OPAL PRIVACY POLICY | JULY 2024
Who we are Opal BPM Limited
('we' or 'us') operate this site (www.opalbpm.com) and we are responsible as a 'data controller' for the personal data that we collect from you when you choose to provide it. A data controller determines how and why personal data is processed.
What data do we collect
Personal data is collected when you choose to provide it by completing the form on the Contact page to talk to us. The personal data we request in our site is limited to your name and email address and any information that you choose to provide within a message.
Depending on your enquiry we may receive data about you from other companies within our group, namely Jupiter Prestige Group, and add this data to our database.
We use Google Analytics software to collect information about how you use our site. This includes IP addresses. The data is anonymised before being used for analytics processing.
Google Analytics processes anonymised information about:
- The pages you visit on our site
- How long you spend on each page
- How you got to the site
- What you click on while you’re visiting the site
We do not store your personal information through Google Analytics (for example your name or address).
We will not identify you through analytics information, and we will not combine analytics information with other data sets in a way that would identify who you are.
We continuously test and monitor our data protection controls to make sure they’re effective and to detect any weaknesses.
Why we need your data
We collect information through Google Analytics to see how you use our site.
We do this to help:
- Make sure the site is meeting the needs of its users
- Make improvements, for example improving site search
We also collect data in order to:
- Respond to any feedback you send us, if you’ve asked us to
- Send emails to provide you with information about our services if you request it
Reasons we can collect and use your data
We rely on legitimate interests, for contacting you about our services, and your consent as our legal basis for processing your data.
The legal basis for processing anonymised data for Google Analytics is your consent.
What we do with your data
When you choose to send us your data using our Contact form we will create an entry in our database and use the collected information to contact you to respond to your enquiry.
The data we collect may be shared with other companies within our group, namely Jupiter Prestige Group. It may also be shared with our technology suppliers, for example our hosting provider.
We will not:
- Sell or rent your data to third parties
- Share your data with third parties for marketing purposes, unless you opt-in
- Use your data in analytics We will share your data if we are required to do so by law.
EMAIL MARKETING
We may use Your Personal Data to contact You with newsletters, marketing or promotional materials and other information that may be of interest to You. You may opt-out of receiving any, or all, of these communications from Us by following the unsubscribe link or instructions provided in any email We send or by contacting Us.
We may use Email Marketing Service Providers to manage and send emails to You.
Mailchimp
Mailchimp is an email marketing sending service provided by The Rocket Science Group LLC.
For more information on the privacy practices of Mailchimp, please visit their Privacy policy: https://mailchimp.com/legal/privacy/
How long we keep your data
We will only retain your personal data for as long as it is needed for the purposes set out in this document or the law requires us to. We will keep your email data until you unsubscribe.
We will keep your feedback data for 2 years. We will delete access log data after 120 days.
Children’s privacy protection
Our site and business services are not designed for, or intentionally targeted at, children 13 years of age or younger. We do not intentionally collect or maintain data about anyone under the age of 13.
Where your data is processed and stored:
We design, build and run our systems to make sure that your data is as safe as possible at all stages, both while it’s processed and when it’s stored.
All personal data is stored in the European Economic Area (EEA). Data collected by Google Analytics may be transferred outside the EEA for processing.
Transfers of your information out of the EEA:
We may need to transfer your data to the following countries in order to satisfactorily respond to you when you contact us about our services:
- United States
- Australia
- India
For more information on the basis of any non-EEA transfers and our safeguards, please contact our Privacy Team as described below.
How we protect your data and keep it secure:
We are committed to doing all that we can to keep your data secure. We have set up systems and processes to prevent unauthorised access or disclosure of your data - for example, we protect your data using varying levels of encryption and we limit access to your data to those who have a genuine business need to know it.
We are an ISO 27001 registered company. Implementing this international standard helps us manage and protect your data.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
Your rights
You have a number of important rights that are free of charge. You have the right to request:
- Information about how your personal data is processed a copy of that personal data
- That anything inaccurate in your personal data is corrected immediately
You can also:
- Raise an objection about how your personal data is processed
- Request that your personal data is erased if there is no longer a justification for it
- Ask that the processing of your personal data is restricted in certain circumstances If you have any of these requests, get in contact with our Privacy Team.
Under the California Consumer Privacy Act (CCPA), California residents have the right to:
1. Know what personal information is collected about you.
2. Access and request deletion of your personal information.
3. Opt-out of the sale of your personal information.
4. Non-discrimination for exercising your privacy rights. Information We Collect We may collect the following categories of personal information:
- Identifiers (e.g., name, email address)
- Internet activity (e.g., browsing history)
- Geolocation data
How We Use Your Information
We use your personal information to:
- Provide and improve our services
- Respond to customer service requests
Sharing Your Information
We may share your personal information with:
- Service providers
- Third parties as required by law
Your Choices
To exercise your CCPA rights, please get in contact with our Privacy Team.
"DO NOT TRACK" POLICY AS REQUIRED BY CALIFORNIA ONLINE PRIVACY PROTECTION ACT (CALOPPA)
Our Service does not respond to Do Not Track signals.
However, some third party websites do keep track of Your browsing activities. If You are visiting such websites, You can set Your preferences in Your web browser to inform websites that You do not want to be tracked. You can enable or disable DNT by visiting the preferences or settings page of Your web browser.
YOUR CALIFORNIA PRIVACY RIGHTS (CALIFORNIA'S SHINE THE LIGHT LAW)
Under California Civil Code Section 1798 (California's Shine the Light law), California residents with an established business relationship with us can request information once a year about sharing their Personal Data with third parties for the third parties' direct marketing purposes.
If you'd like to request more information under the California Shine the Light law, and if You are a California resident, You can contact Us using the contact information provided below.
Contact us or make a complaint - Contact the Privacy Team if you:
- Have a question about anything in this privacy notice
- Think that your personal data has been misused or mishandled
The Privacy Team may be contacted as follows:
- Email: [email protected]
- Post: Opal BPM Ltd, 71 St John Street, London, EC1M 4NJ
- Telephone: +44 (0)20 7014 1400
Our data protection officer is Chris Ebbs.
Changes to this privacy notice We may change this privacy notice.
Any changes to this privacy notice will apply to you and your data immediately. If these changes affect how your personal data is processed, will take reasonable steps to let you know.
This document was last reviewed on 5th August 2024 and may change at any time