ISandBOX Limited Privacy & Data Protection Policy: Updated: 24rd April 2019
1. This Policy
At ISandBOX, we take privacy and the protection of your data very seriously. This policy has been updated to ensure that we communicate, in the clearest way possible, how we treat personal information that we gather as part of doing business.
We encourage You to read this Policy carefully. It will help You make informed decisions about sharing your personal information with us. All data that we collect and process, is in line with the requirements of the GDPR.
2. Our services and your data
2.1 About Us
ISandBOX is a supplier of digital, interactive equipment and display technology, and is a developer and supplier of software products and services including online platforms, APIs and mobile applications concentrating on the digital signage and associated technologies market.
The operation of our business and the services we provide to clients involve the storage of data about the users of our systems, and data that our users upload within our software and services.
That Data can include personal information.
“Personal information” is information about an identifiable individual, and may include information such as the individual’s name, email address and what organisations and companies they work for, and digital likeness (photo).
ISandBOX does not directly collect information about or from children, and our websites are not designed for use by, or marketed to children.
2.2 Collection of your data
ISandBOX may collect personal information directly from You when You:
- Enquire about a product or service online, by phone, by email or in person.
- Register to use a service.
- Purchase a product or subscribe to use a service
- Use a software service.
- Contact the ISandBOX support team.
- Visit our Websites.
You can always choose not to provide Your personal information to ISandBOX Limited, but it may mean that we are unable to provide you with a product, service or support.
Personal Information may also be processed by ISandBOX when it is provided to us by a client in the act of their usage of our software or services, for example:
- Details of people that have signed into a venue, or expected visitors.
- Content provided for use on digital displays.
Where a 3rd party is providing your data as part of their use of one of ISandBOX’s services, it is the responsibility of the organisation entering personal data into the systems to make sure that they have a legitimate basis, or informed consent to provide that data.
2.3 Processing (using) your data
ISandBOX Ltd will process (collect, store and use) the information you provide in a manner compatible with the EU’s General Data Protection Regulation (GDPR).
The use of the data may include:
- For administration of a provided service or contract
- To contact you regarding account management and service
- To tell you about other services and products we offer that may interest you
2.4 When will ISandBOX contact me
ISandBOX will contact you:
- As required by the examples in section 2.3
- To notify you in the event of a confirmed data breach.
- To confirm a request for data subject records
2.5 Aggregation of your non-personally identifiable data
By using ISandBOX’s Services, You agree that ISandBOX can access, aggregate and use non-personally identifiable data ISandBOX has collected from You. This data will in no way identify You or any other individual. ISandBOX may use this aggregated non-personally identifiable data to:
- Aassist us to better understand how our customers are using the Service.
- Provide our customers with further information regarding the uses and benefits of the Service.
- Enhance productivity, including by creating useful insights from that aggregated data and allowing You to benchmark Your performance against that aggregated data, and Otherwise to improve the Service.
The company directors are responsible for ensuring that this notice is made available to data subjects prior to ISandBOX Limited collecting/processing their personal data.
3.2 Employees of ISandBOX
All Employees of ISandBOX Limited who interact with data subjects are responsible for ensuring that this notice is drawn to the data subject’s attention and that if the information is to be used for marketing purposes, that their consent to the processing of their data is secured directly.
We undertake not to ask irrelevant or unnecessary questions, or requests for data beyond the scope of our business activities.
3.4 Unauthorised Access
The information you provide will be subject to rigorous measures and procedures to minimise the risk of unauthorised access or disclosure.
We endeavour to store your data securely in digital form only, on-premise or in UK data centres.
3.6 Breaches of data
Should a data breach be detected, we will inform the necessary authority and affected data subjects as soon as possible.
4. Privacy Notice
4.1 Contacting ISandBOX
A Data Protection Officer (DPO) or Data Protection Representative can be contacted directly here:
Tel: 07510 8888 65 (Standard Office hours only)
4.2 Use of your data
The personal data ISandBOX may collect from you will be used for the following purposes:
- Allowing you to access our products and services (Legitimate Interest)
- Administering our services to you (Legitimate Interest)
- Fulfilling and maintaining contracts you, or your employer may have with us (Contract)
- The marketing of our other products and services to you. (Consent)
Our legal basis for the processing of your personal data includes:
Consent – the individual has given clear consent for us to process their personal data for a specific purpose.
