Last updated: 18/4/231
1. General Information regarding Data Processing
Invision360 is a quality assurance platform built to support teams improve the quality and consistency of EHCPs and PEPs. Depending on your relationship with us, and how you have come in contact with our services, different parts of our privacy policy will apply to you.
This policy describes how we use your personal data when you use our website or when we provide services to you via our platform. We have provided this policy to ensure that you understand what personal data we may collect and hold about you, what we may use it for and how we keep it safe.
You have legal rights to access the personal data that we hold about you and to control how we use it, which are also explained.
1.1 Invision360 as a Data Controller
Data controller is Invision Services Limited, a private company limited by shares with company number 13223149. Our registered office address is The Port House Marina Keep, Port Solent, Portsmouth, Hampshire, England, PO6 4TH.
You can contact us at the above address or by emailing dps@invision360.com. We have appointed a Data Protection Specialist who oversees our handling of personal data.
You can contact our Data Protection Specialist at The Port House Marina Keep, Port Solent, Portsmouth, Hampshire, England, PO6 4TH or by email at dps@invision360.com.
1.2 Scope of Data Processing
Personal data are any information relating to an identified or identifiable natural person. Applicable legal provisions are in particular those of the regulation (EU) 2016/679 of the European Parliament and Council of 27 April 2016, repealing the directive 95/46/EC, on the protection of individuals with regard to the processing of personal data, on the free movement of such data ("General Data Protection Regulation", GDPR).
1.3 Your Rights
In accordance with the statutory provisions, you as the data subject have the following rights:
the right to access,
the right to rectification or erasure,
the right to restriction of processing,
the right to data portability,
If you have provided us with your personal data on the basis of a consent, you could withdraw the consent at any time with effect for the future,
You may object to the processing of your personal data, if your personal data are processed for direct marketing purposes and/or on the basis of legitimate interests pursuant to Art. 6 (1) f GDPR insofar as there are reasons for this arising from your particular situation.
To exercise these rights named above you may contact us at any, for example via email to dps@invision360.com.
You also have the right to lodge a complaint with the ICO or find full details or your personal data rights on the ICO’s website at https://ico.org.uk/make-a-complaint/
1.4 When we need your consent to use your personal data
Whilst we always want you to be aware of how we are using your personal data, this does not necessarily mean that we are required to ask for your consent before we can use it. In the day to day running of our business we may use your personal data without asking for your consent because:
We are entering into and carrying out our obligations under a contract with you; and
we need to use your personal data for our own legitimate purposes (such as the administration and management of our business or for the improvement of our services or deciding whether to enter into a contract of employment with you) and our doing so will not interfere with your privacy rights.
In exceptional circumstances we may wish to use your personal data for a different purpose which does require your consent. In these circumstances we will contact you to explain how we wish to use your data and to ask for your consent. You are not required to give consent just because we ask for it. If you do give consent you can change your mind and withdraw it later.
1.5 Storing and Deleting Data
The duration of the data storage depends on the respective data category and processing activity. If the storage period is not further specified, your personal data will be deleted or blocked as soon as the purpose or legal basis for storage ceases to apply. Personal data will not be deleted if storage is required by law and in the event of a possible legal dispute.
All Invision360 data gets processed by our AWS cloud provider hosted in the UK. We make use of Google Analytics to measure engagement metrics on our platform. Data is backed up daily at 6pm via AWS. AWS have data centres around the globe.
We will delete your personal data from our systems if we have not had any meaningful contact with you (or, where appropriate, the company you are working for or with) for two years (or for such longer period as we believe in good faith that the law or relevant regulators require us to preserve your data). After this period, it is likely your data will no longer be relevant for the purposes for which it was collected.
When we refer to "meaningful contact", we mean,for example, communication between us (either verbal or written), or where you are actively engaging with our online services. We consider it meaningful contact if you communicate with us about our tools, either by verbal or written communication or click through from any of our marketing communications. Your receipt, opening or reading of an email or other digital message from us will not count as meaningful contact – this will only occur in cases where you click-through or reply directly.
