards to what has happened, which may require their assistance.
Beneficiary data is stored with the consent of the employee, in the event that an individual needs to be contacted if an employee dies whilst working for the Company. The individual will be contacted by the third party to discuss arrangements for any payments due to the individual, in such an eventuality.
Where the Company relies on legitimate interests as a reason for processing data, it has considered whether or not those interests are overridden by the rights and freedoms of website visitors, clients/customers, business partners, job applicants, and individuals associated with employees and consultants, and has concluded that they are not.
Who has access to the Data
We will not share your personal information with any third parties for them to use for their own marketing purposes. However, we may employ third-party companies and individuals to aid our service or perform services on our behalf. These third parties have access to your data and may process or store data about you outside the European Economic Area (EEA). Further details of when the third parties are instructed is below.
We may disclose your personal data if required to do so by law.
Your information will be shared internally with employees and consultants where the individual requires the information in order to perform their role. IT staff may also have access to the data if it is necessary for the performance of their roles.
Appvia will also provide certain details to third parties where it is required in certain circumstances, such as to provide online courses.
This is dependant on the business partner however, access to your data is mainly by the HR Team and Senior Management. IT staff may also have access to the data if it is necessary for the performance of their roles.
Your information will be shared internally, including with members of the HR and recruitment team, interviewers involved in the recruitment process, managers in the business area with a vacancy, and IT staff if access to the data is necessary for the performance of their roles.
Workable, a third party system that is used for storing and processing data during the recruitment process, may also have access to this data.
Individuals associated to Employees and Consultants
Your information will be shared internally, including with members of the HR team, senior management as required, and IT staff if access to the data is necessary for the performance of their roles.
The Company may share your data with third parties that process data on its behalf, in connection with the provision of benefits (AIG). [Employees only, as applicable].
How long the Company keeps your Data
We aim to only retain data for the timeframe required to fulfil our use for the data, whilst meeting our legal obligations. Details of data retention timeframes can be found in the Records Retention Schedule.
The Company will retain your data as a website visitor/client/customer once you have visited our website or contacted us as a prospective client/customer. If you have provided us with your data for email updates for example, we will retain this information indefinitely unless you notify us that you wish for us to remove it.
The Company will hold your data on file if you have visited our website, or we have been in contact with you with regards to you being a prospective business partner. At the end of the retention period, the data will be deleted or destroyed
We will hold your data on file for the duration of your time as our business partner and thereafter. At the end of the retention period, the data will be deleted or destroyed.
If your application for employment is unsuccessful, the Company will hold your data on file for a period of time as outlined in the retention schedule. At the end of that period your data is deleted or destroyed.
If your application for employment is successful, personal data gathered during the recruitment process will be transferred as applicable. In this instance, please refer to the Privacy Notice for employees and consultants.
Individuals Associated to Employees and Consultants
Following the end of an individual's employment with the Company or the consultants services for Appvia, emergency contact details will be deleted or destroyed.
The Company may only delete the data upon request if it does not contravene legal requirements to retain the data for any reason. Any request to delete data will need to be considered based on the lawful reasoning for processing that data.
How the Company protects your Data
Appvia takes the protection and security of your data very seriously and we take appropriate steps to ensure your data is stored in a secure environment to prevent any unauthorised access.
Appvia use virus controls and access controls in the form of passwords, to protect equipment and systems from unauthorised access.
Appvia purely use cloud services, including Amazon and Google.
Appvia have a cyber essentials certificate of compliance
Appvia restricts the use of systems where data is stored, to only those that require access to the data and is not accessed except by our employees in the proper performance of their duties.
Where the Company engages third parties to process personal data on its behalf, it uses additional security measures to protect the data, wherever possible. For example, when data is sent between companies, when appropriate, additional passwords are used to protect that data from only being accessed by those that require it.
The third party Companies that we engage with have appropriate data privacy notices/data protection policies in place.
As a data subject, you have a number of rights. You can:
access and obtain a copy of your data on request;
require the Company to change incorrect or incomplete data;
require the Company to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing;
object to the processing of your data where the Company is relying on its legitimate interests as the legal ground for processing; and
ask the Company to stop processing data for a period if data is inaccurate or there is a dispute about whether or not your interests override the Company's legitimate grounds for processing data.
request that your personal data is transferred to a third party directly, in a readable format.
The rights that are available to you depend on the lawful basis by which the Company processes the specific data. If you would like to exercise any of these rights, please contact the Company on firstname.lastname@example.org .
If you believe that the Company has not complied with your data protection rights, you can complain to the Information Commissioner.
What if you do not provide Personal Data?
You are under no statutory or contractual obligation to provide data to the Company however, if you do not provide the information, the Company may not be able to process your application/request properly, or at all. Certain information, such as contact details and payment details, have to be provided to enable the Company to enter into a contract with you. If you do not provide other information, this will hinder the Company's ability to meet the conditions of that contract.
Cookies are text files which contain information about your internet usage that is held in your browser and/or on your computer’s hard drive. There are different types of cookies: some are essential for the site to operate properly, whereas others are aimed at enhancing and personalising your user experience. Cookies can help us to understand how consumers are interacting with our website, which helps us to improve our site and to deliver a better service to you.
The Appvia website uses strictly necessary cookies which are essential to enable you to move around the website and use its features such as to operate our demos. Without these cookies we cannot provide some of the basic functionalities of our website. We also use Google Analytics to track the usage of our websites. We use the data from Google Analytics to identify the number of people using our site, why they are visiting, and how they navigate through our website. We are currently reviewing our use of analytics cookies and will be updating this Notice in due course.
Links to Other Sites
The Appvia website may contain links to other sites. We have no control over these sites and assume no responsibility with regard to their content, practices or services.
Changes to our Privacy Notice
This Notice may change from time to time to take account of legislative or Company data processing changes. We encourage you to review this Notice occasionally as we will not explicitly inform you of these changes.
If you have any questions with regards to your data or the details of this Notice, please contact the company on email@example.com .