1. PURPOSE AND SCOPE
The Foundry Visionmongers Ltd and its group companies (“Foundry”, “we”, “us”) are committed to protecting personal data and the processing of such data, in accordance with applicable data protection laws.
When you engage with us via our website or through our marketing activities, and when you buy or use our products and services we will collect certain information that can be used to identify you.
We collect and use information about you in order to manage our relationship with you, to fulfil our legal duties and to operate our business and develop our products and services. We recognise that we have a duty to ensure that we are open and transparent with you and that we enable you to exercise your choices and preferences in relation to that data quickly and easily.
When we process your personal data for these purposes, Foundry is a “controller”. This means that we are responsible for deciding how we hold and use personal information about you. This Privacy Notice (the “Notice”) explains how Foundry generally collects, stores, uses, retains and shares your personal data. It also explains which personal data we collect and for what purpose. It also lists what rights you have as an individual, and who you should get in touch with if you have questions or concerns.
2. ROLES AND RESPONSIBILITIES
Foundry’s Cyber Security and GDPR Steering Committee (the “Committee”) has overall responsibility for ensuring compliance with applicable data protection laws and with this Notice.
If this Notice does not answer your questions, or if you consider that we have not followed this Notice in respect of your personal data, then you can get in touch with the Committee by contacting Foundry’s Head of Legal and General Counsel by phone, email or post and we will be happy to help.
How to contact us:
- +44 (0)20 7479 4350
- The Head of Legal and General Counsel The Foundry Visionmongers Ltd. 5 Golden Square London W1F 9HT United Kingdom
In this notice the terms set out below have the following meanings:
"applicable data protection laws" means the General Data Protection Regulation (EU) 2016/679 (GDPR) and any associated regulations or instruments, plus other local data protection laws, regulations, regulatory requirements and codes of practice applicable in the jurisdictions Foundry offices are located. It also includes any other legislation, regulations, rules and codes of practice that transpose or supersede the above including any data protection laws amending, replacing and superseding the GDPR in the United Kingdom following exit from the European Union.
"EEA" means to the European Economic Area
"personal data" means data or information relating to an identifiable natural person. An identifiable natural person is one who can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
"processing" means any activity that involves use of the data. It includes obtaining, recording or holding the data, or carrying out any operation or set of operations on the data including organising, amending, retrieving, using, disclosing, erasing or destroying it. Processing also includes transferring personal data to third parties.
"Websites" means our websites at www.foundry.com and www.athera.io.
4. THE PERSONAL DATA WE COLLECT
We collect personal data over the course of our relationship with you when you use our websites, when you interact with us directly or via our marketing, and when you purchase and/or use our products or services.
We collect the following main types of personal data when we carry out these activities:
• Contact details: information that allows us to contact you directly such as your name, job title, the company you represent, email address, telephone number and billing and shipping addresses associated with your account.
• Payment information: credit/debit card details, bank account details and any other information you provide to make payment for the products and services you purchase from us.
• Purchase and account history: when you arrange trials or purchase products or services from us, we keep records relating to those orders.
• Records of your discussions with our teams: when you share comments and opinions with us, ask us questions or make a complaint we will keep a record of this. This includes when you send us emails, interact with us on social media or contact our support desk.
• How you use websites: when you use our Websites, we collect information about where you are visiting from, your interests, the pages you look at and how you use them.
• Website security: when you register with our Websites we store your account details and password. When you buy products or submit forms via our Websites we keep records of your acceptance of our end user license agreements and privacy notices.
• Advertising and direct marketing: through our social media, marketing events, advertisements and direct marketing, we collect information about your interests, how you respond to, or interact with, any marketing or advertising communications directed to you, and any requests for these communications to stop.
• Product usage: when you use our products, we collect information about how and when you make use of them, your license, your email domain name, your computer equipment and network environment including information about the location of that equipment and whether you make use of any of our other products or services on your computer.
• Exercising your rights: if you exercise any of your statutory rights under applicable data protection laws, we will keep a record of this and how we respond.
• Account information: we keep copies of the emails you send us and we create identification numbers that allow us to link your account status with your order history, product licenses and payments.
