1. PURPOSE AND SCOPE
The Foundry Visionmongers Ltd (“Foundry”, “we”, “us”) is committed to protecting Personal Data and the processing of such data, in accordance with applicable Data Protection Laws.
When you engage with us via our website or through our marketing activities, and when you buy or use our products and services we will collect certain information that can be used to identify you.
We collect and use personal data about you in order to manage our relationship with you and to fulfil our legal duties. We recognise that we have a duty to ensure that we are open and transparent with you and that we enable you to exercise your choices and preferences in relation to that data quickly and easily.
In relation to the way in which we process your personal data, Foundry is a “data controller”. This means that we are responsible for deciding how we hold and use personal information about you. This Privacy Notice (the “Notice”) governs how Foundry collects, stores, uses, retains and shares personal data. It explains which data is collected and for what purpose. It also lists what rights you have as an individual, and who you should get in touch with if you have questions or concerns.
2. NOTICE STATEMENT
Everyone has rights with regard to how their personal data is handled. When you use our websites, when you interact with us directly or via our marketing, and when you purchase and use our products or services we will collect, store and process personal data about you. We recognise the need to treat that personal data in an appropriate and lawful manner.
This is our Notice for our services. It explains your statutory rights and how we collect and use your personal data. It describes the processing activities that are carried out by Foundry, the purposes for which these activities are performed and the legal bases that Foundry relies upon to justify these processing activities.
3. ROLES AND RESPONSIBILITIES
Foundry’s Cyber Security and GDPR Steering Committee (the “Committee”) has overall responsibility for ensuring compliance with applicable Data Protection Laws and with this Notice.
If this Notice does not answer your questions, or if you consider that we have not followed this Notice in respect of your personal data, then you can get in touch with the Committee by contacting Foundry’s Head of Legal and General Counsel by phone, email or post and we will be happy to help.
How to contact us:
- +44 (0)20 7479 4350
- The Head of Legal and General Counsel The Foundry Visionmongers Ltd. 5 Golden Square London W1F 9HT United Kingdom
Applicable Data Protection Laws the General Data Protection Regulation (EU) 2016/679 (GDPR) and any associated regulations or instruments, plus other local data protection laws, regulations, regulatory requirements and codes of practice applicable in the jurisdictions Foundry offices are located. Or, any other legislation, regulations, rules and codes of practice that transpose or supersede the above including any data protection laws amending, replacing and superseding the GDPR in the United Kingdom following exit from the European Union.
Committee Foundry’s Cyber Security and GDPR Steering Committee.
Data Subjects for the purpose of this Notice include all living individuals about whom Foundry holds personal data.
Data Controllers are the people who or organisations which determine the purposes and manner in which any personal data is processed. They have a responsibility to establish practices and policies in line with applicable Data Protection Laws. Foundry acts as a data controller in respect of some of the personal data processed within our business.
EEA refers to the European Economic Area
Personal Data means data or information relating to an identifiable natural person. An identifiable natural person is one who can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Processing is any activity that involves use of the data. It includes obtaining, recording or holding the data, or carrying out any operation or set of operations on the data including organising, amending, retrieving, using, disclosing, erasing or destroying it. Processing also includes transferring personal data to third parties.
Websites means our websites at www.foundry.com, www.madewithmischief.com and www.athera.io.
5. THE PERSONAL DATA WE COLLECT
We collect personal data over the course of our relationship with you when you use our websites, when you interact with us directly or via our marketing, and when you purchase and use our products or services.
We collect the following types of Personal Data:
• Contact details: information that allows us to contact you directly such as your name, job title, the company you represent, email address, telephone number and billing and shipping addresses associated with your account.
• Payment information: credit/debit card details, bank account details and any other information you provide to make payment for the products and services you purchase from us.
• Purchase and account history: when you arrange trials or purchase products or services from us, we keep records relating to those orders.
• Records of your discussions with our teams: when you share comments and opinions with us, ask us questions or make a complaint we will keep a record of this. This includes when you send us emails, interact with us on social media or contact our support desk.
• How you use websites: when you use our Websites, we collect information about where you are visiting from, your interests, the pages you look at and how you use them.
• Website security: when you register with our Websites we store your account details and password. When you buy products or submit forms via our Websites we keep records of your acceptance of our end user license agreements and privacy notices.
• Advertising and direct marketing: through our social media, marketing events, advertisements and direct marketing, we collect information about your interests, how you respond to, or interact with, any marketing or advertising communications directed to you, and any requests for these communications to stop.
• Product usage: when you use our products, we collect personal data about how and when you make use of them, your license, your computer equipment and network environment including information about the location of that equipment and whether you make use of any of our other products or services on your computer.
• Exercising your rights: if you exercise any of your statutory rights under Applicable Data Protection Laws, we will keep a record of this and how we respond.
• Account information: we keep copies of the emails you send us and we create identification numbers that allow us to link your account status with your order history, product licenses and payments.
