Last updated: October 2019
This policy also describes some of the security measures we take to protect your Personal Information, and tells you certain things we will do and not do.
One Touch Apps Limited believes in the importance of protecting your Personal Information (as defined in the UK’s Data Protection Act and the EU General Data Protection Regulation, the GDPR) and we are committed to provide you with services that meet your and your organisation’s needs whilst protecting your privacy.
When we first obtain Personal Information from you, we will give you the opportunity to tell us if you do or do not want to receive information from us about other services, events and updates in the performance management and professional development field.
You can do this by ticking a box on an application form or contract. You may change your mind at any time by emailing us at the address at the bottom of this page or by unsubscribing directly from links within the emails we send to share information with you.
What Personal Information we collect and process #
We aim to be transparent about why and how we process Personal Information. Here are the categories for which we process personal information:
We process Personal Information about business contacts using a client relationship management tool (“Hubspot”). Personal Information is added to Hubspot either by site visitors directly or by our employees; personal information we process includes: name, business email address, job title, telephone number, area of business, job role and organisation’s name. Personal Information of business contacts may also be collected by virtue of us providing our services to you or at a networking event.
Personal Information, including name, email address, telephone number and other business contact information, may be purchased and collected from HR Grapevine, a 3rd party provider, for the purpose of sharing industry relevant and marketing information.
Links to tools that we use to process your personal information and their privacy policies:
- Hubspot: https://legal.hubspot.com/privacy-policy
- Monitor https://www.campaignmonitor.com/policies/#privacy-policy
- Grapevine (Data Licensing) https://corporate.executivegrapevine.com/data-licensing
Data Transfers: Hubspot is a USA provided platform and transfers personal information to Ireland and, where applicable, the USA, under the Privacy Shield Framework and EU Standard Contractual Clauses to ensure adequate protection of your personal information. Our USA-based operation may also access Hubspot information. This activity is carried out under EU Standard Contractual Clauses in place between Clear Review Ltd (UK) and Clear Review Inc (USA).
How we use it
- For contact and communication purposes: we use your contact details to share industry updates, white papers, case studies, webinars, invites to events and / or other information about us and the services that we provide that we believe are of interest to you. You can unsubscribe from these communications by clicking on a link on each email or by writing to the Data Protection Manager at the address above.
- Making contact details available to One Touch Apps staff as required by their role.
- Performing aggregated analytics – such as trends, sales intelligence, marketing effectiveness (such as click and open rates) uptake and progress.
Personal Information is retained on Hubspot for as long as it is necessary for the purposes set out above (being the length of the business relationship). Two years of “no contact” or activity will result in records being deleted from the Hubspot database. If a business contact requests for their information to be deleted, their contact details will be deleted provided there are no legal requirements for retaining the data any longer: for example, if a commercial contract is in place. If a business contact opts out of receiving marketing materials their details will still be retained in a Suppression List to prevent communications to be sent.
Clients and Personal Information associated with clients
We request that our clients only provide Personal Information that is necessary for us to carry out our services. The Clear Review platform by Clear Review Ltd operates on the principle of Data Minimisation.
When processing Personal Information in respect of individuals associated with clients, e.g. employees for the provision of our services through the Clear Review platform, our clients are the Data Controller and Clear Review Ltd the Data Processor.
When processing Personal Information in the context of providing support, customer success and administer the business relationship, Clear Review Ltd is the Data Controller. To benefit the increasingly global nature of our clients, we extended our Customer Success’ service hours with resources located in the USA’s East Coast and Canada’s West Coast. The USA support activity is governed by EU Standard Contractual Clauses with Clear Review Inc. Canada benefits from an Adequacy Decision and is considered of equal standard to the EU for Privacy and Data Protection.
We leverage the Freshdesk platform to provide a client support service, Amplitude to collate anonymised, aggregated analytics and Xero Accounts for accounting and to process payments.
The Asana platform is used for project management and implementation of clients’ services.
JIRA from Atlassian complements the technical support systems.
Clients who have registered an interest to attend events or receive information relevant to their business sector will also be processed with the Hubspot platform. Please refer to the Business Contacts’ section above.
Some commercial documents will be securely stored in Google Drive for business.
Links to tools that we use to process your personal information as a client and related privacy policies:
- Freshdesk https://www.freshworks.com/privacy
- Xero https://www.xero.com/uk/about/terms/privacy/
- Amplitude https://amplitude.com/privacy
- Asana https://asana.com/terms#gdpr
- Google Apps for Business https://policies.google.com/privacy
- Sharefile by Citrix, hosted in the EU: https://www.citrix.com/about/legal/privacy/
Whereby most of the platforms listed above will opt to process personal information within the EU where possible, some services may require data transfers outside the EU. These transfers are carried out under one or more of the following 3 legal mechanisms:
- U.S. / EU Privacy Shield Framework
- EU Standard Contract Clauses
- Processing in a country which been granted an Adequacy Decision for protecting personal information.
