GDPR Compliance Summary
Ahead of the introduction of GDPR in May 2018, the Adelo team engaged internally and externally to comply with the introduction of the new regulations. The following is a summary of the key actions taken to ensure compliance:
- Data subject rights: Updated privacy policy to provide a greater degree of transparency. Standardised process for all data erasure, retrieval and modification requests.
- Training: Data privacy and security training for all company personnel and clarification of updates to security policies, procedures, and their respective responsibilities.
- Data hosting: All data is hosted within the EU with our secure Google hosting provider.
- Security: Evaluation of the effectiveness of data security measures and data breach notification policy.
- Privacy by design: Adopted a privacy by design approach.
Website Privacy Notice
The privacy policy below defines the mechanism for how website data is collected, stored and processed. For information on the application privacy notice please contact your Adelo Account Manager or email privacy@adelo.co.
Adelo Technologies Limited (Adelo, we, us or our) is committed to protecting the privacy and security of your personal data. This Website Privacy Notice describes how we collect, use and look after your personal data when you visit our website (regardless of where you visit it from), including when you contact us or sign up for our newsletter or request a demonstration. It also tells you about your rights and how the law protects you.
Important Information
Our website is not intended for children and we do not knowingly collect data relating to children. If you become aware that we have collected data from children under age 13, please contact us using the contact information provided below.
This Website Privacy Notice supplements the other notices on our website (including our Terms of Use) and is not intended to override them. Adelo is the controller and responsible for your personal data.
If you have any questions about this Website Privacy Notice, including any requests to exercise your legal rights, please contact our Chief Technical Officer in writing:
Email: dataprotection@adelo.co
Post: Flat 29 Royal Victoria Patriotic Building, John Archer Way, London, England, SW18 3SX.
You have the right to make a complaint at any time to the ICO (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.
Changes and Your Duty to Inform Us
We may change this Website Privacy Notice at any time by updating this page. Please check this notice from time to time to ensure you are aware of any changes. (Last updated on 8th December 2020). It is important that the data we hold about you is accurate and current, therefore please keep us informed of any changes to your personal data.
The Data We Collect About You
We may collect, use, store and transfer the types of personal data about you listed in Part 1 of Schedule 1. We also collect, use and share aggregated data. However, if we combine aggregated data with your personal data so that it can directly or indirectly identify you, we treat this as your personal data. We do not collect any special categories of personal data or any information about criminal convictions and offences.
How Personal Data is Collected
- Directly: You may provide personal data when you complete an online enquiry form, request products/services (including demos of our software), join our mailing list, enter competitions, promotions or surveys or otherwise correspond with us (by post, phone or email).
- Automated technology: We automatically collect personal data (technical and usage) when you browse or interact with our website, by using cookies, server logs and other similar technologies. We may also receive technical data about you if you visit other websites which use our cookies.
- Publicly available sources: We may collect personal data from publicly availably sources such as Companies House, the Electoral Register and credit reference agencies based inside the EU.
- Third parties: We may receive personal data from: (a) analytics providers based outside the EU (such as Google); (b) advertising networks; (c) search information providers such as Node based outside the EU; (d) our suppliers such as payment providers, delivery services, website hosting, support and maintenance providers; (e) data brokers or aggregators; (f) third party plugin service providers based inside and outside the EEA (such as Olark).
How We Use Your Personal Data
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data:
- To perform the contract we may enter into or have entered into with you;
- To comply with a legal obligation; and
- Where it is necessary to carry out our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
Part 2 of Schedule 1 sets out the lawful basis we will rely on to process your personal data. We generally only rely on consent as a legal basis for processing your personal data to send email marketing communications and you have the right to withdraw your consent at any time by contacting us.
Marketing & Opt-Out
You can opt out of email marketing by clicking the unsubscribe button within the particular marketing email. You can also withdraw your consent to marketing at any time by contacting dataprotection@adelo.co.
Disclosures & International Transfers
We share your personal data within the Adelo group of companies. This will involve transferring your data outside the European Economic Area (EEA). We ensure your personal data is protected by requiring all our group companies to follow the same rules when processing your personal data.
Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring safeguards are implemented (such as using specific contracts approved by the European Commission or Privacy Shield frameworks).
