Last updated: 18th June 2018
We will indicate within the registration processes of our products and services and other registration forms what types of personal data are required and those that are requested. You may choose not to submit the requested information, but that may limit or prohibit the services that we are able to provide to you.
The data controller of the personal data referred to in this Privacy Notice is MetaCompliance Limited (company no. NI049166) of the 180 Piccadilly, London, W1J 9HF.
Collection of your Personal Data
We collect personal data about you in three ways: directly from your input, from third-party sources, and through automated technologies.
Data You Provide to Us
The types of personal data that we collect directly from you depends on how you interact with us and the Service, which may include:
- Contact details, such as your name, business email address and phone number;
- Account login credentials, such as usernames and passwords, password hints and similar security information;
- Other account registration and profile information, such as job title;
- Comments, feedback and other information you provide to us, including search query data and questions or information you send to customer support; and/or
- Communication preferences, including preferred language.
Data from your Organisation
We may obtain personal data about you from the organisation with which you are employed or affiliated in order to activate and manage your access to and use of the organisation’s subscription to the Service, including:
- Contact details, such as your name and business email address and phone number;
- Other account registration information such as job title; and/or
- Organisational user ID.
Data from Other Sources
We also may obtain contact details and other information about you from our affiliates and from other third parties, including:
- Service providers that help us determine a location in order to customise certain products to your location;
- Businesses with which we offer co-branded services or engage in joint marketing activities; and/or
- Publicly-available sources and data suppliers from which we obtain data to validate or supplement the information we hold.
Data from Service Use, Including Cookie
The Service may automatically collect information about how you and your device interact with the Service, including:
- Computer, device and connection information, such as IP address, browser type and version, operating system and other software installed on your device, mobile platform and unique device identifier and other technical identifiers, error reports and performance data;
- Usage data, such as the features you used, the settings you selected, your URL click stream data, including date and time stamp and referring and exit pages, search terms you used, and pages you visited or searched for on the Service;
For educational Services, the course modules and test questions you view, answer or complete; and/or
- For location-aware Services, the region, city or town where your device is located in order to provide you with more relevant content for where you are in the world.
Use of your Personal Data
Depending on how you interact with us and the Service, we use your personal data to:
- Provide, activate and manage your access to and use of the Service;
- Process and fulfil a request, subscription or other transaction;
- Provide technical, product and other support and to help keep the Service working, safe and secure;
- Enhance and improve the Service and our other products, events, and services and to develop new products, services and benefits;
- Offer you customised content and other personalisation to make the Service more relevant to your interests and geography;
- Respond to your requests, inquiries, comments and concerns;
- Notify you about changes, updates and other announcements related to the Service and our other products and services;
- Deliver targeted advertisements, promotional messages, notices and other information related to the Service and your interests;
- Provide you with promotional messages and other information about products, events and services of ours, our affiliates and third parties such as sponsors;
- Identify usage trends and develop data analysis, including for purposes of research, audit, reporting and other business operations, including determining the effectiveness of our promotional campaigns and evaluating our business performance, or in other ways pursuant to a customer agreement; and/or
- Comply with our legal obligations, resolve disputes, and enforce our agreements.
If you are an administrator of an organisation with a subscription to the Service, we will use your details to communicate with you about your organisation’s subscription and related services. If you supply us contact information of your colleagues, we may contact those individuals with communications about the Service that may include reference to you.
Sharing of Your Personal Data
If you access the Service through a subscription administered by your organisation, your personal data and certain usage data gathered through the Service may be accessed by or shared with the administrators authorised by your organisation for the purposes of usage analysis, subscription management and compliance, training course progress, performance and remediation
So that they can assist us with providing our services to you, your personal data may be transferred to, and stored at, a Service Provider destination outside the European Economic Area (“EEA”). Where your information is transferred outside of the EEA, we will take steps to ensure that the information receives the same level of protection as if it remained within the EEA, including by entering into data transfer agreements, using the EU Commission approved Standard Contractual Clauses, or by relying on certification schemes such as the EU-US Privacy Shield. You have the right to details of the mechanism under which your data is transferred outside of the EEA. For this information, please contact us using the details set out in the ‘Contact Us’ section below.
