The websites www.solidatus.com and learn.solidatus.com (the “Sites”) are owned and operated by Threadneedle Software Holdings Limited t/a Solidatus (a limited liability company registered in England and Wales under number 07485799 with its registered office at: Threadneedle Software Limited, 2nd Floor, Regis House, 45 King William Street, London, EC4R 9AN) (“we”, “our”, and “us”).
We are registered with the Information Commissioner’s Office under registration number ZA347748.
If you have any questions about this policy or your personal data processed by us, or to exercise any of your rights as described in this policy or under data protection laws, you can contact us:
By post: Privacy Manager, Solidatus, 30 Stamford Street, London, SE1 9LQ
By email: firstname.lastname@example.org
Data protection principles
We adhere to the following principles when processing your personal data:
1. Lawfulness, fairness and transparency – data must be processed lawfully, fairly and in a transparent manner.
2. Purpose limitation – data must be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
3. Data minimisation – data must be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
4. Accuracy – data must be accurate and, where necessary, kept up to date.
5. Storage limitation – data must be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.
6. Integrity and confidentiality – data must be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage by using appropriate technical or organisational measures.
Personal data we collect
Personal data you give us
You may give us personal data about you via the Sites, by signing up to use our software applications, or by corresponding with us by phone, email or otherwise. This includes personal data you provide when you register to use the Sites, subscribe to our service, or otherwise.
The categories of personal data you provide may include your name, business name, address, email address and phone number, financial and bank account information or personal description.
Personal data we collect about you
With regard to each of your visits to the Sites or use of our services, we may automatically collect the following information:
- technical information, including the Internet Protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform; and
- information about your visit or usage, including the full Uniform Resource Locators (URL) clickstream to, through and from the Sites (including date and time); items you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone number used to call our customer service number.
Personal data we receive from other sources
We may receive information about you if you use any other websites that we operate or other services that we provide.
We are also working closely with third parties (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies) and may receive information about you from them.
Uses made of your personal data
We only use your personal data if we have a legal basis for doing so.
The purposes for which we use and process your personal data and the legal basis on which we carry out each type of processing are explained in the table below.
|Purposes for which we will process the personal data||Legal basis for the processing|
|To enter into and perform contracts with you.||It is necessary for us to process your personal data in this way in order to enter into a contract with you and to fulfil our contractual obligations to you.|
|To provide you with information and services that you request from us.||It is in our legitimate interests to respond to your queries and provide any information requested in order to generate and develop business. To ensure we offer a good and responsive service, we consider this use to be proportionate and will not be prejudicial or detrimental to you.|
|To enforce the terms and conditions of or of and any contracts entered into with you.||It is in our legitimate interests to enforce our terms and conditions and any contracts entered into with you. We consider this use to be necessary for our legitimate interests and proportionate.|
|To populate our database which we use for marketing purposes.|
It is in our legitimate interests to market our services. We endeavour to ensure that the contacts in our database are relevant and up-to-date. We consider this use to be proportionate and will not be prejudicial or detrimental to you.
You can opt-out of receiving direct marketing-related email communications or text messages by following the unsubscribe link.
|To send you publications, event information and marketing communications.|
It is in our legitimate interests to market our services. We consider this use to be proportionate and will not be prejudicial or detrimental to you.
For direct marketing sent by email to new contacts (that is, individuals who we have not previously engaged with), we need your consent to send you unsolicited direct marketing.
|To send you information regarding changes to our services, our policies, other terms and conditions, and other administrative information.||It is in our legitimate interests to ensure that any changes to our services, our policies, and other terms and conditions, and other administrative information are communicated to you. We consider this use to be necessary for our legitimate interests and will not be prejudicial or detrimental to you.|
|For all these categories, it is in our legitimate interests to continually monitor and improve our services and your experience of the Sites and to ensure network security. We consider this use to be necessary for our legitimate interests and will not be prejudicial or detrimental to you.|
|To measure or understand the effectiveness of any marketing we provide to you and others, and to deliver relevant marketing to you.||It is in our legitimate interests to continually improve our offering and to develop our business. We consider this use to be necessary in order to effectively generate business and will not be prejudicial or detrimental to you.|
If you do not wish to provide us with your personal data and processing such personal data is necessary for the performance of our contract with you, we may not be able to perform our obligations under the contract between us.
