Last updated: November 2018
This policy also describes some of the security measures we take to protect your Personal Data, and tells you certain things we will do and not do.
One Touch Apps Limited believes it is important to protect your Personal Data (as defined in the UK’s Data Protection Act and the EU General Data Protection Regulation, the GDPR) and we are committed to giving you a personalised service that meets your needs whilst protecting your privacy.
When we first obtain Personal Data from you, we will give you the opportunity to tell us if you do or do not want to receive information from us about other services, events and updates in the performance management and professional development field. You can do this by ticking a box on an application form or contract. You may change your mind at any time by emailing us at the address at the bottom of this page or by unsubscribing directly from links within the emails we send to share information with you.
What Personal Information we collect and process
We aim to be transparent about why and how we process Personal Information Here are the categories for which we process personal data:
We process Personal Information about business contacts using a client relationship management tool (“Hubspot”). Personal Information is added to Hubspot either by site visitors directly or by our employees; personal data we process includes: name, business email address, job title, telephone number, area of business, job role and organisation’s name. Personal Data of business contacts may also be collected by virtue of us providing our services to you or at a networking event.
Personal Information, including name, email address, telephone number and other business contact information, may be collected from HR Grapevine, a 3rd party provider, for the purpose of sharing industry relevant and marketing information.
Links to tools that we use to process your personal data and their privacy policies
- Hubspot: https://legal.hubspot.com/privacy-policy
- Campaign Monitor https://www.campaignmonitor.com/policies/#privacy-policy
- HR Grapevine (Data Licensing) https://corporate.executivegrapevine.com/data-licensing
Data Transfers: Hubspot is a USA provided platform and transfers personal data to Ireland and, where applicable, the USA, under the Privacy Shield Framework and EU Standard Contractual Clauses to ensure adequate protection of your personal data.
How we use it
- For contact and communication purposes: we use your contact details to share industry updates, white papers, case studies, webinars, invites to events and /or other information about us and the services that we provide that we believe are of interest to you. You can unsubscribe from these communications by clicking on a link on each email or by writing to the Data Protection Manager at the address above.
- Making contact details available to One Touch Apps staff a required by their role.
- Performing aggregated analytics – such as trends, sales intelligence, marketing effectiveness (such as click and open rates) uptake and progress.
Personal Information is retained on Hubspot for as long as it is necessary for the purposes set out above (being the length of the business relationship). Two years of “no contact” or activity will result in records being deleted from the Hubspot database. If a business contact requests for their information to be deleted, their contact details will be deleted from, provided there are no legal requirements for retaining the data any longer, for example a commercial contract in place. If a business contact opts out of receiving marketing materials their details will still be retained in a Suppression List to prevent communications to be sent.
Clients and Personal Data associated with clients
We request that our clients only provide Personal Information that is necessary for us to carry out our services. The Clear Review platform by One Touch Apps Ltd operates on the principle of Data Minimisation.
When processing Personal Data in respect of individuals associated with clients, e.g. employees for the provision of our services, our clients will be the Data Controller and One Touch Apps the Data Processor.
When processing Personal Data in the context of providing support, customer success and administer the business relationship, One Touch App is the Data Controller.
We leverage the Freshdesk platform to provide a client support service, Amplitude to collate anonymised, aggregated analytics and Xero Accounts for accounting and to process payments.
The Asana platform is used for project management and implementation of clients’ services.
Clients whom registered an interest to attend events or receive information relevant to their business sector will also be processed with the Hubspot platform. Please refer to the Business Contacts’ section above.
Some commercial documents will be securely stored in Google Drive for business.
Links to tools that we use to process your personal data as a client and related privacy policies:
- Freshdesk https://www.freshworks.com/privacy
- Xero https://www.xero.com/uk/about/terms/privacy/
- Amplitude https://amplitude.com/privacy
- Asana https://asana.com/terms#gdpr
- Google Apps for Business https://policies.google.com/privacy
Whereby most of the platforms listed above will opt to process personal data within the EU where possible, some services may require data transfers outside the EU. These transfers are carried out under one or more of the following 3 legal mechanisms:
- U.S. / EU Privacy Shield Framework
- EU Standard Contract Clauses
- Processing in a country which been granted an Adequacy Decision for protecting personal data.
