More4Apps (we, us, our) complies with applicable privacy and data protection laws when dealing with personally identifiable information (PII). PII is information about an identifiable individual (a natural person).
This policy sets out how More4Apps will collect, use, disclose and PII that you provide to us when you access and use this website or otherwise deal with us.
2.0 Changes to this policy
We may change this policy by uploading a revised policy onto our website. The change will apply from the date that we upload the revised policy.
This policy was last updated on 28 May 2018.
3.0 Who do we collect your PII from?
We collect your PII from:
- you, when you provide that information to us via our website, when you raise a support request via our helpdesk, when you attend a conference or are scanned at our conference booth, when you use or buy our products and services or through any other contact with us (e.g. telephone call, email, face to face meeting or give us your business card)
- third parties, where you have authorised this or where the information is publicly available
If possible, we will collect PII from you directly.
4.0 What PII do we collect?
We may collect the following types of PII from you:
4.1 PII that you provide directly to us, including when you:
- download our products, your name, phone number and email address
- request product support via our website or helpdesk, your name, phone number and email address, and any other information that you provide to us
- make a general enquiry via our website, your name, email address, phone number, and any other contact information that you provide to us
- ask to receive information about us, subscribe to our mailing list or newsletter, your name, email address and any other information that you provide to us
- attend a conference or are scanned at our conference booth, your name, email address, phone number, and any other information that you provide to us
- through any other contact with us e.g. telephone call, email, face to face meeting or give us your business card, any information that you provide to us
- participate in our customer surveys, any information contained in your survey responses
- any other information required to provide our services
4.3 If you receive emails from us such as our newsletter, we collect information about your interaction with such emails, including read rates, link clicks and the when you opened the emails
4.4 PII collected from third parties where you have authorised this or the PII is publicly available, such as through LinkedIn
5.0 How we use your PII
We use your PII provided directly by you:
- to provide our website and our products and services to you, including to provide technical support or information in relation to our products and services
- to verify your identity
- to send you marketing information via text or email about our company, products and services. You can stop receiving our marketing communications by following the unsubscribe instructions included in those communications
- to contact you via phone or email to follow up any interest you have expressed in our products or services when attending a conference or if you have been scanned at our conference booth
- to improve our website and products and services that we provide to you
- to respond to communications from you, including requests for product support or product downloads
We use information generated by your use of our website, products or services:
- to monitor the performance of our website, products or services and ensure that these perform in the best manner possible
- for security and system integrity purposes
If you receive emails from us such as our newsletter, we collect information about your interaction with such emails, including read rates, link clicks and the when you opened the emails to analyse your engagement with our emails.
We may also use your PII:
- to protect and/or enforce our legal rights and interests, including defending any claim
- for any other purpose authorised by you or applicable law
- to respond to lawful requests by public authorities, including to meet law enforcement requirements
- to transfer your information in the case of a sale, merger, consolidation, liquidation, reorganisation or acquisition.
We do not use your PII to make any automated decisions or to profile you.
6.0 Disclosing your PII
We may disclose your PII to:
- another company within our group
- any business that supports our business, including any person that hosts or maintains any underlying IT system or data centre that we use for our website or to run our business. The third parties that support our website or our business include:
- Google Analytics – a web analytics service provider that tracks and reports website traffic
- Salesforce – a cloud based customer relationship management system
- Pardot – a cloud based customer relationship management system
- RimuHosting – a cloud data storage provider
- BriteVerify – an email address verification service
- our professional advisers e.g. accountants, lawyers, auditors, website developers, consultants
- any other person authorised by you
- any other company in the case of a sale, merger, consolidation, liquidation, reorganisation or acquisition.
We may disclose research and statistical analysis on an anonymised basis derived from your PII to third parties.
We may also disclose PII we hold about you if we believe that such disclosure is necessary to:
- comply with legal requirements or process
- protect our rights or property
7.0 Transfers of PII
A business that supports our website or our products and services may be located outside the European Economic Area (EEA). This may mean your PII is held and processed outside the EEA. Please see the GDPR Addendum for further information about personal data transfers from the EEA.
8.0 Protecting your PII
We will take reasonable steps to keep your PII safe from loss, unauthorised activity, or other misuse. We implement appropriate technical and organisational measures to ensure a level of security appropriate to risks inherent in processing PII. More4Apps ICT devices, storage and channels and subject to continuous monitoring, logging analysis and audits. We regularly review and update our security systems to maintain the integrity of our security posture.
You can play an important role in keeping your PII secure by maintaining the confidentiality of any password used in relation to our products and services. Please do not disclose your password to third parties. Please notify us immediately if there is any unauthorised use of your account or any other breach of security.
9.0 Accessing and correcting your PII
Subject to certain grounds for refusal set out in applicable law, you may have the right to access your readily retrievable PII that we hold and to request a correction to your PII. Before you exercise this right, we will need evidence to confirm that you are the individual to whom the PII relates.
In respect of a request for correction, if we think the correction is reasonable and we are reasonably able to change the PII, we will make the correction. If we do not make the correction, we will take reasonable steps to note on the PII that you requested the correction.
If you want to exercise either of the above rights, email our Privacy Officer at email@example.com. Your email should provide evidence of who you are and set out the details of your request e.g. the PII or the correction, that you are requesting.
