This Policy applies as between you, the User of this Website and/or "the Services" (as described in our Terms of Services) and Firefish Software Ltd (“Firefish Software”), the owner and provider of this Website. This Policy applies to our use of any and all Data collected by us in relation to your use of the Website and any Services or Systems therein. Please also see our full terms and conditions of service.
This policy sets out our commitment to ensuring that any Personal Data which we process is carried out in compliance with Data Protection Law (Data Protection Act 2018, UK General Data Protection Regulation (UKGDPR) and all relative European Union and Member State data protection legislation in force and as amended or replaced from time to time). We are committed to ensuring that good data protection practice is embedded in the culture of our staff and our organisation.
Firefish Software acts primarily as a data processor, processing Personal Data in the course of providing services to its clients. Firefish Software also acts as a data controller insofar as it processes the Personal Data of its staff and any of our clients who are sole traders and partners (other than Scottish partnerships) and contacts at our corporate clients, suppliers and contractors.
This policy applies to all Personal Data processed by Firefish Software and is part of our approach to compliance with Data Protection Law. All Firefish Software staff are expected to comply with this policy.
Our data protection lead may be contacted by you in relation to any queries or concerns or you have regarding your Personal Data or if you wish to exercise any of your rights: - Please contact Emma Ibell at [email protected]
Last updated: July 2024
In this Policy the following terms shall have the following meanings:
"Account" means collectively the personal information, Payment Information and credentials used by Users to access Material and/or any communications System on the Website;
"Content" means any text, graphics, images, audio, video, software, data compilations and any other form of information capable of being stored in a computer that appears on or forms part of this Website;
"Cookie" means a small file that resides on your computer's hard drive that often contains an anonymous unique identifier and is accessible only by the website that placed it there, not any other sites
"Data" means collectively all information that you submit to the Website. This includes, but is not limited to, Personal Data, Account details and information submitted using any of our Services or Systems;
“Personal Data” means any information relating to an identified or identifiable natural person;
"Services" means collectively any online facilities, tools, services or information that Firefish Software makes available through the Website either now or in the future;
“Special Category Personal Data” means personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data and biometric data being processed for the purpose of uniquely identifying a natural person, data concerning health, including physical and mental health and data concerning a natural person's sex life or sexual orientation;
"System" means any online communications infrastructure that Firefish Software makes available through the Website either now or in the future. This includes, but is not limited to, web-based email, message boards, live chat facilities and email links;
"User" / "Users" means any third party that accesses the Website and is not employed by Firefish Software and acting in the course of their employment;
and "Website" means the website that you are currently using and any sub-domains of this site, unless expressly excluded by their own terms and conditions.
Without limitation, any of the following Data may be collected:
We may collect this information in a variety of ways including directly from you, when you use our online tools or from third parties including your employer.
Any Personal Data you submit will be retained by Firefish Software for as long as you use the Services and Systems provided on the Website [and for a period of 24 months thereafter], or for up to a period of six months following any inactivity.
Unless we are obliged by law to do so, and subject to Clause 4, your Data will not be disclosed to third parties for their own purposes or for sending their own marketing communications to you.
All Personal Data is stored securely in accordance with the principles of the General Data Protection Regulation as follows;
Personal Data: -
Any or all of the above Data may be required by us from time to time in order to provide you with the best possible service and experience when using our Website or the Services. Specifically, Data may be used by us for the following reasons:
We do not store any credit card details or bank details. These are stored on our behalf by Stripe and Go Cardless Inc who are PCI-DSS compliant. (See 4. Third Party Websites and Services)
Where you are an individual or a partner in a non-Scottish Partnership with whom we have a contract, we will process your Personal Data in order to implement our contractual obligations and exercise our rights in relation to that contract.
Where we do not have a contract with you but we use your Personal Data in relation to such a contract, we have a legitimate interest to use your Personal Data relevant to that contract. We also have a legitimate interest in processing your Personal Data where you are an employee at one of our contractors or suppliers.
We also have a legitimate interest to send marketing information to you at your business address and to your personal address where you have previously purchased services from us and you have not opted out of receiving such marketing.
We have internal policies and controls in place to try to ensure that your Data is not lost, accidentally destroyed, misused or disclosed and is not accessed except by its employees in the performance of their duties. We use appropriate standards for technology and operational security to protect your Personal Data.
We will not transfer any Personal Data to a country outside the EU or an international organisation without ensuring the level of protection provided by Data Protection Law is not undermined.
