This Privacy Notice covers the collection, use, other processing, and disclosure of personal information that may be collected by Touch Right Software Limited (hereinafter, “TouchRight”) any time you interact with TouchRight. Please take a moment to read this notice to learn more about our information practices, including what type of information is gathered, how the information is used and for what purposes, to whom we disclose the information, and how we safeguard your personal information.
TouchRight is committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified when using our software, it will be used in accordance with applicable law and this privacy notice.
TouchRight is registered with the Information Commissioner’s Office (ICO), with registration number ZA024416.
Touch Right Software may change this notice from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes. This notice is effective from December 2012 and it was last updated in April 2022.
What information we collect
We collect and store the following information as it relates to your use of Touch Right:
- Name and job title
- Contact information, including email address and phone number
- Demographic information, such as postcode
- Other information relevant to customer surveys and/or offers
In addition, so that we can collect information to allow us to assist users with any technical queries whilst using TouchRight, we use Crashlytics within the TouchRight app to provide actionable insights to allow us to pinpoint and fix technical app issues. The information collected does not contain any personally identifiable information. We also collect user information via the digital adoption platform Userpilot. This allows us to deliver the best customer experience by guiding customers through the TouchRight system and features and simplify user experience. These third party systems have robust security measures in place regarding data collection and security policies to prevent the unauthorised or accidental access to or destruction, loss, modification, use or disclosure of personal information.
Further, the Lone Worker feature in the TouchRight app depends on location services to be activated. TouchRight will request limited access to your location data, only when you are using the app. This data is stored in your TouchRight account for your use only. The Lone Worker feature is designed to be used alongside your existing lone worker policies and procedures, not to replace them. TouchRight will not be held liable for technology failures.
Where TouchRight Software receives any personal data (as defined under data protection law) from a Client, TouchRight shall ensure that it fully complies with the provisions of applicable law.
How we collect this information
We collect this information when you:
- set up your account
- use the TouchRight Service (for example, the Lone Worker feature requires limited access to location data)
- when you navigate our software
- when you communicate with us. For example, over the phone or via a contact form.
What we do with the information we gather
We require this information to understand your needs and provide you with a better service, and in particular for the following reasons:
- We process the information for customer day-to-day commercial requirements.
- Internal record keeping.
- We may use the information to improve our products and services.
- We may periodically send emails about new product features, updates or other information which we think you may find interesting using the email address which you have provided.
- From time to time, we may also use your information to contact you for market research purposes. We may contact you by email, phone, or mail. We may use the information to customise the website according to your interests.
Lawful Bases for Processing
For gathering and processing new customer/prospect data we rely on the lawful basis of consent.
For signed-up customer data we rely on the lawful bases of contractual necessity and legitimate interests.
- Where we rely on “contractual necessity”, this is where the processing of personal data is necessary for TouchRight’s performance of the contract with you. Our software requires you to actively submit information in order for you to benefit from specific features (such as starting a trial). You will be informed at each information collection point what information is required and what information is optional. Some of this information may be personal (information that can be uniquely identified with you, such as your full name, address, email address, phone number etc.). We only collect such information when you choose to supply it to us.
- TouchRight also processes data on a “legitimate interests” basis, where we use customer data in ways that customers would reasonably expect, that are non-intrusive and which have a minimal privacy impact. For example, to improve our services and to prevent abuse.
Where we send periodic emails about new product features, updates or other information, we rely on the lawful basis of consent. When a new account sets up in TouchRight, an email address is obtained to activate the account. By submitting your personal data, and ticking the consent box, you are consenting to receiving email communications from TouchRight regarding software and product updates. You can withdraw consent to these emails at any time.
Setting up an account
Setting up a paid account will allow you to continue using TouchRight Software after the initial trial period. The information you provide is collected to enable TouchRight Software to deliver those services and not for any other marketing purpose.
TouchRight takes your privacy very seriously. TouchRight does not sell or rent your contact information to other marketers without your permission. We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.
What are your rights?
You can contact us at any time if you have any questions about your rights regarding data protection or if you wish to exercise any of the following rights under the UK GDPR:
- Right to withdraw your consent in accordance with Art. 7 para. 3 UK GDPR (e.g. you can contact us if you wish to cancel a previously given consent to receive emails about new features, products or other information).
