alcumus

Global Privacy Policy

Introduction

Alcumus is committed to protecting your privacy. This privacy policy (Privacy Policy) explains how companies in Alcumus Group Limited’s group of companies (together, Alcumus, or we, or our or us) use any personal information that we may collect about you when you interact with us. It also explains how we will store, manage and keep that data safe.

We know that there is a lot of information here, but we want you to be fully informed about your rights and how we use your data.

Should we ask you to provide certain information by which you can be identified when using any of Alcumus’ websites, software applications or platforms (the Services), then you can be assured that it will only be used in accordance with this Privacy Policy. We may change this Privacy Policy by updating this page. We will notify you of any significant changes, but you are welcome to come back and check it whenever you wish. 

Who is Alcumus?

For the purposes of this Privacy Policy, Alcumus includes each of the following companies:

  • Alcumus Group Limited (a company registered in England and Wales)
  • Alcumus Holdings Limited (a company registered in England and Wales)
  • Alcumus ISOQAR Limited (a company registered in England and Wales)
  • Alcumus SafeContractor Limited (a company registered in England and Wales)
  • Alcumus SafeWorkforce Limited (a company registered in England and Wales)
  • Alcumus SafeHR Limited (a company registered in England and Wales)
  • Planet First Limited trading as Planet Mark (a company registered in England and Wales)
  • Alcumus SafeContractor Inc. (a company registered in Canada)
  • Cognibox Inc. (a company registered in Canada)
When do we collect your information and what information do we collect?

We collect your information:

  • When you use any of our Services.
  • When you make an online purchase.
  • When you create an account with us.
  • When you engage with us on social media or live chat.
  • When you contact us with queries or complaints, or to report a problem with our website.
  • When you ask one of our partners to email you information about a product or service.
  • When you enter prize draws or competitions or complete any surveys we send you.
  • When you comment on or review our products and services.
  • When you fill in any forms.
  • When you permit a third party to share with us the information they hold about you.
  • We collect data from publicly available sources where the information is made public as a matter of law.
  • When you apply for a job with us or have a mandate or contract with us as an independent contractor.

We will collect and process the following information about you:

  • Information you give us. This may include your name, gender, address, e-mail address and phone number, financial and credit card information, personal description and photograph, and any further details agreed in your contract with Alcumus.
  • Information we collect about you. With each of your visits to our websites we will automatically collect the following information:
    • technical information, including the internet protocol (IP) address used to connect your computer to the internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system, and platform;
    • information about your visit, including the full Uniform Resource Locators (URL), to, through and from our website (including date and time), products you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page, and any phone number used to call our customer services, sales and/or renewals teams.
  • Information we receive from other sources.
    • This is information we receive about you if you use any of the other websites we operate or the other services we provide. In this case we will have informed you when we collected that data if we intend to share that data internally and combine it with data collected on this website. We will also have told you for what purpose we will share and combine your data. We are working closely with third parties (including, for example, business partners, sub-contractors in technical, payment services, advertising networks, analytics providers, credit reference agencies).
    • We occasionally use third party data brokers to obtain your data in order for us to market our services to you. We will use reasonable endeavours to ensure that your data was collected in a GDPR-compliant manner. For more information on how this data is collected, please see the following privacy information of our data broker:

Alcumus’ services are not intended for children and Alcumus does not knowingly collect data relating to children unless instructed. If you believe we may have collected information from a child, please contact [email protected] so that we can delete it.

Use of your information

We use information held about you in the following ways:

Information you give to us. We will use this information:

  • to carry out our obligations arising from any contracts entered into between us or Alcumus and your employer or customer and to provide you with the information and services that you request from us (this includes account management and obtaining customer feedback);
  • to provide you with information about other services we offer that are similar to those that you have already purchased or enquired about;
  • to provide you with information about services we feel may interest you (including services provided by the wider Alcumus group, and our affinity partners and providers of member benefits). If you are an existing customer, we will only contact you by phone call, e-mail, or SMS with information about services similar to those which were the subject of a previous sale or negotiations of a sale to you;
  • to notify you about changes to our services; and
  • to ensure our website content is presented in the most effective manner for you and your computer.

