LEGAL
Privacy Policy
Privacy Policy
This Privacy Policy was last modified on 22 February 2023.
Who we are
We are StoreForce Limited, a company registered under the laws of England and Wales, with company registration number 7350900 (“StoreForce”, “we”, “us”, or “our”) and our registered office is at 62-63 Maltings Place, 169 Tower Bridge Road, London, UK, SE1 3LJ.
We are the data controller for the purposes of, and gather and process your personal data in accordance with, this Privacy Policy and in compliance with the relevant data protection laws and regulations. We are registered with the Information Commissioner’s Office and our ICO registration number is ZB505434.
This Privacy Policy provides you with the necessary information regarding your rights and our obligations, and explains how, why and when we process your personal data.
If you have any queries, comments or requests regarding this Privacy Policy, you can contact our designated Data Protection Officer at the following email address: dp*@st*****************.com .
Information That We Collect
StoreForce processes your personal data to meet our legal, statutory and contractual obligations and to provide you with our products and services. We will never collect any unnecessary personal data from you.
The personal data that we collect from you:
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows (though the groups may overlap):
- “Identity Data” includes first name, last name, username or similar identifiers. When you email, phone, submit your business card, fill out an enquiry on our website or otherwise, we may collect information such as your first name, last name, email address, phone number, company name, job title and location.
- “Contact Data” includes billing address, invoicing address, email address and telephone number.
- “Transaction Data” includes details about payments and other details of our services your business has purchased from us.
- “Technical Data” includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, geographical location, operating system and platform, information about your visit through and from the website and service, length of visit, page interaction information and other technology on the devices you use to access the website and service.
- “Usage Data” includes information about how you use our website and services.
- “Marketing and Communications Data” includes your preferences in receiving marketing from us and/or our third parties and your communication preferences.
- “Cookies Data” like many websites, we or our appointed third parties may use “cookies” and similar tracking technologies to enhance your experience and gather information about visitors and visits to our websites so we can better understand the usage and performance of our website and services. Please refer to our Cookie Policy [INSERT LINK TO COOKIE POLICY] for further information about the types of cookies and tracking technologies we use and how we use them.
Information we obtain from third parties
We may from time to time receive information about you from third party sources, for example where we are working closely with third parties such as business partners, service providers, advertising networks, analytics providers, and search information providers.
Information we process as processor for our customers
When we provide our software and services to our customers, we process personal data on behalf of those customers in our capacity as their processor, in particular when we are providing a hosted solution and support to enable customers to effectively utilise our services. The types of personal data we process on behalf of our customers may include, but is not necessarily limited to, the following data of those customers’ staff:
- Name
- Job Title
- Employee Status
- Sales performance data
- Hours worked history
- Employee availability
- Time off requests
- Clock in and out times
- What activities within the store the member of staff is qualified to complete
- Keyholder status
- Pay Rate
- Phone Number
- Email address
To the extent that we are acting as processor, in accordance with data protection laws, we process such personal data in accordance with our customer’s instructions and any agreement in place with our customers. We will only use such personal data for the purposes of providing the services for which our customers have engaged us.
Our customers are responsible for ensuring that the privacy of individuals whose personal data they are processing is respected, including communicating to these individuals in their own privacy policies with whom the individual’s personal data is being shared and by whom it is being processed.
As a data processor, we may share personal data where instructed by our customers (the data controller). With our customer’s specific or general authorisation, we may also share personal data with our third party service providers (sub-processors) who work for us and who are subject to security and confidentiality obligations.
Where we are acting as a processor, we will refer any request from an individual for access to their personal data to our customer. We will not respond directly to the request.
We retain personal data which we process on behalf of our customers for as long as needed to provide services to our customers and in accordance with any agreement in place with our customers.
Aggregated Data
We also may collect, use and share “Aggregated Data” such as statistical, analytical and/or demographic data for any purpose. Aggregated Data may be derived from your personal data but is anonymised and not considered personal data as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific feature or functionality of the service.
How and Why We Use Your personal data (including the Legal Basis for Processing)
StoreForce takes your privacy very seriously and will only use your personal data when the law allows us to. Most commonly, we will use personal data in the following circumstances:
- where you have asked us to do so, or consented to us doing so;
- where it is necessary for the purposes of the legitimate interests pursued by us or a third party and those interests are not overridden by your interests or fundamental rights and freedoms;
- where we need to comply with a legal or regulatory obligation.
