This policy may change from time to time so please check this page occasionally to ensure that you’re happy with any changes.
This policy was last updated on 08/12/2021. Please see Changes to this policy.
Who we are
Twenty7Tec Group Ltd (company number 08660235), whose registered office is at Suite A, 7th Floor Avalon, Oxford Road, Bournemouth, Dorset BH8 8EZ, is the data controller in relation to the processing activities described below. This means that Twenty7Tec decide why and how your personal data is processed.
Personal data we collect about you
The categories of personal data that we may collect about you are as follows:
Personal data you give to us:
This includes personal data provided at the time of contacting us or making an enquiry to us via our website or helpdesk, subscribing to the services we provide through our site (including free trials, webinars, job alerts and any promotional offers), posting material or requesting further services, and engaging in correspondence with us by phone, email or otherwise.
We may also ask you for information when you report a problem with our site. If you complete any surveys that we request you to complete for research purposes, we will collect information in such circumstances as well.
The categories of personal data that may be collected voluntarily includes, but is not limited to, your title, name, email address, address, contact telephone numbers, details about your job role, details of your company/employer, financial/billing information, legal information relating to claims made by you or against you, responses to any surveys, your marketing preferences, and information contained in our correspondence or other communications with you about our business.
Personal data we collect about you:
We may automatically collect details of transactions you carry out through the website, and your visits to our website, including, but not limited to, traffic data, location data, weblogs and other communication data, and the resources you access. We may also automatically collect technical information, including anonymous data collected by the hosting server for statistical purposes, the Internet protocol (IP) address used to connect your computer or device to the Internet, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform. Please see Cookies for further information. We may also collect any personal data which you allow to be shared that is part of your public profile or third party social network, type and version, time zone setting, browser plug-in types and versions, operating system and platform.
Personal data we may receive from other sources:
We may obtain certain personal data about you from sources outside of our business which may include our partners and other third-party companies. For example, we may collect personal data about you from a partner referral where you have expressed an interest in our services. The personal data received may include your name, email address, address, telephone number, and job role.
How we use your personal data
The purposes for which we use your personal data and the legal basis under data protection laws on which we rely to do this are explained below.
Performance of the contract with you or to take steps to enter into it.
We may use and process your personal data where we have supplied you (or continue to supply you) with any Twenty7tec services, where we have arranged for the supply of another company’s products or services to you, or where you are in discussions with us about any new product or service. We will use this information in connection with the contract for the supply of goods or services when it is needed to carry out that contract or for you to enter into it. Please see Personal data we collect about you above for details of the types of personal data we process for these purposes.
Legitimate interests as a business or that of a third party for the following purposes:
- for marketing activities and to inform you about relevant news, events, products, updates and announcements you may be interested in (other than where we rely on your consent to contact you by email or text as explained in the Marketing section below);
- for analysis to inform our business and/or marketing strategy, to help us understand how our website is used and by whom, and to assist, enhance and personalise your customer experience (including to improve the recommendations we make to you on our website);
- to correspond or communicate with you, including about our services and any changes or improvements to our website, products or services;
- to carry out database and website administration;
- for business administration and management purposes, including to manage and deliver internal projects and for business improvement;
- to verify the accuracy of data that we hold about you and create a better understanding of you as a customer;
- to monitor, assess and improve our services and to provide staff training within the business, including through recordings of any calls with our helpdesk;
- for network and information security in order for us to take steps to protect your information against loss or damage, theft or unauthorised access;
- for prevention of fraud and other criminal activities;
- to comply with a request from you in connection with the exercise of your rights;
- for the management of queries, complaints, or claims; and
- for the establishment and defence of our legal rights.
We will ask for your consent to send you direct marketing communications (other than where we rely on legitimate interests for certain marketing activities). Please see Marketing below for more information, including how to withdraw your consent
Compliance with a legal obligation
We will use your personal data to comply with our legal obligations: (i) to assist any public authority or criminal investigation body; (ii) to identify you when you contact us; and/or (iii) to verify the accuracy of data we hold about you.
Others who may receive or have access to your personal data
Our suppliers and service providers
We may disclose your personal data to our third party service providers, agents, subcontractors and other organisations for the purposes of providing services to us or directly to you on our behalf. Such third parties may include cloud service providers (such as hosting and email management), IT software or maintenance providers, data backup providers, advertising and marketing agencies, financial services providers, IT developers, data analysis providers, security services providers, and administrative services.
When we use third party service providers, we only disclose to them any personal data that is necessary for them to provide their service and we have a contract in place that requires them to keep your personal data secure and not to use it other than in accordance with our specific instructions.
