OpenPSM is committed to upholding your privacy as a valued client, prospective client or user of this website. The personal information about you that we collect, process or use (‘personal data’) is held securely and treated in accordance with this Policy. Whenever you give us personal data, you are consenting to collection and use as explained at the time of collection and in this Policy.
We operate an integrated communications programme which means we use your personal data to communicate with you through several different channels, including direct mail and email. Our aim is to keep you up-to-date with the latest news, our services, and our training and events programmes. However, if you feel you no longer wish to receive direct mail or email communications from us, you can opt out at any time.
This Policy is designed to help you understand what information we collect, why we collect it and how we use it, and to explain the rights you have as an individual in connection with your personal data, including how to contact us or to make a complaint.
This Policy applies to OpenPSM Ltd, who we also refer to throughout as “we”, “us” or “our”,
OpenPSM Ltd is registered as a data controller with the Information Commissioner’s Office (ICO), which is the UK’s supervisory authority set up to uphold information rights. As a data controller we are responsible for ensuring that when we process personal data we comply with EU and UK data protection law and use it in accordance with our client’s instructions and our professional duty of confidentiality.
Why we collect and process Personal Data
As a software services provider, we collect and maintain information about companies that use or could benefit from our products. To help us communicate effectively with those companies, we also collect the professional details of individuals who might engage us, work with us or be involved in the decision-making process to buy our products. Information is limited to that necessary for us to carry out our business activities, but it may include:
- Occupation, professional interests, and contact details
- Professional Information, including qualifications and experience relevant to our services
- Technical (IT) personal data in connection with details of visits to our website
In general terms we will collect and use personal data to:
- Provide software services to companies and manage our relationships with them
- Provide individuals, in their professional capacity, with information about us and the services we offer that may be of interest to them or their organisation
- Help us to improve our business and the services we offer
How we collect Personal Data
We will collect personal data from you in person when we meet you or through correspondence with you or colleagues in relation to the services we provide, and via our website.
Third parties may also provide us with personal data to enable us to deliver our services to you in your professional capacity. The processing of this information may be necessary to enable us to enter into a contract and/or to support contract execution.
Other sources of personal data could include, but may not be limited to, the following:
- Publicly accessible registers and directories
- Company websites and social media
- Electronic communications systems and mail
When you provide personal data to us relating to a third party you confirm that you have any necessary permission or authority to do so. You are also responsible for ensuring that the provision of that personal data complies with data protection and other applicable law.
Visitors to our website
Our website does not store or collect any personal information about site users. The system will record your email address and other information if volunteered to us by you through certain sections of the site, for example when commenting on a blog post or requesting information about our software/services. This information will be treated as confidential. It may only be used for internal review and to contact you regarding any feedback.
Our website is not intended for children and we do not knowingly use it to collect data relating to children.
A cookie is a small file, which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
You can choose to accept or decline cookies. You can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.
You can easily remove any cookies that have been created in the cookie folder of your browser. For example, if you are on a Windows machine, here are the steps on how to use Windows Explorer to erase cookie files:
Click on ‘Windows Explorer’
Click on ‘Tools’
Click on ‘Internet Options’
Click on the ‘General’ tab
Click on the ‘Delete’ button in the ‘Browsing History’ section
Click on the ‘Delete Cookies’ button next to the ‘Cookies’ section
Close when finished
Click on the ‘OK’ button to close
How we use Personal Data
Lawfulness of processing
Under data protection law, we can only use your personal data if we have a proper reason for doing so, examples include circumstances where:
- You have given consent to processing for one or more specific purposes
- Processing is necessary for the performance of a contract to which you are a party or to take steps at your request prior to entering into a contract
- Processing is necessary for compliance with our legal obligations
- We have legitimate interests
A legitimate interest is when we have a business or commercial reason to use your personal data, so long as this is not overridden by your own rights and interests. We will always balance any potential impact on you and your rights before we process your personal data for our legitimate interests.
We may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
Change of purpose
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
We may use your personal data to send you the latest news and provide updates about our services, including new services, and training and events that might be of interest to you in your professional capacity, or your organisation.
