Privacy Notice

OCG Software Limited (the “Company”) is an English company with company number 01604358 and whose registered office address is Oak House, Waterside South, Lincoln, LN5 7FB, United Kingdom. The Company provides a web-based software application (the “Services”) to business customers for use by their staff, suppliers and other affiliated parties. This Privacy Notice describes how we collect and process information about visitors to our websites (the “Website”) and users of the Services.

This Privacy Notice does not apply to individuals whose information may be collected by our customers during their use of the Services.

The Company is aware of its obligations under the General Data Protection Regulation (GDPR) and is committed to processing your data securely and transparently.  This Privacy Notice sets out, in line with GDPR, the types of data that we hold on you, how we use that information, how long we keep it for and other relevant information about your data.

How to contact us

If you have any questions about this privacy notice or want to exercise your rights, please contact us by:

  • sending an email to Laura McLean at laura.mclean@ocgsoftware.com
  • writing to us at OCG Software Limited, Oak House, Waterside South, Lincoln, LN5 7FB

Data protection principles

In relation to your personal data, we will:

  • process it fairly, lawfully and in a clear, transparent way
  • collect your data only for reasons that we find proper in relation to your use of the Website and Services
  • only use it in the way that we have told you about
  • ensure it is correct and up to date
  • keep your data for only as long as we need it
  • process it in a way that ensures it will not be used for anything that you are not aware of or have consented to (as appropriate) lost or destroyed

Types of data we collect

Information you voluntarily provide to us directly

We collect and maintain personal information that you voluntarily submit to us via the Website and during your use of the Services. For example when you sign up to use the Services, contact us on the Website, sign up to our newsletter or use our web chat function.

This may include registration information (some of which will be optional):

  • Name;
  • Email Address;
  • Country/Region;
  • Phone Number;
  • Company Name;
  • Any other personal information you choose to share with us when you contact us.

Information we collect through your use of the Services and Website

We collect, through our use of cookies, pixels, beacons, log files or other technologies, information about your use of and navigation around the Services and Website, including information regarding your device or the computer hardware and software used to access the Services and Website.

This may include the following:

  • IP address of device(s);
  • browser type;
  • operating system and device type;
  • your device’s IMEI number;
  • the MAC address of the device’s wireless network interface;
  • your time zone setting;
  • your browser default language setting;
  • access times and dates;
  • referring website addresses;
  • navigation around the site;
  • links followed, including in emails;
  • time spent on pages or viewing content;
  • types of content viewed and shared.

Information we receive from third party brand Partners.

In some situations we may receive your email address from your employer or other third party company who validly holds your details and is permitted to share them with us.  This will be used solely to invite you to sign up to use the Services.  We will not store or use your email address for any other purposes.

Why we process your data

We use the personal information we collect from or about you for the following purposes:

Provision of the Services

We use your registration information to register you and create your user account, log you in, verify who you are and otherwise to provide you with our access to the Services.

What is our legal basis?

It is necessary for the performance and fulfilment of the contract between us to provide you with services for which you have registered.

Data Analytics and Insight

We analyse usage information including that which we observe about users from their interactions with our Service. This information is used to create insights about usage and behaviours across our services. By using this information, we are able to measure the effectiveness of our service and how users use Services and improve the functionality of our services.

What is our legal basis for doing this?

Where your personal information is completely anonymised, we do not require a legal basis to use it as the information will not constitute “personal information” that is regulated under data protection laws. However, our collection and use of such anonymised personal information may still be subject to other laws where your consent is required. Please see our Cookie Policy for further details.

Where your personal information is not in an anonymous form, it is in our legitimate interest to use your personal information in such a way to ensure that we provide the very best services to you and our other users.

Sending you newsletters or other marketing communications (from the Company) for which you have subscribed

Where you have given your consent we use your personal information to send you marketing materials about the Company’s products and services which we think you might be of interest to you.

What is our legal basis for this?

We rely on your consent to be able to do this – given at the time that you request the marketing communications.

Sharing information with third party processors

We may share your personal information with third-party processors in order to provide the Services to you. This includes companies that for example who host our servers or manage or databases for us, or provide other technology solutions.  They have no independent rights to use your data and are strictly controlled by us under contract.

What is our legal basis for doing this?

It is in our legitimate interests to share your personal information in such a way to ensure that we provide the very best service we can to you.

Service Administration

We may also use your personal information to:

  • help improve the Services; and
  • contact you to answer any queries you may have sent to us (for example, contacting our technical support team) or to seek feedback from you.

What is our legal basis for doing this?

