Privacy Notice
Introduction
Experian Limited (00653331) with registered office at The Sir John Peace Building Experian Way, Ng2 Business Park, Nottingham, United Kingdom, NG80 1ZZ (“we” or “us”) is committed to working in accordance with the General Data Protection Regulation as enacted by the Data Protection Act 2018 (GDPR) and with the highest standards of ethical conduct.
This Privacy Notice describes how we collect and use Personal Data about you during the period in which we are engaging with you on a business to business basis.
In relation to your Personal Data, we shall be acting as a Data Controller for Personal Data we collect about you.
Capitalised words not defined herein shall bear the meanings associated with them under the GDPR.
We have appointed a Data Protection Officer to inform and direct our use of your Personal Data who may be contacted by email at privacy@paydashboard.com.
Data Protection Principles
In adhering to the GDPR we are committed to protecting Personal Data in accordance with the following:
1. Data must be processed lawfully, fairly and in a transparent manner.
2. Data must be obtained for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
3. Data processed must be adequate, relevant and limited to what is necessary.
4. Data must be accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure data that are inaccurate, are erased or rectified without delay.
5. Data must not be kept for longer than is necessary for the purposes for which the data are processed.
6. Data must be processed in a manner that ensures appropriate security of the Personal Data, including protection against unauthorised or unlawful processing, accidental loss, destruction or damage, using appropriate technical or organisational measures.
Personal Data
The Personal Data, as defined under the GDPR, which we process includes certain information which can be used to identify the person in question (“Data Subject”, or “you”).
Although we don’t currently collect and/or process Sensitive Personal Data, we shall inform you should this change, as well as the further protections that we would implement.
The Personal Data we collect and Process about you is as follows:
Purpose/Activity
- To manage our relationship with you which will include:
- (a) Notifying you about changes to our terms or privacy policy
- (b) Asking you to leave a review or take a survey.
- Raising awareness of our brand;
- Generating sales leads;
- Following up on sales leads;
- Generating inbound sales enquiries.
- To use data analytics to improve our products/services, marketing, customer relationships and experiences.
- To make suggestions and recommendations to you about goods or services that may be of interest to you and are related to the information or services we have previously provided.
Type of Data
Email Address | Contact / Profile |
Job Title | Identity |
Forename | Identity |
Surname | Identity |
Telephone Numbers | Contact |
IP Address | Identity |
When and how data is collected
Data is collected from you directly.
Data retention
Unless otherwise instructed by you, we retain Personal Data for a period of 12 months from when you last contacted us or used our services.
Following the above 12 month period, the Personal Data is anonymised.
Lawful Basis
Under the UK GDPR, the lawful bases we rely on for processing your personal data for the above purposes are:
Consent: in some circumstances we rely on your specific consent, whereby you actively agree and “opt-in” to receive our services – for example if you subscribe to our blog.
Where you consent to receive certain information, we will provide you with this and communicate with you in your chosen method as applicable.
You may withdraw your consent at any time by using the opt-out links at the bottom of the email, or by emailing your opt-out request to marketing@paydashboard.com.
Legitimate Interests: we can also use personal information where the benefits of doing it are not outweighed by the interests or fundamental rights or freedoms of individuals. This is known as the legitimate interests condition for processing.
We specifically rely on Legitimate Interests to:
• send you marketing communications about our webinars, events, products and/or services
• personalise the marketing content we provide you
• undertake business sales and advertising activities
• research publicly available business contact details
Where we have reason under legitimate interest to update you about our services we may reasonably do so. You may opt out at any time by using the opt-out links that are included at the bottom of all marketing email, or by emailing your opt-out request to marketing@paydashboard.com
Third-parties
We will not share your Personal Data with other companies.
We may provide links to third-party websites or resources. We do not control these third-party websites and we are not responsible for their privacy statements. We encourage you to read the privacy notice of every website visited.
Other Non-Personal Data
This is data where your identity has been removed (anonymised data). We use such data for our own purposes.
Keeping in touch with you
Where we have reason under legitimate interest to update you about our services we may reasonably do so. You may opt out at any time.
Where you request us to add you to a subscription list to receive certain information we will do so and communicate with you in your chosen method as applicable. You may request to be removed from such lists at any time.
We will not share your Personal Data with other companies.
Rights of Data Subjects
You have the following rights under the GDPR:
1. the right to be informed, which encompasses the obligation to provide transparency as to how Personal Data will be used;
2. the right of access;
3. the right to rectification of data that is inaccurate or incomplete;
4. the right to be forgotten under certain circumstances;
5. the right to block or suppress processing of Personal Data; and
6. the right to object.
Where you wish to exercise any of the above rights, you should contact us, the Data Controller, at privacy@paydashboard.com.