We have a legitimate interest in processing your personal data for our business development purposes. This means we do not usually need your consent to send you updates and information about our services. However, as part of satisfying the balancing test conducted under our Legitimate Interests Assessment, we will only collect data that are strictly necessary to meet our stated business needs and then only use this information in our dealings with you in your professional capacity, in ways that you might reasonably expect us to in a business to business environment.
We will always treat your personal data with the utmost respect and we will never sell or share personal data with other organisations for marketing purposes.
You also have the right to opt out of receiving marketing communications at any time by:
- Using the ‘unsubscribe’ link in our marketing emails
- Contacting us using the contact us form on our website
If you should ask us to provide services in the future, or if there are changes in the law or the structure of our business, we may ask you to confirm or update your marketing preferences.
We may need to share personal data under binding confidentiality agreements with our employees, contractors, partners, agents or business advisers, to carry out commercial negotiations and/or deliver services.
Our IT support and service providers may also access your personal data through the course of their work in providing support to us.
We only allow our service providers to handle your personal information if we are satisfied they take appropriate measures to protect it. We also enter into contractual arrangements with service providers to ensure they can only use your personal data to provide services to us.
Where your Personal Data is held
Information may be held at our offices and in secure data centres in the UK and US, with all reasonable technological and operational measures in place to safeguard it from unauthorised access.
We also use hosted services provided by global companies operating secure data centres around the world. For operational reasons, they may transfer data to centres outside of the UK but where this takes place, data will remain protected by appropriate safeguards in line with UK law.
In certain limited circumstances we may also need to access personal data from outside of the UK, as outlined below.
Accessing your Personal Data from outside of the UK
To deliver services to you and your organisation, it is sometimes necessary for us to access your personal data from locations outside of the UK, for example:
- Where there is an international dimension to the services we are providing
- If you are based outside the UK
- If a member of our staff needs to access it remotely while travelling outside the UK
In these circumstances, we undertake an assessment of the level of protection provided and the circumstances surrounding access. We will make sure that any transfers are limited to the minimum amount of information possible and with appropriate safeguards in place.
How long your Personal Data will be kept
We will only retain your personal data for as long as is necessary to meet our business needs, which may include the need to satisfy any legal or contractual obligations.
When it is no longer necessary to retain your personal data, records will normally be deleted but information may be anonymised for research purposes. Once anonymised, this information can no longer be used to identify you and so we may use it indefinitely without further notice.
To determine the appropriate retention period for personal data, we consider business needs, the amount, nature, and sensitivity of data, and the potential risk of harm from unauthorised use or disclosure.
How we protect your Personal Data
Keeping information secure is a key part of data protection compliance. We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, contractors, partners, agents or business advisers who have a need to know to support our stated business activities, and then only when under a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
If we have given you a username and password which allows you to access our online training portal, you are responsible for keeping it confidential.
Your Personal Data and your rights
You are entitled at any time to ask us for a copy of personal data we hold about you, known as a data subject access request. You are also entitled to ask that any information we hold about you is supplemented, updated or rectified and can make any of these requests free of charge by contacting us via our website.
In certain circumstances you can also ask us to restrict our processing of your personal data, for example if you contest the accuracy of it. We will always review your request and will inform you if we decide we are not required to action it. If you require us to restrict or stop processing your personal data in any way, this may impact on our ability to provide our services to you and your organisation.
We will aim to respond to your request within one month once we have assessed how feasible your request is, considering the technical aspects involved.
For further information on each of those rights, including the circumstances in which they apply, please contact us or see the Guidance from the UK ICO on individuals’ rights under the General Data Protection Regulation.
We do not use your personal data for automated decision making.
How to complain
We hope that we can resolve any query or concern you may raise about our use of your information. If you want to complain about how we have handled your personal data, please get in touch with your usual OpenPSM contact or through the enquiry form below. We will investigate your complaint but if you are not satisfied with our response or believe we are processing your personal data unlawfully, you can complain to the UK Information Commissioner’s Office. Further information is available on the ICO website or telephone 0303 123 1113.
OpenPSM Ltd, 2 Chancery Lane, Wakefield WF1 2SS