We consider that we are the Data Controller of the personal data that we collect from commercial partners, channel customers, end clients, engineers and users of our proprietary mobile application and software platform (Platform). We explain our reasoning here by reference to the Information Commissioner’s Office checklist.
We decided to collect or process the personal data
In defining the end-to-end architecture of our Platform we have decided that we need to collect particular personal data in order to provide our specific services through the Platform. The architecture of the Platform will evolve and, correspondingly, so will our decision-making about the personal data that we need to collect and process.
We decided what the purpose or outcome of the processing was to be
In collecting that data, we have decided why the data was collected and what we will be do with that data (subject to having a lawful basis for processing), including:
• providing authentication to the service, including determination of password minimum requirements, the range of authentication methods that we offer on the service (e.g. SSO, domain, IP registration)
• delivering personalisation features of the service
• as a technical matter, where and how the data is stored (i.e. on-premise and hosted servers/services)
• providing bespoke, time-sensitive services through the Platform and making available suitable methods of communication (on or off Platform).
We decided what personal data should be collected
We have determined the types and format of information to collect from users. This will continue to evolve over time, according to our policies and changes to our Platform.
We obtain a commercial gain from the processing
In processing the data, we gain insights into the usage of our Platform and its content, allowing us to determine our roadmaps for both development features and for content development.
We make decisions about the individuals concerned as part of the processing
Based on individual usage, we determine what content is relevant to the user and what content we wish to make available or promote to individuals (e.g. information, reports, industry statistical data, notifications, blog posts, infographics relating to the Platform and its services).
We send out information on how to use the Platform and to advise users of any maintenance, updates and improvements. We have a system for engaging with users after periods of inactivity in order to ascertain certain matters (e.g. whether they are still current users and whether there are any issues with their usage).
We exercise professional judgement in the processing of the personal data
We use the decades of collective professional expertise and experience (including IT engineering and software industry experience) within our senior leadership, Platform development and commercial operations teams, as well as the Platform data-led knowledge, to determine what, why and how to process customer personal data.
We have a direct relationship with the data subjects
Beyond personalisation features, our account management, operations, resourcing, finance, legal and other teams will look to engage with users of the system in order to support them in their use of the Platform and our services. In relation to customers and clients, we aim to have several stakeholder relationships in order enhance the user experience and the utility of our system.
We have complete autonomy as to how the personal data is processed
Subject to the requirements of applicable laws, we determine how the personal data is processed.
We have appointed the processors to process the personal data on our behalf
In determining the architecture for the Platform and the data processing activities, we contract with reputable service providers (including software, hosting and CRM service providers), which are critically important to supporting our Platform. We have invested considerable strategic and operational time in tailoring our Platform’s interaction with CRM platforms and services so as to provide a good user interface and experience.
We take steps to ensure that these companies are compliant with relevant legislation and best practice, including confirming their commitment to implementing the requisite technical and organisational measures for preserving the safety and integrity of personal data.
We do not have a common objective with others regarding the processing
We value our commercial relationships; however, we alone determine our policy on the how and why of processing. Customers and clients engage with us to receive IT engineering services; as a commercial and practical reality, they do not have a say in how we process data, or insights into how our proprietary Platform operates (or how it is being further developed on an ongoing basis) in order to be able to have a say in how we process data for the benefit of users as a whole.
We are not processing personal data for the same purpose as another controller
Customers and clients process data for the purposes of advancing their own business and operations.
We work with a wide range of customers and clients across various industry sectors, each of which has its own purposes. We are a distinct business with our own purpose, focused around the development of our Platform and a suite of products and services. Our Platform is central to making us a disruptive business with our own particular business mission and purposes.
We are not using the same personal data set for this processing as another controller
We do not use any common database or other set of personal data as customers or clients.
We have not designed this process with another controller
We have designed our Platform, systems and processes on our own. Customers are not involved in the design of our Platform or related back end functions. We are in a process of constant and dynamic Platform development and neither customers or clients have a say in the how and why of this process or its ultimate outcome.
We do not have a common information management rules with another controller
Our information management systems are internal to our organisation and have been carefully developed by us. We are building our infrastructure with greater complexity and improved outcome delivery all the time. We do not share these systems with customers or clients.
We do not follow data processing instructions from someone else
Whilst we are contracted to provide services to customers, clients and engineers, our Platform development and focus on software-enabled service delivery informs our decision-making about how and why we process personal data. We do not receive or follow specific instructions or policies from any party on how we use customer personal data within our Platform.
We are not given the personal data by a third party or told what data to collect
We, as the designers of our Platform, have established what information we need in relation to individual users and, accordingly, we request this data as part of our Platform registration process. If customers, clients or engineers do not provide the required information, they cannot access our Platform.
We decide to collect personal data from individuals
We have decided to collect personal data from individuals as a fundamental element of our Platform service delivery.
We decide what personal data should be collected from individuals
We have decided what particular personal data we collect.
We decide the lawful basis for the use of that personal data
We have considered the how and why of our processing and, as a result, we have determined the lawful bases on which we process personal data. In most cases, it will be on the basis that the processing is necessary for us to pursue our legitimate interests as a business. We decide when explicit consent is required for specific data or processing.
We decide what purposes the personal data will be used for
We have decided the purposes for which the data will be used. We will continue to develop these purposes in line with the requirements of our Platform development and our business strategy.
We decide whether to disclose the personal data and to whom
We decide whether or not to disclose the personal data (both internally and to third parties). In relation to third parties, disclosure is invariably for the purposes of supporting our Platform efficiency and development and we aim to keep this to the minimum extent necessary (in line with data protection principles).
We decide how long to retain the personal data
We have decided how long we need to retain the data and the rationale for that, as part of our Platform operability and the delivery of our services going forward.
We do not implement data processing decisions under third party contracts
We are directly interested in the end result of the processing
We are very interested in the end result of the processing because this helps us to deliver high quality services as well as being a key element of our product and Platform development cycle.
New giants are on the horizon, they will take the technology that has been refined, developed & invented.