SYSTEM PRIVACY POLICY

Assure Response - System Privacy Policy

Introduction

SHE Software is committed to safeguarding the privacy of all our customers, “Customer Data”, “Personal Data” and partners, by protecting, storing and processing the Information you give to us in accordance with our contract, best practice and the relevant Data Protection Legislation. What personal information we collect and how we use it will depend on your relationship with us. If you have any questions about this policy and what it means for you, we are more than happy to discuss your own particular concerns, so you can make an informed decision about how your data is used.

Email our Data Protection Officer at dpo@shesoftware.com with any questions or concerns.

Customer Data and Personal Data

Customers of Assure Response may submit various types of information and data into the system for hosting and processing purposes (“Customer Data”). SHE Software staff will never use “Customer Data” for any purpose other than that laid out in our contract together. Access to the Assure Response system is provided to our user organizations only ever under a current contract in which the Customer (acting as Data Controller) warrants that it has a lawful basis under the Data Protection Legislation to transfer “Personal Data” to SHE Software (as Data Processor) for processing and/or enable lawful collection by the SHE Software of the “Personal Data”.

As regards “Personal Data” or “Personally Identifiable information” or “Personal Information”, Assure Response requires only a name and work email address in order to register a user with the system. Additional “Personal Data” requested is controlled by the Customer, and they act as the Data Controller for that information and SHE acts as a Data Processor; so aspects of this Privacy Policy may not apply to such additional “Personal Data”.

If you are an individual, our legal basis for collecting and using information about you and your activity within Assure Response will depend on the information concerned and the specific context in which we collect it. Normally, in connection with the use of the Assure Response system, we will only collect your personal information where: (a) we have your consent to do so, (b) where we need the personal information to perform a contract with you or your employer (i.e. so you can access and use Assure Response), or (c) where the processing is in our or a third party’s legitimate interests (and not overridden by your data protection interests or fundamental rights and freedoms).

We may process your “Personal Data” held within our hosted solution only where we have written permission to do so under our contract or it has been received from a verified, authorized customer contact, which will normally mean such a customer user has used the Assure Response system to input, edit, amend, delete or otherwise process the data in line with our customer contract.

Assure Response Information Retention:

We may retain Assure Response system information for 12 months from the date a Customer ceases to use our service, unless we receive a specific request to remove data sooner than this. Please note that in certain circumstances, we may hold “Personal Data” for a longer period, for example, if we are processing an ongoing claim or believe in good faith that the law or a relevant regulator may reasonably in our view expect or require us to preserve such data, to maintain system backups, to maintain security, prevent fraud or abuse, to enforce our legal agreements or fulfill a request to “unsubscribe”. We may retain de-personalized information after a customer account has been closed.

Your Rights

You have certain rights regarding your personal information, subject to applicable law:

1. Access to your personal data
2. Rectification or deletion of your personal data
3. A restriction on the processing of your personal data
4. To object to the processing of your personal data
5. A transfer of your personal data (data portability) in a structured, machine readable and commonly used format
6. To withdraw your consent to us processing your personal data, at any time.

If you are user from an Assure Response customer organisation, in the first instance it may be more expedient and appropriate to approach your own organisation (the Data Controller) with such a Subject Access Request, as they may be able to more readily advise you of any contractual or other basis that exists between you for storing and/or processing your data using the Assure Response system. SHE could then assist your organisation in fulfilling such a request according to the Data Protection Legislation.

To ask to exercise any of your rights with SHE Software directly, please contact our Data Protection Officer at dpo@shesoftware.com (via your work email preferably) and be sure to include; your name, your contact telephone number and the information you are requesting access to, or want corrected or removed.

Our aim is to provide you with the information you seek without undue delay, but you can expect a response from us within 20 working days. If requests are complex or numerous, we will inform you within 20 working days of receipt and may in that case extend the deadline for reverting with the information for a reasonable length of time depending on the specific circumstances.

To protect your information, we will ask you to verify your identity before proceeding with any request you make under this Privacy Notice. If you have authorised a third party to submit a request on your behalf, we will ask them to prove they have your permission to act.

What kind of business Information do we collect.

We may collect, store and use the following kind of information:

• Customer Data may include, without limitation, personal information such as names, email addresses and phone numbers of users, contractors and other people involved in health and safety, which information may be input into the system by Assure Response customer organization users
• We may store and use information about your computer and about your visits to and use of the Assure Response system, including IP Address, geographic location, browser type and version, operating system, referral source, length of visit, page views and web site navigation paths
• We may store and use data for use in our customer relationship management system
• This data includes, but is not limited to; full name, address of company, contact email address and contact telephone numbers
• We may also store information relating to any purchases you make of our services, which may include financial arrangements
• We will not, without your express consent, supply your personal information to any third party for the purpose of their or any other third party's direct marketing
• Data that is stored on Assure Response is held on secure servers at our 3rd party provider’s tier-1 data center
• We will ensure that any data that we know is out of date will be updated quickly. We will action any update once we are made aware, which may be actioned by supporting the Assure Response user organization in updating the system itself

Why we collect your business information.

We may use your business information to:

• Enable your use of the services available on our website
• Send statements, invoices and payment reminders to you, and collect payments from you
• Send you non-marketing commercial communications
• Send you email notifications that you have specifically requested
• Provide third parties with statistical information about our customers (but we will ensure those third parties will not be able to identify any individual user from that anonymized and aggregated information)
• Deal with inquiries and complaints made by or about you relating to our solution
• Your data may be used by members of SHE Software staff based on their role and job function. All access to data is based on Principle of Least Privilege (PoLP) and directly linked to their need for access in line with their designated roles assigned within our HR management system. Each member of staff will use this data guided by their training, aligned policy and ingrained process arrangements in accordance with the regulations of the General Data Protection Regulations and other relevant legislation.

 

Data Protection Complaints

We have voluntarily appointed a Data Protection Officer in pursuit of best practice arrangements for compliance, transparency and clear accountability driven by a role that directly reports to the highest management level in the organization. SHE Software’s Data Protection Officer can be reached at dpo@shesoftware.com.

If you have a complaint about our use of your information, we would prefer you to contact us directly in the first instance so that we can address your complaint, before you approach your local regulatory body. The topic of data protection is sometimes complex and we would welcome the chance to resolve any misunderstandings.

 

Information Security

SHE Software has put in place appropriate Technical and Organizational measures that includes physical, electronic and managerial procedures to prevent unauthorized access to your personal data, maintain personal data accuracy, ensure correct use of information, and secure any personal data we collect online. We are accredited to ISO27001 and are Cyber Essentials certified.

 

Changes to our Privacy Policy

SHE Software reserves the right to change this Privacy Policy at any time without prior notice. If we decide to change our Privacy Policy, we undertake to post any changes on this page so you are always aware of what information we collect, how we use it, and under what circumstances we disclose it. Therefore, you should check the Privacy Policy each and every time you access the website. The SHE Software Privacy Policy was last updated on 18 March 2020. SHE Software utilities the self-assessment approach to ensure our continuing compliance with our Privacy Policy.

 

Our details

SHEASSURE.net is owned and operated by SHE Software Group Limited

Our global headquarters are:

Prism House,

2 Rankine Avenue, East Kilbride, G75 0QF, United Kingdom.

Phone: +44 1355 272 444

Email: dpo@shesoftware.com

 

For your nearest regional SHE Software office, please see:

https://www.shesoftware.com/contact-us