Where you provide consent, you can withdraw your consent at any time and free of charge, but without affecting the lawfulness of processing based on consent before its withdrawal. You can update your details or change your privacy preferences by contacting us using the contact details set out above.
Where we rely on legitimate interests as a lawful basis, we will carry out a balancing test to ensure that your interests, rights and freedoms do not override our legitimate interests. If you want further information on the balancing test we have carried out, you can request this from us using the contact details set out above.
We will only use your personal data for the purposes for which it was collected by us, unless we reasonably consider that we need to use it for another reason and that reason is compatible with such original purposes. If we need to use your personal data for an unrelated purpose, we will notify you in a timely manner and we will explain the legal basis which allows us to do so.
Disclosure of your personal data
We may share your personal data with any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.
We may share your personal data with selected third parties including:
- business partners, suppliers and sub-contractors as necessary to carry out the purposes for which the information was supplied or collected; and
- analytics and search engine providers that assist us in the improvement and optimisation of the Sites and services.
Our third party service providers are subject to security and confidentiality obligations and are only permitted to process your personal data for specified purposes and in accordance with our instructions.
In addition, we may disclose your personal data:
- in the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
- If all or substantially all of our assets are acquired by a third party, in which case personal data held by us about our customers will be one of the transferred assets.
- if we are under a duty to disclose or share your personal data in order to comply with any legal obligation,
- to establish, exercise, or defend our rights or the rights of our staff, customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
The personal data that we collect from you may be transferred to, and stored at, a location outside the European Economic Area (“EEA”), as follows:
- with our staff operating outside the EEA;
- with our business partners, suppliers and sub-contractors located outside the EEA;
- with our third party service providers, who assist with running of our Sites, and that are located outside the EEA.
This includes Singapore, US, Canada and China.
Where personal data is transferred to and stored outside the EEA, we take steps to provide appropriate safeguards to protect your personal data, including:
- transferring your personal data to a country, territory, sector or international organisation which the European Commission has determined ensures an adequate level of protection, as permitted under Article 45(1) GDPR;
- entering into standard contractual clauses approved by the European Commission, obliging recipients to protect your personal data as permitted under Article 46(2)(c) GDPR;
- under the EU-U.S. Privacy Shield Framework which enables U.S. business to self-certify as a means of complying with EU data protection laws.
The European Commission has decided that Canada (commercial organisations only) provides adequate levels of data protection. In the absence of an adequacy decision or of appropriate safeguards listed above, we will only transfer personal data to a third country where one of the following applies (as permitted under Article 49 of the GDPR)):
- the transfer is necessary for the performance of our contractual engagement with you;
- the transfer is necessary for the establishment, exercise or defence of legal claims; or
- you have provided explicit consent to the transfer.
If you want further information on the specific mechanism used by us when transferring your personal data out of the EEA, please contact us using the details set out above. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this policy.
Security of your personal data
All information you provide to us is stored on our secure servers. Where we have given you (or where you have chosen) a password which enables you to access certain parts of the Sites or services, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. We cannot guarantee the security of your data transmitted to the Sites or services; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
How long we keep your personal data
Your personal data will not be kept for longer than is necessary for the purposes for which it was collected and processed.
The criteria we use for retaining your personal data include the following:
- General queries and correspondence – when you make an enquiry or contact us by email or telephone, we will retain your personal data for as long as necessary to respond to your queries. After this period, we will not hold your personal data for longer than 12 months if we have not had any active subsequent contact with you.
- Direct marketing – where we hold your personal data on our database for direct marketing purposes, we will retain your data for no longer than 24 months if we have not had any active subsequent contact with you.