The table below sets out some examples about how we may use the personal data we collect about you and the lawful basis we rely on to do so. We have also identified what our legitimate interests are where appropriate.
The personal data we collect from you | How we use it | Lawful basis |
Identity Data, Contact Data, Marketing and Communications Data. | To enter into a commercial relationship with you (for example, to provide our services and/or to contact you about them where necessary) and to manage our ongoing commercial relationship with you (for example, dealing with any enquiries you have made and/or ensuring you are using our services in the most effective and proper way). | Necessary for our legitimate interests in establishing and continuing commercial relations with you. |
Contact Data and Transaction Data | To take payment for our services and maintain a record of payments. Certain payment data may be processed by credit card companies and other payment providers. | Necessary for our legitimate business interests in recovering debts due to us and in order to fulfil our contract with your business. |
Identity Data, Contact Data, Marketing and Communications Data. | To send you email newsletters, interesting blogs, news, webinars, giveaways and to keep you up-to-date about our products and services which we think will interest you. | Necessary for our legitimate interests in developing our business/brand and improving our marketing strategy. If the above does not apply, then we rely on consent. |
Identity Data, Contact Data, Marketing and Communications Data. | To allow you to attend an event or so that you can enter competitions, prize draws or events run by us. | Necessary for our legitimate interests (to develop our business/brand and improve our marketing strategy) |
Identity Data, Contact Data, Usage Data, Technical Data and Cookies Data | To administer and protect our business, website and services (including fraud prevention and detection, troubleshooting, data analysis and system testing) and to keep our website and services secure. | Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business re-organisation or group restructuring exercise). |
Technical Data, Usage Data, Cookies Data, Marketing and Communications Data | To administer and to improve our website and services, to ensure they are presented in the most effective manner for you and to give you the best experience and to allow you to participate in interactive features of our website and services if you choose to do so. | Necessary for our legitimate interests (to study how customers use our products/ services, to develop them, to grow our business and to inform our marketing strategy). |
Any personal data | To enable us to comply with any legal or regulatory requirements and otherwise to comply with any relevant regulator or competent authority. | To comply with our legal obligations. |
Identity Data and Contact Data | To allow you to complete any surveys we send you (if you wish to) or to comment on or review our products or services, to help us to improve them. | To pursue our legitimate business interests to study how customers use our products/services, to develop them and grow our business. |
Identity Data, Contact Data, Marketing and Communications Data. | If you raise an enquiry or complaint with us. | Necessary for our legitimate interests in communicating with you and addressing your enquiry. |
Your Rights
You have a number of rights in relation to your personal data. Below, we have described the various rights that you have. These rights can be exercised at any time by contacting us using the contact details provided at the top of this Privacy Policy.
Right of Access: You have the right to access any personal data that StoreForce processes about you and to request further information which is already set out in this Privacy Policy.
Right to rectification: If you believe that we hold any incomplete or inaccurate data about you, you have the right to ask us to correct and/or complete the information and we will strive to do so as quickly as possible, unless there is a valid reason for not doing so, at which point you will be notified.
Right to erasure: You have the right, under certain circumstances, to the erasure of your personal data if you believe (for example) that we no longer need to process your information for the purposes for which it was provided.
Right to restriction: You have the rightto request that we restrict the processing of your personal data if you believe (for example) that any of the information that we hold about you is inaccurate
Right to data portability: Where applicable, you may have the right to receive the personal data you provided to us in a portable format or request that we provide it directly to a third party, if technically feasible.
Right to object: Where we process your personal data on the basis of a legitimate interest, you are entitled to object to that processing. We will comply with your request unless we have a compelling overriding legitimate interest for processing or we need to continue processing your personal data to establish, exercise or defend a legal claim. You also have a right to object at any time to processing of your personal data for direct marketing purposes.
Right to withdraw consent: Where our processing of your personal data is on the basis of consent, you can withdraw this consent at any time. This would not affect the lawfulness of the processing based on consent prior to the withdrawal.
If we receive a request from you to exercise any of the above rights, we may ask you to verify your identity before acting on the request; this is to ensure that your data is protected and kept secure. It will also help us to process your request if you kindly state clearly which right you wish to exercise and what personal data it is that is of particular concern to you.
Please note that all the rights mentioned in this section are not absolute and we may be entitled to refuse requests, wholly or partly, where exceptions under the applicable law apply. For example, we may refuse to comply with a request if it is manifestly unfounded or excessive. Also, we are not always obliged to erase personal data when asked to do so; if we believe that we have a good legal reason to continue processing personal data that you ask us to erase we will tell you what that reason is at the time we respond to the request.