Others involved in our services
We may disclose your personal data to the lenders, banks and building societies that we work with in order to manage the mortgage sourcing and application services that we provide. We only disclose to them any personal data that is necessary for them to provide their aspect of the service.
We may also share anonymised or aggregated activity data with financial services providers that we work with for product performance analysis and review.
Customer satisfaction surveys
As customer satisfaction is important to us, we may ask a third party research company to contact you for the sole purpose of gathering general information and specific information relating to us and our systems and services.
Credit/debit card payment processors
Where you elect to pay an invoice by way of bank transfer, your credit/debit card payment is processed by a third party payment processor, who specialises in the secure online capture and processing of credit/debit card transactions. If you have any questions regarding secure transactions, please contact us using the details at the end of this policy.
Other ways we may share your personal data
We may transfer your personal data to a third party as part of a sale of some or all of our business and assets to any third party or as part of any business restructuring or reorganisation. We may also transfer your personal data if we’re under a duty to disclose or share it in order to comply with any legal obligation, to detect or report a crime, to enforce or apply the terms of our contracts or to protect the rights, property or safety of our visitors and customers. We will always take steps with the aim of ensuring that your privacy rights continue to be protected.
All personal data you provide to us is stored on our secure servers which are located within the UK.
There may be instances where the personal data you provide to us may be transferred to countries outside the UK and the EEA and these countries may not have similar data protection laws to the UK. For example, this may happen if our third party service providers are from time to time located in a country outside of the UK and the EEA. We also have personnel located in Canada that provide development and technical support in relation to our systems who may have access to your personal data.
If we transfer your personal data to a ‘third country’ outside of the UK or the EEA, we will take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected. These steps include imposing contractual obligations on the recipient of your personal data or ensuring that the recipients are subscribed to ‘international frameworks’ that aim to ensure adequate protection. In Canada, all personal data will be subject to Canada’s PIPEDA and therefore we rely on the adequacy decision for Canada from the UK and the European Commission.
Please contact us using the details at the end of this policy for more information about the protections that we put in place and to obtain a copy of the relevant documents.
If you use our services whilst you are outside the UK or the EEA, your personal data may be transferred outside the UK or the EEA in order to provide you with those services.
How long we keep your personal data for
If we collect your personal data, the length of time we retain it is determined by a number of factors including the purpose for which we use that personal data and our obligations under other laws. We will not keep your personal data for longer than is necessary for the purposes for which we collect it unless we believe that the law or other regulation requires us to preserve it.
- if you have made an enquiry or contacted us via our website, we will store your personal data for as long as is reasonably required to deal with your enquiry;
- if you become a customer of Twenty7Tec, we will retain your personal data for as long as you are an active customer and your account with us is active;
- if you cease to be a customer of Twenty7Tec, we will retain your personal data in case of any queries from you or in case you decide to re-activate your account for a period of 7 years from the date that the account is deactivated;
- if you have signed up to receive marketing from us, we will store your personal data for as long as you are subscribed to our marketing list. If you unsubscribe, we will keep your email address on our suppression list to ensure that we do not send you marketing emails;
- if you have contacted us with a complaint or query, we will store your personal data for as long as is reasonably required to resolve your complaint or query; and
- we retain technical information obtained via Google Analytics for 26 months from the date it is collected. This information is converted into aggregated data to ensure that it is anonymised.
The only exceptions to the above are where:
- we may need your personal data to establish, bring or defend legal claims or to comply with a legal or regulatory requirement;
- the law requires us to hold your personal data for a longer period, or delete it sooner;
- you exercise your right to have the personal data erased (where it applies) and we do not need to hold it in connection with any of the reasons permitted or required under the law (see further Erasing your personal data or restricting its processing below); or
- in limited cases, the law permits us to keep your personal data indefinitely provided we put certain protections in place.
When it is no longer necessary to retain your data, we will delete the personal data that we hold about you from our systems. After that time, we may aggregate the data (from which you cannot be identified) and retain it for analytical purposes.
Security and links to other sites
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your personal data transmitted to our website and any transmission is at your own risk. Once we have received your personal data, we put in place reasonable and appropriate controls to ensure that it remains secure against accidental or unlawful destruction, loss, alteration, or unauthorised access.
Where we have given (or where you have chosen) a password which enables you to access an account, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
Our website may contain links to other websites run by other organisations. This policy does not apply to those other websites‚ so we encourage you to read their privacy statements. We cannot be responsible for the privacy policies and practices of other websites even if you access them using links that we provide. In addition, if you linked to our website from a third party website, we cannot be responsible for the privacy policies and practices of the owners and operators of that third party website and recommend that you check the policy of that third party website.
We may use your personal data to contact you with marketing information about our systems and services by email, SMS or telephone if you are a Twenty7Tec customer, and indicate that you would like to receive such marketing from us (including within Cloud Twenty7 platform).
