Calculus Software Solutions Privacy Policy – May 2018

When you enquire about our products or services, we may capture data about you and your business. This will include your contact details, and information you give us or which we determine regarding your stated and implied requirements, how your business operates, our proposals for services, and associated information used by us to help determine the suitability and pricing of our services, and to supply and support those services. Our basis for this capture is performance of a contract and legitimate interests, because understanding the requirements for our products allows us to make those products work better for you, the customer.

The Data Controller and Data Processor is Calculus Software Solutions Ltd, Branksome, Mill Hill, Edenbridge, Kent TN8 5DQ (“Calculus”).

Our legal basis for the collection and processing of your data is as follows:

Purpose of processing Legal basis
Account registration Performance of a contract
Email notifications of opening hours Performance of a contract
Email/postal/telephone contact regarding products and services within your contracts Performance of a contract
Email/postal/telephone contact regarding other products and services not within your contracts Consent

Because of the importance to your business of investing in services such as those we provide, we believe it is important we retain this information once captured so it can be applied to our delivery of services to you, should you decide to take up our services. The timescales in making a decision on some of our products, and then the implementation of those products, can run into many years, therefore we will retain this data in order to prevent you needed to resupply it later, which could lead to additional costs to you. We therefore capture and process this under Performance of a contract, and Legitimate interests.

Disclosure of data
We work with a number of third parties, and may pass relevant portions of this data to them, to allow us to obtain suitable quotations and proposals from those providers, or for them to contact you regarding their services. Those third parties may provide data back to us regarding your account, in order to allow us to manage your account and to offer you relevant services. We’ll only pass on the data which is required for the purposes of delivering our quotation or service, or for them to contact you if you have requested this. The data we pass on will be covered by the privacy policy of the third party.

In some cases we may be legally required to share parts of your personal data with agencies or bodies as outlined in legislation.

We may disclose your personal with regulators, government agencies or other third parties where we believe the disclosure is necessary (i) as a matter of applicable law or regulation; (ii) to exercise, establish or defend or legal rights; or (iii) to protect your vital interests or those of any other person;

We may disclose your data to third parties if you request us to, or you consent to such disclosure.

Retention of data
Where you have given us consent for us to use your data for marketing purposes, we will retain your data used for this purpose until you notify us you no longer wish us to do so.

Where data is stored regarding your requirements for the purpose of preparing service proposals etc, we will retain this information until 6 years after the withdrawal from sale of the products or services or subsequent equivalent products or services the information relates to.

Where data is stored regarding your use of our services, for example ticket information captured by our support department, we will retain these records until 6 years after the withdrawal from support of the product or services they relate to, or 6 years after the termination of your last contract with us, whichever is the later. Data which relates to billing or accounting purposes will be retained indefinitely for accountancy purposes.

Security
We apply appropriate administrative, technical and organisational security measures to protect your personal data that is under our control from unauthorised access, collection, use, disclosure, copying, modification or disposal. All information you provide to us is stored on secure servers. Calculus trains its employees regarding our data privacy policies and procedures and permit authorised employees to access personal data on a need to know basis, as required for their role. We also take steps to ensure that any service provider that we engage to process personal data on our behalf takes appropriate technical and organisational measures to safeguard such personal data.

Transferring Information Internationally
Your personal information may be transferred to, and processed in, countries other than the country in which you are resident. These countries may have data protection laws that are different to the laws of your country.

This means that, when we collect your personal information, it may be processed in these countries. However, we have taken appropriate safeguards to require that your personal data will remain protected in accordance with this Privacy Policy. Further details can be provided upon request.

Updates to this Privacy Policy
We may update this Privacy Policy from time to time in response to changing legal, technical or business developments. When we update our Privacy Policy, we will take appropriate measures to inform you, consistent with the significance of the changes we make. We will obtain your consent to any material Privacy Policy changes if and where this is required by applicable data protection laws.

You can see when this Privacy Policy was last updated by checking the “last updated” date displayed at the top of this Privacy Policy.

Your Data Protection Rights
You have the following data protection rights:

If you wish to access, correct, update or request deletion of your personal information, you can do so at any time by contacting Calculus

Please note: We retain personal information to comply with law, prevent fraud, collect any money owed, resolve disputes, assist with any investigations, enforce our terms and conditions, and take other actions otherwise permitted by law. We may also retain some pseudonymous data for analytics purposes so we can understand, for example, how many visitors we have had to the Website, and regarding the use of our products and services.

