Information we collect
We collect information about you in three ways:
- directly from your input;
- from your organisation; and
- through automated technologies.
Data you provide to us
The types of personal information we collect directly from you is required to provide to you our service and may include:
- Contact details; such as your name, email address, postal address and telephone number
- Account login credentials; such as usernames and passwords, password hints and similar security information
- Other account registration and profile information; such as job title, educational, professional background and qualifications
- Payment information; such as bank account details, credit or debit card number
- Comments, feedback and other information you provide to us
Data from your organisation
We may obtain personal information about you from the organisation with which you are employed or affiliated, in order to activate and manage your access to and use our service to which your organisation has subscribed. These details may include:
- Contact details; such as your name and organisational email address, postal address, and phone number
- Other account registration information; such as job title; and/or
- Organisational Identifier
Data collected automatically from service use, including cookies
The Service may automatically collect information about how you and your device interact with the Service, including:
- Computer, device and connection information; such as IP address, browser type and version, operating system and other software installed on your device, mobile platform and unique device identifier and other technical identifiers, error reports and performance data
- Usage data; such as the features you used, the settings you selected, date and time stamp and referring and exit pages, search terms you used, and pages you visited
What are cookies?
Cookies are small text files that can be used by websites to make a user’s experience more efficient. The law states that we can store cookies on your device if they are strictly necessary for the operation of this site. For all other types of cookies we need your permission.
Your consent applies to the following domains: www.outsec.co.uk and dav.outsec.co.uk. For more information on our use of cookie click here.
How we use your information
We use your personal information to:
- Provide, activate and manage your access to and use of the Service;
- Process and fulfil a request, order, download, subscription or other transaction;
- Provide technical, product and other support and to help keep the Service working, safe and secure;
- Respond to your requests, enquiries, comments and concerns;
- Notify you about changes, updates and other announcements related to the Service
- Identify usage trends and develop data analysis, including for purposes of research, audit, reporting and other business operations,
- Comply with our legal obligations, resolve disputes, and enforce our agreements.
Personal data shall be:
- processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’).
- collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall, in accordance with Article 89(1), not be considered to be incompatible with the initial purposes (‘purpose limitation’).
- adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’).
- accurate and, where necessary, kept up to date; every reasonable step is taken to ensure that personal data is accurate, having regard to the purposes for which it is processed, and erased or rectified without delay (‘accuracy’), if appropriate.
- kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) subject to implementation of the appropriate technical and organisational measures required by this Regulation in order to safeguard the rights and freedoms of the data subject (‘storage limitation’);
- processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).
Sharing of your information
We do not and will not share your personal details with any third party without previously obtaining your prior consent. Your personal information may be shared with OutSec’s subcontractors/partners to provide you with the Service and technical help. Your personal information will only ever be used for activities associated with the service.
Who can access my information?
When you set up your account, a password is created for your account. As long as you keep your password secret and secure, your files will be protected. You can choose or amend your password manually by contacting your Account Manager or by email to OutSec’s Data Protection Officer firstname.lastname@example.org
We thoroughly recommend that you chose a meaningless combination of numbers and letters (eg: di3i892q). You will be surprised how easily you remember it after typing it in half a dozen times or you can get your browser to store it for you.
Employees of OutSec do have access to the database and therefore to your information. This is vital for the provision of the Service to you and is limited to those people who specifically require access to the data and are fully aware of any and all privacy issues.
Information disclosure for legal reasons
We may disclose your personal information if we have a good faith belief that such disclosure is necessary to:
- meet any applicable law, regulation, legal process or other legal obligation
- detect, investigate and help prevent security, fraud or technical issues
- protect the rights, property or safety of OutSec, our users, employees or others
Grounds for processing
When we collect or otherwise process any personal information within the scope of European Data Protection laws, we do so,
- where necessary to provide the Service, fulfil a transaction or otherwise perform a contract with you or at your request prior to entering into a contract
- where necessary for our compliance with applicable law or other legal obligation
- where necessary to enable our customers to comply with their legal obligations
- where necessary to operate our business, protect the security of our systems, customers and users, detect or prevent fraud, or fulfil our other legitimate.
Where we rely on your consent to process personal information, you have the right to withdraw your consent at any time, and where we rely on legitimate interests, you may have the right to object to our processing.
We retain your personal information for as long as necessary to provide the Service and fulfil the transactions you have requested, or for other essential purposes such as complying with our legal obligations, maintaining business and financial records, resolving disputes, maintaining security, detecting and preventing fraud and abuse, and enforcing our agreements.
We implement technical and organisational measures to seek to ensure a level of security appropriate to the risk to the personal information we process. These measures are aimed at ensuring the integrity, confidentiality, and availability of personal information.
Accessing and updating your information
The Service may allow registered users to directly access and review their account information and make corrections or updates upon login at any time. Keeping such information up to date is the responsibility of the user. Registered users may also close their account by contacting their Account Manager or by email to OutSec’s Data Protection Officer email@example.com.
You have the right under European and certain other Privacy and Data Protection laws, as may be applicable, to request free of charge:
- access to your personal information
- rectification or erasure of your personal information
- restriction of our processing of your personal information, or to object to our processing
- portability of your personal information
If you wish to exercise these rights, please submit your request to your OutSec Account Manager. We will respond to your request consistent with applicable laws. To protect your privacy and security, we may require you to verify your identity.
Data Protection Policy
OutSec has a robust and comprehensive Data Protection Policy – please ask if you wish to see a copy.