Data and Privacy

Seven Signals Ltd (“we“, “us” or “our”) is committed to protecting and respecting your privacy. Here we explain how we process and use personal data we collect from you, or that you provide to us, when you visit our website. This privacy policy does not supersede the terms of any agreement you may write with us for commissioned works or services.

For the purposes of the UK Data Protection Act 2018 and the General Data Protection Regulation ((EU) 2016/679) (“GDPR”) and all successor legislation to the Data Protection Act 2018 and the GDPR (the “Data Protection Legislation”), the data controller is Seven Signals Ltd, a Company registered in England and Wales no. 13242490, of Tintagel House, 92 Albert Embankment, London SE1 7TY, UK.

Data we collect from you

Personal data, personal information, or personally identifiable information (“PII”) means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (“anonymized” data).
We may collect, use, store and transfer the following data about you:

• Information you give us by filling in forms on our site or by corresponding with us by telephone, e-mail or otherwise. This includes information you provide when you wish to report a problem with our site or give us feedback (e.g. your name, address, e-mail address and telephone number).
• We don’t use cookies on our web services. To safeguard our site, we may otherwise collect data about the Internet protocol (IP) address used to by your device when you visit our site, your device operating system and platform, your device browser type and version, your device time zone settings and browser plug-in versions; information about your visit, including download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page, and any telephone number used to call our general service number.
• We may also collect, use and share aggregated data such as statistical or demographic data for any purpose. Aggregated data may be derived from your personal data but is not considered personal data in law; however, if we combine aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as PII which will be used in accordance with this privacy policy. We do not collect any other special categories of personal data about you. Nor do we collect any information about criminal convictions and offences.

How we use your data

We only use your personal data where the law allows us to. We will use your personal information: (i) where we are compelled by law or duty of compliance; (ii) where you have provided your express consent; (iii) to prevent fraud; and data about your visit to our site to administer and protect our business (including troubleshooting, testing, system maintenance, server health reporting).
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for any other reason, we will notify you and we will explain the legal basis which allows us to do so.
We may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required by law.
Except where we may be compelled by law, we do not allow any third-party service provider to purchase, access, lease or otherwise use your personal data for their own purposes.
If the processing of your personal data requires a transfer of data outside the EEA, we ensure equivalent protection is afforded and we insist on the highest standards of data security for such transfers.

Data security

Cyberspace is never completely secure. While we place your security at the core of every service we offer, we cannot guarantee the complete security of your data transmitted to our site; therefore any transmission is at your own risk.
We invest in and use the best available security products and services to mitigate data breach and prevent your personal data from unauthorized access, accidental loss, alteration or disclosure. We do not share or disclose your data with any third party, unless we are compelled by law enforcement to do so. We have strict procedures to deal with any suspected data breach and will notify you and regulators of a breach where we are legally required to do so.

Data storage

We only retain your personal information for as long as is necessary to carry out the purpose for which it was collected, including for the purposes of satisfying any legal or reporting requirements. To determine the appropriate timeframe for storing your personal data, we consider the volume, type and sensitivity of the personal data, potential risk of harm from unauthorised use or disclosure, purposes for which we process your personal data and whether we can achieve those purposes through other means, and applicable legal requirements. We may anonymise your personal data for research purposes in which case we may use this information indefinitely, without further notice to you.

Your rights

Under UK Data Protection Legislation you may be entitled to the following rights:

• Where you have provided your consent to the processing of your personal data for any purpose, you have the right to withdraw such consent at any time by contacting us.
• You can request the correction or erasure of your personal information that we hold about you (where there is no good reason for us to continue processing it), where you have successfully exercised your right to object to processing, where we may have processed your information unlawfully or where we are required to erase your personal data to comply with laws.
• Unless we can demonstrate that we have compelling legitimate grounds to process your information, you can object to our processing of your personal data where you feel it impacts on your fundamental rights and freedoms.
• You can request a copy of your personal data from us in a commonly used and machine-readable format or that we transmit your personal data to another data controller.
• You have the right not to be subject to automated decision-making, including profiling, which has legal or other significant effects on you.
• You can access information held about you. You are not required to pay a fee to us to access your personal data (or to exercise any of the other rights); however, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive; alternatively, we may refuse to comply with your request.
• You have the right to make a complaint to the UK Information Commissioner’s Office (ICO).

Links to other sites

Our site may contain links to and from the websites of other organisations. These websites have their own privacy policies and we do not accept any responsibility or liability for these policies.

Changes to our policies

Any changes we make to our privacy policy are displayed on our website, a copy of which may be requested from us.