Ipswich Software Limited Security & Privacy Policy
Last Updated: August 01, 2023
1 – Definitions
- Ipswich Software Limited (“Company”)
- A company who has subscribed for use of the Showbiz software (“Client”)
2 - Identity & access
The privacy of Client data is very important to Ipswich Software Limited. The Company will only ever access the Client’s data to help with a problem, investigate or remedy a software or data defect. We will never open any uploaded files unless the Client ask us to.
When a Client subscribes to use Showbiz, the Company ask for the name, and email address of each person who will use Showbiz and this information is required to personalise the end-user experience whilst using the application, provide context whilst using the applications’ contact management features and audit critical actions within the Showbiz software itself. The Company will never sell your personal information to third parties, and we won’t use your name or company in marketing statements without your permission.
When you write to the Company with a question or to ask for help, we’ll keep that correspondence, and the email address, for future reference. When you browse our marketing pages, we’ll track that for statistical purposes (like conversion rates and to test new designs). We also store any information you volunteer, like surveys, for as long as it makes sense, but not exceeding the data retention as stated in paragraph 7 - Deleted data.
The only times the Company ever share Clients’ information are;
- To provide products or services that the Client has requested, with the Clients’ permission.
- To investigate, prevent, or act regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of our Terms of Service, or as otherwise required by law.
If the Company is acquired by or merged with another company, we’ll notify the Client well before any info about the Client is transferred and becomes subject to a different privacy policy.
3 – Sensitive and Personally Identifiable Data
The Company does not store or process credit card details within the Showbiz application itself. All credit card processing is out-sourced to a PCI/DSS compliant payment gateway provider and all payment details pass directly between your browser software and the payment gateway via a secure SSL encrypted session.
Bank account details are stored in the Showbiz database, but access is restricted by the application to authorised users only and protected at the database layer for access only by authorised employees of the Company.
All data used by the Company for proof-of-concept, demonstration or testing purposes will contain no personally identifiable data and sensitive data such as bank account data will be anonymised.
4 - Security & Encryption
All data is encrypted via SSL/TLS when transmitted between our servers and your browser application. Database backups are also encrypted. Data isn’t encrypted in production database, but we go to great lengths to secure your data whilst at-rest. This includes the use of perimeter network detection and prevention tools, vulnerability scanning, segregation of duties, privileged access management, anti-virus and malware protection and a strict change and release management process.
5 – Individual’s Rights with Respect to their Information
The General Data Protection Regulation (“GDPR”) gives people under its protection certain rights with respect to their personal information collected by the Company. Accordingly, the Company recognizes and will comply with GDPR and those rights, except as limited by applicable law. The rights under GDPR include:
- Right of Access. This includes an individual’s right to access the personal information we gather about them, and their right to obtain information about the sharing, storage, security and processing of that information.
- Right to Correction. This is an individual’s right to request correction of personal information.
- Right to Erasure. This is an individual’s right to request, subject to certain limitations under applicable law, that your personal information be erased from our possession (also known as the “Right to be forgotten”). However, if applicable law requires us to comply with your request to delete your information, fulfilment of your request may prevent you from using Showbiz services and may result in closing your account.
- Right to Complain. This is an individual’s right to make a complaint regarding the Company’s handling of their personal information with the appropriate supervisory authority.
- Right to Restrict Processing. This is an individual’s right to request restriction of how and why their personal information is used or processed.
- Right to Object. This is an individual’s right to, in certain situations, object to how or why their personal information is processed.
- Right to Portabillity. This is an individual’s right to receive the personal information the Company has about them and the right to transmit it to another party.
- Right to not be subject to Automated Decision-Making. This is an individual’s right to object and prevent any decision that could have a legal, or similarly significant, effect on them from being made solely based on automated processes. This right is limited, however, if the decision is necessary for performance of any contract between them and the Company, is allowed by applicable European law, or is based on their explicit consent.
For questions about exercising these rights or any assistance required, please contact the Company at [email protected] and you will receive a response within 30 days.
6 - Processors we use
For GDPR purposes, the Company is considered a Data Processor and the Client is considered the Data Controller. As part of the services provided by the Company, and only to the extent necessary, certain third-party processors may be contracted to process some or all personal information. All Processors are vetted for GDPR compliance and a full list can be requested by sending an email to [email protected] and you will receive a response within 30 days.
7 - Deleted data
When you cancel your account, we’ll ensure that nothing is stored on our servers beyond 30 days. Anything you delete in the Showbiz application will have an immediate effect on the operation of the software but may be retained in the security backups for the contracted retention period.
8 - Law enforcement
The Company will not hand your data over to law enforcement unless a court order says we are required to do so, and unless we’re legally prevented from it, we’ll always inform you when such requests are made.
9 – Disclosures
Ipswich Software Limited will disclose any security or data breach relating to the Client’s data to the Client’s Data Controller within 10 working-days of the security incident or breach being discovered. The disclosure will be limited to the Client’s Data Controller unless agreed otherwise between the Client and Ipswich Software Limited, or if there is a legal requirement to make such disclosure more widely known.
10 - Location of Site and Data
Showbiz is hosted in the United Kingdom and all Client data, electronic or otherwise, is stored only within the European Union and European Economic Area. Production and backup data is segregated at all times from Showbiz data used by other Clients.