Privacy Notice
We at the Access Group know it is a big responsibility to protect your personal data. This Privacy Notice is meant to help you understand what information we collect, why we collect it, and how you can update, manage, export, and delete your information.
We may from time to time update this Privacy Notice, where we deem it appropriate, we will seek to notify you about the changes, however, we recommend you review this page periodically.
This Privacy Notice was last updated on: 18th October 2024
About us
The ‘Access Group’ is made up of numerous legal entities which are wholly owned subsidiaries of The Access Technology Group Limited (company registration 05575609). Our primary trading entity is Access UK Ltd (company registration 2343760) – the registered address for both is: The Armstrong Building, 10 Oakwood Drive, Loughborough, LE11 3QF, United Kingdom.
For this Privacy Notice, Access UK Ltd is the controller.
Our Group Data Protection Officer is Danielle Hefford. To contact us regarding our use of personal data, you may email us at [email protected]
We have appointed Access Workspace Ireland (registration number: 91755) as our EU representative under Article 27, EU GDPR. Our representative can be contacted by email at [email protected]
Why we have your information
We process personal data to fulfil our contractual obligations to our customers and to otherwise improve and market our solutions.
There are various ways in which we may process your personal data.
For example, because:
- an organisation you work for uses one of our solutions;
- an organisation you have engaged with uses our solutions to provide or otherwise make available a service to you;
- you have used one of our solutions where we process your data in our capacity as data controller;
- you have contacted us;
- you work for us;
- you visited our website;
- your personal data was provided to us by a third party;
- as a result of other lead generating activities done by us;
- where you sign up or are otherwise registered to one of our platforms;
- you are a signatory to a contract with us;
- you attended one of our Access led events;
- through the deployment of cookies (or similar technologies); or
- Because you have provided feedback to us.
On what legal basis we have your information
We will only ever process your personal data where we have a lawful basis to do so. We have expanded upon the reasons for us processing your personal data below.
1. Where an organisation you work for uses one of our solutions
If you use our solutions through your employer, for example, our HR, Payroll, or eLearning solutions, then we will process your personal data as a processor (your employer is the controller).
We recommend you read your employer’s relevant privacy documentation for information explaining what personal data is collected, and what for, etc.,
Third parties may also process your personal data (on our behalf). The details of these third parties will be included in the contract we hold with the controller (your employer).
See section “Further processing of your personal data” for what data we may process about you in our capacity as an independent controller.
2. Where you have engaged with an organisation that uses one or more of our solutions
If you use our solutions via a third-party organisation; for example, to submit your CV to a recruitment agency, or to donate money on a charity’s website, then we will process your personal data as a processor (the relevant third-party organisation is the controller).
We recommend you read the third-party organisation’s relevant privacy documentation for information explaining what personal data is collected, and what for, etc.,
Some of our solutions have dedicated privacy notices, where this is the case, these are accessible via our Security Portal or alternatively, they may be accessible within the solution itself.
Third parties may also process your personal data (on our behalf). The details of these third parties will be included in the contract that we hold with the controller.
See section “Further processing of your personal data” for what data we may process about you in our capacity as an independent controller.
3. Where you have used one of our solutions where we process your data in our capacity as data controller
We provide a limited number of solutions where some or all your personal data is processed by the Access Group in its capacity as an independent controller. For example, DesignMyNight, sPROC, Adam Procure, Adam Housing and Class4Kids.
Where you use one or more of our Access Products and we process all your data in our capacity as controller, the relevant Access Product will make its own dedicated privacy notice available to you, save for where the exception below applies:
- Where you are a “Provider” on SProc, Adam Procure or Adam Housing - a “Provider” meaning a user who has signed up to either SProc, Adam Procure and or Adam Housing to bid on opportunities, contract management and or payment purposes.
The lawful basis for collecting and sharing your information with Access Group customers who have procured services from you as a Provider is contractual, as the processing is necessary for the performance of the contract with you. Where the Access Group customer processes your information outside of the relevant solution, they are doing so as an independent controller of your information.
There we use your information to market Access Group solutions which may be of interest to you, our lawful basis is legitimate interests. The legitimate interest pursued is to share service messages pertaining to the solution that is used, and to market Access Group solutions which may be of interest to you.
The information we will process for marketing purposes is limited to: business email address; business phone number; your name; company name; service category reference and which local authority you’re engaged with to provide services.
We use third party solutions to store and otherwise process your information, they will therefore process your personal data on our behalf.
4. Where you have contacted us
If you contact us, for example, for technical support, to inquire about our solutions, or to download some of our content, we will record the contact made and log necessary details of the interaction on our systems. We process any personal data collected via these methods as a controller.
