TouchRight Software may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes. This policy is effective from December 2012 and was last updated in May 2018.
The lawful basis under which TouchRight Software operates for processing data is one of “contractual necessity”, whereby processing personal data is necessary in order that you can enter into a contract with TouchRight Software. Our software requires you to actively submit information in order for you to benefit from specific features (such as starting a trial). You will be informed at each information collection point what information is required and what information is optional. Some of this information may be personal (information that can be uniquely identified with you, such as your full name, address, email address, phone number etc.). We only collect such information when you choose to supply it to us.
So that we can collect information to allow us to assist users with any technical queries whilst using the TouchRight, we use Crashlytics within the TouchRight app to provide actionable insights to allow us pinpoint and fix technical app issues. The information collected does not contain any personally identifiable information.
We will also collect and store the following information as it relates to your use of TouchRight:
- Name and job title
- Contact information, including email address
- Demographic information, such as postcode
- Other information relevant to customer surveys and/or offers
Where TouchRight Software receives any personal data (as defined by the General Data Protection Regulation) (“the Act”)) from a Client, TouchRight shall ensure that it fully complies with the provisions of the Act and only deals with the data to fulfil its obligations under the contract.
What we do with the information we gather
We require this information to understand your needs and provide you with a better service, and in particular for the following reasons:
- We process the information for customer day-to-day commercial requirements.
- Internal record keeping.
- We may use the information to improve our products and services.
- We may periodically send emails about new product features, updates or other information which we think you may find interesting using the email address which you have provided.
- From time to time, we may also use your information to contact you for market research purposes. We may contact you by email, phone, or mail. We may use the information to customise the website according to your interests.
We also store your information (NOT landlord or tenant records) on a Customer Relationship Management (CRM) database, which may be held outside of the EEA (European Economic Area). The CRM system we use is a certified member of The EU-US Privacy Shield Framework. This framework provides EU and US companies with a mechanism to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the United States in support of transatlantic commerce. The GDPR does not require that personal data of EU citizens remain exclusively in the EU, but it does have some requirements for such transfers, and as such the CRM system we use is fully GDPR compliant.
Setting up an account
Setting up a paid account will allow you to continue using TouchRight Software after the initial trial period. The information you provide is collected to enable TouchRight Software to deliver those services and not for any other marketing purpose.
TouchRight Software takes your privacy very seriously. TouchRight Software does not sell or rent your contact information to other marketers without your permission. We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.
Right of access
TouchRight has an established process to recognise and respond to individuals’ requests to access personal data. Requests for personal data should be made via email to firstname.lastname@example.org, clearly stating the individual’s full name, email address and account name, so the user and account can be clearly identified. The information will be provided electronically and free of charge within 10 working days.
TouchRight has processes to allow individuals or accounts to receive a copy of their data from the system in a safe and secure way, without hindrance to usability.
PDF reports created in TouchRight are freely available and accessible for customers and users to access at any time, for customers on all inclusive and monthly lite plans. These reports can be downloaded and stored as required.
Requests for account data stored in TouchRight should be made via email to email@example.com, clearly stating the individual’s full name, email address and account name, so the user and account can be clearly identified. The information will be provided electronically in a structured, commonly used and machine readable format, free of charge within 30 working days.
Access to customer content
As a software-as-a-service provider, we store our information in the cloud using Amazon Web Services (AWS) servers. AWS does not access any TouchRight data or content except as necessary to provide TouchRight with the AWS services we have selected. AWS does not access TouchRight content for any other purpose.
AWS does not know what content TouchRight has chosen to store on AWS and cannot distinguish between personal data and other content, so AWS treats all customer content the same. In this way, all TouchRight content benefits from the same robust AWS security measures, whether this content includes personal data or not. AWS simply makes available the compute, storage, database and networking services selected by TouchRight with best-in-class security measures applied to the cloud infrastructure provided by AWS.
TouchRight Software does not access customer data except as necessary to provide that customer with technical support and to help with any account issues, where access to the account is required to carry out that support. TouchRight implements appropriate technical and organisational measures to protect personal data from accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access.