Contract – the processing is necessary to fulfil a contract we have with either the individual or an organisation for which the individual is acting, or because they have asked us to take specific steps before entering into a contract.
Legitimate Interest – the data is necessary for administering or maintaining a service we provide, or have previously provided (such as login credentials).
ISandBOX does not sell or transfer Personal Information to third parties unless it is required as part of the service the client has requested from us and we have consent to do so, or required to do so by law.
Where consent is the legal basis for the processing of your personal data, it may be given by phone, in email or by actively selecting the option to give consent on a web page or in a mobile application or software program.
You can withdraw consent at any time by contacting us by phone, email, post or web form or by following the appropriate option on marketing emails.
4.4 Data Retention
ISandBOX Limited will process personal data for as long as required by the legitimate interest, or until consent is withdrawn and only for the retention period in line with the GDPR.
We will endeavour to keep your information accurate and up to date, and not keep it for longer than is necessary.
ISandBOX Limited is required to retain information in accordance with the law, such as information needed for income tax and audit purposes. How long certain kinds of personal data should be kept may also be governed by specific business-sector requirements and agreed practices. Personal data may be held in addition to these periods depending on individual business needs.
4.5 Your Privacy Rights
At any point while ISandBOX is in possession of or is processing your personal data, you, the data subject, have the following rights:
- Right of access – you have the right to request a copy of the information that we hold about you. ISandBOX may request suitable identification to make sure you are entitled to receive this information. See section 4.6 below.
- Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
- Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records.
- Right to restriction of processing – where certain conditions apply to have a right to restrict the processing.
- Right of portability – you have the right to have the data we hold about you transferred to another organisation.
- Right to object – you have the right to object to certain types of processing such as direct marketing.
- Right to object to automated processing , including profiling – you also have the right to be subject to the legal effects of automated processing or profiling, if the decision produces legal effects concerning you or significantly affects you in a similar way.
- Right to judicial review : if ISandBOX Limited refuses your request under rights of access, we will provide you with a reason as to why. You have the right to complain as outlined in clause 4.6 below.
All of the above requests will be forwarded on should there be a third party involved in the processing of your personal data.
In the event that you wish to make a complaint about how your personal data is being processed by ISandBOX Limited (or third parties as described), or how your complaint has been handled, you have the right to lodge a complaint directly with the supervisory authority and ISandBOX Limited’s data protection officer (DPO).
4.7 Requesting a copy of your data
ISandBOX Limited, at your request, can confirm what information we hold about you and how it is processed. If iSandboxLimited does hold personal data about you, you can request the following information:
- Identity and the contact details of the person or organisation that has determined how and why to process your data. In some cases, this will be a representative in the EU.
- Contact details of the data protection officer, where applicable.
- The purpose of the processing as well as the legal basis for processing.
- If the processing is based on the legitimate interests of ISandBOX Limited or a third party, information about those interests.
- The categories of personal data collected, stored and processed.
- Recipient(s) or categories of recipients that the data is/will be disclosed to.
- If we intend to transfer the personal data to a third country or international organisation, information about how we ensure this is done securely. The EU has approved sending personal data to some countries because they meet a minimum standard of data protection. In other cases, we will ensure there are specific measures in place to secure your information.
- How long the data will be stored.
- Details of your rights to correct, erase, restrict or object to such processing.
- Information about your right to withdraw consent at any time.
- How to lodge a complaint with the supervisory authority.
- Whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether you are obliged to provide the personal data and the possible consequences of failing to provide such data.
- The source of personal data if it wasn’t collected directly from you.
- Any details and information of automated decision making, such as profiling, and any meaningful information about the logic involved, as well as the significance and expected consequences of such processing.
In order to provide this information, we will need to verify your identify. ISandBOX Limited accepts the following forms of ID when information on your personal data is requested:
- Driving Licence
- Birth certificate