Information we collect about you. We will use this information:

  • to administer our website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
  • to improve our website to ensure that content is presented in the most effective manner for you and for your computer;
  • as part of our efforts to keep our website safe and secure;
  • to aggregate, anonymize or de-identify personal information for subsequent independent use;
  • to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you;
  • to make suggestions and recommendations to you; and
  • to ensure the data we hold for you is complete, accurate and up to date.

Information we receive from other sources. We will combine this information with information you give to us and information we collect about you. We will use this information and the combined information for the purposes set out above.

Service-Specific Usage. If you wish to see how your personal information is used with your use of Alcumus services (“Services”), please refer to the Service section at the bottom of this Privacy Policy.

Sharing your Information

We sometimes share your personal data with trusted third parties, including:

  • Any member of the Alcumus group of companies, which means our subsidiaries as listed above, our beneficial owners and ultimate holding company and its subsidiaries.
  • Carefully selected third parties including:
    • business partners, suppliers, and sub-contractors for the performance of any contract we enter into with you or your employer or customer;
    • technology companies who support our website and other online systems (for example, our software hosting and development partners);
    • advertisers and advertising networks that require the data to select and serve relevant adverts to you and others. We do not disclose information about identifiable individuals to our advertisers, but we will provide them with aggregate information about our users;
    • marketing companies who help us manage our electronic communications with you to show you products that might interest you while you are browsing the internet. See our Cookies Policy for further details;
    • analytics and search engine providers that assist us in the improvement and optimisation of our website;
    • suppliers who conduct market research, customer satisfaction and net promotor score surveys on our behalf to ensure we are delivering a good service as well as identifying ways we can improve our services;
    • data insight companies for the purposes of research, profiling and to ensure your details are up to date and accurate;
    • debt collection agencies, for the purpose of recovering unpaid debts due under our contract with you; and
    • third parties to whom we may choose to sell or merge parts of our business. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this Privacy Policy.

We may disclose your personal information to third parties for their own purposes in very specific circumstances, including:

  • With your consent, given at the time you supply your personal data, we may pass that data to a third party who provides member benefits for their direct marketing purposes (in relation to promoted member benefits only).
  • If we decide to expand, reduce, or sell any Alcumus company or substantially all of its assets, in which case personal data regarding our customers will be transferred to the new owner, under the terms of this Privacy Policy.
  • If we are under a duty to disclose or share your personal data in order to comply with any legal obligation; or to protect the rights, of any Alcumus company, our customers, or others. This includes exchanging information with other organisations for the purposes of fraud protection and credit risk reduction.
How long we keep your information

Whenever we collect or process your personal data, we will only keep it for as long as is necessary for the purpose for which it was collected. At the end of that retention period, your data will either be deleted completely or anonymised (e.g., by aggregating it with other data so that it can be used in a non-identifiable way for business planning).

In certain cases, the law requires us to keep personal data for a specific period which Alcumus must comply with.

Recording Calls

We may record calls for training and quality purposes. We will not use the information that we collect from you for any purposes other than for training and monitoring the quality of the information that we provide to you during the call.

Call recordings are stored securely and access to such recordings is limited to certain personnel only. Recorded calls will be saved for no longer than is necessary.

Your Rights

You have the right to request:

  • Access to the personal data we hold about you, free of charge in most cases and in a portable, structured, machine readable format.
  • The correction of your personal data when incorrect, out of date or incomplete.
  • That we stop using your personal data for direct marketing (either through specific channels, or all channels).
  • That we erase your personal data, under certain conditions.
  • That we restrict the processing of your personal data, under certain conditions.
  • The transfer of your personal data we have collected to another organisation, or directly to you, under certain conditions.