- Right to access your data in accordance with Art. 15 UK GDPR (e.g. you can contact us if you would like to know what data we have stored about you). See more detail under “Right of Access” below.
- Right to correct your data in accordance with Art. 16 UK GDPR (e.g. you can contact us if your details have changed, and we should make a correction).
- Right to have your data deleted in accordance with Art. 17 UK GDPR (e.g. you can contact us if you want us to delete certain data that we have stored about you and where there is no good reason for us to continue to process it). You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with applicable law. Please note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
- Right to limit data collection and processing in accordance with Art. 18 UK GDPR (e.g. you can contact us if you do not want us to delete your email address, but only to send absolutely necessary emails). This enables you to ask us to suspend the processing of your personal data in certain scenarios, including if you want us to establish the data’s accuracy or where our use of the data is unlawful but you do not want us to erase it.
- Right to data portability in accordance with Art. 20 UK GDPR (e.g. you can contact us to receive certain data in a zipped format, if you want to upload it to another website). See more detail under “Data Portability” below.
- Right to send complaints to the supervisory authority in accordance with Art. 77 para. 1 of UK GDPR (e.g. you can contact the data protection supervisory authority directly). See contact details of the at the end of this document.
Right of access
TouchRight has an established process to recognise and respond to individuals’ requests to access personal data. Requests for personal data should be made via email to firstname.lastname@example.org, clearly stating the individual’s full name, email address and account name, so the user and account can be clearly identified. The information will be provided electronically and free of charge within 10 working days.
TouchRight has processes to allow individuals or accounts to receive a copy of their data from the system in a safe and secure way, without hindrance to usability.
PDF reports created in TouchRight are freely available and accessible for customers and users to access at any time, for customers on all inclusive and monthly lite plans. These reports can be downloaded and stored as required.
Requests for account data stored in TouchRight should be made via email to email@example.com, clearly stating the individual’s full name, email address and account name, so the user and account can be clearly identified. The information will be provided electronically in a structured, commonly used and machine-readable format, free of charge within 30 working days.
Transfers and data storage
We always ensure that your information is only transferred in accordance with applicable law. In particular, this means that your information will only be transferred to a country that provides an adequate level of protection or the recipient is bound by standard contractual clauses or other appropriate safeguards.
As a software-as-a-service provider, we store our information in the cloud using Amazon Web Services (AWS) servers. AWS does not access any TouchRight data or content except as necessary to provide TouchRight with the AWS services we have selected. AWS does not access TouchRight content for any other purpose.
AWS data centres are built in clusters in various countries around the world. TouchRight Software has access to eleven AWS Regions around the globe, including two regions in the EU.
In order to safeguard against any interruption to the free flow of personal data from the EU / UK to third countries, TouchRight will be using Standard Contractual Clauses for the transfer. The Standard Contractual Clauses are a part of every AWS services agreement and are contained in the AWS Data Processing Addendum.
AWS does not know what content TouchRight has chosen to store on AWS and cannot distinguish between personal data and other content, so AWS treats all customer content the same. In this way, all TouchRight content benefits from the same robust AWS security measures, whether this content includes personal data or not. AWS simply makes available the compute, storage, database and networking services selected by TouchRight with best-in-class security measures applied to the cloud infrastructure provided by AWS.
TouchRight Software does not access customer data except as necessary to provide that customer with technical support and to help with any account issues, where access to the account is required to carry out that support. TouchRight implements appropriate technical and organisational measures to protect personal data from accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access.
When a TouchRight customer takes out a subscription to TouchRight, they are agreeing to supply and add information relating to their property portfolio including but not limited to: landlord name, property address, landlord email address, landlord telephone number, tenant name, tenant email address, tenant telephone number and property photographs. This information has a specified, explicit and legitimate purpose. TouchRight will not process this data for any other purpose and it will not be passed to any third parties. TouchRight customers are able to access this data at any time, and can delete specific information as required or delete their TouchRight account if required.
TouchRight customers must make sure they have the necessary robust data controller procedures in place, and inform their customers where and how their data is processed. Where TouchRight customer provides information about another person, TouchRight customer warrants that they have obtained all necessary consents.