When a TouchRight customer takes out a subscription to TouchRight Software, they are agreeing to supply and add information relating to their property portfolio including but not limited to: landlord name, property address, landlord email address, landlord telephone number, tenant name, tenant email address, tenant telephone number and property photographs. This information has a specified, explicit and legitimate purpose. TouchRight will not process this data for any other purpose and it will not be passed to any third parties. TouchRight customers are able to access this data at any time, and can delete specific information as required or delete their TouchRight account if required.
TouchRight customers should make sure they have the necessary robust data controller procedures in place for GDPR purposes, and inform their customers where and how their data is processed.
Customer data retention and deletion
If a TouchRight customer decides to end their subscription to TouchRight, the account will be disabled after a 30 day notice period. Users in that account will no longer be able to gain access to the account and reports beyond this point. In case a customer decides to reactivate their account and wants to access their account history, TouchRight will store the account data (reports, photographs, property addresses, landlord and tenant details) securely for a period of 12 months and then delete the data permanently from our servers.
If a customer decides to delete data in their TouchRight account, the deletion policy will be as follows:
- Deleted landlord/tenant details – name/email/address/phone number – stored for 12 months, then fully deleted.
- Deleted trial accounts – stored for 12 months, then fully deleted (including related photographs).
- Deleted users – stored for 12 months, then fully deleted.
- Deleted properties – stored for 24 months, then fully deleted.
- Deleted reports – stored for 24 months, then fully deleted (including related photographs).
TouchRight has effective processes to identify, report, manage and resolve any personal data breaches.
TouchRight controls its own AWS access keys and determines who is authorized to access their AWS account. AWS does not have visibility of access keys, or who is and who is not authorized to log into an account. TouchRight monitors and controls use, misuse, distribution or loss of access keys.
In the event that a data breach does occur and is likely to result in adversely affecting individuals’ rights and freedoms, we will inform any affected customers immediately and notify the ICO of a breach within 72 hours of becoming aware of it. We will also keep a record of any personal data breaches, regardless of whether we are required to notify.
TouchRight ‘Account Owner’ users are responsible for updating the users in their TouchRight account, and can edit, disable, delete and add users as required. Account Owners should be mindful of updating user access to their TouchRight account should employees leave, so they can no longer gain access.
TouchRight uses a number of third party subcontractors to assist with the provision of it service. Our subcontractors do have access to customers’ content, but only where it is required to assist with technical and support issues. TouchRight only uses subcontractors that we trust and we use appropriate contractual safeguards which we monitor to ensure the required standards are maintained.
When we provide services, we want to make them easy, useful and reliable. Where services are delivered on the internet, this sometimes involves placing small amounts of information on your device, for example, computer or mobile phone. These include small files known as cookies. They cannot be used to identify you personally.
These pieces of information are used to improve services for you through, for example:
- Enabling a service to recognise your device so you don’t have to give the same information several times during one task
- Recognising that you may already have given a username and password so you don’t need to do it for every web page requested
- Measuring how many people are using services, so they can be made easier to use and there’s enough capacity to ensure they are fast
- We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.
Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website. You can manage these small files yourself and learn more about them through Internet browser cookies – what they are and how to manage them.
Links to other websites
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
Controlling your personal information
You may choose to restrict the collection or use of your personal information.
The lawful basis under which TouchRight Software operates for processing data is firstly one of “contractual necessity”, whereby processing personal data is necessary in order that you can enter into a contract with TouchRight Software. When a new account sets up in TouchRight, an email address is required to activate the account. By submitting your personal data, you are consenting to receiving email communications from TouchRight regarding software and product updates. However you can opt-out of receiving further email communications at any time, by using the opt-out option in the emails you receive.
TouchRight Software also processes data on a “legitimate interests” basis, where we use customer data in ways that customers would reasonably expect, that are non- intrusive and which have a minimal privacy impact.
We will not sell, distribute or lease your personal information or the data you add to your TouchRight account to third parties under any circumstances.
You may request details of personal information which we hold about you under the General Data Protection Regulation. If you would like a copy of the information held on you please contact us on the address below, or email firstname.lastname@example.org.
Connect with us
Registered office address: 2 Ruffhams Close, Wheldrake, York YO19 6TD
Company registration number: 8019321
Place of registration: England and Wales
Copyright © 2018 TouchRight Software Ltd.