Privacy Policy

This Privacy Policy details how we will use your personal information as a Data Controller.

If you wish to see our GDPR policy for our role as a Data Processor (if you purchase any of our services), you can view these at https://www.overtsoftware.com/security-and-data-protection/.

Last updated: 14/06/2022

Our Details

Here at Overt Software Solutions Ltd we take your privacy seriously and will only ever use your personal information as explained in this policy.

You can contact us with questions about this privacy policy at:

Data Protection Officer
Overt Software Solutions Ltd
Unit 2 Hawford Business Centre
Hawford
Worcester
WR3 7SG

Telephone : 01905 955037
Email: dpo@overtsoftware.com

How we use your information

Visitors to Our Website

When someone visits www.overtsoftware.com we collect:

  • Standard internet log information such as IP address, browser version and the pages accessed
  • Cookies. See our separate Cookie Policy for further information

Our legal basis for processing this information is:

  • Legitimate interest: To allow us to maintain network and information security

Data is processed in the following locations:

  • Our website is located in the United Kingdom
  • We use a third party, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. This information is stored in the United States of America, however this data does not identify individuals. See our Cookie Policy for further information about the cookies used by this service
  • We use a third party, Microsoft, to schedule meetings through our website. If you schedule a meeting on our website, this data is stored in Europe. See our Cookie Policy for further information about the cookies used by this service

We retain this data until:

  • Access logs on our web server: 1 year after access
  • Live chat and scheduled meetings: Data removed from third party services 2 months after event

Using our contact forms, Callback requests, live chat, meeting scheduler, request for quotes and emails

When someone uses our contact forms, callback requests, live chat or meeting scheduler or request for quotes on this website or emails us directly we collect:

  • your name, email address and any information you provide in the subject and message fields, your phone number on call back requests

Our legal basis for processing this information is:

  • Legitimate interest: To allow us to answer presales queries and record email exchanges with existing and potential customers. We do not use this information beyond responding to the specific query.

Data is processed in the following locations:

  • We use a third party, Microsoft, to process our emails and video conferencing. This data is stored in the United Kingdom and Europe. Their GDPR compliant privacy policy can be located here
  • We use a third party, Microsoft, to schedule meetings through our website. If you schedule a meeting on our website, this data is stored in Europe. See our Cookie Policy for further information about the cookies used by this service

We retain this data until:

  • 2 months after your last enquiry or unless requested to be removed

Signing up to our newsletter

Our newsletter provides news and offers about our products and services. When someone signs up to our newsletter we collect:

  • your email address

Our legal basis for processing this information is:

  • Consent: You must give your consent to allow us to send you our newsletter.

Data is processed in the following locations:

  • We use a third party, ActiveCampaign, to send our newsletters. This data is stored in the United States of America. Their GDPR compliant privacy policy can be located here

We retain this data until:

  • You choose to unsubscribe. All newsletter emails will allow you to unsubscribe via a link in the footer at any time

Purchasing our services

When someone purchases services from us we collect:

  • your name, email address, organisation name, organisation address, optional sub-account details, potential personally identifiable information in support tickets (if submitted)

Our legal basis for processing this information is:

  • Contract: We need this information to fulfil our contractual obligations with you

Data is processed in the following locations:

  • Our website is located in the United Kingdom
  • If you have purchased a Moodle support contract, our Moodle first line support partner, Terus Learning Ltd, can see your name, email address and ticket information if you submit a support ticket to the Moodle support department

We retain this data until:

  • You terminate all contracts with us

Subscribing to service status alerts

When someone accesses our service status page at https://status.overtsoftware.com/ we collect:

  • Standard internet log information such as IP address, browser version and the pages accessed
  • Cookies. See our separate Cookie Policy for further information

When someone subscribes for email service status alerts we collect

  • your email address

Our legal basis for processing this information is:

  • Consent: You must give your consent to allow us to send emails on service status changes

Data is processed in the following locations:

  • We use a third party, UptimeRobot, to manage our public uptime service. This data is stored in the United States of America. Their GDPR compliant privacy policy can be located here

We retain this data until:

  • You choose to unsubscribe

Job application form

When someone fills out a job application form, we collect:

  • Contact details
  • Qualifications
  • Employment history
  • Ethnicity
  • Disability details

Our legal basis for processing this information is:

  • Contract: We need this data to allow us to fulfil our contractual obligations as an employer or potential employer

Data is processed in the following locations:

  • We use a third party, Microsoft, to store some of this data. This data is stored in the United Kingdom and Europe. Their GDPR compliant privacy policy can be located here

We retain this data for successful candidates until:

  • Contact details – 6 years post-employment
  • Qualifications – 6 years post-employment
  • Employment history – 6 years post-employment
  • Ethnicity – 6 years post-employment
  • Disability details – 6 years post-employment

We retain this data for unsuccessful candidates until:

  • Contact details – 6 months post-campaign
  • Qualifications – 6 months post-campaign
  • Employment history – 6 months post-campaign
  • Ethnicity – 6 months post-campaign
  • Disability details – 6 months post-campaign

Your rights

Depending on the lawful basis and the personal data being processed, you have the following rights to your data:

  • The right to be informed: You can see clearly how we process your personal data and we will keep you informed if anything in this policy changes
  • The right of access: You can request access to your data. We will respond to these requests within one month where the requests are not complex or numerous
  • The right to rectification: You can request that your data be corrected
  • The right to erasure: You can request that your data be deleted
  • The right to restrict processing: You can request that we restrict processing of your data but continue to store it
  • The right to data portability: You can request that your data be exported in a machine readable format to provide data portability
  • The right to object: You can object to us processing your data by using the contact details at the top of this privacy policy. Any consent given can be withdrawn at any time

How we Secure your information

  • We only request the minimal amount of personal data required
  • We only retain personal data for as long as necessary
  • We will never share your details with a third party without informing you first
  • We encrypt all personal data in transit
  • We carry out frequent and encrypted offsite backups of all personal data
  • We configure our systems and applications following industry best practice to help mitigate intrusion
  • All cloud hosted systems receive regular security scans
  • We have clear security and privacy policies and regularly perform security awareness and privacy training for all staff
  • We are Cyber Essentials Plus accredited, a UK Government backed security framework
  • Continual investment into improving security and privacy

Changes to our privacy policy

Any changes to our privacy policy will result in an updated “effective from” date, stated at the top of the policy.

Any major updates to our privacy policy, such as those changing the purpose or types of information collected will be clearly communicated to you on our website. Where possible, we will also notify you by email.

Complaint process

The Information Commissioner (ICO) is the UK’s independent body set up to uphold information rights. 

If you have any concerns regarding our privacy practices, please visit this page https://ico.org.uk/concerns/ on the ICO’s website where you can raise these concerns with them directly.