If you reside in the UK or EEA you also have the right to request:

  • The review of any decision made based solely on automatic processing of your data (i.e., where no human has yet reviewed the outcome and criteria for the decision).

To ask for your information to be amended, please update your online account, or contact your account manager or our Data Protection Officer or Data Privacy Officer at [email protected] .

If we choose not to action your request, we will explain to you the reasons for our refusal.

Your right to withdraw consent

Whenever you have given us your consent to use your personal data, you have the right to change your mind at any time and withdraw that consent.

Your objection to our use of your personal information (or withdrawal of any previously given consent) could mean that we are unable to perform the actions necessary to achieve the purposes set out above (see ‘Use of your information’) or that you may not be able to make use of the services and products offered by us. Please note that even after you have chosen to withdraw your consent, we may be able to continue to process your personal information to the extent required or otherwise permitted by law, in particular in connection with exercising and defending our legal rights or meeting our legal and regulatory obligations.

Where we rely on our legitimate interest

Where we are processing your personal data on the basis of our legitimate interest, you can ask us to stop for reasons connected to your individual situation. We must comply unless we believe we have a legitimate overriding reason to continue processing your personal data.

Direct marketing and Opt Out

In most cases, we do not undertake marketing, promotions or competitions via the software applications or platforms. This is undertaken via other means. You can ask us to stop sending you marketing messages at any time by contacting us. Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us because of a service purchase, service experience or other transactions.

You have the right to stop the use of your personal data for direct marketing activity through all channels, or selected channels. We must always comply with your request.

Checking your identity

To protect your information, we will ask you to verify your identity before proceeding with any request you make under this Privacy Policy. If you have authorised a third party to submit a request on your behalf, we will ask them to prove they have your permission to act.

Partner websites

Our website may contain links to and from the websites of our partner networks, affinity scheme partners, advertisers, and affiliates. Please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. You should check these policies before you submit any personal data to these websites.

Cookies

Our website uses cookies to distinguish you from other website users. This helps us to provide you with a good browsing experience. For detailed information on the cookies we use and the purposes for which we use them, see our cookie policy.

Where we store your personal data

All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted using SSL technology. Where you have chosen a password which enables you to access certain parts of our website, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our website; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

EEA/UK

In order to provide our services, we may need to transfer your personal information to locations outside the country in which you provide it or where you are viewing this website for the purposes set out in this Privacy Policy. This may entail a transfer of your information from a location within the European Economic Area (the “EEA”) or the UK to outside the EEA/UK, or from outside the EEA to a location within the EEA/UK. As such, your personal data may be accessible to law enforcement and national security authorities of these jurisdictions pursuant to applicable laws. Please see ‘Sharing your information’ for more detail on how the information may be shared within the Alcumus group and with third party service providers. 

The level of information protection in countries outside the EEA/UK may be less than that offered within the EEA/UK. Where this is the case, we will implement appropriate measures to ensure that your personal information remains protected and secure in accordance with applicable data protection laws. EU and UK standard contractual clauses are in place between all Alcumus entities that share and process personal data. Please contact us using the details in the ‘How to contact us’ section below to request a copy of these clauses. Where our third-party service providers process personal data outside the EEA/UK in the course of providing services to us, our written agreement with them will include appropriate measures, usually standard contractual clauses.

CANADA

In order to provide our services, we may engage with third-party service providers. As a result we may need to transfer, store, access or use your personal informationoutside of your province or outside of Canada..We use our best efforts to ensure that each and every one of our third-party service providers take reasonable security measures to protect your personal information andensure that it is only used for authorized purposes we have made known to you or which are otherwise permitted by law.

Where your personal information is stored, accessed, or used outside of your province of residence or outside of Canada, that personal informationis subject to the laws of that jurisdiction.We will impose reasonable safeguards on any transfer of personal information and ensure that the necessary controls are in place to protect your personal information.

How to contact us & Complaints

UK & EEA

We hope this Privacy Policy has been helpful in terms of how we use your personal data and your rights in relation to such personal data. If you have any questions or wish to make a complaint, please contact our Data Protection Officer:

Email us at [email protected].

