Menu

Privacy Policy

Velocity Engage Privacy Policy for Shoppers

Velocity Privacy Notice

ABOUT VELOCITY

  • We are Velocity Worldwide UK Ltd, a company registered in Northern Ireland, with address at 16 Mount Charles, Belfast, BT7 1NZ and company number NI613311 (we, us, our). We are registered with the Information Commissioner’s Office. Our registration number is ZA262846.
  • We sell user licences for software called DARIUS which is owned and provided by our sister company, DT Technologies DAC, a company registered in ROI, with its registered address at Suite 301-Block The Greenway, St Stephen’s Green, Dublin and company number 571789 (our Licensor). DARIUS is a cloud-based customer engagement platform for businesses to engage with their customers.
  • As well as selling user licences for businesses to use DARIUS (User Licences), we also provide additional marketing services to our clients, in connection with the use of DARIUS to help them to promote their goods or services (Marketing Services).

WHAT IS THIS NOTICE?

  • In order to provide our Services, we may need to process Personal Data from time to time (that is information which can be used to identify someone). This Personal Data may be about you or other people. This notice explains how we will collect and use the Personal Data we hold.
  • We hold Personal Data about 3 groups of people (Data Subjects):
  • Client Data: that is Personal Data about our Client or a prospective client (including key contact data);
  • Permitted User Data: that is Personal Data about users designed by our Client to use DARIUS on their behalf, given to us by our Client; and
  • Customer Data: that is Personal Data about our Client’s customers and prospective customers.
  • DARIUS enables users to collect and share data. This notice only deals with the use of Personal Data by us. Recipients are not bound by this privacy notice. If you upload Personal Data on to DARIUS, it is up to you to make sure the recipient of any Personal Data you’ve sent will use the information as you intend.
  • We might need to change this privacy notice from time to time. If we do, we will let you know. So please do keep an eye on our notice before sending us any Personal Data or uploading it on to DARIUS.
  • All of the defined terms in this notice are explained in paragraph 15 below. If you have any questions about the notice, feel free to send us an email to info@velocityww.com.

ARE YOU A CONTROLLER OR A PROCESSOR?

  • We are a Controller in respect of any Client Data we hold. This means that we make decisions about what types of Personal Data we think we need to collect about our Clients and prospective clients and how to use it to make our business work.
  • We are a Processor in respect of any Permitted User Data we hold. This means we use the data in accordance with our Client’s instructions and not for our own purposes.
  • We are a Processor in respect of any Customer Data we hold. This means that we are only processing that data at the request of our Client and we’re not making decisions about what data to collect and how it should be used.

WHAT PERSONAL DATA DO YOU COLLECT?

  • We might collect Personal Data in the following ways:

Client Data

  • DIRECT INTERACTIONS: information which our Client provides us with directly about its key contacts, including:
  • Identity and contact data: name, email address
  • Job data: job role and employment status
  • Transactional data: we may retain details about our Client’s transactions with us. We will not store or access any financial details of our Client. We use a third party service to facilitate payments made to us.
  • Biographical data: that is data about your preferences, comments or any other data you might give us when you contact us.
  • Requests for information or quotes

Permitted User Data

  • THIRD PARTIES: we hold data about Permitted Users because our Client has identified them as the individuals they want to use DARIUS on their behalf. Our Clients may provide us with information about Permitted Users relating to:
  • Identity and contact data: name, email address
  • Job data: job role and administrative rights
  • DIRECT INTERACTIONS: in addition, we may also collect information which a Permitted User provides us with directly when he or she uses DARIUS, such as:
  • Identity and contact data: name, email address
  • Biographical data: that is data about their preferences, comments or any other data they might give us when you contact us.
  • AUTOMATICALLY COLLECTED: we may also collect data automatically via DARIUS when a Permitted User uses the software, including:
  • Usage Data: which is data relating to how a Permitted User uses DARIUS
  • Technical Data: data about their IP address, your login data, browser type and version, time zone setting and location, browser plugin types and versions, operating system and platform and other technology on the devices they use to access DARIUS

Customer Data

  • DIRECT INTERACTIONS: we may collect information which a Customer provides us with when they interact with a campaign or respond to a survey published via DARIUS. This might include:
  • Identity and contact data: name, email address, phone number, postal address and online contact (such as MAC address)
  • Biographical data: that is data about preferences, interests, comments or any other data provided in any communications, gender;
  • Location data: that is data which we can use to collect and assess a Customer’s location, such as a car number plate.
  • ONLINE TRACKING: DARIUS is set up to automatically collect certain information using cookies and other similar tracking technologies.
  • Usage Data: information about interactions with DARIUS
  • Technical Data: data about a Customer’s IP address, a Customer’s login data, browser type and version, time zone setting and location, browser plugin types and versions, operating system and platform and other technology on the devices a Customer uses when they interact with us online.
  • Traffic Data: that is, information about which websites a Customer accesses or offers they click on when they’re using our services.