Security of Data
We are committed to taking steps to ensure that Personal Data is protected, and to prevent any unauthorised access, unauthorised changes, accidental loss, destruction, unlawful processing, equipment failure or human error, and will do this through the continual monitoring of our security systems and by regular training and awareness raising.
Any data breaches will be managed according to the Company’s procedures documented in its Incident Management Policy and Procedures.
Unless otherwise directed by legal obligation, any requests from a governmental body shall be referred to the Data Controller.
Third party Data Processors
In providing the Services, we currently engage the following parties, all of whom we have assessed to ensure GDPR compliance:
Processor | Service | Data | HQ |
Salesforce | CRM system partner | UK | US |
Act-On | Marketing platform partner | EEA | US |
Fortrabbit | Infrastructure hosting partner | EEA | EEA |
Transferring Personal Data to a Country Outside the EEA
Other than as set out above, we do not transfer Personal Data outside the European Economic Area (EEA) if you yourself are based within the EEA.
If you are based outside of the EEA we shall be obliged to send your Personal Data outside of the EEA, in order to provide our services and to reach you.
Whenever we transfer your Personal Data to a third-party data processor outside of the EEA, we have ensured that appropriate measures, as allowed for by the GDPR, are in place to continue the ongoing protection of your Personal Data.
Data Protection Measures
The Company is committed to ensuring the security of Personal Data and to processing it in line with the Data Protection rules. As such, the Company will:
1. Ensure that all staff are aware of their responsibilities and the Company’s obligations and responsibilities in relation to data protection.
2. Ensure that all staff and individuals/organisations who handle data on behalf of the Company are appropriately trained and receive refresher training on a regular basis.
3. Ensure that all staff and individuals/organisations who handle data on our behalf are regularly monitored, assessed and reviewed.
4. Ensure that all organisations who handle data on our behalf are carrying out data processing in line with the Data Protection rules.
5. Regularly review the Company’s methods of data collection, handling, processing and storage.
Monitoring
We are committed to monitoring this Privacy Notice and will update it as appropriate, on an annual basis or more frequently if necessary.
Complaints
We try to meet the highest standards when processing your Personal Data. For this reason, we take any complaints we receive about our services seriously. We encourage you to bring any issues, in relation to data privacy, to our attention if you think that our processing of your Personal Data is unfair, misleading or inappropriate by email at privacy@paydashboard.com
You may also contact the Supervisory Authority in the UK, the Information Commissioner’s Office, by selecting the appropriate option at https://ico.org.uk/concerns
PayDashboard uses cookies
The PayDashboard website and marketing utilises "cookies". You can read our cookie notice here.
16 September 2019
Version 1.1
Updated 15/07/2022 - updated registered address
Updated 26/04/2022 - change of hosting location for Salesforce from EEA to UK
Updated 03/09/2023 - change of data controller from Pay Dashboard Limited to Experian Limited, removed inactive third party processor from list, provided more information about legitimate interest, added more detail on how to opt-out or object, updated list of rights under GDPR to add right to object and remove right to portability as the latter is not applicable in these circumstances.
Pay Dashboard Limited (08853884) with registered office at The Sir John Peace Building Experian Way, Ng2 Business Park, Nottingham, United Kingdom, NG80 1ZZ (“we” or “us”) is committed to working in accordance with the General Data Protection Regulation as enacted by the Data Protection Act 2018 (GDPR) and with the highest standards of ethical conduct.
This Privacy Notice describes how we collect and use Personal Data about you during the period in which we are engaging with you on a business to business basis.
In relation to your Personal Data, we shall be acting as a Data Controller for Personal Data we collect about you.
Capitalised words not defined herein shall bear the meanings associated with them under the GDPR.
We have appointed a Data Protection Officer to inform and direct our use of your Personal Data who may be contacted by email at privacy@paydashboard.com.
Data Protection Principles
In adhering to the GDPR we are committed to protecting Personal Data in accordance with the following:
1. Data must be processed lawfully, fairly and in a transparent manner.
2. Data must be obtained for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
3. Data processed must be adequate, relevant and limited to what is necessary.
4. Data must be accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure data that are inaccurate, are erased or rectified without delay.
5. Data must not be kept for longer than is necessary for the purposes for which the data are processed.
6. Data must be processed in a manner that ensures appropriate security of the Personal Data, including protection against unauthorised or unlawful processing, accidental loss, destruction or damage, using appropriate technical or organisational measures.
Personal Data
The Personal Data, as defined under the GDPR, which we process includes certain information which can be used to identify the person in question (“Data Subject”, or “you”).
Although we don’t currently collect and/or process Sensitive Personal Data, we shall inform you should this change, as well as the further protections that we would implement.
The Personal Data we collect and Process about you is as follows:
Purpose/Activity
- To manage our relationship with you which will include:
- (a) Notifying you about changes to our terms or privacy policy
- (b) Asking you to leave a review or take a survey.