It is in our legitimate interest to use your personal information in such a way to ensure that we provide the very best service we can to you.

Business administration, record keeping and legal compliance

We use your personal information for the following business administration and legal compliance purposes:

  • to comply with our legal obligations;
  • to enforce our legal rights;
  • protect rights of third parties; and
  • in connection with a business transition such as a merger, acquisition by another company, or sale of all or a portion of our assets.

Use in this way may involve us sharing your personal information with professional advisers such as lawyers and accountants and/or governmental or regulatory authorities.

What is our legal basis?

It is in our legitimate interest to ensure that we keep our records up-to-date and use them in connection with a business transition, enforce our legal rights, or to protect the rights of third parties. Otherwise, it is our legal obligation to use your personal information to comply with any legal obligations imposed upon us or other laws regulations that we are subject to.

How we obtain your consent

Where use of your personal information by us requires your consent, you may provide such consent:

  • at the time we collect your personal information by following the options we provide;
  • by submitting information with a clear understanding of what it will be used for; or
  • by informing us using the contact details set out in this Privacy Notice.

Use of cookies

The Website and Services may use certain cookies and other technologies of which you should be aware. Please see our Cookie Policy to find out more about the cookies we use and how to manage and delete cookies.

Third-party links and services

The Website and Services may contain links to third party brands, websites and services. Please remember that when you use a link to go from the Website and/or Services to another website or you request a service from a third party, this privacy notice no longer applies.

Your browsing and interaction on any other website, or your dealings with any other third party and/or service provider, is subject to that website’s or third party’s own rules and policies.

We do not monitor, control, or endorse the privacy practices of any third parties. We encourage you to become familiar with the privacy practices of every website you visit or third party service provider that you deal with and to contact them if you have any questions about their respective privacy policies and practices.

Transfers outside the EEA

Although our offices and servers are based within the United Kingdom, in certain circumstances we may transfer your personal data outside the EEA to processors or subcontractors working for us, including in the USA, in connection with our business or for legal reasons.  We will ensure that the transfer is lawful and that there are appropriate security arrangements.

If the European Commission has decided that a country does not provide an adequate level of protection in relation to data that is transferred there, we will enter into an agreement ensuring appropriate and suitable safeguards with our group member, processors or other transferee, or that there is another approved transfer mechanism in place.  This may be via binding corporate rules or on standard terms adopted by the Information Commissioner and approved by the European Commission.

Protecting your data

We are aware of the requirements to ensure your data is protected against accidental loss or disclosure, destruction and abuse.  We have implemented processes to guard against such risks such as encrypting payroll data.

Where we share your data with third parties, we provide written instructions to them to ensure that your data is held securely and in line with GDPR requirements.  Third parties must implement appropriate technical and organisational measures to ensure the security of your data.

How long we keep data for

In line with data protection principles, we only keep your data for as long as we need it for, which will be at least for the duration of your employment with us, though in some cases we will keep your data for a period after your employment has ended.  Retention periods can vary depending on why we need your data.

Your rights in relation to your data

The law on data protection gives you certain rights in relation to the data we hold on you.  These are:

  • the right to be informed.  This means that we must tell you how we use your data, and this is the purpose of this privacy notice
  • the right of access.  You have the right to access the data that we hold on you.  To do so, you should make a subject access request.
  • the right for any inaccuracies to be corrected.  If any data that we hold about you is incomplete or inaccurate, you are able to request us to correct it
  • the right to have information deleted.  If you would like us to stop processing your data, you have the right to ask us to delete it from our system where you believe there is no reason for us to continue processing it
  • the right to restrict the processing of the data.  For example, if you believe the data we hold is incorrect, we will stop processing the data (whilst still holding it) until we have ensured that the data is correct
  • the right to portability.  You may transfer the data that we hold on you for your own purposes
  • the right to object to the inclusion of any information.  You have the right to object to the way we use your data where we are using it for our legitimate interests
  • the right to regulate any automated decision-making in way that adversely affects your legal rights.

Where you have provided consent to our use of your data, you also have the unrestricted right to withdraw that consent at any time.  Withdrawing your consent means that we will stop processing the data that you had previously given us consent to use.  There will be no consequences for withdrawing your consent.  However, in some cases, we may continue to use the data where so permitted, by having a legitimate reason for doing so.

If you wish to exercise any of the rights explained above, please contact Laura McLean.

Making a complaint

The supervisory authority in the UK for data protection matters is the Information Commissioner (ICO). If you think your data protection rights have been breached in any way by us, you are able to make a complaint to the ICO.