For more information about how DARIUS uses cookies please see our cookies policy which can be accessed here:

  • PROFILE DATA: DARIUS uses algorithms and tagging tools ‘learn’ additional biographical information which it relates to Customers. For example, if a Customer clicks on a link for a particular product or provides a certain response in a survey, information about their wellbeing, hobbies and interests, likes and dislikes and shopping habits may be added to their profile.
  • OUR CLIENTS: we may receive Customer Data from our Clients (or their previous marketing agency) when we commence our services or at other times during the agreement we have in place with our Clients, this could include any of the data set out above.
  • AUTOMATED TECHNOLOGIES: if our Client authorises us to do so, DARIUS may be set up to collect the following data:
  • Transaction Data: from point of sales software
  • Location Data: from automatic number plate software, bluetooth and wi-fi

General

4.2       We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from Personal Data but since it cannot be used to identify an individual, it is not Personal Data.

4.3       We do not collect any Special Categories of Personal Data about our Clients, Permitted Users or Customers. Special Categories of Personal Data includes details about an individual’s race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about health and genetic and biometric data. Nor do we collect any information about criminal convictions and offences.

HOW WILL YOU USE CLIENT DATA AND WHAT IS YOUR LAWFUL BASIS FOR DOING SO?

5.1       We hold and process Client Data as a Controller, which means we must have a ‘lawful basis’ for doing so. We have set out how we use Client Data along with our lawful basis in the table below. Anywhere we are relying on legitimate interest we believe that such processing is necessary for the purposes of our legitimate interest, which is in this case is to function as a business. We consider such use will go no further than a Client would reasonable expect; is likely to align with the Client’s interests (by enabling us to provide a sustainable business model) and is unlikely to be detrimental to the fundamental rights and freedoms of you as a Client.

PURPOSE/ ACTIVITY

DESCRIPTION

TYPES OF DATA

LAWFUL BASIS

1.    To provide our services

To provide you with DARIUS (which may include support and maintenance of your account on DARIUS and the transferral of Client Data to our Licensor). 

Identity Data

Contact Data

Necessary for the performance of the contract for the provision of our services or taking steps necessary to enter into a contract.

2.    To manage our relationship with you

To notify you of updates to our (or our Licensor’s) services or software or updates to our privacy notice

Identity Data

Contact Data

Necessary for the performance of the contract for the provision of our services or taking steps necessary to enter into a contract.

Legitimate Interest

3.     Administration And Dispute Resolution

We may also need to process Personal Data about you to meet our internal administration requirements and for matters such as dispute resolution. 

Identity Data

Contact Data

Transaction Data

Legitimate Interest

4.     Marketing

From time to time we might send out promotional emails about updates to our services, new features or functions or new products we are bringing out. These emails may be tailored on the basis of what we think your interests are (from looking at data collected using cookies). We will always include the right to opt out in any such correspondence.

Identity Data

Contact Data

Transaction Data

Profile Data

Traffic Data

Legitimate Interest

5.     Marketing to non-clients

If you are not a Client we will only send marketing communications if you have requested us to do so or opted in to receive marketing from us.

We will only use email for direct marketing purposes unless you have consented to our using an alternative channel of communication.

Identity Data

Contact Data

Transaction Data

Profile Data

Traffic Data

Consent

                                                        

HOW WILL YOU USE PERMITTED USER DATA?

