TAAP Accelerate – Privacy Notice

Your privacy is important to us. Our goal is to make TAAP Accelerate a great experience while processing your personal data fairly and transparently. This Privacy Notice (the “Privacy Notice”) aims to describe how we process your personal data in the context of your use of TAAP Accelerate and to inform you of the rights you hold as a result. This Privacy Notice applies only to TAAP Accelerate. Use of the TAAP Accelerate is your use of our Services.

1. Introduction and applicability

In light of the UK GDPR legislation on the protection of personal data (the “General Data Protection Regulation”, known as the “GDPR” 2016/679 and Data Protection Act 2018), we would like to disclose, in a transparent manner, our data processing operations with respect to the personal data collected by your use of our Services.

Kindly observe that this Privacy Notice does not apply to any external products or services such as applications or software that integrate with other services (“Third Party Services”). Furthermore, please note that our Services may contain links, embedded or not, to external websites and services that have privacy policies of their own and fall outside the scope of this Privacy Notice.

We are committed to ensuring that your personal data is kept confidential, and that it is only collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes. For any question regarding the collection or processing of your personal data, or for any request to exercise your rights in relation to your personal data, you can contact us in writing at any time to dataprotectionofficer@ontaap.com.

For more details on data processing, its scope and purpose, the relationship between the Data Controller and the Data Processor, please visit our Data Processor Agreement (DPA).

2. Who is responsible for the data processing?

TAAP Ltd, having its registered office at Kinetic Centre, Theobald Street, Borehamwood, Hertfordshire WD6 4PJ under company number 04962797 is the Data Processor for the processing of your personal data collected via the Product and for the processing carried out when you subscribe to and/or use our Services and so enter information when creating your account.

The Organisation that purchases TAAP Accelerate is the Data Controller.

On downloading the TAAP Accelerate and submitting your data, you are giving your consent to the processing of your personal data by TAAP Ltd (Data Processor) and the subscribing Organisation (Data Controller) that shall use TAAP Accelerate.

3. What is personal data?

Personal data (which should be understood to include personally identifiable information, or PII for short) is any information relating to an identified or identifiable natural person. It is sufficient that the data shall allow us to establish a (direct or indirect) link between one or more data-pieces and a natural person.

Personal data does not include anonymous or non-personal data (i.e. information that cannot be associated with or tracked back to a specific individual) or personal data that has been independently anonymised. By your use of our Services, you in any case consent to the processing and using of anonymous and non-personal data that is no longer associated with any natural person.

4. Description of processing

What information will we collect?

– Display Name – Needed to identify who has logged in

– Email address – Required as a username to be able to log in

– Company

– Industry

– Job role

– Phone number

5. For what purpose will we process your data? Will my personal data be shared?

Your data will be processed for specified, explicit and legitimate purposes as described in section [4]. We will only use your personal data for the purpose(s) for which it was originally collected unless we reasonably believe that another purpose is compatible with that or those original purpose(s) and need to use your personal data for that purpose. If we do use your personal data in this way and you wish us to explain how the new purpose is compatible with the original, please contact us using the details in section 10.

We may, from time to time, use your personal data for reporting and for making improvements to our Services; in such instances we will always ensure an individual cannot be identified.

Your personal data may be transferred to our trusted third-party processors, this will be for purposes such as: hosting of our servers, project management tools and customer relationship management system.

Our trusted third-party processors are contractually bound by us to keep your information confidential and used only for specified, explicit, and legitimate purposes as specified in section [4].

Some messages from us are service-related and necessary for customers. You agree that we can send you non-marketing emails or messages, such as those related to transactions, your account, security, or product changes/updates.

With your permission and/or where permitted by law, we may also use your personal data for marketing purposes, which may include contacting you by email with information, news, and offers on our services. You will not be sent any unlawful marketing or spam. We will always work to fully protect your rights and comply with our obligations under the UK GDPR and the Privacy and Electronic Communications (EC Directive) Regulations 2003, and you will always have the opportunity to opt-out. We will always obtain your express opt-in consent before sharing your personal data with third parties for marketing purposes and you will be able to opt-out at any time.

