Web Privacy & Cookie Policy

This Policy applies as between you, the User of this Website and Firefish Software Ltd (“Firefish Software”), the owner and provider of this Website. This Policy applies to our use of any and all Data collected by us in relation to your use of the Website and any Services or Systems therein. Please also see our full terms and conditions of service.

 

This policy sets out our commitment to ensuring that any Personal Data which we process is carried out in compliance with Data Protection Law (Data Protection Act 2018, the General Data Protection Regulation 2016/679 and all relative European Union and Member State data protection legislation in force and as amended or replaced from time to time). We are committed to ensuring that good data protection practice is embedded in the culture of our staff and our organisation.

 

Firefish Software acts primarily as a data processor, processing Personal Data in the course of providing services to its clients. Firefish Software also acts as a data controller insofar as it processes the Personal Data of its staff and any of our clients who are sole traders and partners (other than Scottish partnerships) and contacts at our corporate clients, suppliers and contractors.

 

This policy applies to all Personal Data processed by Firefish Software and is part of our approach to compliance with Data Protection Law. All Firefish Software staff are expected to comply with this policy.

 

Our data protection lead may be contacted by you in relation to any queries or concerns or you have regarding your Personal Data or if you wish to exercise any of your rights: - Please contact Vicki Moir vmoir@firefishsoftware.com  

 

Last updated: July 2018

 
1. Definitions and Interpretation

In this Policy the following terms shall have the following meanings:


"Account" means collectively the personal information, Payment Information and credentials used by Users to access Material and/or any communications System on the Website;

"Content" means any text, graphics, images, audio, video, software, data compilations and any other form of information capable of being stored in a computer that appears on or forms part of this Website;


"Cookie" means a small file that resides on your computer's hard drive that often contains an anonymous unique identifier and is accessible only by the website that placed it there, not any other sites


"Data" means collectively all information that you submit to the Website. This includes, but is not limited to, Personal Data, Account details and information submitted using any of our Services or Systems;

 

“Personal Data” means any information relating to an identified or identifiable natural person;

"Services" means collectively any online facilities, tools, services or information that Firefish Software makes available through the Website either now or in the future;

 

“Special Category Personal Data” means personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data and biometric data being processed for the purpose of uniquely identifying a natural person, data concerning health, including physical and mental health and data concerning a natural person's sex life or sexual orientation;

 

"System" means any online communications infrastructure that Firefish Software makes available through the Website either now or in the future. This includes, but is not limited to, web-based email, message boards, live chat facilities and email links;


"User" / "Users" means any third party that accesses the Website and is not employed by Firefish Software and acting in the course of their employment;


and "Website" means the website that you are currently using and any sub-domains of this site, unless expressly excluded by their own terms and conditions.

 

2. Data Collected

Without limitation, any of the following Data may be collected:

 

  • name;
  • job title;
  • company name;
  • contact information such as email addresses and telephone numbers;
  • demographic information such as post code;
  • financial information such as credit / debit card numbers;
  • IP address (automatically collected);
  • web browser type and version (automatically collected); 2.9 operating system (automatically collected);
  • a list of URLS starting with a referring site, your activity on this Website, and the site you exit to (automatically collected);
  • and Cookie information (see clause 10 below).

 

We may collect this information in a variety of ways including directly from you, when you use our online tools or from third parties including your employer.

 

3. Our Use of Data

Any Personal Data you submit will be retained by Firefish Software for as long as you use the Services and Systems provided on the Website [and for a period of 24 months thereafter], or for up to a period of six months following any inactivity.


Unless we are obliged by law to do so, and subject to Clause 4, your Data will not be disclosed to third parties for their own purposes or for sending their own marketing communications to you.


All Personal Data is stored securely in accordance with the principles of the General Data Protection Regulation as follows;

Personal Data: -

 

  • is processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’);
  • is collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; (‘purpose limitation’)
  • is all adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed; (‘data minimisation’)
  • is all accurate and, where necessary, kept up to date and that reasonable steps will be
  • taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’)
  • is kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; (‘storage limitation’)
  • is processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).


