Sign In App is a product of All Things Code Ltd. This privacy statement describes how All Things Code Ltd protects and makes use of the information you give the company when you use our website, apps and services.
If you are asked to provide information, it will only be used in the ways described in this privacy statement.
We are committed to ensuring that your personal data is kept confidential, and that it is only collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
We confirm our compliance with The Data Protection Act 1998 and are working towards the new legislative conditions as required by The General Data Protection Regulation (“the Regulation”).
Information regarding the new GDPR legislation will be updated regularly between now and May 2018. This, along with the continuing improvements and updates to the application, requires us to amend the Privacy Statement in order to meet these changes. Therefore, please check back from time to time. The latest version is published on this page and we will date stamp the Privacy Statement so you will always know when it was last updated.
What Information will we collect?
Personal data may be collected, stored and used in the following manner.
When visiting our website or using our apps
Information such as your IP address, geographical location, operating system and browser. If you choose to contact us through either of these sources, information you provide such as your name, email address or telephone number will also be stored.
Registration details that you provide us with to create a user and provide you with access to the applications. The registration requires you to provide us with personal contact information, such as your name, company name and email address, and to select a password.
Sign In App visitors
If you are a visitor that has signed into our application, the information provided, such as your name, your company, who you are visiting and other information that the customer you are visiting requires, i.e. the number plate of your vehicle.
For what purpose will we process your data?
Your data will be processed for Specified, Explicit and Legitimate Purposes. We collect and process the personal data detailed above and the purposes for which we process personal data will be informed to data subjects at the time that their personal data is collected.
We may, from time to time, use your personal data for reporting and for making improvements to our services; in such instances we will always ensure an individual cannot be identified.
Your personal data may be transferred to our trusted third party processors, this will be for purposes such as: Enabling payments, hosting of our servers and customer relationship management system.
Our trusted third party processors are contractually bound by us to keep your information confidential and used only for specified, explicit, and legitimate purposes.
If we intend to use any data provided by yourself for marketing purposes, such as sending updates or information relating to the product, we will always make this clear and offer an ‘opt out’ should you wish not to receive such information.
If you have agreed that we can use your information for marketing purposes, you can change your mind easily, via one of these methods:
- Send an email to: email@example.com
- Write to us at: All Things Code Ltd, 3A Green Lodge Barn, Roman Road, Northampton, NN7 4HD.
We will never lease, distribute or sell your personal data to a third party without requesting your prior permission. We will only transfer your data to other third parties without informing you separately beforehand in the exceptional cases legally provided in the Privacy Act, either legally required on important public interest grounds, or for the establishment, exercise or defence of legal claims.
Security of your data
Protecting personal data from access, loss or alteration is of the utmost importance to us. All visitor records, account data, configuration data and contact information is stored in a UK datacentre in London. Photos and images are stored anonymously in a separate secure cloud platform. Servers are updated with the latest security patches during scheduled routine maintenance.
The app and online portal both access data using our secure API. The API exclusively uses SSL (2048bit) to encrypt data in transit, and every request must include a time-limited authentication token generated by the authentication system. For support purposes, a limited number of senior engineers can access client data via a secure tunnel, controlled by private key-based secrets.
The app must be authenticated using a token generated from the devices section of your online portal. Portal users log in with an email address and password, managed from within the portal. User passwords are hashed at all times and can not be accessed.
There are two user levels that can be set, controlling access to user management and configuration options. For accounts with multiple sites, there is also the option to restrict individual users to only view data for a single site.
How long will we hold your data?
Data will be accessed for as long as your account is active. After such time data will be archived securely allowing us to recover the data due to legal reasons, such as tax purposes.
Sign In App Visitors
Please note that we are acting as a ‘data processor’, our customer will be the ‘data controller’ and will assume responsibility for the processing of personal data and how long that is held for. We have to act upon our customer’s instructions regarding data retention.
Data subject rights
Right to Access Personal Data
Data subjects have the right to access personal data concerning them and to obtain information about it, including the purposes for which it is being processed, the categories of personal data concerned and any recipients of the data. We will respond to a data subject access request within one month at the latest, upon proof of identity. This information will be communicated in an intelligible form.
All requests must be made in writing to firstname.lastname@example.org or to the Operations Manager at the address below.
Right to correct
We shall ensure that all personal data collected and processed is kept accurate and up-to-date. The accuracy of data shall be checked when it is collected and at regular intervals thereafter. Where any inaccurate or out-of-date data is found, all reasonable steps will be taken without delay to amend or erase that data, as appropriate.
Right to be removed
Data subjects may request that the Company erases the personal data it holds about them. Unless there are reasonable grounds for us to refuse to erase personal data, all requests for erasure shall be complied with, and the data subject informed of the erasure. In the event that any personal data that is to be erased in response to a data subject request has been disclosed to third parties, those parties shall be informed of the erasure.
Cookies do not provide us with access to your computer or any information about you, other than that which you choose to share with us.
However, please note that doing this may affect how our website functions. Some pages and services may become unavailable to you.
This privacy statement was updated on: 14/11/2017
All Things Code Ltd, 3A Green Lodge Barn, Roman Road, Northampton, NN7 4HD.