We are Vissensa Limited, a company registered in England and Wales with company number 06562743.
If you have a data protection enquiry, you can contact us by email to firstname.lastname@example.org or by post to Data Protection Team, Castle Malwood, Minstead, Lyndhurst, SO43 7PE.
The information we process
We process the following information about you:
- a) Information you give us. This is information about you that you provide to us by filling in forms on our website or by contacting us (whether by email, post, telephone or otherwise). The information you give us might include your name, contact information and payment information. It may also include information about your job role or business.
- c) Information we receive from third parties. If you are an employee or representative of one of our suppliers or customers then your organisation might share your information with us for business purposes. The information we receive about you may include your name, contact information and job title.
Why we process your information and on what grounds
The reasons for processing your personal information depends on your relationship to us:
- a) For website visitors, we process your information using cookies for analytics purposes on the basis of your consent.
- b) For customers who are individuals, we process your information to perform the contract between us. This includes where we take pre-contractual steps.
We also process your information because we have legitimate interests in using it to efficiently operate our business, to coordinate our marketing activities and to respond to your enquiries. We also keep certain customer records because we have a legal obligation to do so.
We process customer information for marketing purposes on the basis of your consent, which we collect when you provide us with your details. You can opt out of receiving future marketing materials from us by following the ‘opt-out’ link in the marketing emails we send to you, or by contacting us.
- c) For suppliers who are individuals, we process your information to perform the contract between us, including where we take pre-contractual steps.
We also process your information because we have a legitimate interest in using it to efficiently operate our business (e.g. keeping lists of trusted suppliers, historic contracts) and to approach you with enquiries. We also keep certain supplier records because we have a legal obligation to do so.
- d) For employees and representatives of our customers and suppliers, we process your information because we have a legitimate interest in doing so in order to administer the business relationship between your organisation and us.
- e) For all other third parties, we have a legitimate interest in processing your information in order to administer our business. We may also send you marketing communications on the basis of your consent or, where we have a legitimate interest in doing so, on the basis of your soft opt-in.
- f) If you share information with us about your allergies, dietary requirements or accessibility needs
How long we keep information for
We only keep your information for as long as it reasonably takes to achieve the purpose we collected it for. Generally speaking, we keep your information for the following periods of time:
- a) For customers and their employees and representatives, for the duration of your contract with us plus 6 years from the date that contract ends. This may be extended, for example, if a dispute arises.
- b) For suppliers, and their employees and representatives, for the duration of your contract with us plus 6 years from the date the relevant contract ends. This may be extended, for example, if a dispute arises.
- c) For business records, such as financial and compliance records, for as long as we are required to do so by law. These time periods will vary depending on the type of information.
- d) Contact information on our marketing database is reviewed regularly throughout the year and outdated records are updated or removed at the same time.
Who your information is shared with
Your personal information is not shared with anyone except where we are required to do so to comply with the law, to protect our rights, or to effectively operate our business.
We may share your information with the following people or groups of people:
- a) Third party vendors of equipment and services. We share information with vendors where necessary to fulfil your order with us. This may be the case where equipment needs to be customised to your requirements or a licence needs to be entered into between your business and the vendor.
- b) Outsourced service providers. Our service providers may be granted access to your information as part of the service they provide to us. Our service providers are subject to strict contractual obligations to treat your personal information confidentially and to comply with data protection law at all times.
We may transfer personal information outside of the European Economic Area (EEA) to the following service providers. For each recipient we have identified the legal safeguard in place to ensure your information is protected:
- Google LLC for Google Analytics services. Google is certified under the EU-US Privacy Shield Framework.
- Microsoft for Microsoft SharePoint services. Microsoft is certified under the EU-US Privacy Shield Framework.
- Zendesk, Inc. for live chat services. Zendesk is certified under the EU-US Privacy Shield Framework.
- c) Professional advisers. We may share personal information with our legal, financial and other professional advisers for the purpose of obtaining their advice. These transfers are protected by our advisers’ duties of confidentiality.
- d) Government bodies and the courts. If we have a legal obligation to do so, we will share your information with government bodies, regulators and/or the courts.
Your data protection rights
Under data protection law you have the following rights:
- a) If we are processing your personal information on the basis of your consent then you have the right to withdraw that consent at any time. Consent can be withdrawn by contacting us using the details set out at the top of the Policy. Please note that the lawfulness of our past processing based on your consent will not be retrospectively affected by your withdrawal of consent.
- b) The right to access a copy of your information which we hold. This is sometimes called a ‘subject access request’. Additional details on how to exercise this right are set out in the ‘Access to Information’ section below.
- c) The right to prevent us processing your information for direct marketing purposes. We will inform you (before collecting your data) if we intend to use your personal information for this purpose or if we intend to disclose your information to any third party for this purpose. You can also exercise this right at any time by contacting us.
- d) The right to object to decisions being made about you by automated means.
- e) The right to object to us processing your personal information in certain other situations.
- f) The right, in certain circumstances, to have your information rectified, blocked, erased or destroyed if it is inaccurate.
- g) The right, in certain circumstances, to claim compensation for damages caused by us breaching data protection law.
- h) The right, in certain circumstances, to request that we erase, rectify, cease processing and/or delete your information.
You also have the general right to complain to us (in the first instance) and to the Information Commissioner’s Office (if you are not satisfied by our response) if you have any concerns about how we process your personal information. The Information Commissioner’s Office website is www.ico.org.uk.
For further information on your rights under data protection law and how to exercise them, you can also refer to the Information Commissioner’s Office website (www.ico.org.uk).
Access to information
Under data protection law you can exercise your right of access (also known as a ‘subject access request’) by making a written request to receive copies of some of the information we hold about you. We may request proof of your identity, or proof of your authority if making the request on behalf of someone else, before we can supply the information to you. Requests should be sent to us using the contact details set out at the top of this Policy.
You do not need to pay a fee to exercise this right unless you are requesting copies of documents you already hold, in which case we may charge our reasonable administrative costs. We are also allowed to charge you for our reasonable administrative costs in collating and providing you with details of the requested information which we hold about you if your request is clearly unfounded or excessive.
In very limited circumstances, data protection law permits us to refuse to comply with your request. If we refuse to comply then we will notify you of that fact.
In certain circumstances, you are entitled to receive the information in a structured, commonly used and machine-readable form.
We will always store your digital information on secure servers. Nevertheless, the transmission of information via the internet is not completely secure. Although we will do our best to protect your information, we cannot guarantee the security of your information transmitted to our site or otherwise to our servers (such as by email). Any such transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
Third party sites
Our site may contain links to and from partners’, advertisers’, affiliates’ and social networking sites. If you follow a link to any of these websites, please note that these sites have their own privacy policies and that we do not accept any responsibility or liability for those policies. Please check their privacy policies before you submit any personal information to those websites as they may not be on the same terms as ours.