EFFECTIVE DATE: 19th January 2021
At eLocker we offer solutions for businesses to manage their locker inventory and to allocate those lockers across their workforce and network securely. We take pride in the quality of our products and services and our high business standards; this extends to privacy and safeguarding your personal data.
This policy describes the information we collect or you shared with us when you visit our website (regardless of where you visit it from), or use any of our services, as well as how that data is used, stored and safeguarded, and your choices regarding this information.
This policy outlines how we at eLocker collect and processes your personal data through your use of our website (the “Website), as well as the eLocker Manager Platform and associated services (collectively the “Services”), including any data you may provide us when you create an account, use the eLocker Manager Platform, our services or interact with us in any way.
eLocker provides end-to-end electronic locker solutions to businesses active in a wide range of sectors, our Website and Services are not intended for personal use or for use by children and we do not knowingly collect data relating to children.
DATA CONTROLLER AND CONTACT DETAILS
Our details are as follows:
2 The Hill
In most cases we will act as a data processor, in particular, where your information has been provided to us by your employer (or another third-party) as a customer of eLocker.
HOW TO CONTACT US ABOUT YOUR RIGHTS AND DATA
By email at: email@example.com
We are regulated by the Information Commissioner’s Office and you have the right to make a complaint at any time to them. We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
INFORMATION COLLECTED ABOUT YOU
We have set out below the personal data about you we may collect, use, store and transfer when you interact with us through eLocker. Personal data means any information from which you can identify you, it does not include information we collected on an anonymous basis.
· Financial Data & Transaction Data: includes, where you opt to pay using a company payment card, your payment card details, billing address and purchase history – we do not knowingly collect or process personal card details.
· Profile Data: includes your username and password, details of your eLocker Manager account, your company name, job title, and, if you are issued one by your employer, the unique identification number (card ID) of your access card.
· Usage Data: includes information created about you through your use of our Services, in particular eLocker Manager, such as unique identifiers and activity logs.
· Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our Website or Services.
· Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties, other interactions with us, such as feedback to surveys or with our technical support or customer services teams, as well as your communication preferences.
We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
How your data is collected
We use different methods to collect data from and about you including through:
Direct interactions. You may give us your Identity, Contact, Financial, Profile, Marketing and Communications Data by interacting with us through our Website or Services, filling in forms or completing any registration process, or by corresponding with us. This includes personal data you provide when you:
§ create an account on eLocker Manager;
§ purchase any of our products and Services;
§ subscribe to any of our mailing lists or request marketing to be sent to you;
§ select your marketing and communications preferences;
§ complete a survey; or
§ give us feedback or contact us.
When using the Services. Through your use of our Services, and in particularly eLocker Manager, we will collect, process and store your Usage Data. Where your employer has registered you to our Service through eLocker Manager, we may also receive your Profile Data when you use the Service (such as when you use your unique access card to access an eLocker).
Automated technologies or interactions. As you interact with both our Website and Services, we automatically collect various information about you, such as the device you use when you interact with us, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies.
Third parties or publicly available sources. We will receive personal data about you from various third parties as set out below:
· Technical Data from the following parties:
o analytics providers such as Google;
o advertising networks; and
o search information providers.
· Contact, Financial and Transaction Data from providers of technical, payment and delivery services, such as our third-party payment processors, or social media platforms, such as LinkedIn, where you sign up to eLocker through referral from these platforms.
HOW WE USE YOUR INFORMATION
We collect, process, store and disclose personal data for a variety of different reasons, but in all cases when the law allows us to.
Whether you are subject to the General Data Protection Regulation (“GDPR”) or the UK Data Protection Act 2018, the law requires that companies processing personal data set out the specific lawful basis on which they process that data.
For the personal data identified in this policy where we act as the data controller, we rely on the following lawful basis to processing your data:
1. Consent: we use your consent as a legal basis for processing your personal data or for the purposes of marketing communications, in particular, where you register your interest with us through our Website or otherwise (such as at a trade show or networking event). You have the right to withdraw consent at any time by contacting us, or by opting out through any marketing communication we may provide.
2. Contractual Obligations: where we need to perform the contract we are about to enter into or have entered into with your employer.