Third party arrangements
As part of the service, we may need to share your personal information outside of TouchRight. There are limited circumstances in which we would do this and we will always have a compelling business reason to do so. TouchRight uses a number of third party software systems to store customer data to enable the provision of services to its customers. Those systems have the appropriate safeguards in place for the transfer.
Examples of when we will share your information include:
- when we have your permission to do so;
- with external software systems that support our day-to-day business including customer
- relationship management systems and accounting systems;
- when you ask us to share your information as part of the service or a connected product you are interested in so that we can tailor your experience;
- when we are under a duty to disclose or share your personal data in order to comply with any legal or regulatory obligation;
- sharing with suppliers, sub-contractors and advisors who support the operation of the service, provide information for an insight, or manage connected products.
We will always take steps to ensure that the safety and security of your information is maintained. We will implement and maintain measures over the transfer of personal information and mandate that our partners and third parties do the same. No ownership rights to the data will be transferred to any third party, unless otherwise notified.
Additionally, you may grant third party access to your personal/company data by enabling the TouchRight API or integration for that third party. At all times, this access is controlled by you. TouchRight is not responsible for the privacy practices employed by any third party given access by you to your personal/company data used by the TouchRight API. Use of the TouchRight API is governed by the TouchRight API Terms.
Customer data retention and deletion
If a TouchRight customer decides to end their subscription to TouchRight, the account will be disabled after a 60-day notice period. Users in that account will no longer be able to gain access to the account and reports beyond this point. In case a customer decides to reactivate their account and wants to access their account history, TouchRight will store the account data (reports, photographs, property addresses, landlord and tenant details) securely for a period of 12 months and then delete the data permanently from our servers. Alternatively, reports and photos can be retained for view access only with the Hibernate Plan. Please contact TouchRight for more information.
If a customer decides to delete data in their TouchRight account, the deletion policy will be as follows:
- Deleted landlord/tenant details – name/email/address/phone number – stored for 12 months, then fully deleted.
- Deleted trial accounts – stored for 12 months, then fully deleted (including related photographs).
- Deleted users – stored for 12 months, then fully deleted.
- Deleted properties – stored for 24 months, then fully deleted.
- Deleted reports – stored for 24 months, then fully deleted (including related photographs).
TouchRight has effective processes to identify, report, manage and resolve any personal data breaches.
TouchRight controls its own AWS access keys and determines who is authorized to access their AWS account. AWS does not have visibility of access keys, or who is and who is not authorized to log into an account. TouchRight monitors and controls use, misuse, distribution or loss of access keys.
In the event that a data breach does occur and is likely to result in adversely affecting individuals’ rights and freedoms, we will inform any affected customers immediately and notify the ICO of a breach within 72 hours of becoming aware of it. We will also keep a record of any personal data breaches, regardless of whether we are required to notify.
TouchRight ‘Account Owner’ users are responsible for updating the users in their TouchRight account, and can edit, disable, delete and add users as required. Account Owners should be mindful of updating user access to their TouchRight account should employees leave, so they can no longer gain access.
TouchRight uses a number of third-party subcontractors to assist with the provision of its service. Our subcontractors do have access to customers’ content, but only where it is required to assist with technical and support issues. TouchRight only uses subcontractors that we trust and we use appropriate contractual safeguards which we monitor to ensure the required standards are maintained.
When we provide services, we want to make them easy, useful and reliable. Where services are delivered on the internet, this sometimes involves placing small amounts of information on your device, for example, computer or mobile phone. These include small files known as cookies. They cannot be used to identify you personally.
These pieces of information are used to improve services for you through, for example:
- Enabling a service to recognise your device so you don’t have to give the same information several times during one task
- Recognising that you may already have given a username and password so you don’t need to do it for every web page requested
- Measuring how many people are using services, so they can be made easier to use and there’s enough capacity to ensure they are fast
- We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.
Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website. You can manage these small files yourself and learn more about them through Internet browser cookies – what they are and how to manage them.
Links to other websites
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy notice. You should exercise caution and look at the privacy notice applicable to the website in question.
Connect with us
Registered office address: Third Floor Yarnwicke, 119-121 Cannon Street, London, England, EC4N 5AT
Company registration number: 8019321
Place of registration: England and Wales
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK regulator for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
Copyright © TouchRight Software Ltd.