5. WHAT WE USE YOUR PERSONAL DATA FOR AND WHY
Where we process your personal data because of our contract
We process these items of your personal data to enter into or fulfil contracts for the purchase, licensing and support of our products:
|Reason or purpose||Personal data used|
|Provide you with our products and services and maintain your account||
|Maintain your account(s) on the Websites||
|Billing, taking payment for our products and services and performing debt collection||
|Respond to requests and provide support and maintenance for our products||
|Respond to product support requests||
Where we process your personal data because we have a legitimate interest
We process these items of your personal data because we have a legitimate interest to improve our service to you, to identify new products you might be interested in, to advertise our products and services to you, to verify licensed usage of our products, to detect and reduce abuse by pirates, and to assist us in complying with sanctions laws:
|Reason or purpose||Personal data used|
|Determine products and services that may be of interest to you||
|Direct marketing via email and phone. If, at any time, tell us that you do not wish to receive direct marketing then we will not send you direct marketing materials.||
To ensure that you are not listed on any governmental restricted, blocked, denied, sanctioned or barred persons lists
|Maintain and improve our products and services and provide internal training to staff to improve customer experience||
|Verify licensed product usage and to detect and reduce abuse by pirates||
We process the following types of information that may not be personal data on its own but may become personal data when combined with other information we hold. We process this for the legitimate interest of preventing and detecting piracy of our software.
To prevent and detect piracy of our software, we process certain information that we do not consider to be your personal data alone but which may become your personal data when it is combined with other information we collect. The information we process includes the IP address and MAC address of your computer equipment; the MAC address of WiFi access points that are in range of your computer equipment; the email domain of the owner of your computer equipment; and an approximate location for your computer equipment. We also share the MAC addresses of nearby WiFi access points with Google who will then process this information and provide us with an approximate location for your equipment.
Where we process your personal data so you can’t be identified any more
We may anonymise and aggregate any of the personal data we hold (so that it does not identify you). We may use anonymised and aggregated information for purposes that include testing our IT systems, research, data analysis, improving our Websites, developing new products and services or improving our existing portfolio.
6. SOURCES WE COLLECT YOUR PERSONAL DATA FROM
We collect personal data from a range of different sources but primarily directly from you. We collect personal data by the following means:
• Directly from you: when you set up an account with us, email us, purchase products or services from us, submit information via our Websites, complete any forms or surveys we provide to you, request product trials, enter competitions or prize draws, use our products and services, raise queries, make a complaint, submit support requests, contact us by phone, email or communicate with us directly in some other way.
• Our Websites & products: when you create an account on one of our Websites and when you use or visit the Websites or download or use our products.
• Publicly available sources: we make use of public records including your company website, industry publications, industry news websites, LinkedIn and professional listings.
• Government, public authorities and regulators: may provide us with information about you where they are required to do so by law or where you have contacted them.
• Google: Google may provide us with information about the location of equipment on which our software has been downloaded.
• IT usage analytics providers: We may use IT usage analytics providers to provide us with further information in relation to unlicensed usage of our software.
• Sanctions screening providers: We use companies to check that customers are not on any government ‘denied persons’ or similar lists.
7. WHO WE SHARE YOUR PERSONAL DATA WITH
In certain circumstances, we will share your personal data with third parties:
|Who||Examples of Sharing|
If you are located in a region where we have an approved reseller of our products and: (a) you have previously purchased our products via an approved reseller; (b) we believe your needs are better served by dealing with a local approved reseller; or (c) we believe you are pirating our software, then we may pass your contact details and your purchase and account history to that authorised reseller. In addition, we may provide details of your product usage if we believe that you are pirating our software. We will not share your contact details with a reseller in a different region to you.
If you pay us via debit or credit card, via PayPal or another third party payment service then we will share details with the relevant payment agent so that they can process the transaction.
|Debt collection agencies, lawyers, resellers of our software and enforcement bodies||
If you have an overdue debt which is owing to us, if we believe that you are using pirated version(s) of our products or if we believe that you have breached our agreement(s), we may pass your details to local our software resellers, local debt collection agencies, enforcement bodies or lawyers.
|The government or regulators||
Where we are required to do so by law or to assist them with their investigations or initiatives, including, in the UK, the Information Commissioner’s Office
|Police and law enforcement||
To assist with the investigation and prevention of crime, including software piracy.
|IT and cloud service providers, support teams and advisors||
We use IT systems and cloud platforms for our everyday business functions including email, financial management, data storage and customer account records. We also engage third parties to support our systems and help us deliver services to you, and to help detect and prevent piracy of our software and to support the operation and analyse the usage of our Websites.
Purchasers and sellers of businesses and their professional advisors
If we sell or buy any business or assets, or the shareholders in our corporate group decide to sell any shares, we may disclose your personal data to the prospective seller or buyer of such business, assets or shares and its professional advisors.
We do not buy any marketing lists from external providers, nor do we sell your information to any other company or entity.
Our Websites may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites and any services that may be accessible through them have their own privacy policies and that we do not accept any responsibility or liability for these policies or for any personal data that may be collected through these websites or services.
8. TRANSFERRING YOUR DATA INTERNATIONALLY
If you live in a country in the UK and/or EEA, the data that we collect from you may be transferred to, and stored at, a destination outside the UK and/or EEA (as applicable). It may also be processed by staff operating outside the UK and/or EEA who work for us or for one of our suppliers.
