OnTrack GDPR Privacy Notice

We understand that your privacy is important to you and that you care about how your personal data is used and shared. We respect and value the privacy of everyone who uses our services and will only process information in ways that are consistent with your rights, and our obligations under the law. 

Our privacy notice exists to provide you with key information about:  

  • The data we process and why
  • What happens to your data
  • Sharing and transfers of data
  • How your data is kept secure
  • Your data protection rights
  • How to contact us
  • How to make a complaint

Your acceptance of this notice occurs when you sign up to OnTrack GDPR and you confirm you have read, understood and agree to its provisions. If you do not understand or accept the privacy notice, you must stop using our services immediately. Please contact us if you need assistance. 

About us

On Track GDPR is owned and operated by Smarter Data Protection Ltd (SDP), a limited company registered in England and Wales under company number 11024613. Our Data Protection Lead is responsible for handling compliance with data protection law, and for effectively handling all queries from data subjects about their personal data. 

OnTrack GDPR c/o Smarter Data Protection Ltd 
Unit 15, Riverside Industrial Estate 
South Street 
Rochford 
Essex, SS4 1BS 
Tel: 01702 866826 
Email: [email protected]

The data we process and why

To comply with the GDPR, we are required to have a lawful basis for processing all personal data. The table below lists the different reasons why we collect and process your personal data, and our lawful basis for doing so.

We do not collect any data about you from third parties.

Processing purposePersonal data processedLawful basis
To provide free trials and sign up supportproviding access to free trial accountsbooking and delivering demonstrationshandling enquiries and providing supportNameContact detailsArticle 6 (b) Contract
To deliver paid products and services includingproviding access to paid OnTrack accountsending operational communications (i.e. sign up & forgotten password emails)providing customer support via email and telephone (Helpdesk)processing billing information, invoices and paymentsNameContact detailsBilling and payment info (main subscriber only)Article 6 (b) Contract
To protect our services, and to monitor, prevent and detect risks NameContact detailsIP addressDevices usedArticle 6 (b) Contract
To enhance our products and services by soliciting your feedback and/or asking you to take part in market researchNameContact detailsArticle 6 (f) Legitimate interests
Publishing your feedback or testimonialNameArticle 6 (b) Consent
To send you direct email marketingNameEmail addressArticle 6 (f) Consent
To maintain an email marketing unsubscribe list Name Email addressArticle 6 (c) Legal obligation
To manage your data protection rightsNameContact detailsIdentificationArticle 6 (c) Legal obligation

What happens to your data

Free trial accounts and sign up support

As part of our sign-up process you may set up a free trial account, request a free demo or GDPR consultation. 

We will add your information to our customer relationship management system (CRM), and only use it to respond to your enquiry or request in a timely fashion. If you do not take up any of our products and services, we will delete your details from our CRM 6 months after we deem the enquiry closed. If you would like your data deleted before then, please just let us know.

If you set up a free trial but do not subscribe your account will be locked out. We will retain your account for 12 months in case you change your mind and wish to reopen it. If you would like your information deleted before this time, please just let us know.

To deliver products and services

We must process a limited amount of your personal data to provide our services to you. You can only opt out of this type of processing if you cancel your subscription and cease to use our services.

We will process your personal data for as long as you use our service, and we will retain it for at least 6 years after for taxation and legal purposes.

Protecting our services and monitoring activity to prevent and detect risks

We use certain tools and systems to protect and secure our online services. From time to time we may also need to use your personal data to investigate, detect and prevent fraudulent or malicious behaviour. We may also monitor service use to ensure that all system users are using the service in accordance with our terms.

In these instances, we will process your personal data for as long as you use our services, or there is an open investigation. We may need to retain the data for legal purposes.

Soliciting feedback and research

We solicit feedback from our customers so that we may continually improve our services. We view this as a legitimate business interest. If you do not wish to be contacted for such purposes you can opt-out or unsubscribe at any time by clicking the relevant link in the email, or by contacting us directly. 

We will retain this information for as long as you remain a customer, or until you opt-out.