  • We will only use Permitted User Data in order to enable those individuals to access and use DARIUS in accordance with the services agreed in the Licence and Services Agreement entered into by us and our Client.
  • We may collect aggregate data about how a Permitted User uses our software. This data will be anonymised and will not identify a Permitted User.
  • If a Permitted User agrees to receive marketing emails from us, we may also use a Permitted User’s details for marketing purposes. If we do, we will be acting as a Controller in respect of the details the Permitted User provides us and the Permitted User will have those rights set out in paragraph 12 below, in respect of such use (including the right to opt out of the use of your data for direct marketing purposes)

HOW WILL YOU USE CUSTOMER DATA?

  • We act as a processor in respect of any Customer Data, which means we are processing the data in order to provide marketing services on behalf of our Client (as detailed in the Licence and Services Agreement entered into with our Client). Except for technical processes like storage or maintenance purposes, we don’t access or make any decisions about uses of Customer Data.
  • We may collect aggregate data from the information uploaded, but this data will be anonymised so that an individual may not be identified from that data.

WILL YOU DISCLOSE PERSONAL DATA TO ANYONE ELSE?

Third Parties

  • We may disclose Personal Data to third parties, for the following purposes:
  • To employees and third parties (including professional advisors, such as lawyers and accountants) who are contracted to help us to provide DARIUS and our business. Any such licensors, employees and/or data processors contracted by us will be subject to strict contractual requirements only to use Personal Data in accordance with our privacy notice. If you would like more information about third party processors used by us, please contact us at info@velocityww.com.
  • If we are under a duty to disclose or share Personal Data in order to comply with any legal obligation, or in order to enforce or apply our terms of use and other agreements or to protect the operation of our website, or the rights, property, or safety of us, our customers, or others.
  • Third parties if we sell, transfer or merge parts of our business or our assets. If a change happens to our business, then the new owners will only be entitled to use Personal Data in accordance with the provisions set out in this privacy notice.

WHAT SECURITY PROCEDURES DO YOU HAVE IN PLACE?

  • It is our policy to ensure that all Personal Data held by us is handled correctly and appropriately according to the nature of the information, the risk associated with mishandling the data, including the damage that could be caused to an individual as a result of loss, corruption and/or accidental disclosure of any such data, and in accordance with any applicable legal requirements.
  • We are ISO27001 accredited by the BSI. We undertake regular security and risk reviews and we monitor all of the controls that we have in place to ensure the security, accuracy and integrity of the Personal Data we hold. We also endeavour to ensure that such data is only accessed by authorised personnel for a legitimate purpose (in accordance with our privacy notice).
  • We have a set of formal procedures that must be adhered to within our organisation to ensure that security standards are maintained and that data privacy is respected.

9.4          There are some steps you can take to help make sure that your data is protected. For example:

(a)        if you are contacting us with a query or complaint, only ever give us your work details rather than your personal contact details;

(b)     if you are sending any financial details or sensitive information, consider sending it in separate emails or encrypted, password protected documents; and

(c)        make sure that you keep any passwords associated with your DARIUS account secure; and

WHERE DO YOU STORE THE PERSONAL DATA YOU COLLECT?

10.1     For Clients based in the EU, we only use servers in the EU (and Britain). Our current host servers are provided by Amazon Web Services, whose servers are based in Dublin.

10.2     If you are based outside the EEA and would like further information about where we hold your data, please contact us by email: info@velocityww.com.

FOR HOW LONG DO YOU STORE PERSONAL DATA?

Client Data

  • Our retention policies for Client Data are as follows:
  • we may store data related to financial transactions for up to 7 years to ensure that we have sufficient records from an accounting and tax perspective;
  • we may archive data relating to negotiations, contracts agreed, payments made, disputes raised and your use of our software for up to 6 years to protect ourselves in the event of a dispute arising between you and us;
  • we may store aggregate data without limitation (on the basis that no individual can be identified from the data).

Permitted User Data and Customer Data

11.2     We will only retain Permitted User Data and Customer Data for as long as our Client’s associated user licence for DARIUS remains valid. Once it terminates, we will securely delete such data within 30 days.

11.3      We may retain aggregate data relating to the uses made of DARIUS by Permitted Users and Customers without limitation. Such data will be anonymised and no individual may be identified from the use.

WHAT RIGHTS DOES A DATA SUBJECT HAVE ABOUT THE PERSONAL DATA VELOCITY COLLECTS AND HOLDS?