To ensure that your personal data is secure, we will only transfer information to a country outside of the UK and/or EEA where we do so in accordance with the applicable data protection laws. This requires that one of the following conditions apply:
• the European commission has decided that the country provides an adequate level of protection for your personal data (in accordance with Article 45 of the GPDR);
• the transfer is subject to a legally binding and enforceable commitment on the recipient to protect the personal data (in accordance with Article 46 of the GDPR); • the transfer is made subject to binding corporate rules (in accordance with Article 47 of the GDPR); or
• the transfer is based on an exemption from the GDPR restrictions on transferring personal data outside of the EU (in accordance with Article 49).
For more information on the conditions that we rely on in relation to a particular transfer of your personal data outside the UK and/or the EEA, please contact us using the details at the end of this notice.
9. AUTOMATED DECISION MAKING AND PROFILING
Automated decision making happens when a computer uses personal data to make decisions about a person without any human intervention which have legal effects or similarly significant effects for the person. We do not engage in any form of automated decision making.
Profiling happens when a computer system uses personal data to evaluate a person’s characteristics. We undertake profiling in the following areas of our business:
|Purpose of Profiling||Logic Used||Potential Consequences for You|
|To understand your preferences||We collect and combine personal data, including your purchase and account history and how you use websites, to better understand your buying habits and your product interests.||The combined data helps our Sales team determine which products and services we should bring to your attention|
|To prevent piracy of our software||We analyse mismatches between product usage and account information to identify unlicensed use of our products and services.||Our Customer Conversion team may investigate the mismatch and determine whether or not to pursue unlicensed users.|
10. HOW LONG WE KEEP YOUR DATA
We will keep your personal data for as long as necessary in order to achieve the purpose of data processing plus, where necessary, an extended period to cover statutory limitation periods.
11. YOUR RIGHTS IN RELATION TO YOUR PERSONAL DATA
Under certain circumstances, you have the following rights in relation to your personal data:
• The right of access to your personal data: This enables you to receive a copy of the personal information we hold about you and check that we are lawfully processing it.
• The right to have your personal data rectified: This enables you to have any incomplete or inaccurate information we hold about you corrected.
• The right to deletion of your personal data: This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it, you withdraw your consent, we are unlawfully holding your personal data or we should erase your personal data to comply with applicable data protection laws. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
• The right to object to processing of your personal data: This applies where we are relying on a legitimate interest (or those of a third party) as a legal basis for our processing and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object to us processing your personal data where we are processing your personal information for profiling and/or for direct marketing purposes.
• The right to restriction of processing of your personal data: This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or stop us deleting personal data which you need for a legal claim.
• The right to have your data transferred to another services provider: This enables you to have the personal data you have provided us to be transferred to another party.
You can exercise your rights at any time by contacting us at firstname.lastname@example.org and providing sufficient information for us to identify you and your personal data.
We will always aim to help you when you wish to exercise your rights but in some instances we may have lawful grounds to reject your request depending on the legal reason why we collected your personal data. You will, though, always have the right to be informed about the information we collect about you.
We will investigate any request you make without undue delay and in any event within one month of receipt of your request. That period may be extended by two further months where necessary, taking into account the complexity and number of requests. We shall inform you of any such extension within one month of receipt of the request, together with the reasons for the delay.
In the event that we decide to not take action on the request, we will inform you of the reasons for not taking action.
Cookies are very small text files that are stored on your computer device when you use it to visit many websites. For more information on the types of cookies we place on your computer, how they are used and how long they remain as well as how to control them, please read our cookies policy.
We know security matters and take steps to protect your personal data.
Any payment transactions carried out by us or our chosen third-party provider of payment processing services will be encrypted using Secured Sockets Layer technology or Transport Layer Security.
Where we have given you (or where you have chosen) a password that enables you to access certain parts of our website, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will take all reasonable measures to protect your personal data, we cannot guarantee the security of your data transmitted to our site. Any transmission is at your own risk.
14. CHANGES TO THIS NOTICE
This Notice has been updated in July 2020. We reserve the right to amend our Notice and any changes we may make in the future will be posted on this page.
This Notice will be reviewed and updated on an annual basis to comply with applicable new requirements, regulations, insights, strategies, processes or technologies. We recommend that you check for updates to the Privacy & Cookies Policy from time to time but we will notify you directly about changes to this Notice or the way we use your personal data when we are legally required to do so.
15. CONTACT AND COMPLAINTS
If you do not agree with a decision we make in relation to a rights request or believe that we are in breach of applicable data protection laws then you can lodge a complaint with a data protection supervisory authority in the EU. You can contact the data protection supervisory authority for the UK using its contact details on its website https://ico.org.uk/.