Write to us at Data Protection Officer, Axys House, Heol Crochendy, Parc Nantgarw, Cardiff CF15 7TW.

If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law you can complain to the Information Commissioner’s Office (ICO).

CANADA

If you reside in Canada or North America and have any questions or wish to make a complaint to the Data Privacy Officer:

  • Email us at [email protected]; or
  • Write to us at Data Privacy Officer, 528 5e rue de la Pointe, Shawinigan, QC G9N 1E8 Canada.

Should you not be satisfied with the way we handled any complaint, you may refer your complaint to your provincial data protection regulator. A full list (along with relevant contact details) of Provincial regulatory bodies can be found at:
https://www.priv.gc.ca/en/about-the-opc/what-we-do/provincial-and-territorial-collaboration/provincial-and-territorial-privacy-laws-and-oversight/

The Office of the Privacy Commissioner of Canada (“OPC”) is responsible for overseeing federal privacy laws: https://www.priv.gc.ca/en/). Concerns can be reported to the OPC online: https://www.priv.gc.ca/en/report-a-concern/

The provincial regulatory body for Quebec, the Commission d’accès à l’information (“CAI”) can be contacted at [email protected] and can be written to at:

Québec
525, boulevard René-Lévesque Est, bureau 2.36 
Québec (Québec) G1R 5S9
Telephone: 418 528-7741
Fax: 418 529-3102

Montreal
2045, rue Stanley, bureau 900
Montréal (Québec) H3A 2V4
Telephone: 514 873-4196
Fax: 514 844-6170

Service-Specific Usage

Data Types

Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this Privacy Policy.

Communications Data includes your communication preferences in receiving service communications from us.

Contact Data includes billing and operational address(es), email address and telephone numbers.

Financial Data includes bank account and payment card details.

Identity Data includes first name, last name, username, title, and in certain circumstances, your date of birth (this is used solely to determine whether an individual meets the legal age requirement to undertake specific types of work on behalf of a client).

Marketing and Communications Data includes your marketing and communication preferences in receiving marketing from us.

Sensitive Information includes information relating to any health and safety incident occurring at your workplace, which may include information about your health or medical conditions (which requires a higher level of protection under applicable data protection law).

Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to our services.

Transaction Data includes details about payments to and from you.

Usage Data includes information about how you use our services.

Purposes for which we will use your personal data – all services

Purpose/Activity

Type of data

Lawful basis for processing including basis of legitimate interest

To register you as a new customer, including taking you through an accreditation / certification process.

(a) Identity Data

(b) Contact Data

Performance of a contract with you or our client

To manage our relationship with you which will include:

(a) Notifying you about changes to our terms or this Privacy Policy

(b) Asking you to leave a review or take a survey

(c) Manage payments, fees, and charges

(d) Collect and recover money owed to us

(a) Identity Data

(b) Contact Data

(c) Marketing and Communications Data

(d) Financial Data

(e) Transaction Data

(a) Performance of a contract with you or our client

(b) Necessary to comply with a legal obligation

(c) Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services, to collect debts due to us)

To enable you to partake in a prize draw, competition or complete a survey

(a) Identity Data

(b) Contact Data

(c) Usage Data

(d) Marketing and Communications Data

(a) Performance of a contract with you

(b) Necessary for our legitimate interests (to study how customers use our products/services, to develop them and grow our business)

To administer and protect our business and a relevant platform (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) and monitoring usage of a relevant platform and compliance with the contract we have in place with our client 

(a) Identity Data

(b) Contact Data

(c) Technical Data

(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)

(b) Necessary to comply with a legal obligation

To deliver relevant platform content to you

(a) Identity Data

(b) Contact Data

(c) Usage Data

(d) Marketing and Communications Data

(e) Technical Data

Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy)

To use data analytics to improve a platform, services, marketing, customer relationships and experiences