- Raising awareness of our brand;
- Generating sales leads;
- Following up on sales leads;
- Generating inbound sales enquiries.
- To use data analytics to improve our products/services, marketing, customer relationships and experiences.
- To make suggestions and recommendations to you about goods or services that may be of interest to you and are related to the information or services we have previously provided.
Type of Data
Email Address | Contact / Profile |
Job Title | Identity |
Forename | Identity |
Surname | Identity |
Telephone Numbers | Contact |
IP Address | Identity |
When and how data is collected
Data is collected from you directly.
Data retention
Unless otherwise instructed by you, we retain Personal Data for a period of 12 months from when you last contacted us or used our services.
Following the above 12 month period, the Personal Data is anonymised.
Lawful Basis
Legitimate Interest
Third-party links
We may provide links to third-party websites or resources. We do not control these third-party websites and we are not responsible for their privacy statements. We encourage you to read the privacy notice of every website visited.
Other Non-Personal Data
This is data where your identity has been removed (anonymised data). We use such data for our own purposes.
Keeping in touch with you
Where we have reason under legitimate interest to update you about our services we may reasonably do so. You may opt out at any time.
Where you request us to add you to a subscription list to receive certain information we will do so and communicate with you in your chosen method as applicable. You may request to be removed from such lists at any time.
We will not share your Personal Data with other companies.
Rights of Data Subjects
You have the following rights under the GDPR:
1. the right to be informed, which encompasses the obligation to provide transparency as to how Personal Data will be used;
2. the right of access;
3. the right to rectification of data that is inaccurate or incomplete;
4. the right to be forgotten under certain circumstances;
5. the right to block or suppress processing of Personal Data; and
6. the right to data portability which allows parties to obtain and reuse their Personal Data for their own purposes across different services under certain circumstances.
Where you wish to exercise any of the above rights, you should contact us, the Data Controller, at privacy@paydashboard.com.
Security of Data
We are committed to taking steps to ensure that Personal Data is protected, and to prevent any unauthorised access, unauthorised changes, accidental loss, destruction, unlawful processing, equipment failure or human error, and will do this through the continual monitoring of our security systems and by regular training and awareness raising.
Any data breaches will be managed according to the Company’s procedures documented in its Incident Management Policy and Procedures.
Unless otherwise directed by legal obligation, any requests from a governmental body shall be referred to the Data Controller.
Third party Data Processors
In providing the Services, we currently engage the following parties, all of whom we have assessed to ensure GDPR compliance:
Processor | Service | Data | HQ |
Salesforce | CRM system partner | UK | US |
Prospect Global Ltd (trading as SoPro) | Marketing platform partner | EEA | EEA |
Act-On | Marketing platform partner | EEA | US |
Fortrabbit | Infrastructure hosting partner | EEA | EEA |
SoPro are registered with the ICO Reg: Z123456 their Data Protection Officer can be emailed at: dpo@sopro.io
Transferring Personal Data to a Country Outside the EEA
Other than as set out above, we do not transfer Personal Data outside the European Economic Area (EEA) if you yourself are based within the EEA.
If you are based outside of the EEA we shall be obliged to send your Personal Data outside of the EEA, in order to provide our services and to reach you.
Whenever we transfer your Personal Data to a third-party data processor outside of the EEA, we have ensured that appropriate measures, as allowed for by the GDPR, are in place to continue the ongoing protection of your Personal Data.
Data Protection Measures
The Company is committed to ensuring the security of Personal Data and to processing it in line with the Data Protection rules. As such, the Company will:
1. Ensure that all staff are aware of their responsibilities and the Company’s obligations and responsibilities in relation to data protection.
2. Ensure that all staff and individuals/organisations who handle data on behalf of the Company are appropriately trained and receive refresher training on a regular basis.
3. Ensure that all staff and individuals/organisations who handle data on our behalf are regularly monitored, assessed and reviewed.
4. Ensure that all organisations who handle data on our behalf are carrying out data processing in line with the Data Protection rules.
5. Regularly review the Company’s methods of data collection, handling, processing and storage.
Monitoring
We are committed to monitoring this Privacy Notice and will update it as appropriate, on an annual basis or more frequently if necessary.
Complaints
We try to meet the highest standards when processing your Personal Data. For this reason, we take any complaints we receive about our services seriously. We encourage you to bring any issues, in relation to data privacy, to our attention if you think that our processing of your Personal Data is unfair, misleading or inappropriate by email at privacy@paydashboard.com
You may also contact the Supervisory Authority in the UK, the Information Commissioner’s Office, by selecting the appropriate option at https://ico.org.uk/concerns
PayDashboard uses cookies
The PayDashboard website and marketing utilises "cookies". You can read our cookie notice here.
9th September 2023
Version 1.1
Updated 15/07/2022 - updated registered address
Updated 26/04/2022 - change of hosting location for Salesforce from EEA to UK