How we use it
- Provision of software as a service (SaaS): we will use Personal Data in such a manner as we believe is reasonably necessary to provide our services, for example to train and support your staff, enabling customer success, augmenting organisational performance and resolve technical support queries.
- Administration: to collect our fees or costs in connection with our services, managing contracts.
- Managing client relationships: providing clients with information on our services and business updates that we consider may be relevant to them; arranging and hosting events; and identifying where we may make improvements in customer success.
- Client engagement: to ensure our clients make full use of our SaaS platform and derive maximum benefits
- Produce aggregated analytics to enhance the Clear Review platform and add value to our clients
- Compliance with anti-money laundering regulation: we may use your Personal Information (e.g. evidence of your identity) in order to fulfil our obligations to check the identity of our clients in compliance with anti-money laundering law and regulations, this information will be shared with any relevant OC Member Firm required to support that instruction.
Our general retention period for documentation created for the purpose of providing services is aligned with the retention of accounting and financial records, which in the UK is 6 years plus current financial period.
Clients’ for whom we process employees’ Personal Data as part of the Clear Review platform’s licence, all data, including Personal Data, is permanently deleted one month after the contractual agreement ends.
We’ll process Personal Data including, name, address, contact details, career and academic history for the purpose of recruitment and selection. This processing activity is carried out as entering steps to perform an employment contract.
If successfully selected, we’ll carry out vetting checks at conditional offer stage; the nature of personal information will vary in relation to the role but the data categories may include: former employers’ references and right to work in the UK.
Suppliers (including individual contractors)
Personal Information, including name, email address, telephone number and other business contact information, is collected to receive services from suppliers, to manage the relationship with the supplier, and for the provision of services to our clients. This purpose of this processing activity is to manage and perform contracts.
How we use it
- To receive and manage services from our suppliers.
- Services to clients: if a supplier is assisting us in delivering services to our clients we will process Personal Information to manage that relationship.
- Administration: to agree payment arrangements with our suppliers, and to make payments to them.
Our general retention period for documentation created for the purpose of providing services is aligned with the retention of accounting and financial records, 6 years + current.
Visitors to the Clear Review website
Personal Information will be collected if you sign up to attend any of our events and/or to receive our marketing literature.
How we use it
- Business contacts: if you have signed up to attend one of our events or to receive our marketing literature please see the paragraph above headed ‘Business contacts’.
- Google Analytics: to track and understand usage and performance of our website. More detail is available in the Cookies’ section of this policy
Legal basis for processing Personal Information
We will only process personal Information where we have a lawful reason for doing so. The lawful basis for processing Personal Information by us will be one of the following:
- the processing is necessary for the performance of a contract you or your organization are party to or in order to take steps at your request prior to you entering into a contract;
- the processing is necessary in order for us to comply with our legal obligations (such as compliance with anti-money laundering legislation or counter fraud measures);
- the processing is necessary for the pursuit of our legitimate business interests (including that of the delivery and the promotion of our services); and
- you have provided consent for us to process your Personal Data.
Sharing Personal Data
We may allow other organisations to process Personal Data we hold about you in the following circumstances:
- If we, or substantially all of our assets, are acquired or are in the process of being acquired by a third party, in which case Personal Data held by us, about our customers, will be one of the transferred assets.
- If we have been legitimately asked to provide information for legal or regulatory purposes or as part of legal proceedings or prospective legal proceedings.
- For the prevention of crime, as may be required by law enforcement agencies and as prescribed by the Data Protection Act and EU GDPR
We have strict security measures to protect Personal Data.
- We work to protect the security of your information during transmission by using secure encryption (https)
- We maintain physical, electronic and procedural safeguards in connection with the collection, storage and disclosure of personally identifiable customer information. Our security procedures mean that we may occasionally request proof of identity before we disclose personal information to you.
- It is important for you to protect against unauthorised access to your password and to your computer. Be sure to sign off when you finish using a shared computer.
- Our third party technology providers are vetted for state of the art technical and organisational measures, which conform to ISO27001 information security standards
- We participate to the UK’s National Cyber Security Centre’s Cyber Essential Plus audit and we are currently accredited, Certificate Number: 1375110198890712
- If you communicate with us using the internet, we will occasionally email you about business innovation in the performance and professional development field and how it is supported by our services and products. When you first give us Personal Data through the Website, we will give you the opportunity to say whether you would prefer us not to contact you by email. You can also always unsubscribe from receiving emails or send us an email (at the address set out below) to exercise your rights.