How we use it
Provision of software as a service (SaaS): we will use Personal Information in such a manner as we believe is reasonably necessary to provide our services, for example to train and support your staff, enabling customer success, augmenting organisational performance and resolving technical support queries.
Customer Success: to benefit the increasingly global nature of our clients, we extended our Customer Success’ service hours with resources located in the USA’s East Coast and Canada’s West Coast. This resources access Freshdesk and Hubspot to support our clients. The USA support activity is governed by EU Standard Contractual Clauses in place with Clear Review Inc. and the same security requirements adopted in Europe are imposed on the USA entity. Canada benefits from an Adequacy Decision from the European Commission and is considered of equal standard to the EU for what concerns Privacy and Data Protection.
Administration: to collect our fees or costs in connection with our services, managing contracts.
Managing client relationships: providing clients with information on our services and business updates that we consider may be relevant to them; arranging and hosting events; and identifying where we may make improvements in customer success.
Client engagement: to ensure our clients make full use of our SaaS platform and derive maximum benefits
Produce aggregated analytics to enhance the Clear Review platform and add value to our clients
Compliance with anti-money laundering regulation: we may use your Personal Information (e.g. evidence of your identity) in order to fulfil our obligations to check the identity of our clients in compliance with anti-money laundering law and regulations, this information will be shared with any relevant OC Member Firm required to support that instruction.
Our general retention period for documentation created for the purpose of providing services is aligned with the retention of accounting and financial records, which in the UK is 6 years plus current financial period.
Clients for whom we process employees’ Personal Information as part of the Clear Review platform’s licence: all data, including Personal Information, is permanently anonymised and deleted one month after the contractual agreement ends.
Suppliers (including individual contractors)
Personal Information, including name, email address, telephone number and other business contact information,is collected to receive services from suppliers, to manage the relationship with the supplier, and for the provision of services to our clients. This purpose of this processing activity is to manage and perform contracts.
How we use it
- To receive and manage services from our suppliers.
- Services to clients: if a supplier is assisting us in delivering services to our clients we will process Personal Information to manage that relationship.
- Administration: to agree payment arrangements with our suppliers, and to make payments to them.
Our general retention period for documentation created for the purpose of providing services is aligned with the retention of accounting and financial records, 6 years + current.
Visitors to the Clear Review website
Personal Information will be collected if you sign up to attend any of our events and/or to receive our marketing literature.
How we use it
Business contacts: if you have signed up to attend one of our events or to receive our marketing literature please see the paragraph above headed ‘Business contacts’.
Google Analytics: to track and understand usage and performance of our website. More detail is available in the Cookies’ section of this policy.
Aggregate information about visitors to our website
- We collect information on a general and aggregate basis, such as IP addresses, in order to analyse the performance of our sites. This data is used completely anonymously in order to determine the amount of people who visit our sites and the most frequently used sections of our sites. This enables us to continually update and refine our sites to ensure it provides you with a successful experience.
Lawful Basis for Processing Personal Information #
We will only process personal Information where we have a lawful reason for doing so. The lawful basis for processing Personal Information by us will be one of the following:
- the processing is necessary for the performance of a contract you or your organization are party to or in order to take steps at your request prior to you entering into a contract;
- the processing is necessary in order for us to comply with our legal obligations (such as compliance with anti-money laundering legislation or counter fraud measures);
- the processing is necessary for the pursuit of our legitimate business interests (including that of the delivery and the promotion of our services); and
- you have provided consent for us to process your Personal Information.
Sharing Personal Information #
We may allow other organisations to process Personal Information we hold about you in the following circumstances:
- If we, or substantially all of our assets, are acquired or are in the process of being acquired by a third party, in which case Personal Information held by us, about our customers, will be one of the transferred assets.
- If we have been legitimately asked to provide information for legal or regulatory purposes or as part of legal proceedings or prospective legal proceedings.
- For the prevention of crime, as may be required by law enforcement agencies and as prescribed by the Data Protection Act and EU GDPR.
Protecting Information #
We have strict security measures to protect Personal Information.
- We work to protect the security of your information during transmission by using secure encryption
- We maintain physical, electronic and procedural safeguards in connection with the collection, storage and disclosure of personally identifiable customer information. Our security procedures mean that we may occasionally request proof of identity before we disclose personal information to you.
- It is important for you to protect against unauthorised access to your password and to your computer. Be sure to sign off when you finish using a shared computer.
- Our third party technology providers are vetted for state of the art technical and organisational measures which conform to ISO27001 information security standards
- We participate in the UK’s National Cyber Security Centre’s Cyber Essential Plus audit framework and we are currently accredited, Certificate Number AB05-CB0002-001859.
- If you communicate with us using the internet, we will occasionally email you about business innovation in the performance and professional development field and how it is supported by our services and products. When you first give us Personal Information through the Website, we will give you the opportunity to say whether you would prefer us not to contact you by email. You can also always unsubscribe from receiving emails or send us an email (at the address set out below) to exercise your rights.