- Legal and regulatory requirements – we may need to retain personal data for up 12 years where necessary to comply with our legal obligations, resolve disputes or enforce our terms and conditions.
Access to and updating your personal data
You have the right to access personal data which we hold about you (“data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are processing it lawfully. Note, that we may refuse to comply with a data subject access request if the request is manifestly unfounded or excessive or repetitive in nature.
You also have the right to receive your personal data in a structured and commonly used format so that it can be transferred to another data controller (“data portability”). Note, that this right only applies where your personal information is processed by us with your consent or for the performance of a contract and when processing is carried out by automated means.
We want to make sure that your personal data is accurate and up to date. You may ask us to correct or remove personal data you think is inaccurate. Please keep us informed if your personal data changes during your relationship with us. We may refuse to comply with a request for rectification if the request is manifestly unfounded or excessive or repetitive.
Right to object
You have the right to object at any time to our processing of your personal data for direct marketing purposes.
Where we process your personal data based on our legitimate interests
You also have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on our legitimate interests. Where you object on this ground, we shall no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
Your other rights
You also have the following rights under data protection laws to request that we rectify your personal data which is inaccurate or incomplete.
In certain circumstances, you have the right to:
- request the erasure of your personal data erasure (“right to be forgotten”);
- restrict the processing of your personal data to processing in certain circumstances.
Please note that the above rights are not absolute and we may be entitled to refuse requests, wholly or partly, where exceptions under the applicable law apply. We may refuse a request for erasure, for example, where the processing is necessary to comply with a legal obligation or necessary for the establishment, exercise or defence of legal claims. We may refuse to comply with a request for restriction if the request is manifestly unfounded or excessive or repetitive in nature.
Exercising your rights
You can exercise any of your rights as described in this policy and under data protection laws by contacting us as provided in “Contacting us” above.
Save as described in this policy or provided under data protection laws, there is no charge for the exercise of your legal rights. However, if your requests are manifestly unfounded or excessive, in particular because of their repetitive character, we may either: (a) charge a reasonable fee taking into account the administrative costs of providing the information or taking the action requested; or (b) refuse to act on the request.
Where we have reasonable doubts concerning the identity of the person making the request, we may request additional information necessary to confirm your identity.
In order to improve the Sites, we may use small files commonly known as “cookies”. A cookie is a small amount of data which often includes a unique identifier that is sent to your computer or mobile phone (your “device”) from the Sites and is stored on your device’s browser or hard drive.
We use Mouseflow: a website analytics tool that provides session replay, heatmaps, funnels, form analytics, feedback campaigns, and similar features/functionality. Mouseflow may record your clicks, mouse movements, scrolling, form fills (keystrokes) in non-excluded fields, pages visited and content, time on site, browser, operating system, device type (desktop/tablet/phone), screen resolution, visitor type (first time/returning), referrer, anonymized IP address, location (city/country), language, and similar meta data. Mouseflow does not collect any information on pages where it is not installed, nor does it track or collect information outside your web browser. If you’d like to opt-out, you can do so at https://mouseflow.com/opt-out.
By using this Sites, you consent to the processing of data about you by Google in the manner and for the purposes set out above. However, you can opt out of Google Analytics without affecting how you visit the Sites. For more information on opting out of being tracked by Google Analytics across all websites you use, visit this Google page.
The Sites may, from time to time, contain links to and from the websites of our partners and other third parties. If you follow a link to any of these websites, please note that we do not accept any responsibility or liability for the processing of your personal data through these websites.
If you have concerns about our use of your personal data, please send an email with the details of your complaint to our Privacy Manager by email at email@example.com.
You have the right to make a complaint at any time with a supervisory authority, in particular in the EU (or EEA) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner’s Office (“ICO”) who can be contacted at https://ico.org.uk/ or telephone on 0303 123 1113.
Changes to our policy
Last updated: 28 OCTOBER 2022