IoT Horizon understands the importance of a data policy and how it protects us, our customers and visitors to our website. We value your information and privacy.
This policy provides an explanation as to what happens to any personal data that you share with us, or that we collect from you either directly via this website, via email or from 3rd party platforms, and it explains your rights under data protection legislation.
Who Are We?
We are IoT Horizon Limited – when you’re our customer or browse our website we act as a Data Controller for your personal data. This means we determine how and why your personal data is processed.
If you want to get in touch with us our contact details are:
T: 01706 318110
A: Research & Development, Campus Technology Hub, Sci Tech Daresbury, WA4 4FS
What Data Do We Process?
From the first time you interact with us we are collecting data – sometimes that is data you explicitly provide to us, sometimes it is data we collect automatically and sometimes it is from third party sources such as Social Media.
If you’re using our website then we will automatically collect some information from you:
- Your IP address, login information, browser type and version, time zone setting, browser plug-in types, geolocation information about where you might be, operating system and version.
- Your URL clickstreams (the path you take through our site), products/services viewed, page response times, download errors, how long you stay on our pages, what you do on those pages, how often, and other actions.
- Additionally, you may fill in contact forms on our website. We’ll collect from you, basic contact information and use it to get in touch.
If you’re a customer then we’ll collect and process information from you needed to provide our services to you:
- Contact details – name, address, phone numbers, email addresses.
- Financial Information – required information when you purchase from us such as payment history, VAT registration details and statutorily required information.
How do we use your data?
Data protection law means that we can only use your data for certain reasons and where we have a legal basis to do so. Here are the reasons for which we process your data, and the legal basis for us doing so (we’ll explain those in the next section).
- Providing Services to Customers: We must process personal details of our clients to ensure we can honour our contracts. Our legal basis for this is contractual obligation.
- Keeping Our Website Running: providing and managing your access to our website and services, personalising and tailoring your experience on our website and services. Our legal basis for this is legitimate interest (see below).
- Improving Our Website: Testing features, interacting with feedback platforms and questionnaires, managing landing pages, heat mapping our site, traffic optimization and data analysis and research, including profiling and the use of machine learning and other techniques over your data and in some cases using third parties to do this. Our legal basis for this is legitimate interest (see below).
- Answering Your Queries & Customer Support: We will use your email and contact details to answer your contact requests and queries. Our legal basis for doing so is contractual obligation.
- Marketing Purposes: We may send you emails and messages about new products and services, and content. You will always be able to unsubscribe from these. Our legal basis for doing that is either consent or legitimate interest (see below).
We have identified a legal basis for each of our purposes above – this is what that means:
Legitimate Interest: Processing your data is necessary for our legitimate interests or the legitimate interests of a third party, provided those interests are not outweighed by your rights and interests. These legitimate interests are:
- gaining insights from your behaviour on our website
- delivering, developing and improving our service
- enabling us to enhance, customise or modify our services and communications
- enhancing data and physical security
- promoting our products, services and business.
- responding to customer enquiries, contact requests and promoting our services.
- In each case, these legitimate interests are only valid if they are not outweighed by your rights and interests.
You can always object to our processing of your data based on legitimate interest. If you do so and we have no other legal basis for processing your data we will stop. If we do have another legal basis we will continue to do so, subject to your legal rights.
You have given clear consent for you to process your personal data for a specific purpose.
You can always withdraw your consent. You can do this by clicking on unsubscribe in any marketing email we send, or by getting in touch via the contact details above.
If you withdraw your consent and we have no other legal basis for processing your data we will stop. If we do have another legal basis we will continue to do so, subject to your legal rights.
Processing your data is necessary for a contract you have with us, or because we have asked you to take specific steps before entering into that contract.
Securing Your Data
We take appropriate measures to ensure that all personal data is kept secure including security measures to prevent personal data from being accidentally lost or used or accessed in an unauthorised way.
We limit access to your personal data to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where We are legally required to do so.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted through any online means, therefore any transmission remains at your own risk.