10.0 Internet use
While we take reasonable steps to maintain secure internet connections, if you provide us with PII over the internet, the provision of that information is at your own risk.
11.0 Contact us
For the purposes of the GDPR we are the data controller (as defined in the GDPR) when processing personal data collected by us when you use our website or our services.
This GDPR Addendum was drafted with brevity and clarity in mind. It does not provide exhaustive detail of all aspects of our collection and use of personal data. However, we are happy to provide any additional information or explanation needed. Any requests for further information should be emailed to our Privacy Officer at firstname.lastname@example.org.
2.0 Processing personal data
The legal basis for our processing of information you provide directly to us or that is automatically collected when you use our website or our services is your consent, or that this information is necessary for the processing of a contract that we have with you, or that the processing is necessary for the purposes of our legitimate interests (except where such interests would be overridden by your fundamental rights and freedoms which require the protection of personal data).
Despite the above, we may process any of your personal data where such processing is necessary for compliance with applicable laws.
3.0 Your rights
Your rights in relation to your personal data under the GDPR include:
- right of access – if you ask us, we will confirm whether we are processing your personal data and provide you with a copy of that personal data.
- right to rectification – if the personal data we hold about you is inaccurate or incomplete, you have the right to have it rectified or completed. We will take every reasonable step to ensure personal data which is inaccurate is rectified. If we have shared your personal data with any third parties, we will tell them about the rectification where possible.
- right to erasure – we delete your personal data when it is no longer needed for the purposes for which you provided it. You may request that we delete your personal data and we will do so if deletion does not contravene any applicable laws. If we have shared your personal data with any third parties, we will take reasonable steps to inform those third parties to delete such personal data.
- right to withdraw consent – if the basis of our processing of your personal data is consent, you can withdraw that consent at any time.
- right to restrict processing – you may request that we restrict or block the processing of your personal data in certain circumstances. If we have shared your personal data with third parties, we will tell them about this request where possible.
- right to object to processing – you may request that we stop processing your personal data at any time and we will do so to the extent required by the GDPR.
- right to data portability – you may obtain your personal data from us that you have consented to give us or that is necessary to perform a contract with you. We will provide this personal data in a commonly used, machine-readable and interoperable format to enable data portability to another data controller. Where technically feasible, and at your request, we will transmit your personal data directly to another data controller.
- the right to complain to a supervisory authority – you can report any concerns you have about our privacy practices to the relevant data protection supervisory authority e.g. in the United Kingdom, this is the Information Commissioner’s Office.
Where personal data is processed for the purposes of direct marketing, you have the right to object to such processing, including profiling related to direct marketing.
If you would like to exercise any of your above rights, please email our Privacy Officer at email@example.com. If you are not satisfied by the way your query is dealt with by our privacy officer, you may refer your query to your local data protection supervisory authority.
We do not intend to collect personal data from children aged under 16. If you have reason to believe that a child under the age of 16 has provided personal data to us through our website and/or by using our services, please email our Privacy Officer at firstname.lastname@example.org.
5.0 International transfers of data
The personal data we collect through this website or our other dealings with you may be transferred to, and stored in, a country operating outside the European Economic Area (EEA). Under the GDPR, the transfer of personal data to a country outside the EEA may take place where the European Commission has decided that the country ensures an adequate level of protection. In the absence of an adequacy decision, we may transfer personal data provided appropriate safeguards are in place.
We may transfer EU individual’s personal data from the EU to More4Apps’ entities in New Zealand, Australia or the USA.
The More4Apps group consists of the following companies:
- More4Apps NZ Limited
- More4Apps UK Limited
- More4Apps INC
New Zealand is recognised by the European Commission as a country that ensures an adequate level of data protection and we rely on this decision when transferring personal data from the UK to New Zealand.
More4Apps INC have entered into Standard Contractual Clauses as published by the European Commission. The Standard Contractual Clauses provide specific guarantees around transfers of personal data.
Third party processors
The personal data we collect may also be processed by the third parties set out below.
For personal data processed in the United Sates, the European Commission has determined that the United States ensures an adequate level of protection for personal data transferred from the EU to organisations in the United States under the EU-U.S. Privacy Shield. We have verified that our United States-based data processors have self-certified under the EU-US Privacy Shield framework.
For data held outside the EU or the United States, we have entered into Standard Contractual Clauses as published by the European Commission with our third party processors. The Standard Contractual Clauses provide specific guarantees around transfers of personal data and we rely on the Standard Contractual Clauses in transferring personal data to these third party processors.
List of third party processors as at 25 May 2018:
|Third party processor||Purpose||Location of processor||Policy pages|
|Pardot||Customer relationship management||USA||https://www.salesforce.com/company/privacy/|
|Salesforce||Customer relationship management||USA||https://www.salesforce.com/company/privacy/|
6.0 Data retention policy
The personal data that we collect and process will not be kept longer than necessary for the purposes for which it is collected, or for the duration required for compliance with applicable law, whichever is longer. We securely destroy personal data at the end of any data retention period.
7.0 Contact us
The name and contact details for our European GDPR representative is as follows:
Name: Steve West, More4Apps UK Limited
Address: 3000 Cathedral Hill, Guildford, Surrey, GU27YB
Phone: +44 (0) 1483 243508