6. WHAT WE USE YOUR PERSONAL DATA FOR AND WHY
Where we process your personal data because of our contract
We process these items of your personal data to enter into or fulfil contracts for the purchase, licensing and support of our products:
|Reason or purpose||Personal Data used|
|Provide you with our products and services and maintain your account||
|Maintain your account(s) on the Websites||
|Billing, taking payment for our products and services and performing debt collection||
|Respond to requests and provide support and maintenance for our products||
|Respond to product support requests||
Where we process your personal data because we have a legitimate interest
We process these items of your personal data because we have a legitimate interest to improve our service to you, to identify new products you might be interested in, to advertise our products and services to you, to verify licensed usage of our products and to detect and reduce abuse by pirates:
|Reason or purpose||Personal Data used|
|Determine products and services that may be of interest to you||
|Direct marketing via email. If, at any time, you choose to not to receive direct marketing then we will not send you direct marketing materials.||
|Billing, taking payment for our products and services and performing debt collection||
|Maintain and improve our products and services and provide internal training to staff to improve customer experience||
|Verify licensed product usage, detect and reduce abuse by pirates||
Where we process your personal data so you can’t be identified any more
We may anonymise and aggregate any of the personal data we hold (so that it does not identify you). We may use anonymised and aggregated information for purposes that include testing our IT systems, research, data analysis, improving our Websites, developing new products and services or improving our existing portfolio.
7. SOURCES WE COLLECT YOUR PERSONAL DATA FROM
We collect personal data from a range of different sources but primarily directly from you. We collect personal data by the following means:
• Directly from you: when you set up an account with us, email us, purchase products or services from us, submit information via our Websites, complete any forms or surveys we provide to you, request product trials, enter competitions or prize draws, use our products and services, raise queries, make a complaint, submit support requests, contact us by phone, email or communicate with us directly in some other way.
• Our Websites: when you create an account on one of our Websites and when you use or visit the Websites.
• Publicly available sources: we make use of public records including your company website, industry publications, industry news websites, LinkedIn and professional listings.
• Government, public authorities and regulators: may provide us with information about you where they are required to do so by law or where you have contacted them.
8. WHO WE SHARE YOUR PERSONAL DATA WITH
In certain circumstances, we will share your personal data with third parties:
|Who||Examples of Sharing|
|Companies in the same group of companies as us||
Where you make purchases from www.madewithmischief.com, we share that data with other group companies in order to process the payment and deliver the product to you.
If you are located in a region where we have an approved reseller of our products and: (a) you have previously purchased our products via an approved reseller; (b) we believe your needs are better served by dealing with a local approved reseller; or (c) we believe you are pirating our software, then we may pass your contact details and your purchase and account history to that authorised reseller. In addition, we may provide details of your product usage if we believe that you are pirating our software. We will not share your contact details with a reseller in a different region to you.
If you pay us via debit or credit card, via paypal or another third party payment service then we will share details with the relevant payment agent so that they can process the transaction.
|Debt collection, prevention of piracy and enforcing license agreements||
If you have an overdue debt which is owing to us, if we believe that you are using pirated version(s) of our products or if we believe that you have breached our agreement(s), we may pass your details to local debt collection agencies or lawyers.
|The government or regulators||
Where we are required to do so by law or to assist with their investigations or initiatives, including, in the UK, the Information Commissioner’s Office
|Police and law enforcement||
To assist with the investigation and prevention of crime, including software piracy.
|IT and cloud service providers, support teams and advisors||
We use IT systems and cloud platforms for our everyday business functions including email, financial management, data storage and customer account records. We also engage third parties to support our systems and help us deliver services to you.
If we sell or buy any business or assets, or the shareholders in our corporate group decide to sell any shares, we may disclose your personal data to the prospective seller or buyer of such business, assets or shares.
We do not buy any marketing lists from external providers, nor do we sell your information to any other company or entity.
Our Websites may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites and any services that may be accessible through them have their own privacy policies and that we do not accept any responsibility or liability for these policies or for any personal data that may be collected through these websites or services.
9. TRANSFERRING YOUR DATA INTERNATIONALLY
If you live in a country in the EEA, the data that we collect from you may be transferred to, and stored at, a destination outside the EEA. It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. By submitting your personal data, you agree to this transfer, storing or processing.
To ensure that your personal data is secure, we will only transfer information to a country outside of the EEA where we do so in accordance with the GDPR. This requires that one of the following conditions apply:
• the European commission has decided that the country provides an adequate level of protection for your personal data (in accordance with Article 45 of the GPDR);
• the transfer is subject to a legally binding and enforceable commitment on the recipient to protect the personal data (in accordance with Article 46 of the GDPR); • the transfer is made subject to binding corporate rules (in accordance with Article 47 of the GDPR); or
• the transfer is based on an exemption from the GDPR restrictions on transferring personal data outside of the EU (in accordance with Article 49).