Testimonials

If we want to publish your testimonial or feedback, we will ask for your consent to do so in writing. You can revoke your consent at any time by contacting us. We will seek to remove the published information as soon as is reasonably possible.

We will retain this information for as long as you remain a customer or until you revoke consent and ask for it to be deleted.

Direct email marketing

We operate an email marketing list so that we can keep our customers up to date with company news, promotional offers, and marketing emails. We only do so when we have your consent. You can opt-out or unsubscribe at any time by clicking the relevant link in the email, or by contacting us directly.

Your personal data will be retained until you unsubscribe, or we cease to operate the email marketing list.

Managing your data protection rights/maintaining an unsubscribe list

We have a duty to uphold your data protection rights. To do this, we will need to process and store some limited information about you. 

For example, when you unsubscribe from our email marketing list, we must keep a record to ensure your details are not re-added to the mailing list, in error, at any point in the future.

If you submit a subject access request, we will need to keep a log of your request, and the steps we’ve take to respond to you. 

We will retain records of this nature for a period of at least 6 years and maybe longer if we need to retain the data for legal purposes.

Cookies

We only use cookies and other tracking technologies where it is necessary to the efficient operation and security of our App or where they do not involve the processing of your personal data. 

Sharing and transfers of data

We will never share or sell your data to any other company for commercial gain. We only ever “share” or transfer your data as part of our core processing activities. So, for example, by using a card payment processing provider to take payment for goods or services. These third parties are “data processors”.

Our current list of data processors includes:

  • Azure
  • Siteground
  • Office 365
  • Stripe
  • Sendgrid
  • Cloudflare
  • Hubspot
  • Your Office & PA

We require all data processors to respect the security of your personal data and to treat it in accordance with the law. Data processors are not allowed to use your personal data for their own purposes; we only permit them to process your personal data for specified purposes and in accordance with our instructions.

We also ensure that any international transfers of data are done with the required safeguards in place. When processing takes place in the US, we ensure the Processor participates in, and has certified their compliance, with the EU-US Privacy Shield Framework.

How your data is kept secure

  • Putting appropriate security measures in place, to prevent your personal data from being accidentally lost, used, altered, disclosed or accessed in an unauthorised way.
  • Limiting access to your personal data on a ‘need to know’ only basis.
  • Ensuring our staff are trusted and trained in data protection compliance and confidentiality.
  • Following due process to deal with any suspected personal data breach.
  • Only transferring your data outside of the European Economic Area (EEA) with the required safeguards and guarantees in place
  • Only retaining your personal data for as long as necessary to fulfil the purpose we collected it for.

Your data protection rights

We fully support your rights and will always seek to uphold them. If you ever feel this is not the case, please contact us. At any point you can exercise your:

  • Right of access – contact us for a copy of the data we hold about you.
  • Right of rectification – let us know if the data we hold is out of date or inaccurate and we’ll update it.
  • Right to be forgotten – if you no longer want to use our services, please contact us and we’ll delete the data we’re able to. We may need to retain certain information for legal and taxation purposes.  
  • Right to restrict processing – we only ever collect data we need and actively ensure we’re never collecting anything over and above need.  
  • Right of portability – we will support reasonable requests to transfer your data to another organisation should you require it.  
  • Right to object to automated decision making and profiling

If you’re unhappy with the way we’re processing your data, please contact us. If we ever refuse to uphold your rights, we will provide you with a reason why. You will then have the right to complain to your data protection authority as detailed below. 

How to contact us

To exercise all relevant rights, queries or complaints in relation to this Cookie Policy please contact our Data Protection Lead:

OnTrack GDPR c/o Smarter Data Protection Ltd

Unit 15, Riverside Industrial Estate

South Street

Rochford

Essex, SS4 1BS

Tel: 01702 866826 

Email: [email protected]

How to make a complaint

If this does not resolve your issue to your satisfaction, you have the right to lodge a complaint with the UK’s Supervisory Authority, the Information Commissioner’s Office.

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire SK9 5AF

Tel: 0303 123 1113

Web: https://ico.org.uk/make-a-complaint/