Any or all of the above Data may be required by us from time to time in order to provide you with the best possible service and experience when using our Website or the Services. Specifically, Data may be used by us for the following reasons: 

 

  • internal record keeping and billing;
  • delivery and improvement of our Website or Services;
  • transmission by email of promotional or other communications materials to you;
  •  contact for market research purposes which may be done using email, telephone, fax or mail. Such information may be used to customise or update the Website;
  • producing reports or statistics on the people accessing the Website;
  • using the name and/or logo of the company you work for in marketing or publicity material, unless you specifically tell us otherwise. Your name and all other personal information will remain confidential at all times.


We do not store any credit card details or bank details. These are stored on our behalf by Recurly, and Go Cardless Inc who are PCI-DSS compliant. (See 4. Third Party Websites and Services)
 

Where you are an individual or a partner in a non-Scottish Partnership with whom we have a contract, we will process your Personal Data in order to implement our contractual obligations and exercise our rights in relation to that contract.

 

Where we do not have a contract with you but we use your Personal Data in relation to such a contract, we have a legitimate interest to use your Personal Data relevant to that contract. We also have a legitimate interest in processing your Personal Data where you are an employee at one of our contractors or suppliers.

 

We also have a legitimate interest to send marketing information to you at your business address and to your personal address where you have previously purchased services from us and you have not opted out of receiving such marketing.

 

We have internal policies and controls in place to try to ensure that your Data is not lost, accidentally destroyed, misused or disclosed and is not accessed except by its employees in the performance of their duties. We use appropriate standards for technology and operational security to protect your Personal Data.

 

We will not transfer any Personal Data to a country outside the EU or an international organisation without ensuring the level of protection provided by Data Protection Law is not undermined.

 

Firefish Software only processes Special Category Personal Data in relation to our employees.

 

4. Third Party Websites & Services

Firefish Software may, from time to time, employ the services of other parties for dealing with matters that may include, but are not limited to, payment handling, delivery of purchased services, search engine facilities, advertising and marketing. The providers of such services do not have access your Personal Data unless it is necessary for them to perform the services that Firefish Software requests. Any data that is shared is limited to what is required for them to provide the service only. Any use for other purposes is strictly prohibited. Furthermore, any Data that is processed by third parties must be processed within the terms of this Policy and in accordance with the Data Protection Law. This may include the transfer of your personal data to one or more countries outside the UK, or the European Economic Area.
 

Where we engage a third party to process Personal Data on our behalf, they only process your Personal Data on the basis of our written instructions, they are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure security of data. They are also not allowed to use your Personal Data for their own purposes.

 

Where any Personal Data is transferred outwith the EU, we will ensure that adequate safeguards are in place, an adequacy agreement or other contractual arrangement is in place as required by law.


Firefish Software uses Recurly, Inc. and Go Cardless Inc for payments and subscription handling, HubSpot Inc for its CRM and email delivery service, Facebook Inc for social posting and advertising services, Google Inc for its web analytics service, and Zendesk for its customer support application.

 

5. Changes of Business Ownership & Control

Firefish Software may, from time to time, expand or reduce its business and this may involve the sale of certain divisions or the transfer of control of certain divisions to other parties. Data provided by Users will, where it is relevant to any division so transferred, be transferred along with that division and the new owner or newly controlling party will, under the terms of this Policy, be permitted to use the Data for the purposes for which it was supplied by you.

In the event that any Data submitted by Users will be transferred in such a manner, you will be contacted in advance and informed of the changes. When contacted you will be given the choice to have your Data deleted or withheld from the new owner or controller. Data transferred for this purpose will be subject to confidentiality agreements.

 

6. Controlling Access to your Data

Wherever you are required to submit Data, you will be given options to restrict our use of that Data. This may include 1) use of Data for direct marketing purposes and 2) sharing Data with third parties.

 

7. Your Right to Withhold Information

You may access certain areas of the Website without providing any Data at all. However, to use all Services and Systems available on the Website you may be required to submit Account information or other Data.  You may not restrict your internet browser's use of Cookies; they are essential for provision of the Services. For more information see clause 10 below.