10. AUTOMATED DECISION MAKING AND PROFILING
Automated decision making happens when a computer uses personal data to make decisions about a person without any human intervention which have legal effects or similarly significant effects for the person. We do not engage in any form of automated decision making.
Profiling happens when a computer system uses personal data to evaluate a person’s characteristics. We undertake profiling in the following areas of our business:
|Type of Profiling||Logic Used||Potential Consequences for You|
|To understand your preferences||We collect and combine personal data, including your purchase and account history and how you use websites, to better understand your buying habits and your product interests.||The combined data helps our Sales team determine which products and services we should bring to your attention|
|To prevent piracy of our software||We analyse mismatches between product usage and account information to identify unlicensed use of our products and services.||Our Customer Conversion team may investigate the mismatch and determine whether or not to pursue unlicensed users.|
11. HOW LONG WE KEEP YOUR DATA
We will keep your personal data for as long as necessary in order to achieve the purpose of data processing plus, where necessary, an extended period to cover statutory limitation periods.
12. YOUR RIGHTS IN RELATION TO YOUR PERSONAL DATA
Under certain circumstances, you have the following rights in relation to your personal data:
• The right of access to your personal data: This enables you to receive a copy of the personal information we hold about you and check that we are lawfully processing it.
• The right to have your personal data rectified: This enables you to have any incomplete or inaccurate information we hold about you corrected.
• The right to deletion of your personal data: This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it, you withdraw your consent, we are unlawfully holding your personal data or we should erase your personal data to comply with applicable EU law. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
• The right to object to processing of your personal data: This applies where we are relying on a legitimate interest (or those of a third party) as a legal basis for our processing and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
• The right to restriction of processing of your personal data: This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or stop us deleting personal data which you need for a legal claim.
• The right to have your data transferred to another services provider: This enables you to have the personal data you have provided us to be transferred to another party. You can exercise your rights at any time by contacting us at firstname.lastname@example.org and providing sufficient information for us to identify you and your personal data. We will always aim to help you when you wish to exercise your rights but in some instances we may have lawful grounds to reject your request depending on the legal reason why we collected your personal data. You will, though, always have the right to be informed about the information we collect about you. We will investigate any request you make without undue delay and in any event within one month of receipt of your request. That period may be extended by two further months where necessary, taking into account the complexity and number of requests. We shall inform you of any such extension within one month of receipt of the request, together with the reasons for the delay. In the event that we decide to not take action on the request, we will inform you of the reasons for not taking action.
If you would like to find out more about cookies, including how to control or delete them, then we recommend you visit http://www.aboutcookies.org for detailed guidance.
What types of cookies do we use?
• Session cookies: A session cookie remembers your login for you and what you have put in your shopping basket. We consider these to be strictly necessary for the working of our Website. If these are disabled, then various functions on our site will not work.
• Google Analytics and Optimize: We use this tool to understand how the website is being used and conduct user experiments so as to improve user experience. The user data is anonymous.
• Facebook: Cookies and pixels are used to understand and deliver ads and make them more relevant to you. We may also use a cookie to learn whether someone who saw an advert on Facebook later visited our Website.
• OptinMonster: We use this tool to display pop up banners to users. The cookies hide pop up banners from successful conversions and for those who would rather sign up the next time.
• Pardot: We use this tool for email and automation. The cookies help us to track your use of the Website to understand the pages you visit. The user data is anonymous.
• Third Party Tags: we use tools provided by LinkedIn and Twitter to track conversions, retarget website visitors, and understand usage habits of members interacting with our Website.
• Third Party Videos: where we embed and you access videos from Vimeo, Wistia or YouTube, those organisations may set their own cookies in accordance with their own privacy policies.
We know security matters and take steps to protect your personal data.
Any payment transactions carried out by us or our chosen third-party provider of payment processing services will be encrypted using Secured Sockets Layer technology or Transport Layer Security.
Where we have given you (or where you have chosen) a password that enables you to access certain parts of our website, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will take all reasonable measures to protect your personal data, we cannot guarantee the security of your data transmitted to our site. Any transmission is at your own risk.
15. CHANGES TO THIS NOTICE
This Notice has been updated in May 2018. We reserve the right to amend our Notice and any changes we may make in the future will be posted on this page.
This Notice will be reviewed and updated on an annual basis to comply with applicable new requirements, regulations, insights, strategies, processes or technologies. We recommend that you check for updates to the Privacy & Cookies Policy from time to time but we will notify you directly about changes to this Notice or the way we use your personal data when we are legally required to do so.
16. CONTACT AND COMPLAINTS
If you do not agree with a decision we make in relation to a rights request or believe that we are in breach of applicable data protection laws then you can lodge a complaint with a data protection supervisory authority in the EU. You can contact the data protection supervisory authority for the UK using its contact details on its website https://ico.org.uk/.