For Legal Reasons
We also will disclose your personal data if we have a good faith belief that such disclosure is necessary to:
- meet any applicable law, regulation, legal process or other legal obligation;
- detect, investigate and help prevent security, fraud or technical issues; and/or
protect the rights, property or safety of MetaCompliance, our users, employees or others; and
- as part of a corporate transaction, such as a transfer of assets to or an acquisition by or merger with another company.
Legal basis for processing your Personal Data
Our legal basis for collecting and using the personal data described above will depend on the personal data concerned and the specific context in which we collect it.
However, we will normally collect personal data from you under the following legal bases:
- Performance of a contract: If we have obligations under a contract with you, we will use your information to perform our obligations to you. For example, this includes personal data you provide when you register to use any of our Services and/or when you report a problem.
- Legitimate interests: We will use your information for our own legitimate interests, for example, to provide you with the best suitable content on our Website or app, to improve and promote our services and for our own administrative purposes including creating and maintaining business records of our relationship with you.
- Legal requirements/vital interests: In some cases, we will have a legal obligation to collect personal data from you (for example, for us to comply with tax laws which require us to collect and retain records of products and Services that we sell) or where we need the personal data to protect your vital interests or those of another person (for example, if you are involved in an emergency and we need to provide the details which we hold about you to the emergency services).
Retention of your Personal Data
We will retain your personal data for as long as your account is active or as needed to provide you with access to our Services. When we have no ongoing legitimate business need to process your personal data (for example, to provide Services to you or to retain records to manage any claims which you or we may have in respect of the Services we provide to you), we will either delete or anonymise it or, if this is not possible (for example, because your personal data has been stored in backup archives), then we will securely store your personal data and isolate it from any further processing until deletion is possible.
Rights in relation to your Personal Data
You have the following rights in relation to the personal data that we hold about you:
- If you wish to access, correct, update or request deletion of your personal data, you can do so at any time.
- You can object to processing of your personal data, ask us to restrict processing of your personal data or request portability of your personal data.
- You have the right to opt-out of marketing communications we send you at any time. You can exercise this right by clicking on the “unsubscribe” or “opt-out” link in the marketing e-mails we send you. To opt-out of other forms of marketing (such as postal marketing or telemarketing), then please contact using the details as set out in the ‘Contact Us’ section below.
- If we have collected and process your personal data with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal data conducted in reliance on lawful processing grounds other than consent.
- You have the right to complain to a data protection authority about our collection and use of your personal data. For more information, please contact your local data protection authority. The Information Commissioner’s Office is the data protection authority for the UK.
- If you would like to exercise any of your above rights please contact us using the contact details as set out in the ‘Contact Us’ section below. We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.
Security of your Personal Data
We implement technical and organisational measures and adhere to accepted industry standards to seek to ensure a level of security appropriate to the risk to the personal data we process. These measures are aimed at ensuring the integrity, confidentiality, and availability of personal data.
Our Services may, from time to time, contain links to and from the websites of our partners, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. We encourage you to carefully read the privacy notice of any website you visit.
We do not knowingly collect information from children under the age of 16 or target any of our Services to children under 16.
Changes to our Privacy Notice
We may update this Privacy Notice from time to time in response to changing legal, technical or business developments. When we update our Privacy Notice, we will take appropriate measures to inform you, consistent with the significance of the changes we make. We will obtain your consent to any material Privacy Notice changes if and where this is required by applicable data protection laws.
You can see when this Privacy Notice was last updated by checking the “last updated” date displayed at the top of this Privacy Notice.
Post: Should be sent for the attention of the Data Protection Officer to: