General privacy policy

This Privacy Notice is designed to cover all likely options for the different sites and activities that NetSupport owns or runs. It does not include areas that we run as services on behalf of others (i.e. where we are a Data Processor).

Marketing sites

These sites are designed to share marketing and sales information, and to engage with potential customers. These sites are likely to also provide opportunities for potential clients to download trial software, sign up for mailing lists and to take part in events or competitions.

Data gathered will include:
• technical information related to running the site
• analytical information about use and performance of the site
• lead generation from the downloading of trial software
• lead generation and mailing list subscriptions
• lead generation from sign-ups to events and any activities linked to additional tools on the site, i.e. the Tawk.to chat function for sales and for support.

Membership sites

Some sites will have additional target audiences and may have different levels of engagement. This will usually be done by allowing the site to have a ‘membership’ function. This will provide the options for whether ‘members’ are only subscribing to information about that site, and whether they are automatically also added to a subscription to general marketing messages and/or added as a possible lead.

Customer sites

Some sites may be targeted purely towards customers. These are general membership sites but where we already hold information about the engaging audience. The use of these sites may also allow for subscription models as part of any purchased licence, maintenance agreement or subscribed service.

In all cases where we collect personal information, we will always endeavour to tell you why we need the information and how we will use it.

Members

Existing subscribers to the R.I.S.E. Magazine mailing list have already provided contact details to allow us to notify you of when new issues of the magazine are available. In additional, general information about NetSupport activities and products may also be shared. Information on existing subscribers is kept for a maximum of 12 months, or until they become a subscribing member of the R.I.S.E. Magazine site. At that point, they are considered members and previous subscription records are removed for this purpose.

Existing subscribers who register for membership of this site will also remain subscribed to notifications about new issues of the magazine, as well as periodic summaries of recent articles and, when available, notifications of new articles (including member-only articles).

Members will provide a username, contact email address and can then also provide information around their full name and organisation. This is deemed as ‘contact information’.

Accessing our website

NetSupport collects information we learn about you from visiting our website and using our online services. Our website gathers statistical and other analytical information from all visitors to it. Your web browser automatically lets us know:

• the website you come from when visiting us
• your IP address
• the date and time of access
• the browser you are using and the operating system of your device.

We use this information to ensure a stable connection, the efficient use of our website, and also to evaluate system security and stability. This is necessary and in our legitimate interest. We retain relevant technical information for up to 30 days. We do not use your geographic presence to target you to particular regional sites.

Downloads and evaluations

When you download an evaluation of one of our products, we will ask you for contact information. This contact information is used to provide you with important information regarding the evaluation of the product. This information is also passed to our sales team who will contact you to help answer any questions during your evaluation.

Demonstrations and remote support

If you require a demonstration of any product or service, then recordings and transcriptions may be made for your and our reference, and to further support your evaluation and analysis. An additional verbal agreement will be made before the recording starts and a clear notice provided at that time. Continuing to take part in the recording is taken to be that no objections were raised.

Where remote support (for ad-hoc support, onboarding or training) is in place, recording may also take place to further aid in managing any issues or tasks arising from the session. An additional verbal agreement will be made before the recording starts and a clear notice provided at that time. Continuing to take part in the recording is taken to be that no objections were raised.

Where a remote agent is required to be allowed for the demonstration, support or training to take place, if it is not already in use by the (potential) customer, they will download and use the required agent for the agreed session. It is your responsibility to ensure that this is done on an appropriate device and that no additional personal data is shown to any NetSupport employee or representative.

Business contacts

If you have made contact with us, or us with you, whether that be through networking via social media or in person, we shall add your name, company and contact details to our CRM, together with appropriate and relevant notes, such as details of our discussions, meetings, marketing contacts etc.

Support enquires

Our support team will ask you for contact information if you contact them with any questions or support queries. The information you provide to our support team is only used to provide you with updates regarding the support issue you raise with us.

Chat-based enquires

We provide a facility to allow customers and potential customers to ask direct queries to a chat-bot and then interact with staff within Sales or Support, depending on need. Where this is part of a delivered contract, all details are included within the relevant data processing agreement or contract.

Where this is for other support queries or sales queries, we will use an agreed tool to facilitate the Chat service. This tool will collect information as previously mentioned, as well as any other details provided via the free text options.

All chats are retained within the Chat service for a maximum of 13 months, but relevant information may be moved to a different system (e.g. product support or sales contacts) to be recorded and stored more appropriately.

Subscriptions to mailing lists

When you contact us via any of the above methods, we may ask you if you would like to be kept informed about product offers and updates. If you answer ‘yes’ to this question, then you will be added to our mailing list which you can unsubscribe from at any time.

Events and other activities

NetSupport and NetSupport staff will frequently provide a significant presence at events, such as conferences, trade shows and other activities. Information collected will be through the agreed methods of the event organiser, and comply with any privacy policy they have put in place for us to follow. The organiser is principally responsible for the data collected and their terms are provided for you by them. However, we also ensure that any personal data we are provided with, either directly or indirectly, follows our own Privacy Policy.

Where this may also include competitions and prize draws, we will share particular terms and conditions related to the event, and ensure that it follows the criteria set out below.

Existing/recent customers

As part of product review and improvements, you may be contacted to take part in competitions. This is based on your existing or recent use of our products. Data collected is usually restricted to the use of existing contact details and any pertinent information required as part of the event (e.g. opinions on new features, opportunities for case studies, etc.) on a case-by-case basis.

This information will be held for the period of the event + 3 months. Any further retention (e.g. quotes or case studies) will be agreed separately.

Potential customers

As part of many internally and externally run activities, potential customers may take part in competitions. Where this is in conjunction with a larger event (tradeshow, consumer group, etc.), information shared with us by the organiser is as per any agreement you have with them.

Any information we collect as part of the competition will be used for that competition and, where agreed, additional information may be sent as part of our sales and marketing approach.

Information is only retained for the duration of the event or competition + 6 months, or longer if it is also collected as part of general sales and marketing.

Social media and other networks

NetSupport and NetSupport staff will frequently provide a significant presence on social media and readily interact with others. All activity on social media is subject to the terms and conditions of that service. Any information we collect will be treated as stated in the sections above, or within the limits set out be the social media provider.

How we store your information

All information is stored either in our data centre in the UK or on cloud servers hosted in the EU. We store customer and evaluation customer data in a robust CRM system and ensure that only authorised members in our teams have access to your personal information. This CRM system is hosted in the EU. Where additional tools are used to process personal data, if they are outside of the UK or EU, supply chain management is in place to ensure all relative compliance is in place.

Who can access your personal data?

NetSupport Limited takes significant care to ensure only staff trained for the relevant role can access and use your personal data, and only for the purpose it was collected for. Access controls are in place to prevent unintentional or intentional access by unauthorised employees.

Who do we share with?

NetSupport Limited will never sell your information or share it with any third party. However, we will share your details with any government agency entitled to this information by law – and for downloads and evaluations outside of the UK, we will pass your contact details to our authorised partner in your country of origin. For details of the NetSupport Partners in each country, please see https://www.netsupportsoftware.com/where-to-buy/
Where additional tools are used to process personal data, if they are outside of the UK or EU, supply chain management is in place to ensure all relative compliance is in place. The additional tools are contracted by NetSupport and act as our Data Processors.

How long do we keep your personal data?

NetSupport Limited will retain all relevant business data for the period set aside by legislation for tax and business requirements.

Information gathered and used through website enquiries is kept on that system for 1 year and then retained in the CRM for at least the period of any contract or as set out for business purposes above. If no products or services are bought, the information in the CRM is minimised and the personal data of individuals is removed after 4 years.

Information gathered and used for support, outside of any agreed contract for products and services, is retained within the CRM for at least the period of any contract or as set out for business purposes above. If no products or services are bought, the information in the CRM is minimised and the personal data of individuals is removed after 7 years.

Information used as part of marketing and mailing lists is retained until we are sure that the information is no longer correct or we are requested to stop using that personal data.

Overview

You have the following rights if the respective legal requirements are met:
• The right to be informed about the collection and use of your personal data.
• The right to have access to your personal data.
• The right to request rectification of incorrect data or completion of incomplete data.
• The right to request deletion of your personal data stored with us.
• The right to request restriction of processing of your data.
• The right to request data portability.
• The right to object to the processing of your personal data.

Right to be informed

You have the right to be informed about the collection and use of your personal data:
• the purposes for which the personal data are processed
• the categories of personal data that are processed
• the recipients or categories of recipients of the personal data
• the retention periods for the personal data
• all available information about the origin of the data, if the personal data was not collected from you
• the details of the existence of existence of an automated decision-making process, including profiling
• the details of transfer of the personal data to any third countries or international organisations.

Right of access

You have the right to receive, upon request, information about the personal data stored with us about you, free of charge, commonly known as ‘data subject access request.’ You have the right to ask for:
• confirmation of the data processing activities involving your data
• a copy of your personal data
• information outlined in this Privacy Policy.

Right to rectification

You have the right to seek the immediate rectification by us of inaccuracies in your personal data. Considering the purposes of the processing, you have the right to request the completion of incomplete personal data and add newly available supplementary information.

Right to erasure

You have the right to request from us that personal data concerning yourself is immediately erased if one of the following grounds applies:

• the personal data is no longer necessary for the purposes for which they have been collected or have been processed in any other way
• you withdraw consent and there is no other legal ground for the processing
• you object to the processing and there are no overriding legitimate grounds for the processing to continue
• the personal data has been unlawfully processed
• the deletion of the personal data is necessary for the fulfilment of a legal obligation.

Where our processing of your data is based on your consent, you have the right to withdraw your consent, but this will not affect the lawfulness of the processing based on your original consent. We will no longer process your data for the purpose you originally agreed to unless we have another legal basis for continuing to process your data, which we will explain to you.

In the event that we have made the personal data public and are obliged to delete it, we will take appropriate measures in so far as possible to ensure this data is removed. This may include us informing the third party processing your data to delete all links to the personal data (copies or replications).

Right to restriction of processing

You have the right to request from us a restriction of the processing, if one of the following requirements exists:

• the correctness of the personal data is disputed by you
• the processing is unlawful and you request a restriction of the use of the personal data rather than its deletion
• we no longer require your personal data for the purposes of the processing, but you require it in order to enforce, exercise or defend legal claims
• you have raised an objection to the processing, so long as it is not certain whether the legitimate grounds of NetSupport outweigh those of yourself.

Right to data portability

You have the right to receive the personal data that concerns you, which you have provided to us, in a structured, common and machine-readable format, and you have the right to transfer this data to another data controller without hindrance by us, considering:

• the processing is based on consent or on a contract
• the processing takes place with the aid of automated procedures.

When exercising your right to data portability, you have the right to ensure that the personal data is transferred directly by us to another data controller, where this is technically feasible

Right to object

You have the right to object to the processing of your personal data, for reasons arising from your particular situation.

The above general right of objection applies to all processing purposes described in this privacy notice, which are processed on the basis of legitimate interests. This also applies in relation to data processing for the purpose of direct mail for marketing purposes. If you object to any processing of data, it will be stopped with effect for the future, unless we, as the controller, are able to demonstrate overriding legitimate grounds for further processing that outweigh your interests.

You can ask us to stop sending you direct mail, or emails, or ask us to stop processing your details. Finally, if we do something inappropriate with your information, you can request compensation for any distress you are caused or loss you have incurred. You can find out more information on the ICO’s website http://ico.org.uk/for_the_public/personal_information.

Right to complain

Finally, if we do something inappropriate with your information, you can make a complaint directly to us, or raise it with the relevant Data Protection Authority. You can find out more information on the ICO’s website – Make a complaint about how an organisation has used your personal information | ICO.

As well as having a purpose for needing and using your personal data, it has to be down within the limits of legislation. Under GDPR, this means Articles 6 and 9 tell us the specific lawful bases and the conditions behind using them. For example, to email an individual about savings and products, this would be under the purpose of marketing, deemed not strictly necessary and so we would need consent. This also fits along with other legislation around ePrivacy (PECR).

If we email an organisation or business, then this is deemed Business to Business communications (B2B) and consent is not needed. We would have a Legitimate Interest in sending the message.

Where we have a contract with you and we need to track tax paid and other business requirements, these may be considered as a Legal Obligation.

Where you have a contract with us, as part of service delivery or management, and we have important information about updates, sending these out is counted as sending Service Messages and is not covered under PECR. It would be considered as a Contractual Obligation.

Cookies

Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site.

We do not store any personal data in the cookies that we use, or store the information anonymously to assist us in the running of the site, or for monitoring the activity and traffic both to and through our website. To do this, we use Google Analytics cookies.

Depending on the browser you use, you should be able to control what cookies are placed on your device through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.aboutcookies.org or www.allaboutcookies.org.
To opt out of being tracked by Google Analytics across all websites visit http://tools.google.com/dlpage/gaoptout.

Partners

As part of our extensive relationship with partners, they may share personal data with us to enable a number of areas covered previously. We take all reasonable steps to ensure that the partner has the permissions and responsibilities to share with us, an independent Data Controller (i.e. a separate organisation using the data, as we have already stated). If you think we should not have your information, please follow any of the steps covered within ‘Your rights’.

Data processors

As the Data Controller, we work with a range of companies to provide services and to run our business. These are covered as Data Processors and we take all reasonable steps to ensure that any data they process on our behalf is done as we have instructed and not used for other purposes. Below are tables covering the data we collect relating to each Data Processor and the purpose for which the data is used. This list is dynamic and will change from time to time. We will update this notice and advise people to review it, should it be required. Unless there is a significant and specific change, we would not contact individuals, nor would we make specific announcements.

Infrastructure, commercial and financial

Analytics

Comms

Data sharing

[This is for any specific data sharing that we do (whether legally required or for specific reasons), e.g. HMRC, research, etc.]

Our online payment partner, paddle.com, also has a direct relationship with you when you use them. This is required to maintain the security and independence of them being the Merchant of Record. If you have any queries about the use of Paddle, please review Paddle’s terms when you are making purchases.

Where information is used for research and analysis purposes, all personal data is anonymised prior to sharing and is no longer considered personal data. Where research has been commissioned as part of larger case studies, reasonable efforts are made to ensure any personal data which has been anonymised cannot be combined with other data to subsequently identify individuals.