Storing Your Data
We keep your personal information on servers in the UK, or inside the European Economic Area (EEA). The EEA includes all EU Member States plus Norway, Iceland and Liechtenstein.
Sometimes, in limited, and necessary, circumstances your information may be transferred outside of the EEA; this will only happen where it can’t be avoided.
Where this does happen, we will put special protections in place. We will only move data to countries or organisations where the EU Commission has deemed that countries data protection measures to be adequate, or under a contract which enforces the EU Commission approved standard data protection clauses.
Sharing Your Data
We will never sell your personal data to a third party.
We will never transfer or disclose your personal data to any third party except
We may sometimes contract with trusted service providers to provide goods and services on our behalf. These may include payment processing, delivery companies, search engine facilities, advertising, marketing and IT systems. This will sometimes necessitate the transfer of your personal data to those trusted service providers.
Where we transfer your data to our trusted service providers we will have confirmed that they will apply data protection and security measures to the same standard we would. We will always impose contractual terms on all our providers to ensure your data remains secure.
In certain limited circumstances we may be legally required to share your personal data – for example where we are involved in legal proceedings, or where we are complying with a court order, regulatory requirement, or government department with appropriate legal authority to compel us to do so.
Keeping your data
We don’t want to hoard data; we only want to keep and use up to date information about you so that we provide the best service possible. Therefore, we’ll only keep data for as long as necessary to provide our services to you, unless we have a legal obligation to keep it for longer.
For customers this means we’ll delete your details from our system within 6 years of our last contact with you.
Obviously if you ask us to, and we don’t have a legal obligation to keep it, we’ll delete your data within 30 days of you asking.
Under the General Data Protection Regulation, you have several important, free-of-charge rights. These include rights to:
- Right to be informed – you have the right to be informed about our collection and use of your personal data.
- Right of access – you have the right to request a copy of the information that we hold about you. You can do this by contacting us using the above details.
- Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
- Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records.
- Right to restriction of processing – where certain conditions apply, you have a right to restrict our processing.
- Right of portability – you have the right to have the data you provided to us transferred to another organisation.
- Right to object – you have the right to object to certain types of processing (such as direct marketing).
If you’d like to complain, or exercise any of your rights then please get in touch – our details are above.
If you’re not happy with our response you have the right to complain to the UK’s supervisory authority, The Information Commissioner’s Office. You can find their details on their website at https://www.ico.org.uk
All cookies used by and on our website are used in accordance with the current cookie law.
Before cookies are placed on your computer or device you will be shown a pop-up requesting your consent to set such cookies as detailed below. By giving us your consent, you are allowing us to provide the best possible experience of our website. You may refuse consent to cookies; however, certain parts of our website may then not function correctly. You can alter your browser settings to refuse all cookies.
There are four types of cookies:
- Strictly Necessary Cookies – These are essential to make a website work and provide features you’ve asked for. Generally, these are used to provide shopping baskets and similar. Without these cookies the website may not work as intended.
- Performance Cookies – These collect anonymous information about users for the purposes of tracking the performance of a website. Common uses include well-known analytics tools such as Google Analytics.
- Targeting/Advertising Cookies – These are similar to performance cookies. However, they are used to track users’ behaviour and that information is then used on a “per user” basis to advertise products/services on the basis of the behavioural information collected.
- Functionality Cookies – These are used to remember automatically the choices that users have made in order to improve their experience on the website; for example, selecting desired layout or language.
Cookies We Use:
- XSRF-TOKEN – This is an essential first party cookie which helps prevent cross site forgery attacks, and expires at the end of your session on our website.
- svSession – This is an essential first party cookie, which identifies your session to our web server and expires at the end of your session on our website.
- _ga, _git & _gid – These are 3rd party targeting / advising cookies from Google Analytics which help us collect analytical information about your use of our website. They expire no longer than 2 years after you visit and more information is available from Google:
Staying Up to Date
We may change this privacy notice from time to time (for example, if the law changes). Any changes will be immediately posted on our site. We recommend you check the privacy notice regularly to remain up to date.
This privacy notice was last updated in August 2018.