Data Security & Retention
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We limit access to your personal data to those who have a business need to know.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for. Details of retention periods are available in our retention policy which you can request from us.
Schedule 1
Part 1: Types of Personal Data
| Type | Description |
|---|---|
| Contact Data | Email address |
| Identity Data | First name, Last name |
| Marketing & Communication Data | Your preferences in receiving marketing, our newsletter and our third parties and your communication preferences. |
| Technical Data | Internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website. |
Part 2: Processing Activities & Lawful Basis
| Purpose/Activity | Type of Data | Lawful Basis for Processing |
|---|---|---|
| To register you as a potential new user | Identity & Contact | (i) To perform our contract with you or take steps to enter into a contract with you. |
| To manage our relationship with you, notifying you about changes to our Terms or Website Privacy Notice and ask you to leave a review or take a survey | Identity, Contact, Marketing & Communications | (i) To perform our contract with you. (ii) As necessary to comply with any legal obligations. (iii) As necessary for our legitimate interests in keeping our records updated and analysing how our products/services are being used. |
| To enable you to partake in prize draws, competitions or complete surveys | Identity, Contact, Marketing & Communications | (i) To perform our contract with you. (ii) As necessary for our legitimate interests in analysing how our products/services are used, to develop them and grow our business. |
| To administer and protect our business, website and app (troubleshooting, analysis, testing, support, etc.) | Identity, Contact & Technical | (i) As necessary for our legitimate interests in running our business, provision of administration and IT services, network security, fraud prevention. (ii) As necessary to comply with legal obligations. |
| To deliver relevant event and website content/advertisements to you and measure effectiveness | Identity, Contact, Marketing & Communications, Technical | As necessary for our legitimate interests in studying how our products/services are used, to develop them, to grow our business and to inform our marketing strategy. |
| To use data analytics to improve our website, app, marketing, and experiences | Technical | As necessary for our legitimate interests to define types of users, to keep our website updated and relevant, and to inform our marketing strategy. |
| To make suggestions and recommendations to you about products/services | Identity, Contact & Technical | As necessary for our legitimate interests to develop our products/services and grow our business. |
Part 3: Your Legal Rights
You have the following legal rights in relation to your personal data:
- Access your data: You can ask for access to and a copy of your personal data.
- Correction: You can ask us to correct any incomplete or inaccurate personal data.
- Erasure: You can ask us to delete your personal data where there is no good reason for us continuing to process it.
- Object: You can object to processing where we are relying on legitimate interests or for direct marketing.
- Restrict processing: You can ask us to suspend or restrict processing in specific scenarios (e.g. to establish accuracy).
- Request a transfer: You can request a transfer of your personal data to you or a third party.
- Withdraw consent: You can withdraw your consent at any time where we are relying on consent to process your data.
If you wish to exercise any of your rights, please contact privacy@adelo.co.
Part 4: Third Parties
| Entity | Description |
|---|---|
| Group Companies | Other companies in the Adelo group acting as joint controllers or processors (US, EU, Dubai, Norway) providing marketing, IT and support. |
| Service Providers | Processors based inside/outside the EEA providing website hosting (Amazon AWS), analytics (Google), and plugins (Olark). |
| Professional Advisors | Processors or joint controllers including lawyers, bankers, auditors, and insurers (US, EU, Dubai, Norway). |
| Regulators | HM Revenue & Customs, regulators and other authorities based in the UK. |
| Third Parties | Third parties to whom we may choose to sell, transfer, or merge parts of our business or assets. |
Part 5: Glossary
| Term | Definition |
|---|---|
| Aggregated Data | Information such as statistical or demographic data derived from personal data but which cannot by itself identify a data subject. |
| Controller | A body that determines the purposes and means of processing personal data. |
| Data Subject | An individual living person identified by personal data (generally you). |
| Personal Data | Information identifying a data subject from that data alone or with other data we may hold (excludes anonymised data). |
| Processor | A body that is responsible for processing personal data on behalf of a controller. |
| Special Categories | Information about race, ethnicity, political opinions, religious beliefs, trade union membership, health, genetic/biometric data, sexual orientation. |
| ICO | Information Commissioner’s Office, the UK supervisory authority for data protection issues. |
