Contact Sales

Privacy Notice for Access Products

We at the Access Group know it is a big responsibility to protect your personal data. This Privacy Notice is meant to help you understand what information we collect, why we collect it, and how you can update, manage, export, and delete your information.

We may from time to time update this Privacy Notice, where we deem it appropriate, we will seek to notify you about the changes, however, we recommend you review this page periodically.

This Privacy Notice was last updated on: 7th March 2024

About us

The ‘Access Group’ is made up of numerous legal entities which are wholly owned subsidiaries of The Access Technology Group Limited (company registration 05575609). Our primary trading entity is Access UK Ltd (company registration 2343760) – the registered address for both is: The Armstrong Building, 10 Oakwood Drive, Loughborough, LE11 3QF, United Kingdom.

For this Privacy Notice, Access UK Ltd is the controller of the personal data which is processed by it as a controller. Other Access Group entities may become a joint controller of your information from time to time.

Our Group Data Protection Officer is Danielle Hefford. To contact us regarding our use of personal data, you may email us at [email protected]

We have appointed Core Computer Consultants Ltd (registration number: 91755) as our EU representative under Article 27, EU GDPR. Our representative can be contacted by email at [email protected]

Why we have your information

We process your information because you are using one or more of our Access solutions. There are various ways in which we may obtain your personal data, for example: (a) directly from you; (b) from the relevant solution(s) you are using; or (c) from the relevant organisation who has engaged with us for the use of our solution(s).

On what legal basis we have your information

We will only ever process your personal data where we have a lawful basis to do so. In relation to your use of this solution, below lists the reasons for us processing your personal data:

  • To fulfil our contractual obligations with our customers, we may contact you from time to time regarding the solution. For example, regarding scheduled or non-scheduled downtime, or an update that we think you should know about (‘service messages’).
  • Some of our solutions also can capture your feedback regarding use of the solution. Where you choose to provide feedback to us, we will process a limited amount of your personal data in our capacity as a controller.

    Our lawful basis for processing this data is legitimate interests. The legitimate interest sought is for us to understand how to improve the solution.

    We use a third party, InMoment (Wootric) to process this data; InMoment is a company based in the United States; we have in place EU Standard Contractual Clauses supplemented with a UK International Data Transfer Addendum.
  • To verify use of the Access solution is compliant with the relevant contract (for example, license limitations). Our lawful basis for processing this data is legitimate interests. The legitimate interest sought is to ensure compliance with the contractual terms.
  • To assess usage/utilisation of the Access solution (which may include platforms we make available to you, e.g., for support) through the collection and processing of telemetry data. Our lawful basis for processing this data is legitimate interests. The legitimate interest sought is to be able to demonstrate return on investment (including but not limited to, by identifying underutilisation), retain customers and gain insights to assist with the development/road maps of Access solution(s).
  • To ensure the security and integrity of the Access solution(s). For example, through our deployment of threat detection and response solutions. Our lawful basis for processing is legitimate interests. The legitimate interest pursued is to ensure the security and integrity of the Access solution.
  • To allow you to login to the relevant Access solution(s), typically by way of username and password. Our lawful basis for processing is legitimate interests. The legitimate interest pursued is to provide you secure access to the Access solution.

In all of the above cases, the information we process is limited to your first name; surname; business email address; location (including IP address); business phone number(s); Access solution user role(s); job title; and other telemetry data.

We may also use your information to market to you Access Group solutions we think may be of interest. Our lawful basis is legitimate interests. The legitimate interest sought is the sale of Access Group solutions.

Further processing of your personal data

Where you use one of our solutions, we may derive or create anonymous data and information about your use of that solution. This anonymised data will be further aggregated before being used either by us or a third party nominated by us to improve our products. We may also commercialise this information, for example, to provide insights to third parties.

Our lawful basis for the anonymisation and aggregation process is legitimate interests, and we carry out this processing as a controller. 

The legitimate interest pursued is statistical analysis to drive informed decision making, for the benefit of both the Access Group and other third parties.

Post completion of this anonymisation and aggregation process (which is irreversible), the data is no longer considered personal data for the purpose of applicable data protection legislation.

Sharing your personal data

We may have to ad hoc share your personal data with regulators, law enforcement bodies, government agencies, courts or other third parties where we think it’s necessary to comply with applicable laws or regulations, or to exercise, establish or defend our legal rights.

We have also partnered with reputable third parties to provide a best-in-class service offering to you and our wider customer base (which may include the marketing of Access Group solutions or compatible solutions provided by the Access Group’s trusted partners). Where sharing your personal data with our trusted partners means a transfer to a third country (without an adequacy decision or adequacy regulations, as applicable) is to take place, we will ensure we put in place appropriate safeguards and supplementary measures to ensure an essentially equivalent level of protection (as compared to the UK and EU GDPR) to your personal data will be given.

We may also share your personal data with other members of the Access Group; in these cases, the Access Group entity will be acting on our behalf as a processor. Where the receiver of your personal data is an Access Group entity which is in a third country without an adequacy decision or adequacy regulation (as applicable), the transfer will be safeguarded by, at minimum, an intra-group agreement (which includes recognised EU and UK standard clauses).

Lastly, we may share your personal data with third parties in connection with a sale of the Access Group (or any part thereof). Where that divested entity becomes a controller of your information, they will supply or otherwise make available to you their relevant privacy notice.

Storage and disposal of your personal data

Where we have your personal data acting in our capacity as a controller, we will delete your personal data in accordance with our data retention schedule (available via our Security Portal), or as otherwise required by data protection legislation: including where you choose to exercise your rights as a data subject (see ‘Your Rights’ section for more information).

Where we have your personal data acting in our capacity as a processor, we will delete your personal data in accordance with the controller’s instruction, or as otherwise required by data protection legislation. If we are required by law to retain any of your personal data, we will inform the controller of this lawful obligation.

Your rights

Under data protection law, you have rights including:

  • Your right of access - You have the right to ask us for copies of your personal information.
  • Your right to rectification - You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
  • Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.
  • Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal information in certain circumstances.
  • Your right to object to processing - You have the right to object to the processing of your personal information in certain circumstances.
  • Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.
  • Rights in relation to automated decision making.

To exercise any of these rights, please contact [email protected]

Where we rely on consent as a lawful basis of processing, you may withdraw your consent at any time by emailing us at [email protected]

Important note

If you feel we have not processed your data in accordance with the Principles and Rights of the individual under GDPR (EU or UK), please contact [email protected] (or our EU representative, [email protected]) for our complaints procedure, or you may raise a complaint with the Information Commissioners Office - external link (or other relevant supervisory authority) but we would like the opportunity to resolve any issues first.