- Please remember that communications over the internet, such as emails and webmails (messages sent through a website), are not secure unless they have been encrypted. Your communications may go through a number of countries before they are delivered, as this is how the internet works.
We cannot accept responsibility for any unauthorised access or loss of Personal Data that is beyond our control.
Control over your Personal Data and how to exercise your rights
Under certain circumstances you have the following rights:
- the right to ask us to provide you with copies of the Personal Information we hold about you at any time and to be informed of the contents and origin, verify its accuracy, or else request that such information be supplemented, updated or rectified according to the provisions of Data Protection law;
- the right to request erasure, anonymisation or blocking of your Personal Information that is processed, if in breach of the law;
- the right to object on legitimate grounds to the processing of your Personal Information. In certain circumstances we may not be able to stop using your Personal Information, if that is the case, we’ll let you know why and inform you of your appeal rights;
- withdrawal of consent – while we do not always process Personal Information on the basis of consent, when Personal Data is processed on the basis of consent an individual may withdraw consent at any time. In the event that you no longer want to receive any marketing material, case studies or invites to events from us, please use the unsubscribe option (which is in all of our marketing emails to you), or contact the Data Protection manager as set below.
To exercise the above rights (bar withdrawing from marketing emails – as described) and if you have any questions about how we collect, store and use Personal Information, then please contact us using the details as set out in the “Data Controller contact information” section below.
When we provide services, we want to make them easy, useful and reliable. This sometimes involves placing small amounts of information on your computer. These are called ‘cookies’.
These cookies cannot be used to identify you personally and are used to improve services for you, for example through:
- Letting you navigate between pages efficiently
- Enabling a service to recognise your computer so you don’t have to give the same information during one task
- Measuring how many people are using services, so they can be made easier to use and that there is enough capacity to ensure they are fast
To learn more about cookies, see:
Users typically have the opportunity to set their browser to accept all or some cookies, to notify them when a cookie is issued, or not to receive cookies at any time. The last of these options, of course, means that personalised services cannot be provided and the user may not be able to take full advantage of all of a website’s features. Refer to your browser’s Help section for specific guidance on how it allows you to manage cookies and how you may delete cookies you wish to remove from your computer.
Multiple cookies may be found in a single file depending on which browser you use.
The cookies used on this website have been categorised based on the categories found in the ICC UK Cookie guide, as follows:
Category 2: performance cookies
These cookies collect information about how visitors use a website, for instance which pages visitors go to most often, and if they get error messages from web pages. These cookies don’t collect information that identifies a visitor. All information these cookies collect is aggregated and therefore anonymous. It is only used to improve how a website works.
Category 4: targeting cookies or advertising cookies
These cookies are used to deliver adverts more relevant to you and your interests. They are also used to limit the number of times you see an advertisement as well as help measure the effectiveness of the advertising campaign. They are usually placed by advertising networks with the website operator’s permission. They remember that you have visited a website and this information is shared with other organisations such as advertisers. Quite often targeting or advertising cookies will be linked to site functionality provided by the other organisation.
By using this website, you agree that we can place these types of cookies on your device.
- The Website may include links to other websites. We do not provide any personally identifiable customer Personal Data to these third-party websites.
- We exclude all liability for loss that you may incur when using these third party websites.
Data Controller and contact details for the Data Protection Manager
- One Touch Apps Limited, trading as Clear Review
- Company number 088516632
- Registered at 20-22 Wenlock Road, London, N1 7GU
- All data protection enquiries to be addressed to: email@example.com
We may amend this Policy from time to time and if you are in our mailing database, we will notify you of any changes in addition to publish the amended version on the Website.
If you have not registered to receive communications from us, it is not possible to proactively keep you informed, so please check back regularly to keep informed of updates to this Policy
- If you would like access to the Personal Data that we hold about you, you can do this by emailing us at firstname.lastname@example.org or writing to us at the address noted above.
- We aim to keep the Personal Data we hold about you accurate and up to date. If you tell us that we are holding any inaccurate Personal Data about you, we will delete it or correct it promptly. Please email us at email@example.com or write to us at the address above to update your Personal Data.