We may also contact you with marketing information by email if you are not currently a Twenty7Tec customer, except where you indicate you would prefer otherwise. However, where you deal with us in your capacity as an individual (rather than through your company or organisation), we will only contact you by email with direct marketing material if:
- you make an enquiry or engage with us in respect of our services, unless and until you indicate you would prefer not to hear from us; or
- you have consented to receive such marketing information directly from us.
You have the right to opt-out of our use of your personal data to provide marketing to you in any of the ways mentioned above. Please see Withdrawing your Consent and Objecting to our use of your personal data and automated decisions made about you above for further details on how you can do this.
Data Anonymisation and use of Aggregated Information
You have a number of rights in relation to your personal data under data protection law. In relation to certain rights, we may ask you for information to confirm your identity and, where applicable, to help us to search for your personal data. Except in rare cases, we will respond to you within one month from either (i) the date that we have confirmed your identity or (ii) where we do not need to do this because we already have this information, from the date we received your request.
- Accessing your personal data. You have the right to ask for a copy of the personal data that we hold about you by emailing or writing to us at the address at the end of this policy. We may not provide you with a copy of your personal data if this concerns other individuals or we have another lawful reason to withhold that personal data.
- Correcting and updating your personal data. The accuracy of your personal data is important to us. If you change your name or address/email address, or you discover that any of the other personal data we hold is inaccurate or out of date, please let us know by contacting us using the details at the end of this policy.
- Withdrawing your consent. Where we rely on your consent as the legal basis for processing your personal data, you may withdraw your consent at any time by contacting us using the details at the end of this policy. If you would like to withdraw your consent to receiving any direct marketing to which you previously opted-in, you can do so using our unsubscribe tool. If you withdraw your consent, our use of your personal data before you withdraw is still lawful.
- Objecting to our use of your personal data and automated decisions made about you. Where we rely on your legitimate business interests as the legal basis for processing your personal data for any purpose(s), you may object to us using your personal data for these purposes by emailing or writing to us at the address at the end of this policy. Except for the purposes for which we are sure we can continue to process your personal data, we will temporarily stop processing your personal data in line with your objection until we have investigated the matter. If we agree that your objection is justified in accordance with your rights under data protection laws, we will permanently stop using your data for those purposes. Otherwise we will provide you with our justification as to why we need to continue using your data.
- You may object to us using your personal data for direct marketing purposes and we will automatically comply with your request. If you would like to do so, please use our unsubscribe tool. You may also contest a decision made about you based on automated processing by contacting us using the details at the end of this policy.
- Erasing your personal data or restricting its processing. In certain circumstances, you may ask for your personal data to be removed from our systems by emailing or writing to us at the address at the end of this policy. Unless there is a reason that the law allows us to use your personal data for longer, we will make reasonable efforts to comply with your request. You may also ask us to restrict processing your personal data where you believe it is unlawful for us to do so, you have objected to its use and our investigation is pending or you require us to keep it in connection with legal proceedings. In these situations, we may only process your personal data whilst its processing is restricted if we have your consent or are legally permitted to do so, for example for storage purposes, to protect the rights of another individual or company or in connection with legal proceedings.
- Transferring your personal data in a structured data file (“data portability”). Where we rely on your consent as the legal basis for processing your personal data or need to process it in connection with your contract, as set out under How we use your personal data, you may ask us to provide you with a copy of that personal data in a structured data file. We will provide this to you electronically in a structured, commonly used and machine readable form, such as a CSV file. You can ask us to send your personal data directly to another service provider, and we will do so if this is technically possible. We may not provide you with a copy of your personal data if this concerns other individuals or we have another lawful reason to withhold that personal data.
- Complaining to the relevant data protection regulator. You have the right to complain to the relevant data protection regulatory, which in the United Kingdom is the Information Commissioner’s Office (“ICO”), if you are concerned about the way we have processed your personal data. Please visit www.ico.org.uk for further details.
We may review this policy from time to time and any changes will be notified to you by posting an updated version on our website and/or by contacting you by email. Any changes will take effect 7 days after the date of our email or the date on which we post the modified terms on our website, whichever is the earlier. We recommend you regularly check for changes and review this policy whenever you visit our website. If you do not agree with any aspect of the updated policy, you must immediately notify us and cease using our services.
Please direct any queries about this policy or about the way we process your personal data to our Data Protection Champion using our contact details below.
By post: Twenty7Tec, Suite A, 7th Floor, Avalon, Oxford Road, Bournemouth, Dorset, BH8 8EZ.
By email: firstname.lastname@example.org.
By phone: 01202 553457.