 

Where Personal Data is processed on the basis of our contractual relationship with you, failure to provide that Personal Data may prevent us from fully implementing the contract or giving effect to your rights there under.

 

8. Accessing your own Data and other rights

Firefish Software will ensure that it has procedures in place to allow data subjects to exercise the following data subject rights under the GDPR:-

 

Subject access: the right to request information about how Personal Data is being processed including whether Personal Data is being processed and the right to be allowed access to that data and to be provided with additional information about how your data is being processed.

 

Rectification: the right to have us rectify inaccurate Personal Data concerning you without undue delay.

 

Erasure: the right to have data erased in certain circumstances, and to have confirmation of erasure.

 

Restriction of processing: the right to ask for certain processing to be restricted in the certain circumstances.  

 

Data portability: you have the right to receive a copy of the Personal Data you have provided to us and certain information generated by us, if our processing is carried by automated means, which will allow you to transfer it to another data controller. 

 

Object to processing: you have the right to object, on grounds relating to your particular situation, to certain forms of processing being carried out.

 

Object to automated decision making: if we are making decisions about you based on automated processing which have a legal or similar effect on you, then in some circumstances you have the right to object to this decision being made solely on the basis of automated processing.

 

Firefish Software maintains a register of data breaches and all Personal Data breaches are recorded in this register which will be monitored. Action will be taken in relation to any issues identified in this register, particularly if any pattern of breaches is identified.

 

Where acting as a data controller, we will report Personal Data breaches which are likely to result in a risk to the rights and freedoms of the data subject to the Information Commissioner’s Office. Firefish Software will also communicate any Personal Data breach which is highly likely to result in a risk to the rights and freedoms of the data subject to the data subject or subjects involved.

 

If we embark on a new project which involves the processing of Personal Data, particularly one using new technologies, we will carry out a data protection impact assessment (DPIA). The decision to carry out a DPIA will take into account the nature, scope, context and purposes of the processing and determine if there is likely to be high risk to the rights and freedoms of natural persons.

 

9. Security

Data security is of great importance to Firefish Software and to protect your Data we have put in place suitable physical, electronic and managerial procedures to safeguard and secure Data collected online. Please refer to our Trust & Data Security outline. 

 

10. Cookies

Strictly Necessary cookies - These are cookies that allow you to use different parts of our site. Without them different features that you have requested cannot be provided. These are usually set in response to an action performed by the user like clicking on a job advert or failing to enter the correct password to their account.

 

Functional cookies - These help us to make your experience within our site more personal. For instance, knowing if you have been on the site before so that messages for new visitors are not displayed to you.

 

First party cookies - These are cookies that are set by our website. And only we can read them.

 

Session cookies - These are stored while you browse our site and then deleted once you leave.

 

Persistent cookies - These are saved on your computer and won’t be deleted when you close the web page. We use these to provide functionality like keeping you logged in when you come back to the site.

 

Performance cookies - These help us to track how people are using our site. They help us to know what pages people are using most and how users navigate around the site, we use this information to make informed decision about how we can improve the user experience of our site.

 

The information we get using these cookies is completely anonymous and we will make no attempt to identify you or influence your experience of our site while you are on it. If you use the “Do Not Track” browser setting, we currently don’t respond to DNT requests.

 

Third party cookies  - These can be things like Google Analytics and other embedded content.

 

Cookies we use 

 

 

 

11. Changes to this Policy

Firefish Software reserves the right to change this Web Privacy & Cookie Policy as we may deem necessary from time to time or as may be required by law. Any changes will be immediately posted on the Website and we will additionally notify you of any significant changes by sending a notice to your primary email address as specified in your Firefish Software Account, or by a notice on the Website, and you are deemed to have accepted the revised terms of the Policy on your first use of the Website following the alterations.

 

If you believe that Firefish Software has not complied with your rights or if you have any concerns about how your Personal Data is being process you can complain to the Information Commissioner: -

 

Information Commissioner’s Office

Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

 

www.ico.org.uk