(a) Technical Data

(b) Usage Data

Necessary for our legitimate interests (to define types of customers for our products and services, to keep our Platform updated and relevant, to develop our business and to inform our marketing strategy)

To make suggestions and recommendations to you about goods or services that may be of interest to you

(a) Identity Data

(b) Contact Data

(c) Technical Data

(d) Usage Data

Necessary for our legitimate interests (to develop our products/services and grow our business)

Specific services & platforms

SafeContractor (Canada)

ISOQAR

SafeContractor (UK)& SafeSupplier

SafeWorkforce

SafeHR

Planet Mark

SafeContractor (Canada)

When you use the SafeContractor (Canada) Platform, your personal data will be processed in accordance with the information below.

Disclosures of your personal data

In addition to the disclosure of personal data in accordance with this Privacy Policy, with your use of the SafeContractor (Canada) Platform we may have to share your personal data for the purposes set out above in the section titled ‘Sharing your information’. This includes third party anchor clients of SafeContractor (Canada) who may wish to purchase services via a contractor who are able to access contractor information (including in some circumstances, personal data) via the SafeContractor (Canada) Platform. Levels of personal data are limited in nature, restricted, and redacted where appropriate.

Checks are undertaken by Alcumus to ensure that the documents shared do not contain extensive or unnecessary personal data in excess of the types and categories of personal data outlined above.

Third-Party Software Developers

The SafeContractor (Canada) Platform is supported by a development team who are based in Lebanon, Canada and the UK. With this, your personal data may be accessible to the developers as a part of their work. The developers are subject to strict confidentiality and data protection measures to ensure the safe handling and transfer of any personal data they are provided.

Appointed Subprocessors

Purpose of Processing

Sub-Processors

Cloud Hosting

Amazon Web Services, Inc.

Payment Processors

Bambora Inc., Stripe, Inc., PayPal Holdings, Inc., WorldPay, GoCardless, Global Payment Inc.

Platform Engagement

Twilio Inc. (SendGrid), Pendo

Training Records

Rustici Software LLC (Scorn Cloud)

Sales Engagement Platforms

HubSpot, Inc. LinkedIn, Meta

Web Analytics

Google LLC, Pendo, Hotjar

Cloud Hosting

Microsoft Corporation

Call Recordings

Luminet Solutions Inc.

Geo Mapping

Apilayer Data Products GmbH (IP Stack)

Software Analytics

Airbrake Technologies, Inc, Pendo, Walkme Ltd.

Subscription Management

Odoo S.A

Development and Call Centre Provider

SmartSource

Call tracking

Infinity

Data processing

Dataddo

Customer Relationship Management

D365

Online Chat

LiveChat Inc

ISOQAR

When you use the ISOQAR service your personal data will be processed in accordance with the information below.

Disclosures of your personal data

In addition to the disclosure of personal data in accordance with this Privacy Policy, ISOQAR may have to share your personal data when providing you services. This includes disclosure to the United Kingdom Accreditation Service (UKAS) as part of their ongoing audit for ISOQAR to be UKAS accredited. These audits will include reviewing a selection of reports and occasionally a UKAS representative attending site visits conducted by ISOQAR. Any personal data shared with UKAS is done so on the basis that it is required for auditing purposes and the data deleted after review.

Third-Party Auditors

ISOQAR uses a number of subcontractors to provide its services. This includes a pool of qualified third-party auditors who undertake audits on behalf of Alcumus as required. Alcumus occasionally uses subcontracted technical advisors to verify the competence requirements of Alcumus auditors providing the Services.

For certain standards provided by Alcumus (specifically IFS and FSSC), Alcumus subcontracts the Services to our critical office location in Poland (an agency providing services under Alcumus’ UKAS accreditation).