The data collected (which may be via telephone recording) may include your first and last name, the email address and telephone number you use for business purposes, your job title, and your employer.
Our lawful basis for processing your personal data in this case is legitimate interests. The legitimate interests pursued are to support us delivering on our contractual obligations (where applicable), internal training, to improve the quality of our services, to make information available to you (including marketing), and or to resolve any conflict (where applicable).
We use third party solutions to record and log the contact made with us; they will therefore process your personal data on our behalf.
5. Where you work for the Access Group
If you are an employee of ours, then we will process your personal data as a controller.
Our lawful basis for processing is described in the dedicated employee privacy notice.
The relevant privacy notice is made available to you on our internal systems. If you need help locating it, please ask your leader or Employee Success.
6. Where you visit our website
Your personal data, such as your first and last name, telephone number, email address, postal address, job title, employer and any other relevant contact details may be collected by us when you contact us using any of our online forms available on our website.
The lawful basis for processing this information is legitimate interests. The legitimate interest pursued is to keep you informed about the solutions we offer which we think may be of interest to you (i.e., marketing).
Where personal data is collected by us via mechanisms available via the website, we will process that data using third party solutions. These third parties will process your personal data on our behalf.
7. Where your data was provided to us by a third party
We work with several reputable third parties for the purpose of them supplying to us business contact details to allow us to effectively market our solutions. We may also collect information about you from other sources, for example, public sources or third-party social network sites.
Our lawful basis for processing is legitimate interests. The legitimate interest sought is the marketing of our available solutions.
All personal data obtained by us through our sources is done on the basis that we are the controller.
Where we obtain your personal data through these sources, we will process that data using third party solutions. These third parties will process your personal data.
8. Where we collect your data through lead generating activities done by us
We may collect your personal data through various lead generating activities such as events, webinars, and other networking activities.
Our lawful basis for processing is legitimate interests. The legitimate interest sought is the marketing of our available solutions, or where relevant, to engage with you regarding a sales and purchase agreement.
All personal data collected by us is done on the basis that we are the controller.
Where we obtain your personal data through these activities, we will process that data using third party solutions. These third parties will process your personal data on our behalf.
9. Where you sign up or are otherwise registered to one of our platforms
To give you access to any one of our platforms we require you to register/be registered. The information about you that we process is done so in our capacity as controller. Our lawful basis is legitimate interests. The legitimate interest pursued is the security and confidentiality of the Access Group’s information.
The reference to platforms above includes but is not limited to our: (a) Customer Success Portal (which also includes our Information Security Portal); (b) Finance Portal; and (c) Renewals Portal.
The information required for registration to our platform is limited to: your name, work email address, telephone number, job title, and employer.
Where you submit reviews, testimonials, or other user-generated content (in each case which may contain your views, opinions etc.,) on our platforms, we may reproduce, and display such content for marketing and promotional purposes.
10. You are a signatory to a contract with us
If you act as a signatory on a contract with us, we will process a limited amount of your personal data. This is likely to include your: name, work email address, job title, location data (e.g., IP address used when signing), and your signature (which may be digital or handwritten).
We process this information in our capacity as controller. Our lawful basis is legitimate interests. The legitimate interest pursued is contract management and administration.
11. You attended one of our Access led events
When in attendance at an Access-led event, we may take photographs and or video footage. We process this information in our capacity as a controller, and our lawful basis is legitimate interests. The legitimate interest pursued is to generate marketing/promotional material.
Where you express any opinion/view regarding Access, we may record the same and use and otherwise reproduce this for marketing and promotional purposes. This information will be processed in our capacity as a controller, and our lawful basis is legitimate interests. The legitimate interest pursued is to generate marketing/promotional material.
12. Through the deployment of cookies or similar technologies
We use cookies (and similar technologies) when you use our websites, platforms, solutions (collectively “sites”), and when you interact with us via email. This is to optimise your experience of us and our sites.
In relation to the website that you’re on reading this notice, please see our Cookie Policy for more information.
Our lawful basis for processing personal data via cookies is consent.
All personal data collected by us through our sites and emails are done on the basis that we are the controller.
Cookies and similar tracking technologies are used to collect information about your browsing behaviour and interactivity with our messages. This data is used for targeted advertising, personalising your experience with us, remarketing, analytics, reporting, understanding your preferences and measuring the effectiveness of our marketing campaigns.
13. Because you have provided feedback to us
We may invite you to provide ideas for the development of our solutions. Where you are invited, you may be required to sign-up. The personal data we process is limited to: your full name, your email address, the organisation you work for and your ideas regarding the product. There may also be the option for you to upload a profile photo.