Firefish Software only processes Special Category Personal Data in relation to our employees.
Firefish Software may, from time to time, employ the services of other parties for dealing with matters that may include, but are not limited to, payment handling, delivery of purchased services, search engine facilities, advertising and marketing. The providers of such services do not have access your Personal Data unless it is necessary for them to perform the services that Firefish Software requests. Any data that is shared is limited to what is required for them to provide the service only. Any use for other purposes is strictly prohibited. Furthermore, any Data that is processed by third parties must be processed within the terms of this Policy and in accordance with the Data Protection Law. This may include the transfer of data to one or more countries outside the UK, or the European Economic Area.
Where we engage a third party to process Personal Data on our behalf, they only process your Personal Data on the basis of our written instructions, they are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure security of data. They are also not allowed to use your Personal Data for their own purposes.
Where any Personal Data is transferred out with the EU, we will ensure that adequate safeguards are in place, an adequacy agree mentor other contractual arrangement is in place as required by law.
Firefish Software uses Xero, Stripe, Chargebee and GoCardless Inc for payments and subscription handling, HubSpot Inc for its CRM, email delivery service, and for Customer Support & Success, Meta Inc, LinkedIn, X Corp (formerly Twitter), Google Inc and Hotjar for its web analytics service, Raygun to monitor application performance and User Voice to help us prioritise our roadmap.
Firefish Software uses Microsoft Azure Maps (powered byTomTom) for the purposes of geolocation and mapping to enhance your user experience by providing location-based information. Azure Maps shares customer provided addresses with a third party (TomTom) for mapping functionality purposes. These addresses are not linked to any end-user when shared with TomTom and cannot be used to identify individuals.”
Firefish Software may, from time to time, expand or reduce its business and this may involve the sale of certain divisions or the transfer of control of certain divisions to other parties. Data provided by Users will, where it is relevant to any division so transferred, be transferred along with that division and the new owner or newly controlling party will, under the terms of this Policy, be permitted to use the Data for the purposes for which it was supplied by you.
In the event that any Data submitted by Users will be transferred in such a manner, you will be contacted in advance and informed of the changes. When contacted you will be given the choice to have your Data deleted or withheld from the new owner or controller. Data transferred for this purpose will be subject to confidentiality agreements.
Wherever you are required to submit Data, you will be given options to restrict our use of that Data. This may include 1) use of Data for direct marketing purposes and 2) sharing Data with third parties.
You may access certain areas of the Website without providing any Data at all. However, to use all Services and Systems available on the Website you may be required to submit Account information or other Data. You may not restrict your internet browser's use of Cookies; they are essential for provision of the Services. For more information see clause 10 below.
Where Personal Data is processed on the basis of our contractual relationship with you, failure to provide that Personal Data may prevent us from fully implementing the contract or giving effect to your rights there under.
Firefish Software will ensure that it has procedures in place to allow data subjects to exercise the following data subject rights under the GDPR:-
Subject access: the right to request information about how Personal Data is being processed including whether Personal Data is being processed and the right to be allowed access to that data and to be provided with additional information about how your data is being processed.
Rectification: the right to have us rectify inaccurate Personal Data concerning you without undue delay.
Erasure: the right to have data erased in certain circumstances, and to have confirmation of erasure.
Restriction of processing: the right to ask for certain processing to be restricted in the certain circumstances.
Data portability: you have the right to receive a copy of the Personal Data you have provided to us and certain information generated by us, if our processing is carried by automated means, which will allow you to transfer it to another data controller.
Object to processing: you have the right to object, on grounds relating to your particular situation, to certain forms of processing being carried out.
Object to automated decision making: if we are making decisions about you based on automated processing which have a legal or similar effect on you, then in some circumstances you have the right to object to this decision being made solely on the basis of automated processing.
Firefish Software maintains a register of data breaches and all Personal Data breaches are recorded in this register which will be monitored. Action will be taken in relation to any issues identified in this register, particularly if any pattern of breaches is identified.
Where acting as a data controller, we will report Personal Data breaches which are likely to result in a risk to the rights and freedoms of the data subject to the Information Commissioner’s Office. Firefish Software will also communicate any Personal Data breach which is highly likely to result in a risk to the rights and freedoms of the data subject to the data subject or subjects involved.