Appointed Subprocessors

Purpose of Processing

Sub-Processors

Software Provider

SafetyCulture (UK) Limited

Cloud Hosting

Microsoft Ireland Operations Limited

Sales Engagement Platforms

HubSpot Inc., LinkedIn, Meta, Google LLC

Software Provider

EcoOnline Info Exchange Limited

Call Recording and Tracking

Ring Central

Data Processing

Dataddo

Customer Relationship Management

D365

Customer Quote Generation

Xait

Digital Signage Platform

Yodeck

SafeContractor and SafeSupplier (UK)

When you use the SafeContractor and SafeSupplier platform (the SafeContractor (UK) Platform), your personal data will be processed in accordance with the information below.

Disclosures of your personal data

In addition to the disclosure of personal data in accordance with this Privacy Policy, with your use of the SafeContractor (UK) Platform we may have to share your personal data as follows:

  • Safety Schemes in Procurement (SSIP) in relation to accredited SafeContractor (UK) members. This usually will be limited to business information, contact data and identity data.
  • Third party anchor clients of SafeContractor (UK) who may wish to purchase services via a contractor or supplier are able to access contractor information (including in some circumstances, personal data) via the SafeContractor (UK) Platform. Levels of personal data are limited in nature, restricted, and redacted where appropriate. At present, the types of documents made available to anchor clients include:
    • risk assessments;
    • health and safety policies;
    • training records; and
    • equipment issue or maintenance records. These documents may contain employee names, job titles, and contact details (including email or postal addresses).
  • Membership benefit providers. We work closely with and will sometimes share information with them about you so that they can send you information about any of their products and services you may be interested in, or any promotions they are running. SafeContractor's current partners are set out below. If you would like more information about the ways in which they process personal data, please refer to their privacy policies (as provided below):
    • TradePoint (click here for TradePoint privacy policy)
    • Fuel Card Services (click here for Fuel Card Services privacy policy)
    • Alcumus Insurance, provided by Kerry’s Insurance Group (click here for Alcumus Insurance privacy policy)

Checks are undertaken by Alcumus to ensure that the documents shared do not contain extensive or unnecessary personal data in excess of the types and categories of personal data outlined above.

Appointed Subprocessors

Purpose of Processing

Sub-Processors

Electronic Signature Service

DocuSign Inc.

Call Recordings and Tracking

Ring Central

Geo Mapping

Apilayer Data Products GmbH (IP Stack)

Software Analytics

Airbrake Technologies, Inc, Walkme Ltd., Pendo

Subscription Management

Odoo S.A

Development and Call Centre Provider

SmartSource

Data processing and integration

Dataddo, Zapier

Customer Relationship Management

D365

Online Chat

LiveChat Inc

Cloud Hosting

Amazon Web Services, Inc.

Payment Processors

Bambora Inc., Stripe, Inc., PayPal Holdings, Inc., WorldPay, Stripe, GoCardless, Global Payment Inc.

Platform Engagement

Twilio Inc. (SendGrid), Pendo

Training Records

Rustici Software LLC (Scorn Cloud)

Sales Engagement Platforms

HubSpot, Inc., LinkedIn, Meta

Web Analytics

Google LLC, Pendo, Hotjar

E-learning Software Provider

Omniplex (Host of SafeLearning)

Marketing and Email Automation

WeDoCRM

SafeWorkforce

When you use the SafeWorkforce platform (the SafeWorkforce Platform), your personal data will be processed in accordance with the information below.

Information uploaded to the SafeWorkforce Platform – Client Employees

Your personal data may be provided in accordance with a contract we have in place with your employer. In this scenario, your employer is the data controller in respect of such personal data and remains primarily responsible for such personal data.

It is your employer’s obligation to ensure that any individual’s personal data uploaded to the SafeWorkforce Platform understands that their personal data will be processed by us in accordance with our contract with your employer.

Information we upload to the SafeWorkforce Platform

There may be instances where we upload personal data to the SafeWorkforce Platform, either for our own purposes or to perform and provide the services . We will remain as data controller in relation to this personal data, be primarily responsible, and we will always act in accordance with this Privacy Policy.

Third Parties

SafeWorkforce occasionally uses a number of select subcontractors to provide its services. This includes a pool of qualified third-party health and safety experts. We may process your card payments via Worldpay, which may allow Worldpay to collect or share data about you. We do not control their actions and we are not responsible for their privacy policies. We therefore encourage you to read their Privacy Policy.

Appointed Subprocessors

Purpose of Processing

Sub-Processors

Legal Services Provider

Richard Hall & Partners

Occupational Health Services Provider

Fusion Occupational Health Limited

Valentine Occupational Health Limited

Insurance Provider

Towergate Insurance Brokers, part of Towergate Underwriting Group Limited, Kelliher Insurance Group

Electronic Signature Service

DocuSign Inc., Evalu-8 Software Limited

Sales Engagement Platforms

HubSpot Inc., LinkedIn, Meta, Google LLC

Call Recording and Tracking

Ring Central

Data Processing

Dataddo

Customer Relationship Management

D365

Payment Processors

Worldpay

SafeHR

When you use the SafeHR platform (the SafeHR Platform), your personal data will be processed in accordance with the information below.

Information we upload to the SafeHR Platform

There may be instances where we upload personal data to the SafeHR Platform, either for our own purposes or to perform and provide the services. We will remain as data controller in relation to this personal data, be primarily responsible, and we will always act in accordance with this Privacy Policy.

Information you upload to the SafeHR Platform - Employees

We provide access to the SafeHR Platform to you in accordance with a contract we have in place with your employer. In relation to any personal data that you upload or record on the SafeHR Platform, your employer is the data controller in respect of such personal data, and this means that it remains primarily responsible for such personal data.

We process this personal data on behalf of your employer to provide access to the SafeHR Platform for you and other authorised users. The precise purpose for which the personal data is processed will be determined by the terms of business we have with your employer, and by any applicable laws.

It is your employer’s obligation to ensure that any individual’s personal data uploaded to the SafeHR Platform understands that their personal data will be processed by us in accordance with our contract with your employer.

Third Parties

SafeHR occasionally uses a number of select subcontractors to provide the services. This includes a pool of qualified third-party HR experts.We may process your card payments via Worldpay, which may allow Worldpay to collect or share data about you. We do not control their actions and we are not responsible for their privacy policies. We therefore encourage you to read their Privacy Policy.

Appointed Subprocessors

Purpose of Processing

Sub-Processors

Electronic Signature Service

DocuSign Inc.

Sales Engagement Platforms

HubSpot Inc., LinkedIn, Meta, Google LLC, Pendo

Call Recording and Tracking

Ring Central

Data Processing

Dataddo

Web and Software Analytics

Pendo

Customer Relationship Management

D365, Freshdesk, Monday.com

Payment Processors

GoCardless, Stripe, Worldpay

Marketing and Software

NiftyQuoter, Zapier, Vimeo, Zoom.

Legal Services Provider

Thomas Higgins Limited

Planet Mark

The Planet Mark platform (Planet Mark Platform) is a software-as-a-service (SaaS) application that is provided as part of the services. By using the Planet Mark Platform you will upload, store, process, and analyse data related to the services.

Information you upload to the Planet Mark Platform

Although disclosure of personal data is not intended to form part of the services, you may upload evidence to support, for example, your emissions calculations which includes personal data. This personal data may be displayed in invoices, utility bills, expense claims, and more. We will always act in accordance with this Privacy Policy when processing such personal data.

Disclosures of your data

In addition to the disclosure of personal data in accordance with this Privacy Policy, we may share your personal data with certain subcontractors or third parties who are necessary to provide the services.

Appointed Subprocessors

Purpose of Processing

Sub-Processors

Electronic Signature Service

DocuSign Inc.

Finance

Xero

Customer Relationship Management

Dynamics 365

Contract Management

Dealhub

Marketing and Sales Engagement

Eventbrite, Zoom, Wordpress, Calendly, LinkedIn, Miro, Typeform.

Software Development

Azure, Codification Ltd, Zapier.

Marketing Analysis

Clozd


October 2024