12.1     Data Subjects have the following rights in respect of Personal Data relating to them which can be enforced against whoever is the Controller. This will be us in respect of Client Data, and our Client in respect of Permitted User Data and Customer Data:

  • Right to be informed: the right to be informed about what Personal Data the Controller collects and stores about you and how it’s used.
  • Right of access: the right to request a copy of the Personal Data held, as well as confirmation of:
  • the purposes of the processing;
  • the categories of personal data concerned;
  • the recipients to whom the personal data has/will be disclosed;
  • for how long it will be stored; and
  • if data wasn’t collected directly from the Data Subject, information about the source.
  • Right of rectification: the right to require the Controller to correct any Personal Data held about the Data Subject which is inaccurate or incomplete.
  • Right to be forgotten: in certain circumstances, the right to have the Personal Data held about the Data Subject erased from the Controller’s records.
  • Right to restriction of processing: the right to request the Controller to restrict the processing carried out in respect of Personal Data relating to the Data Subject. You might want to do this, for instance, if you think the data held by the Controller is inaccurate and you would like to restrict processing the data has been reviewed and updated if necessary.
  • Right of portability: the right to have the Personal Data held by the Controller about the Data Subject transferred to another organisation, to the extent it was provided in a structured, commonly used and machine-readable format.
  • Right to object to direct marketing: the right to object where processing is carried out for direct marketing purposes (including profiling in connection with that purpose).
  • Right to object to automated processing: the right not to be subject to a decision based solely on automated processing (including profiling) which produces legal effects (or other similar significant effects) on the Data Subject.

12.2     If you want to avail of any of these rights, you should contact us immediately at info@velocityww.com. If we are not the Controller, we will need to transfer your request to the Controller – but we will only do so with your consent. If you do contact us with a request, we will also need evidence that you are who you say you are to ensure compliance with data protection legislation.

WHAT HAPPENS IF I NO LONGER WANT YOU TO PROCESS PERSONAL DATA ABOUT ME?

13.1      You may notify us at any time that you no longer want us to process Personal Data about you for particular purposes or for any purposes whatsoever. This may have an impact on the services you receive from us. For example, if you ask us to stop processing Personal Data about you, you will no longer be able to access DARIUS since we will not be able to identify you.

13.2     A request to stop receiving direct marketing will not impact on your access to DARIUS.

13.3      If we hold your Personal Data as a Processor, to facilitate your request we may need to pass it to the Controller. We will only do so with your consent.

WHO DO I COMPLAIN TO IF I’M NOT HAPPY WITH HOW YOU PROCESS PERSONAL DATA ABOUT ME?

14.1     If you have any questions or concerns about how we are using Personal Data about you, please contact our Data Protection Officer immediately at our registered address (see paragraph 1.1 above) or by email to info@velocityww.com. If we are processing Personal Data about you on behalf of our Client, we will need to pass your complaint to our Client – we will only do so with your consent.

14.2     If you wish to make a complaint about how we have handled Personal Data about you, you may lodge a complaint with the Information Commissioner’s Office by following this link: https://ico.org.uk/concerns/.

WHAT DO ALL OF THE DEFINED TERMS IN THIS PRIVACY NOTICE MEAN?

15.1      Throughout this notice you’ll see a lot of defined terms (which you can recognise because they’re capitalised). Where possible, we’ve tried to define them as we go, but we thought it might be useful to have a glossary at the end for you. Anywhere in this notice you see the following terms, they’ll have the following meanings:

Client Data means Personal Data about our Client and any prospective clients and includes key contact data;

Controller is a legal term set out in the General Data Protection Regulation (GDPR), it means the party responsible for deciding what Personal Data to collect and how to use it;

Customer Data means Personal Data uploaded by a Permitted User on to Velocity® Software (other than Permitted User Data)

Data Subject means the individual who can be identified from the Personal Data;

Our Client means whoever purchased the user licence to use DARIUS;

Permitted User means a user designated by our Client;

Permitted User Data means Personal Data about a Permitted User given to us by our Client;

Personal Data means data which can be used to identify a living individual. This could be a name and address or it could be a number of details which when taken together make it possible to work out who the information is about. It also includes information about the identifiable individual; and

Processor is another legal term set out in the GDPR, it means the party who has agreed to process Personal Data on behalf of the Controller.

Last updated: 09-05-2018.

Ready to connect with your customers?

If you would like to find out more, get a demo, even if you just have a question, please get in touch.
We’d love to hear from you.

Get in touch