Effective 25 May 2018
This policy was last updated on 24 May 2018.
Esuasive is committed to protecting your privacy.
We comply with the General Data Protection Regulations (Regulation (EU) 2016/679, known as the ‘GDPR’, in force from 25 May 2018), the Data Protection Act 2018 (subject to Royal Assent), the Law Enforcement Directive (Directive (EU) 2016, and the Privacy and Electronic Communications (EC Directive) Regulations 2003, together the Data Protection Legislation, to the extent that this relates to the processing of personal data and individual privacy.
We are registered as a Data Controller with the Information Commissioner’s office. Our registration number is Z6754021.
This privacy notice:
- sets out why we process personal data and the legal bases we rely on to do so;
- identifies the personal data we collect directly from you when you visit our web site or respond to our email communications; or, from time to time, we collect indirectly via third party data providers;
- explains how we protect your personal data, how long we retain your personal data for, and with which third parties (if any, and in what circumstances) we share your personal data; and
- sets out your rights as a data subject.
Esuasive designs, creates and supports software solutions powered by Microsoft Dynamics 365 and other Microsoft technology products and services. Our customers are commercial, public sector and not-for-profit organisations.
Why Esuasive processes personal data and the legal bases we rely on
We process personal data for the purposes of:
- Business-to-business marketing and sales, including entering into contract with customers
- Configuring solutions for customers’ use, including providing software support and associated services
- Software licensing and billing
- Working with Microsoft and our other partners (together our ‘customer-facing processes’)
and for operational, legal and compliance purposes (our ‘internal processes’).
We rely on a range of lawful bases, including Consent, Legitimate Interest and Contractual Obligation, depending upon the type of processing we are performing. For each process or set of related processes we have carried out a systematic, objective data protection impact assessment to determine the appropriate lawful basis for processing. For our customer-facing processes, i.e. marketing and sales; configuring solutions; software licensing and billing; and working with partners, we have, after carefully consideration, determined that Legitimate Interest is the most appropriate lawful basis for processing.
What personal data do we collect and how do we use this personal data
In relation to our customer-facing processes, we collect only very limited personal data:
- Job role
- Organisation and business address
- Preferred business contact details – email address, phone number, and if available/supplied, other business contact details
We use this data:
- To provide you with information that you may have requested from us or that we feel may be of interest to you and/or your organisation, and to engage with you to help you and/or your organisation evaluate our solutions and/or products and services provided by Microsoft and other partners. We do not collect any personal data from you that we do not need in order to provide this service to you.
- To configure a solution for your organisation and to provide services to your organisation.
- To ensure your organisation is correctly licensed for the products and services it uses, including products and services provided by Microsoft and/or our other partners, in relation to our engagement with your organisation; and to enable us to invoice your organisation
- To facilitate your interaction with Microsoft and/or our other partners, where we believe this will be of benefit to you and/or your organisation.
How we protect personal data
We use a variety of industry standard information security processes, protocols and technologies provided by Microsoft and other specialist software vendors to protect your personal data from unauthorised access, use or disclosure. Personal data is stored in our private, cloud-based Microsoft Dynamics 365 system and is protected by the following security protocols: EU Model Clauses, EU-U.S. Privacy Shield, ISO 27001, Cyber Essentials Plus, ISO 27018, SOC 1, SOC 2, FIPS 140-2, HIPAA/HITECH, CCSL (IRAP), ENISA IAF, FEDRAMP.
How long do we retain personal data for
We retain your personal data for a period not exceeding four years from our most interaction with you. We have established appropriate processes to ensure the permanent deletion of your personal data after such time, save for the minimum personal data (our ‘unsubscribed list’ we maintain to prevent our contacting you again if you have expressed a preference not to be contacted, have unsubscribed from our emails or otherwise have told us you do not wish to be contacted by us.
Who we share personal data with
Like most businesses, we share data, including personal data, with the third-party service providers that we use to provide data hosting, marketing automation, event management, webinar hosting and other business services. We do not permit our third-party providers to store or process personal data we share with them for any purpose except to provide to us the services they are contracted to deliver. Unless we have your express permission to do so we do not share your personal data with any other party except to facilitate interaction with Microsoft and/or our other partners for the benefit to you and/or your organisation.
Third party web sites
Our website may contain links to our partner or other web sites where you may find relevant information of interest to you, or we may redirect you to the web site of one of our third-party service providers, for example, so that you may register for one of our webinars. Please note that we have no control over such third-party web sites: therefore, these web sites are not governed by this privacy statement and we are not responsible for the protection and privacy of any personal data you may provide whilst visiting such web sites. We advise you to exercise caution and to review the privacy statement applicable to the web site in question before supplying any personal data.
Your rights as a data subject
We will of course cease to include your personal data in our direct marketing if you express a preference to that effect and/or you unsubscribe from our email list. However, over and above our commitment to comply with your wishes in this respect, the Data Protection Legislation provide you with specific rights:
- The right to be informed. This privacy notice, in setting out what personal data we hold, the purpose(s) for which we hold it, how long we will retain it, who we may share it with and how we keep your personal data secure, is intended to satisfy this right.
- A right of access. You have the right to know what personal data we hold about you and to see a copy of that data; and to know whether we are processing your personal data.
- A right to correct errors in the personal data we hold about you.
- A right to erasure (‘the right to be forgotten’). You may ask us to erase your personal data where there is no valid reason for us to retain it.
- A right to restrict processing.
- Right to object. You have the right to object to our processing of your personal data where this is based on Legitimate Interest.
When you access our web site we may use ‘cookies’ to help us personalise and enhance your online experience.
How to contact Esuasive about your personal data
You can contact our Data Protection Officer by email to DPO@esuasive.co.uk, or by writing to:
The Data Protection Officer,
Esuasive, Venture House,
2 Arlington Square,