We process this personal data as a controller. Our lawful basis of processing is legitimate interests, the legitimate interest sought is to improve our solutions.
Other users of the ideas platform will not be able to see your personal data.
We use a variety of third-party tools to collect your ideas. For example, Aha!, SurveyMonkey and other similar tools.
Aha.io (provider of Aha!) is a company incorporated in the United States, and it is signed up to the DPF framework.
Marketing
You may opt out of marketing communications at any time by following the unsubscribe instructions provided in our emails, alternatively you may contact our customer support.
Further processing of your personal data
Please see this privacy notice (also available directly through the relevant Access solution) for further processing of your personal data where you use one of our Access solutions.
In addition to the above, we also act as an independent controller of a smaller subset of data, which we either may collect: (a) directly from you; (b) from the relevant solution(s) you are using; and or (c) through a third party, because you have been identified by us as a key contact pertaining to:
(a) financial matters – meaning we may contact you regarding the payment of invoices. Our lawful basis for processing this data is legitimate interests. The legitimate interest sought is the payment of invoices; and/or
(b) the implementation of an Access solution – meaning we may store some of your information outside of our primary CRM. Our lawful basis for processing this data is legitimate interests. The legitimate interest sought is the administration and management of the Access Group’s business activities.
(c) services or goods we have or might need to procure. Our lawful basis for processing this data is legitimate interests. The legitimate interest sought is the administration and management of the Access Group’s business activities.
In all of the above cases, the information we process is limited to your first name; surname; business email address; location; business phone number; Access Product user role(s); job title; and telemetry data.
We may also use your information to market to you Access Group solutions we think may be of interest to you/your employer. Our lawful basis is legitimate interests. The legitimate interest sought is the marketing and sale of Access Group solutions.
Sharing your personal data
We may have to ad hoc share your personal data with regulators, law enforcement bodies, government agencies, courts or other third parties where we think it’s necessary to comply with applicable laws or regulations, or to exercise, establish or defend our legal rights.
We have also partnered with reputable third parties to provide a best-in-class service offering to you and our wider customer base (which may include the marketing of Access Group solutions or compatible solutions provided by the Access Group’s trusted partners). Where sharing your personal data with our trusted partners means a transfer to a third country (without an adequacy decision or adequacy regulations, as applicable) is to take place, we will ensure we put in place appropriate safeguards and supplementary measures to ensure an essentially equivalent level of protection (as compared to the UK and EU GDPR) to your personal data will be given.
We may also share your personal data with other members of the Access Group: we will only do this where we have a lawful basis for doing so, for example, fulfilment of contract or legitimate interests. Where the receiver of your personal data is an Access Group entity which is in a third country without an adequacy decision or adequacy regulation (as applicable), the transfer will be safeguarded by, at minimum, an intra-group agreement (which includes recognised model clauses and the UK’s IDTA).
If you are based in the APAC region, please see our APAC Privacy Policy here.
Lastly, we may share your personal data with third parties in connection with a sale of the Access Group (or any part thereof). Where that divested entity becomes a controller of your information, they will supply or otherwise make available to you their relevant privacy notice.
Storage and disposal of your personal data
Where we have your personal data acting in our capacity as a controller, we will delete your personal data in accordance with our data retention schedule (available via our Security Portal), or as otherwise required by data protection legislation: including where you choose to exercise your rights as a data subject (see ‘Your Rights’ section for more information).
Where we have your personal data acting in our capacity as a processor, we will delete your personal data in accordance with the controller’s instruction, or as otherwise required by data protection legislation. If we are required by law to retain any of your personal data, we will inform the controller of this lawful obligation.
Your rights
We will process your personal data in accordance the Principles - external link and Individuals’ Rights - external link of The General Data Protection Regulation (both the EU version (2016/679/EU) and UK retained version thereof).
Your data protection rights
Under data protection law, you have rights including:
- Your right of access - You have the right to ask us for copies of your personal information.
- Your right to rectification - You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
- Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.
- Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal information in certain circumstances.
- Your right to object to processing - You have the right to object to the processing of your personal information in certain circumstances.
- Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.
To exercise any of these rights, please contact [email protected]
Where we rely on consent as a lawful basis of processing, you may withdraw your consent at any time by emailing us at [email protected]
Important note
If you feel we have not processed your data in accordance with the Principles and Rights of the individual under GDPR (EU or UK), please contact [email protected] (or our EU representative, [email protected]) for our complaints procedure, or you may raise a complaint with the Information Commissioners Office - external link (or other relevant supervisory authority) but we would like the opportunity to resolve any issues first.