Sharing and Disclosing Your Personal data
StoreForce may, where appropriate, share your personal data with the following types of recipients and in the following ways:
- any company within the StoreForce group of companies including our parent companies, subsidiaries and/or affiliates;
- selected third parties who we sub-contract to provide various services and/or aspects of our website functionality or services to our customers or who otherwise process personal data for purposes that are described in this Privacy Policy or notified to you when we collect your personal data. By way of example:
- Customers and prospective customers are entered into our customer relationship management system.
- We use cloud services to host and backup data for our application..
- analytics and search engine providers that assist us in the improvement and optimisation of our website and services as described above;
- if we were to sell or buy any business or assets, in which case we might disclose your personal data to the prospective seller or buyer of such business or assets as part of that sale (and their respective advisers and/or business partners as appropriate);
- if StoreForce or substantially all of its assets are acquired by a third party, in which case personal data held by us about you will be one of the transferred assets;
- if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or if we are asked to provide your details to a competent lawful authority, agency or government body in order to aid in a criminal or legal investigation; and
- in order to enforce or apply our terms and conditions (including our website terms of use and terms and conditions of service); or to protect the rights, property, or safety of our business, our customers, our staff or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection, credit risk reduction or bringing legal proceedings where appropriate.
Data Security
StoreForce takes your privacy seriously and takes every reasonable measure and precaution to protect and secure your personal data. We work hard to protect you and your information from unauthorized access, alteration, disclosure or destruction and have several layers of security measures in place, including:
- TLS Encryption: for customers to access our application securely
- Database encryption: For any information inside databases or backups of our software
- Pseudonymisation/Obfuscation: For when a customer no longer need a staff member’s personal data in the application (for example: after that staff member’s employment has ended)
- Restricted Role-based access: for administrators and users of our software to ensure they only have access to details about individuals they need
- Security Infrastructure: Best in class tools in our hosting environment and for our staff to protect from malicious activities including:
- Next Generation Firewalls/Mail Filters: to protect our systems from any network-based attacks.
- Anti-virus/malware: to protect hosts from malicious software or scripts.
- Endpoint detection and response: to examine operating systems for undesirable activity or changes.
- Vulnerability Scanning: to look for flaws in operating systems and applications which might put systems at risk of cyber threat.
- 24/7 Security Monitoring: a team of individuals to monitor and use these tools and others to protect our systems 24 hours a day 7 days a week.
Transfers Outside the UK and EEA
It may be necessary from time to time for us to transfer your personal data outside the UK and/or European Economic Area (“EEA”), particularly when transferring to our group affiliates, service providers and business partners located in other countries.
Where that is the case, we adopt appropriate safeguards to require that your personal data will remain protected in accordance with this Privacy Policy and your rights are upheld. These may include implementing the relevant standard contractual clauses prescribed by the appropriate regulatory body or making transfers to those countries deemed by the appropriate regulatory body as providing an adequate level of protection of personal data.
StoreForce only ever retains personal data for as long as is necessary and we have strict review and retention policies in place to meet these obligations. We have determined, for the purposes of applicable legal, regulatory, tax, accounting and reporting requirements, to keep our customers’ personal data (name, address, contact details) for a minimum of 7 years after termination of their contract with us, after which time it will be destroyed.
Where you have consented to us using your details for direct marketing, we will keep such data until you notify us otherwise, unsubscribe and/or withdraw your consent.
Special Categories Data
StoreForce does not seek to process any special category data.
Marketing
Occasionally, StoreForce would like to contact you with the products/services/promotions that we provide. If you consent to us using your contact details for this purpose, you have the right to modify or withdraw your consent at any time by using the opt-out/unsubscribe options or by contacting StoreForce directly.
Complaints
StoreForce only processes your personal data in compliance with this Privacy Policy and in accordance with the relevant data protection laws. If, however, you wish to raise a complaint regarding the processing of your personal data or are unsatisfied with how we have handled your information, you have the right to complain to the appropriate supervisory authority. In the UK, this is the Information Commissioner’s Office (https://ico.org.uk/).
Changes to this Privacy Policy
We may update this Privacy Policy from time to time and so you should review this page periodically. When we make any material changes, we will update the “last modified” date at the beginning of this Privacy Policy.