TouchRight Software is committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified when using our software, then you can be assured that it will only be used in accordance with this privacy statement.
The UK General Data Protection Regulation (UK GDPR) requires every organisation who is processing personal information to register with the Information Commissioner’s Office (ICO), unless they are exempt. TouchRight Software is registered with the ICO, number ZA024416. This registration outlines the way in which TouchRight Software processes personal information.
We choose to use legitimate interest as the legal basis for processing signed-up customer data, and use a consent basis for gathering and processing new/prospect data.
The lawful basis under which TouchRight Software operates for processing customer data is one of “contractual necessity”, whereby processing personal data is necessary in order that you can enter into a contract with TouchRight Software. Our software requires you to actively submit information in order for you to benefit from specific features (such as starting a trial). You will be informed at each information collection point what information is required and what information is optional. Some of this information may be personal (information that can be uniquely identified with you, such as your full name, address, email address, phone number etc.). We only collect such information when you choose to supply it to us.
So that we can collect information to allow us to assist users with any technical queries whilst using the TouchRight, we use Crashlytics within the TouchRight app to provide actionable insights to allow us pinpoint and fix technical app issues. The information collected does not contain any personally identifiable information. We also collect user information via the digital adoption platform Userpilot. This allows us to deliver the best customer experience by guiding customers through the TouchRight system and features and simplify user experience. These 3rd party systems have robust security measures in place regarding data collection and security policies to prevent the unauthorised or accidental access to or destruction, loss, modification, use or disclosure of personal information.
The Lone Worker feature in the TouchRight app depends on location services to be activated. TouchRight will request limited access to your location data, only when you are using the app. This data is stored in your TouchRight account for your use only. The Lone Worker feature is designed to be used alongside your existing lone worker policies and procedures, not to replace it. TouchRight will not be held liable for technology failures when used.
We will also collect and store the following information as it relates to your use of TouchRight:
- Name and job title
- Contact information, including email address
- Demographic information, such as postcode
- Other information relevant to customer surveys and/or offers
Where TouchRight Software receives any personal data (as defined by the General Data Protection Regulation) (“the Act”)) from a Client, TouchRight shall ensure that it fully complies with the provisions of the Act and only deals with the data to fulfil its obligations under the contract.
What we do with the information we gather
We require this information to understand your needs and provide you with a better service, and in particular for the following reasons:
- We process the information for customer day-to-day commercial requirements.
- Internal record keeping.
- We may use the information to improve our products and services.
- We may periodically send emails about new product features, updates or other information which we think you may find interesting using the email address which you have provided.
- From time to time, we may also use your information to contact you for market research purposes. We may contact you by email, phone, or mail. We may use the information to customise the website according to your interests.
Setting up an account
Setting up a paid account will allow you to continue using TouchRight Software after the initial trial period. The information you provide is collected to enable TouchRight Software to deliver those services and not for any other marketing purpose.
TouchRight Software takes your privacy very seriously. TouchRight Software does not sell or rent your contact information to other marketers without your permission. We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.
Right of access
TouchRight has an established process to recognise and respond to individuals’ requests to access personal data. Requests for personal data should be made via email to firstname.lastname@example.org, clearly stating the individual’s full name, email address and account name, so the user and account can be clearly identified. The information will be provided electronically and free of charge within 10 working days.
TouchRight has processes to allow individuals or accounts to receive a copy of their data from the system in a safe and secure way, without hindrance to usability.
PDF reports created in TouchRight are freely available and accessible for customers and users to access at any time, for customers on all inclusive and monthly lite plans. These reports can be downloaded and stored as required.
Requests for account data stored in TouchRight should be made via email to email@example.com, clearly stating the individual’s full name, email address and account name, so the user and account can be clearly identified. The information will be provided electronically in a structured, commonly used and machine readable format, free of charge within 30 working days.
UK GDPR and data storage
We always ensure that your information is only transferred in full accordance with applicable data protection law. In particular, this means that your information will only be transferred to a country that provides an adequate level of protection or the recipient is bound by standard contractual clauses according to conditions provided by the European Commission or applicable laws in the UK.
The UK Government has deemed the EU and EEA EFTA States to be adequate to allow for data flows from the UK to the EU.
The UK Government has announced that the Treaty agreed with the EU will allow personal data to flow freely from the EU (and EEA) to the UK, until adequacy decisions have been adopted, for no more than six months from 1st January 2021. This will enable businesses to continue to freely receive data from the EU (and EEA).
As a software-as-a-service provider, we store our information in the cloud using Amazon Web Services (AWS) servers. AWS does not access any TouchRight data or content except as necessary to provide TouchRight with the AWS services we have selected. AWS does not access TouchRight content for any other purpose.
AWS data centres are built in clusters in various countries around the world. TouchRight Software has access to eleven AWS Regions around the globe, including two regions in the EU.
In order to safeguard against any interruption to the free flow of EU to UK personal data, TouchRight will be transferring personal data from the EEA to the UK by relying on the Standard Contractual Clauses for the transfer. The Standard Contractual Clauses are a part of every AWS services agreement and are contained in the AWS Data Processing Addendum.
AWS does not know what content TouchRight has chosen to store on AWS and cannot distinguish between personal data and other content, so AWS treats all customer content the same. In this way, all TouchRight content benefits from the same robust AWS security measures, whether this content includes personal data or not. AWS simply legitimate online pharmacy for tramadol makes available the compute, storage, database and networking services selected by TouchRight with best-in-class security measures applied to the cloud infrastructure provided by AWS.
TouchRight Software does not access customer data except as necessary to provide that customer with technical support and to help with any account issues, where access to the account is required to carry out that support. TouchRight implements appropriate technical and organisational measures to protect personal data from accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access.