If you have agreed that we can use your information for marketing purposes, you can change your mind easily, via one of these methods: Send an email to: unsubscribe@ontaap.com or write to us at: Unsubscribe, c/o Data Protection Officer, Kinetic Centre, Theobald Street, Borehamwood, Hertfordshire WD6 4PJ.

We will never lease, distribute or sell your personal data to a third party without requesting your prior permission. We will not transfer your data to other third parties without informing you separately beforehand in the exceptional cases where we are either legally required on important public interest grounds, or for the establishment, exercise or defence of legal claims.

6. Legal Basis for processing personal data

Our legal basis for collecting and using the personal data described above will depend on the personal information concerned and the specific context in which we collect it. However, we will generally only collect personal information from you where:

• We need your personal information to validate your identity when initiating and maintaining your license key in conjunction with acceptance of our End User License Agreement (EULA);
• The processing is in our legitimate interest and not overridden by your right;
• You have given your consent to do so.

We have a legitimate interest in operating our services, for example when responding to your queries, improving our services, undertaking marketing. In some circumstances, where permitted or required by law, we may process your personal data without your knowledge or consent. This will only be done within the bounds of the GDPR and your legal rights.

If we ask you to provide personal information to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not.

7. Security of your data

Protecting personal data from access, loss or alteration is of the utmost importance to us. All data is stored in the Cloud, data centres within the United Kingdom.

Servers are updated with the latest security patches during scheduled routine maintenance.

8. Where will your personal data be processed?

Data collected via our Services is only stored and/or processed within the United Kingdom (UK).

Sometimes we will need to share your personal data with third parties and suppliers outside the United Kingdom. This will be for purposes such as: Technical Support, Project Management Tools and our Customer Relationship Management system.

Where your personal data is transferred outside the United Kingdom, it will only be transferred to countries that have been identified as providing adequate protection for United Kingdom data, or where approved transfer mechanisms are in place to protect your personal data, i.e., by ensuring the entity is Privacy Shield certified (for transfers to US-based third parties). If you wish for more information about this, please contact dataprotectionofficer@ontaap.com.

Any transfer of your personal data will follow applicable laws and we will treat the information under the guiding principles of this Privacy Notice.

9. How long will we hold your data?

We will not keep your personal data for any longer than is necessary in light of the reason(s) for which it was first collected or to comply with applicable legal, tax or accounting requirements in accordance with our data retention policy. Following that period, we’ll make sure it’s deleted or anonymised.

Should you wish to see a copy of our Data Retention Policy, this can be requested by email to dataprotectionofficer@ontaap.com.

10. Data subject rights

It’s your personal data and you, as a data subject, have certain rights relating to it. When it comes to marketing communications, you can ask us not to send you these at any time. Follow the unsubscribe instructions contained in the marketing communication, or send your request to unsubscribe@ontaap.com.

Under data protection law, you have rights including:

• Your right of access – You have the right to ask us for copies of your personal information.
• Your right to rectification – You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
• Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances.
• Your right to restriction of processing – You have the right to ask us to restrict the processing of your information in certain circumstances.
• Your right to object to processing – You have the right to object to the processing of your personal data in certain circumstances.
• Your right to data portability – You have the right to ask that we transfer the information you gave us to another organisation, or to you, in certain circumstances.
• You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.

You can exercise these rights at any time by sending an email to dataprotectionofficer@ontaap.com.

If you’re not happy with how we are processing your personal data, please let us know by sending an email to dataprotectionofficer@ontaap.com. We will review and investigate your complaint and get back to you within a reasonable time frame.

You may be able to refer your complaint to the relevant data protection authority. For the UK, this is the Information Commissioner’s Office (ICO).

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF

Helpline number: 0303 123 1113

This privacy statement was last updated: 24th October 2022.