Last updated: 18th June 2018
We will indicate within the registration processes of our products and services and other registration forms what types of personal data are required and those that are requested. You may choose not to submit the requested information, but that may limit or prohibit the services that we are able to provide to you.
The data controller of the personal data referred to in this Privacy Notice is MetaCompliance Limited (company no. NI049166) of the City Arc, 89 Worship Street, London, EC2 2BF.
Collection of your Personal Data
We collect personal data about you in three ways: directly from your input, from third-party sources, and through automated technologies.
Data You Provide to Us
The types of personal data that we collect directly from you depends on how you interact with us and the Service, which may include:
Data from your Organisation
We may obtain personal data about you from the organisation with which you are employed or affiliated in order to activate and manage your access to and use of the organisation’s subscription to the Service, including:
Data from Other Sources
We also may obtain contact details and other information about you from our affiliates and from other third parties, including:
Data from Service Use, Including Cookie
The Service may automatically collect information about how you and your device interact with the Service, including:
Use of your Personal Data
Depending on how you interact with us and the Service, we use your personal data to:
If you are an administrator of an organisation with a subscription to the Service, we will use your details to communicate with you about your organisation’s subscription and related services. If you supply us contact information of your colleagues, we may contact those individuals with communications about the Service that may include reference to you.
Sharing of Your Personal Data
If you access the Service through a subscription administered by your organisation, your personal data and certain usage data gathered through the Service may be accessed by or shared with the administrators authorised by your organisation for the purposes of usage analysis, subscription management and compliance, training course progress, performance and remediation
So that they can assist us with providing our services to you, your personal data may be transferred to, and stored at, a Service Provider destination outside the European Economic Area ("EEA"). Where your information is transferred outside of the EEA, we will take steps to ensure that the information receives the same level of protection as if it remained within the EEA, including by entering into data transfer agreements, using the EU Commission approved Standard Contractual Clauses, or by relying on certification schemes such as the EU-US Privacy Shield. You have the right to details of the mechanism under which your data is transferred outside of the EEA. For this information, please contact us using the details set out in the ‘Contact Us’ section below.
For Legal Reasons
We also will disclose your personal data if we have a good faith belief that such disclosure is necessary to:
Legal basis for processing your Personal Data
Our legal basis for collecting and using the personal data described above will depend on the personal data concerned and the specific context in which we collect it.
However, we will normally collect personal data from you under the following legal bases:
Retention of your Personal Data
We will retain your personal data for as long as your account is active or as needed to provide you with access to our Services. When we have no ongoing legitimate business need to process your personal data (for example, to provide Services to you or to retain records to manage any claims which you or we may have in respect of the Services we provide to you), we will either delete or anonymise it or, if this is not possible (for example, because your personal data has been stored in backup archives), then we will securely store your personal data and isolate it from any further processing until deletion is possible.
Rights in relation to your Personal Data
You have the following rights in relation to the personal data that we hold about you:
Security of your Personal Data
We implement technical and organisational measures and adhere to accepted industry standards to seek to ensure a level of security appropriate to the risk to the personal data we process. These measures are aimed at ensuring the integrity, confidentiality, and availability of personal data.
Our Services may, from time to time, contain links to and from the websites of our partners, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. We encourage you to carefully read the privacy notice of any website you visit.
We do not knowingly collect information from children under the age of 16 or target any of our Services to children under 16.
Changes to our Privacy Notice
We may update this Privacy Notice from time to time in response to changing legal, technical or business developments. When we update our Privacy Notice, we will take appropriate measures to inform you, consistent with the significance of the changes we make. We will obtain your consent to any material Privacy Notice changes if and where this is required by applicable data protection laws.
You can see when this Privacy Notice was last updated by checking the “last updated” date displayed at the top of this Privacy Notice.
Post: Should be sent for the attention of the Data Protection Officer to:
89 Worship Street