In addition, you can object to processing of your personal information, ask us to restrict processing of your personal information or request portability of your personal information. You can exercise these rights by contacting us at admin@findesolutions.com or the postal address below.

If we have collected and processed your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent. You can update your consent by emailing admin@findesolutions.com, or by writing to us at the postal address below. Please note it can take up to 5 working days for updates to be processed.

We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.

Questions about this Privacy Policy
If you have any question, concerns or complaints about this Privacy Policy or our handling of your personal data, you can contact us by email at admin@findesolutions.com or by post to the following address:

Calculus Software Solutions Ltd
4 Warren Court
Park Road
Crowborough
East Sussex
TN6 2QX

If you are unsatisfied with the response, please write to the above address, marking your address for the attention of a Director, and it will be passed to the relevant party

You have the right to complain to a data protection authority about our collection and use of your personal information. If you are based in the European Economic Area, please contact your local data protection authority. (Contact details for data protection authorities in the European Economic Area, Switzerland and certain non-European countries are available on the EU Commission's website via the following link): Click Here)

The controller of your personal data is Calculus Software Solutions Ltd.

Data stored within your systems for our customers
This section applies in addition to the above sections if you use any of your services.

As part of our services, we can be closely involved with your own databases. The personal data contained within systems provided by us which you are operating remains your data – you are licencing our software and services in order to access it, but you are responsible for the actual data as the data controller.

Depending upon the infrastructure selected for your system, your system data may be held across a number of different servers, and this may change over time. These include:
  • Computers located within your premises
  • Servers located within Calculus Software Solutions
  • Servers located within third party data centres
  • Your devices used to run or access our products

Where we or our services place some or all of your data on servers under the control of a third party, we ensure those third parties have suitable privacy policies in place to cover that data, and we do not give third parties access to your data unless explicitly required in order for us to fulfil our service to you. In the event a third party has access to your data, we will limit their access to only those elements which are required for their provision of the relevant portion of your contract.

For example, when processing a finance transaction, we may pass the customer name, address and purchase details to a third party finance house for them to process the transaction. In this scenario we would not pass product cost prices, as this is not required for them to fulfil the service, but retail pricing would be required, as that is necessary for them to fulfil the service. In the event there is an issue or suspected issue with this service, we may then need to pass logs relating to the use of that portion of the system to that finance house or their developers for investigation of the issue.

Calculus access to your database is restricted to those purposes required for us to provide you with our services and support those services. You may ask us to perform tasks which transfer part of all of your data to third parties - in these cases, we are responsible for ensuring we only transfer the data you have requested, but you are responsible for ensuring that transfer is compliant with your own legal obligations regarding that data.
For example, if you ask us to send customer details to a warranty provider for late solicitations, we will ensure we only send the data you ask us to, you must ensure you are allowed to send this data and that you tell us any restrictions on customers to include or exclude.

When we setup a server, we enable password protection to all user accounts. You are responsible for changing those passwords regularly and ensuring the security of those accounts, and the overall security of the server. We are responsible for the security of the user accounts created for our own access, unless you have administrative access to those accounts, in which case you accept responsibility for them.

Access to your systems is possible by calculus using TeamViewer, or Remote Desktop over VPN. Both technologies require passwords to allow access.

We may create backup copies of your database to our own servers, or to servers hosted by third parties. Such backups will be either as part of our service provision (where we are providing backup as part of our service), or as a temporary requirement for support purposes (for example testing a software change or reproducing a bug which is specific to your system). Access to the data within such copies shall be restricted to only the purposes specified here or otherwise agreed with you, and only by the members of staff who need it for those purposes. The data will only be retained for the duration needed for those purposes.

If your system has a fault which we can't reproduce, we might make a copy of your data in order to reproduce the issue so our developers can fix it for you. We wouldn’t then use that copy of the data for any other purpose, and would delete it as soon as it is no longer required after the issue has been fixed and tested with you.

We may collect data from our systems regarding the use of those systems in order to allow fraud detection, debugging, and to help us support and improve those systems.

Our mobile apps may cache or store some data locally on the device. Please ensure you have suitable security in place on these devices.

In order for some of our services to work, portions of your data, including customer data, needs to be transferred to third parties and/or Calculus. For example customer mobile numbers and the sent text messages are sent via Calculus, and will be recorded by our systems and third parties, for the purposes of providing the service and providing billing and reporting facilities against those services. Where you are using our services which require such transfer, it is necessary for us to make those transfers to provide them.