This Privacy Policy details how we will use your personal information as a Data Controller.
If you wish to see our GDPR policy for our role as a Data Processor (if you purchase any of our services), you can view these at https://www.overtsoftware.com/security-and-data-protection/.
Last updated: 14/06/2022
Our Details
Here at Overt Software Solutions Ltd we take your privacy seriously and will only ever use your personal information as explained in this policy.
You can contact us with questions about this privacy policy at:
Data Protection Officer
Overt Software Solutions Ltd
Unit 2 Hawford Business Centre
Hawford
Worcester
WR3 7SG
Telephone : 01905 955037
Email: dpo@overtsoftware.com
How we use your information
Visitors to Our Website
When someone visits www.overtsoftware.com we collect:
- Standard internet log information such as IP address, browser version and the pages accessed
- Cookies. See our separate Cookie Policy for further information
Our legal basis for processing this information is:
- Legitimate interest: To allow us to maintain network and information security
Data is processed in the following locations:
- Our website is located in the United Kingdom
- We use a third party, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. This information is stored in the United States of America, however this data does not identify individuals. See our Cookie Policy for further information about the cookies used by this service
- We use a third party, Microsoft, to schedule meetings through our website. If you schedule a meeting on our website, this data is stored in Europe. See our Cookie Policy for further information about the cookies used by this service
We retain this data until:
- Access logs on our web server: 1 year after access
- Live chat and scheduled meetings: Data removed from third party services 2 months after event
Using our contact forms, Callback requests, live chat, meeting scheduler, request for quotes and emails
When someone uses our contact forms, callback requests, live chat or meeting scheduler or request for quotes on this website or emails us directly we collect:
- your name, email address and any information you provide in the subject and message fields, your phone number on call back requests
Our legal basis for processing this information is:
- Legitimate interest: To allow us to answer presales queries and record email exchanges with existing and potential customers. We do not use this information beyond responding to the specific query.
Data is processed in the following locations:
- We use a third party, Microsoft, to process our emails and video conferencing. This data is stored in the United Kingdom and Europe. Their GDPR compliant privacy policy can be located here
- We use a third party, Microsoft, to schedule meetings through our website. If you schedule a meeting on our website, this data is stored in Europe. See our Cookie Policy for further information about the cookies used by this service
We retain this data until:
- 2 months after your last enquiry or unless requested to be removed
Signing up to our newsletter
Our newsletter provides news and offers about our products and services. When someone signs up to our newsletter we collect:
- your email address
Our legal basis for processing this information is:
- Consent: You must give your consent to allow us to send you our newsletter.
Data is processed in the following locations:
- We use a third party, ActiveCampaign, to send our newsletters. This data is stored in the United States of America. Their GDPR compliant privacy policy can be located here
We retain this data until:
- You choose to unsubscribe. All newsletter emails will allow you to unsubscribe via a link in the footer at any time
Purchasing our services
When someone purchases services from us we collect:
- your name, email address, organisation name, organisation address, optional sub-account details, potential personally identifiable information in support tickets (if submitted)
Our legal basis for processing this information is:
- Contract: We need this information to fulfil our contractual obligations with you
Data is processed in the following locations:
- Our website is located in the United Kingdom
- If you have purchased a Moodle support contract, our Moodle first line support partner, Terus Learning Ltd, can see your name, email address and ticket information if you submit a support ticket to the Moodle support department
We retain this data until:
- You terminate all contracts with us
Subscribing to service status alerts
When someone accesses our service status page at https://status.overtsoftware.com/ we collect:
- Standard internet log information such as IP address, browser version and the pages accessed
- Cookies. See our separate Cookie Policy for further information
When someone subscribes for email service status alerts we collect
- your email address
Our legal basis for processing this information is:
- Consent: You must give your consent to allow us to send emails on service status changes
Data is processed in the following locations:
- We use a third party, UptimeRobot, to manage our public uptime service. This data is stored in the United States of America. Their GDPR compliant privacy policy can be located here
We retain this data until:
- You choose to unsubscribe
Job application form
When someone fills out a job application form, we collect:
- Contact details
- Qualifications
- Employment history
- Ethnicity
- Disability details
Our legal basis for processing this information is:
- Contract: We need this data to allow us to fulfil our contractual obligations as an employer or potential employer
Data is processed in the following locations:
- We use a third party, Microsoft, to store some of this data. This data is stored in the United Kingdom and Europe. Their GDPR compliant privacy policy can be located here
We retain this data for successful candidates until:
- Contact details – 6 years post-employment
- Qualifications – 6 years post-employment
- Employment history – 6 years post-employment
- Ethnicity – 6 years post-employment
- Disability details – 6 years post-employment
We retain this data for unsuccessful candidates until:
- Contact details – 6 months post-campaign
- Qualifications – 6 months post-campaign
- Employment history – 6 months post-campaign
- Ethnicity – 6 months post-campaign
- Disability details – 6 months post-campaign
Your rights
Depending on the lawful basis and the personal data being processed, you have the following rights to your data:
- The right to be informed: You can see clearly how we process your personal data and we will keep you informed if anything in this policy changes
- The right of access: You can request access to your data. We will respond to these requests within one month where the requests are not complex or numerous
- The right to rectification: You can request that your data be corrected
- The right to erasure: You can request that your data be deleted
- The right to restrict processing: You can request that we restrict processing of your data but continue to store it
- The right to data portability: You can request that your data be exported in a machine readable format to provide data portability
- The right to object: You can object to us processing your data by using the contact details at the top of this privacy policy. Any consent given can be withdrawn at any time
How we Secure your information
- We only request the minimal amount of personal data required
- We only retain personal data for as long as necessary
- We will never share your details with a third party without informing you first
- We encrypt all personal data in transit
- We carry out frequent and encrypted offsite backups of all personal data
- We configure our systems and applications following industry best practice to help mitigate intrusion
- All cloud hosted systems receive regular security scans
- We have clear security and privacy policies and regularly perform security awareness and privacy training for all staff
- We are Cyber Essentials Plus accredited, a UK Government backed security framework
- Continual investment into improving security and privacy
Changes to our privacy policy
Any changes to our privacy policy will result in an updated “effective from” date, stated at the top of the policy.
Any major updates to our privacy policy, such as those changing the purpose or types of information collected will be clearly communicated to you on our website. Where possible, we will also notify you by email.
Complaint process
The Information Commissioner (ICO) is the UK’s independent body set up to uphold information rights.
If you have any concerns regarding our privacy practices, please visit this page https://ico.org.uk/concerns/ on the ICO’s website where you can raise these concerns with them directly.