When a TouchRight customer takes out a subscription to TouchRight Software, they are agreeing to supply and add information relating to their property portfolio including but not limited to: landlord name, property address, landlord email address, landlord telephone number, tenant name, tenant email address, tenant telephone number and property photographs. This information has a specified, explicit and legitimate purpose. TouchRight will not process this data for any other purpose and it will not be passed to any third parties. TouchRight customers are able to access this data at any time, and can delete specific information as required or delete their TouchRight account if required.
TouchRight customers should make sure they have the necessary robust data controller procedures in place for UK GDPR purposes, and inform their customers where and how their data is processed.
Third party arrangements
As part of the service, we may need to share your personal information outside of TouchRight Software. There are limited circumstances in which we would do this and we will always have a compelling business reason to do so.
TouchRight Software uses a number of 3rd party software systems to store customer data to enable the provision of services to its customers. Those systems have the appropriate data protections in place to either adhere to UK GDPR legislation, or to EU standards using a GDPR-approved mechanism for the transfer.
Examples of when we will share your information include:
- when we have your permission to do so;
- with external software systems that support our day-to-day business including customer relationship management systems and accounting systems;
- when you ask us to share your information as part of the service or a connected product you are interested in so that we can tailor your experience;
- when we are under a duty to disclose or share your personal data in order to comply with any legal or regulatory obligation;
- sharing with suppliers, sub-contractors and advisors who support the operation of the service, provide information for an insight, or manage connected products.
We will always take steps to ensure that the safety and security of your information is maintained. We will implement and maintain measures over the transfer of personal information and mandate that our partners and third parties do the same. No ownership rights to the data will be transferred to any third party, unless otherwise notified.
Additionally, you may grant third party access to your personal/company data by enabling the TouchRight API or integration for that third party. At all times, this access is controlled by you. TouchRight Software is not responsible for the privacy practices employed by any third party given access by you to your personal/company data used by the TouchRight API. Use of the TouchRight API is governed by the TouchRight API Terms.
Customer data retention and deletion
If a TouchRight customer decides to end their subscription to TouchRight, the account will be disabled after a 60 day notice period. Users in that account will no longer be able to gain access to the account and reports beyond this point. In case a customer decides to reactivate their account and wants to access their account history, TouchRight will store the account data (reports, photographs, property addresses, landlord and tenant details) securely for a period of 12 months and then delete the data permanently from our servers. Alternatively, reports and photos can be retained for view access only with the Hibernate Plan. Please contact TouchRight for more information.
If a customer decides to delete data in their TouchRight account, the deletion policy will be as follows:
- Deleted landlord/tenant details – name/email/address/phone number – stored for 12 months, then fully deleted.
- Deleted trial accounts – stored for 12 months, then fully deleted (including related photographs).
- Deleted users – stored for 12 months, then fully deleted.
- Deleted properties – stored for 24 months, then fully deleted.
- Deleted reports – stored for 24 months, then fully deleted (including related photographs).
TouchRight has effective processes to identify, report, manage and resolve any personal data breaches.
TouchRight controls its own AWS access keys and determines who is authorized to access their AWS account. AWS does not have visibility of access keys, or who is and who is not authorized to log into an account. TouchRight monitors and controls use, misuse, distribution or loss of access keys.
In the event that a data breach does occur and is likely to result in adversely affecting individuals’ rights and freedoms, we will inform any affected customers immediately and notify the ICO of a breach within 72 hours of becoming aware of it. We will also keep a record of any personal data breaches, regardless of whether we are required to notify.
TouchRight ‘Account Owner’ users are responsible for updating the users in their TouchRight account, and can edit, disable, delete and add users as required. Account Owners should be mindful of updating user access to their TouchRight account should employees leave, so they can no longer gain access.
TouchRight uses a number of third party subcontractors to assist with the provision of its service. Our subcontractors do have access to customers’ content, but only where it is required to assist with technical and support issues. TouchRight only uses subcontractors that we trust and we use appropriate contractual safeguards which we monitor to ensure the required standards are maintained.
When we provide services, we want to make them easy, useful and reliable. Where services are delivered on the internet, this sometimes involves placing small amounts of information on your device, for example, computer or mobile phone. These include small files known as cookies. They cannot be used to identify you personally.
These pieces of information are used to improve services for you through, for example:
- Enabling a service to recognise your device so you don’t have to give the same information several times during one task
- Recognising that you may already have given a username and password so you don’t need to do it for every web page requested
- Measuring how many people are using services, so they can be made easier to use and there’s enough capacity to ensure they are fast
- We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.
Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website. You can manage these small files yourself and learn more about them through Internet browser cookies – what they are and how to manage them.
Links to other websites
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
Controlling your personal information
You may choose to restrict the collection or use of your personal information.
The lawful basis under which TouchRight Software operates for processing data is firstly one of “contractual necessity”, whereby processing personal data is necessary in order that you can enter into a contract with TouchRight Software. When a new account sets up in TouchRight, an email address is required to activate the account. By submitting your personal data, you are consenting to receiving email communications from TouchRight regarding software and product updates. However you can opt-out of receiving further email communications at any time, by using the opt-out option in the emails you receive.
TouchRight Software also processes data on a “legitimate interests” basis, where we use customer data in ways that customers would reasonably expect, that are non- intrusive and which have a minimal privacy impact.
We will not sell, distribute or lease your personal information or the data you add to your TouchRight account to third parties under any circumstances.
You may request details of personal information which we hold about you under the UK GDPR. If you would like a copy of the information held on you please contact us on the address below, or email firstname.lastname@example.org.
Connect with us
Registered office address: 2 Ruffhams Close, Wheldrake, York YO19 6TD
Company registration number: 8019321
Place of registration: England and Wales
Copyright © 2020 TouchRight Software Ltd.