PureClarity Technologies Limited (“We”, “Us”) are committed to protecting and respecting our visitors, our Customers and our Customers’ visitors privacy.
This policy (together with our Service Agreement, Data Processing Agreement and any other documents referred to on it) sets out the basis on which any personal data we collect, or is provided to us, from our visitors, our customers and our Customer’s visitors, will be processed by us. Please read the following carefully to understand our views and practices regarding how we process personal data and how we will treat it. By visiting docs.pureclarity.com or admin.pureclarity.com you are accepting and consenting to the practices described in this policy.
For the purpose of the GDPR, Data Protection Act 1998 (the Act) and other data protection legislation, the data controller is PureClarity Technologies Limited whose is registered with the ICO (Number: ZA155265).
This policy was last updated on 24 June 2019.
SCOPE OF THE POLICY
This policy covers:
Visitors to our site (www.pureclarity.com)
Customers using our Services (admin.pureclarity.com)
Data processed on behalf of our Customers relating to their Customers and their Personal Data (from our Customer’s website).
Source of our data sent to us or collect by Us (via our Customers website or via ecommerce integration using our platform extension or plug-in).
INFORMATION WE MAY COLLECT OR IS PASSED TO US
We may collect and process the following data about visitors to our site:
Visitors may give us information about themselves by filling in forms on our site www.pureclarity.com (our site) or by corresponding with us by phone, e-mail or otherwise. This includes information provide when filling out one of our forms including request a demo, request a quote, download a resource or contact us. The information may include name, address, e-mail address and phone number.
Technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform.
Information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our site (including date and time); pages you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page.
We collect our Customers’ login details and interactions within the admin console.
ON OUR CUSTOMERS’ WEBSITES WITH OUR EXTENSION/PLUG-IN/API
Information we collect about each of our Customers’ visitors on our Customers’ site includes:
Weather in visitor’s location
Products, Categories, Brands viewed and purchase on site
Social Media source
Information pass to us either via a data feed or through an API integration with an ecommerce platform extension or plug-in (e.g. Magento, Shopify) includes:
User Demographic Information such as name, email address, age, gender, postal address, past orders and may include custom attributes defined by the Customer.
Data that we do not accept from our customers include any personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.
LEGAL BASIS OF PROCESSING INFORMATION
The basis for processing personal data is, as stated in the EU Personal Data Regulation (EU) 2016/679 (GDPR), the legitimate interest of the company based on customer relationship or other appropriate connection, namely:
delivery and development of our Services (to provide relevant product, category, brand recommendations and promotions to enhance the end user experience)fulfilment of contractual obligations and other undertakings of the company,management of customer relations,analysing and profiling of customer or other data subject,electronic direct marketing,as part of our efforts to keep our site safe and secure
DISCLOSURE OF INFORMATION
We do not disclose personal data to external parties. We use subcontractors that process personal data on behalf of and for us. We outsource our Cloud Hosting Infrastructure to Amazon Web Services.
WHERE WE STORE PERSONAL DATA
We have two active regions EU & US. We may transfer personal data outside of EU/EEA (the United States of America, Australia, Germany, Ireland, Israel, Japan, and the UK). We have taken care of suitable safeguards for the transfer. We use standard contractual clauses accepted by EU or Privacy Shield -framework where applicable.
HOW DO WE PROTECT THE DATA AND HOW LONG DO WE STORE THEM?
In accordance with our ISO27001 certification, only those of our employees, who on behalf of their work are entitled to process customer data, are entitled to use a system containing personal data. Each user has a personal username and password to the system. The information is collected into databases that are protected by firewalls, passwords and other technical measures. The databases and the backup copies of them are in locked premises and can be accessed only by certain pre-designated persons.
We store the personal data for as long as is necessary considering the purpose of the processing. The maximum period is 2 years from the date when data subject has last time showed activity.
We regularly assess the need for data retention in light of the applicable legislation. In addition, we take reasonable measures to ensure that the personal data is not incompatible, obsolete or inaccurate considering the purpose of the processing. We rectify or delete such information without delay.
As a data subject (a visitor to our site or our customers’ visitors) they have a right to inspect the personal data concerning themselves, which is stored in our databases, and a right to require rectification or erasure of the data, provided that the request has a legal basis. They also have a right to withdraw or change their consent.
As a data subject, they have a right, according to EU’s General Data Protection Regulation (applied from 25.5.2018) to object processing or request restricting the processing and lodge a complaint with a supervisory authority responsible for processing personal data.
Our visitors and our Customers’ visitors have the right to ask us not to process personal data for marketing purposes. We will usually inform our direct visitors to our site (before collecting data) if we intend to use data for such purposes or if we intend to disclose information to any third party for such purposes. Our visitors can exercise their right to prevent such processing by checking certain boxes on the forms we use to collect your data. Customers’ visitors wishing to exercise their rights can in the first instance contact our Customer; PureClarity provides a set of privacy tools to help manage the obligations of the GDPR, see here for more details.
The Act gives our visitors, our Customers and our Customers’ visitors the right to access information held about them. Visitors/Customer right of access can be exercised in accordance with the Act. There is no charge for this. We have a full Subject Access Request Procedure which available on request. In summary Subject Access Requests need to be made in writing and will require verification that the person exercising the right are the person whose data we hold.
CONDITIONS AND LIMITATIONS ON YOUR RIGHTS
There may be conditions to or limitations on aforementioned rights imposed on us by other legislation including adhering to relevant tax laws in every jurisdiction where we trade.
If you have questions regarding this Policy or about the privacy practices of PureClarity, or which to make a Subject Access Request please contact us by email at firstname.lastname@example.org, or at PureClarity, Great North Way, York Business Park, YORK, YO26 6RB. Please note: If you are a visitor of one of our customers please direct your Subject Access Request directly to them in the first instance.