If we embark on a new project which involves the processing of Personal Data, particularly one using new technologies, we will carry out a data protection impact assessment (DPIA). The decision to carry out a DPIA will take into account the nature, scope, context and purposes of the processing and determine if there is likely to be high risk to the rights and freedoms of natural persons.
Data security is of great importance to Firefish Software and to protect your Data we have put in place suitable physical, electronic and managerial procedures to safeguard and secure Data collected online. Please refer to our Trust & Data Security outline.
Strictly Necessary cookies - These are cookies that allow you to use different parts of our site. Without them different features that you have requested cannot be provided. These are usually set in response to an action performed by the user like clicking on a job advert or failing to enter the correct password to their account.
Functional cookies - These help us to make your experience within our site more personal. For instance, knowing if you have been on the site before so that messages for new visitors are not displayed to you.
Session cookies - These are stored while you browse our site and then deleted once you leave.
Persistent cookies - These are saved on your computer and won’t be deleted when you close the web page. We use these to provide functionality like keeping you logged in when you come back to the site.
Performance cookies - These help us to track how people are using our site. They help us to know what pages people are using most and how users navigate around the site, we use this information to make informed decision about how we can improve the user experience of our site.
The information we get using these cookies is completely anonymous and we will make no attempt to identify you or influence your experience of our site while you are on it. If you use the “Do Not Track” browser setting, we currently don’t respond to DNT requests.
.ASPXAUTH (Persistent Cookie)
This is a cookie we use to authenticate a logged in user on our site, effectively this is how we keep you logged into our site and able to navigate the site without needing to login every time.
ffcookies-dismiss (Persistent Cookie)
This is used to stop the cookie policy banner popping up every time you visit our site. This cookie holds no personal data.
ff_AdDist (Persistent Cookie, Functional Cookie)
This cookie is used to identify when a user has opened the current job advert page from a link sent to them by email from us. Eg. Job Alerts or Mailshots.
ff_secCheck (Persistent Cookie)
We use this to identify each session that is open on our site. This cookie holds no personal data. All it stores is an ID number generated by us.
ASP.NET_SessionId (Session Cookie)
We use this to identify each session that is open on our site. This cookie holds no personal data. All it stores is an ID number generated by us.
ffIEWarning (Session Cookie)
We use this cookie to notify a user that they are using an outdated version of IE and that they should upgrade. This cookie holds no personal data.
__AngularAntiXsrfToken (Session Cookie)
This cookie is used to ensure the person performing an action is currently browsing our website preventing cross site request forgery attacks. This cookie holds no personal data and only stores a random ID that persists for the length of the session.
__AntiXsrfToken (Session Cookie)
This is an additional cookie that is used to ensure the person performing an action is currently browsing a Firefish site preventing cross site request forgery attacks. This cookie holds no personal data and only stores a random ID that persists for the length of the session.
LinkedIn (Functional cookies)
These are used to allow visitors to post links directly into LinkedIn when visiting the site and are set after interacting with the sharing functionality. For detailed cookie information see: https://www.linkedin.com/legal/l/cookie-table#thirdparty
Meta (Functional cookies)
These are used to allow visitors to post links directly into Facebook when visiting the site and are set after interacting with the sharing functionality. For more information on how Meta use cookies see: https://www.facebook.com/policies/cookies
X Corp (formerly Twitter) (Functional cookies)
These cookies are used to allow visitors to post links directly to Twitter when visiting the site and are set after interacting with the sharing functionality. For more information on how Twitter use cookies see: https://help.twitter.com/en/rules-and-policies/x-cookies
HubSpot (Performance cookies)
Hubspot is used as a CRM and customer support tool to help understand how visitors use our website. For detailed cookie information see: https://knowledge.hubspot.com/reports/what-cookies-does-hubspot-set-in-a-visitor-s-browser
Google Analytics (Performance cookies)
We use google analytics to help us understand how visitors use our website. For detailed cookie information see: https://business.safety.google/adscookies/
Firefish Software reserves the right to change this Web Privacy & Cookie Policy as we may deem necessary from time to time or as may be required by law. Any changes will be immediately posted on the Website and we will additionally notify you of any significant changes by sending a notice to your primary email address as specified in your Firefish Software Account, or by a notice on the Website, and you are deemed to have accepted the revised terms of the Policy on your first use of the Website following the alterations.
If you believe that Firefish Software has not complied with your rights or if you have any concerns about how your Personal Data is being process you can complain to the Information Commissioner: -
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
www.ico.org.uk