- Please remember that communications over the internet, such as emails and webmails (messages sent through a website), are not secure unless they have been encrypted. Your communications may go through a number of countries before they are delivered, as this is how the internet works.
We cannot accept responsibility for any unauthorised access or loss of Personal Information that is beyond our control.
Control Over Your Personal Information and How to Exercise Your Rights #
Under certain circumstances you have the following rights:
- the right to ask us to provide you with copies of the Personal Information we hold about you at any time and to be informed of the contents and origin, verify its accuracy, or else request that such information be supplemented, updated or rectified according to the provisions of Data Protection law;
- the right to request erasure, anonymisation or blocking of your Personal Information that is processed, if in breach of the law;
- the right to object on legitimate grounds to the processing of your Personal Information. In certain circumstances we may not be able to stop using your Personal Information, if that is the case, we’ll let you know why and inform you of your appeal rights;
- withdrawal of consent – while we do not always process Personal Information on the basis of consent, when Personal Information is processed on the basis of consent an individual may withdraw consent at any time. In the event that you no longer want to receive any marketing material, case studies or invites to events from us, please use the unsubscribe option (which is in all of our marketing emails to you), or contact the Data Protection manager as set below.
To exercise the above rights (bar withdrawing from marketing emails – as described) and if you have any questions about how we collect, store and use Personal Information, then please contact us using the details as set out in the “Data Controller contact information” section below.
Applying to Work at Clear Review #
Clear Review is committed to protecting the privacy of individuals wanting to work for us.
We’ll process Personal Information including, name, address, contact details, career and academic history for the purpose of recruitment and selection.
This processing activity is carried out as entering steps to perform an employment contract.
To manage your job application we leverage the following tools and partners:
Workable applicant tracking system:https://www.workable.com/privacy/
Troi candidate sourcing service https://www.troi.io/privacy-policy/
If successfully selected, we’ll carry out vetting checks at conditional offer stage; the nature of personal information will vary in relation to the role but the data categories may include: former employers’ references and right to work in the UK.
For pre -employement checks, we work with:
CBS The Screening House https://cbscreening.co.uk/gdpr/
When we provide services, we want to make them easy, useful and reliable. This sometimes involves placing small amounts of information on your computer. These are called ‘cookies’.
These cookies cannot be used to identify you personally and are used to improve services for you, for example through:
Letting you navigate between pages efficiently
Enabling a service to recognise your computer so you don’t have to give the same information during one task
Measuring how many people are using services, so they can be made easier to use and that there is enough capacity to ensure they are fast
To learn more about cookies, see:
Users have the opportunity to set their browser to accept all or some cookies, to notify them when a cookie is issued, or not to receive cookies at any time. The last of these options, of course, means that personalised services cannot be provided and the user may not be able to take full advantage of all of a website’s features. Refer to your browser’s Help section for specific guidance on how it allows you to manage cookies and how you may delete cookies you wish to remove from your computer.
Multiple cookies may be found in a single file depending on which browser you use.
The cookies used on this website have been categorised based on the categories found in the Cookiepedia guide, as follows:
Category 2: performance cookies
These cookies collect information about how visitors use a website, for instance which pages visitors go to most often, and if they get error messages from web pages. These cookies don’t collect information that identifies a visitor. All information these cookies collect is aggregated and therefore anonymous. It is only used to improve how awebsite works.
Category 4: targeting cookies or advertising cookies
These cookies are used to deliver adverts more relevant to you and your interests. They are also used to limit the number of times you see an advertisement as well as help measure the effectiveness of the advertising campaign. They are usually placed by advertising networks with the website operator’s permission. They remember that you have visited a website and this information is shared with other organisations such as advertisers. Quite often targeting or advertising cookies will be linked to site functionality provided by the other organisation.
You can allow or block cookies by clicking on “Cookie Settings” on the related banner appearing on the footer ofthe website
The Website may include links to other websites. We do not provide any personally identifiable customer Personal Information to these third-party websites.
We exclude all liability for loss that you may incur when using these third party websites.
Contacting Us #
Data Controller and contact details for the Data Protection Manager.
Clear Review Limited, trading as Clear Review.
Company number 088516632.
Registered at 20-22 Wenlock Road, London, N1 7GU.
All data protection enquiries to be addressed to: firstname.lastname@example.org.
- We may amend this Policy from time to time and if you are in our mailing database, we will notify you of any changes in addition to publish the amended version on the Website.
- If you have not registered to receive communications from us, it is not possible to proactively keep you informed, so please check back regularly to keep informed of updates to this Policy.
- This Policy applies to Personal Information we hold about individuals. It does not apply to information we hold about companies and other organisations.
- If you would like access to the Personal Information that we hold about you, you can do this by emailing us at email@example.com or writing to us at the address noted above.
- We aim to keep the Personal Information we hold about you accurate and up to date. If you tell us that we are holding any inaccurate Personal Information about you, we will delete it or correct it promptly. Please email us at firstname.lastname@example.org or write to us at the address above to update your Personal Information.