3. Regulatory or Legal Obligations: where we need to comply with a legal obligation.
4. Legitimate Interests: where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. We rely on a wide range of legitimate interests as a business:
a. for marketing activities (other than where we rely on your consent);
b. to correspond or communicate with you;
c. to verify the accuracy of data that we hold about you;
d. to preserve the integrity of our network and information security and, in particular, for us to take steps to protect your information against loss or damage, theft or unauthorised access;
e. for prevention of fraud and other criminal activities;
f. to improve our Website, products and Services, in particular through analysing how you interact with us through our Website, products and Services to more generally improve your user experience;
g. for the management of queries, complaints, or claims, including when complying with a request from you in connection with the exercise of your data protection rights;
h. for the establishment and defence of our legal rights.
Where we act a data processor on behalf of our customers, we will predominantly rely on contractual obligations, legitimate interests and legal obligations as justification for processing your data.
We have summarised below the various ways we use your personal data and our legal basis for doing so.
We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising. In general we employ the following data control mechanisms when we use your personal data for the purpose of direct marketing:
When you register your interest on our Website, you are invited to consent to receiving marketing and other promotional information from us. You may withdraw this consent at any time by contacting us. Withdrawing consent will not prevent us from sending service messaging about eLocker Manager (such as planned downtime, upgrades, patches or changes to our terms and policies).
Promotional offers from us
We may use your Identity, Contact, Technical, Usage and Profile Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you (we call this marketing).
We will get your express opt-in consent before we share your personal data with any third party for marketing purposes.
Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of a product/service purchase, warranty registration, product/service experience or other transactions.
COOKIES AND OTHER TECHNOLOGIES
Cookies come in a variety of forms but are essentially small data files used to collect and store information about you. We use them on eLocker or on our website for a variety of different functions:
· for the smooth and safe operation of eLocker and our website;
· to manage your preferences and remember you for future visits;
· to analyse how you use eLocker and our website in order to continually make improvements.
The majority of these cookies are linked to your browser session (session cookies) and disappear once you close your browser. Others remain on your device for a longer period (persistent cookies).
INFORMATION SHARING AND DISCLOSURE
We share the information we collect or that is provided to us as follows:
Sharing with our Partners
We may share your personal data with the parties set out below for the purposes we have identified above.
We use a number of external Third Parties, who help us provide eLocker and our services. Currently, we use the following trusted Partners:
· AWS: our cloud provider.
· Office 365 and GDrive: for our working environments.
· ActiveCampaign: to help us send targeted marketing and advertising to you and to manage your consent preferences.
· Google Analytics: to help us analyse how users interact and use eLocker, which we then use to improve eLocker and our products and services.
Unless identified, your data is hosted and processed within the UK or the EEA. Where we do utilize a third-party located outside the UK or the EEA, we ensure that any transfers are done on the basis of compliant transfer mechanisms.
HOW WE SAFEGUARD YOUR DATA
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
RETENTION AND DELETION
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
YOUR DATA, YOUR RIGHTS
The title of this section says it all and as a citizen of the UK, or a country within the EEA, you have a wide range of rights with regards to your data under the General Data Protection Regulation (“GDPR”) or the UK Data Protection Act 2018.
You can enforce your rights by contacting us, or in most cases, by deleting your account and/or by ending your use of our Website, products or Services. Where we are acting as a data processor, you should enforce your rights through your employer, but we may, in certain circumstances, send your request to your employer where we are permitted to do so.
1. Right to Correction: if you believe any of the information on your profile to be inaccurate you have a right to request that we correct this. This right also extends to various other information we collect about you which you can request a copy of (see Right to Copies below).
2. Right to Copies of your data: you have a right to request a copy of the information that we hold about you along with an explanation from us as to why we process that information. We will provide this information to you free of charge for a first request, but will charge for reasonable administrative costs for further requests.
3. Right to erasure: you have a right to request the deletion of your data at any time. If you submit such a request to us we will consider carefully and reply with an explanation as to why we are required to retain certain information either by law or for our own legitimate reasons. Where, after review, we identify any data we do not need to retain for these purposes, we will delete that data as per your request.
4. Right to object or complain: you have a right to complain about how we are processing your data to our principal Data Protection Authority, the Information Commissioner’s Office here or in writing at the following address:
Information Commissioner’s Office
Should you have any concerns about how we are processing your data, we invite that you submit those questions to firstname.lastname@example.org.
UPDATES TO OUR POLICY
As we further enhance our Website, our Services and your eLocker experience, we may make changes to this policy from time to time. If we make any major changes, or any changes which directly affect the services provided to you or the data collected or processed by us, we will notify you of those changes by a prominent banner on our website or within eLocker Manager. However, we encourage you to periodically review this policy for the most up to date version.