Please note that we may anonymise your personal data or use it for statistical purposes. We keep anonymised and statistical data indefinitely, but we take care to ensure that such data can no longer identify or be connected to any individual.We take every care to ensure that your personal data is kept secure. The security measures we take include:
only storing your personal data on our secure servers and third-party systems that meet our security recommendations;
ensuring that our staff receive regular data security awareness training;
keeping paper records to a minimum
maintaining up to date firewalls and anti-virus software to minimise the risk of unauthorised access to our systems;
enforcing a strict policy on the use of mobile devices and out of office working
Created application data (i.e. that generated by our tools from the user’s input) is anonymised and aggregated to allow us to continue providing and improving our services.
Our data whether personal or not is encrypted in transit(browser to our servers) and at rest (in the actual db).
Please remember that you are responsible for keeping your passwords secure. If we have given you (or you have chosen) a password which enables you to access our products, you are responsible for keeping this password confidential. Please do not share your passwords with anyone.
Unfortunately, sending information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of personal data sent to our website; you send us personal data at your own risk. Once we have received your personal data, we will use strict procedures and security features (some of which are described above) to try to prevent unauthorised access.
1.6 Profiling and automated decision making
We do not use automated decision-making including profiling when processing data concerning our Website or Platform.
1.7 Data Security
For the best possible security of user data our service through the Website is provided via a secure SSL connection between your server and the browser. That means that the data shall be transferred in encrypted form. We have implemented suitable technical and organizational measures.
1.8 Data Processing by Third Parties/Data Processing outside the EU
We may use third party service providers that process your data for the purposes named in this privacy policy. We process your personal data by using third party providers in the EU and the USA, whereas data protection standards applicable in the EU are ensured. A list of the data processors processing data outside the EU and corresponding information is available by request via email to dps@invision360.com.
2. Data Processing on our website
2.1 Website Analytics
Nature and purpose of data processing
This website uses technology based on cookies that helps us better understand how the website is used. We do this by compiling reports about activity on the site that do not identify specific individuals. Analysis cookies transmit your IP address to a service provider for this purpose. Data collected by performance cookies may be linked to accounts of Pitch users.
Legal basis
The processing is carried out with your consent according to Art. 6 para. 1 lit. a GDPR.Withdrawal of ConsentYou can withdraw your consent at any time by clicking"Manage cookie settings" on our website. An opt-out cookie will be installed on your device. This will prevent collection in the future as long as the cookie remains installed in your browser.
2.2 Newsletter
Nature and purpose of data processing
When registering for the newsletter, you have to provide an email address, your name, job title and your employer. In our newsletter we inform you about our services and products also described on our website. We also analyse how users consume our newsletter. This includes tracking of newsletter openings and how the newsletter is consumed. We may ask you to indicate your marketing preferences when you first register an interest on our website. You can check and update your current marketing preferences by emailing us at dps@invision360.com.
We never share your personal data with third parties for marketing purposes.
Legal basis
The data processing for sending and analysing our newsletters as described above is based on your consent (Art. 6 (1) a GDPR).
Storage duration
We will process your personal information until your consent is revoked.
Revocation of consent
If you do not want to receive any newsletters by us in the future and/or wish to object to the analysis of your data through such newsletters please use the "unsubscribe" link contained in each newsletter or send us an email to dps@invision360.com.
2.3 Contacting us
Nature and purpose of data processing
If you send us an e-mail or contact us via an online form, your contact data, name, email address and other data provided respectively, are processed by us in order to deal with your inquiry or to be able to contact you at a later time for follow up questions.
Legal basis
These data are processed only on the basis of our legitimate interests to offer efficient communications channels to the public (Art. 6 (1)f. GDPR), or on the basis of initiating a or communicating under an existing business relationship (legal basis Art. 6 (1) b. GDPR).
3. Data processing in connection with our software
3.1 Registration and sign in
Nature and purpose of data processing
When your company agrees a contract with Invision360 accounts and sign ins will be created for individual users. Invision360 needs to process certain personal data and an account will be created using your name, job title, company name and email address, in order for you to access the software purchased by your company.
Legal basis
The data processing for creating or accessing your account as described above is based on and necessary for fulfilling a contract (Art. 6(1) b GDPR).
3.2 Basic customer support
Nature and purpose of data processing
You can send in requests to customer support for troubleshooting or bugs you may find when using the service. In order to answer basic customer support requests, we may need access to your profile information as well as company data to answer your query.
Legal basis
When personal data are processed the legal basis for this is Art. 6 (1) b. GDPR and it is based on the fulfillment of our service contract.The processing is carried out with your consent according to Art. 6 para. 1 lit. a GDPR.
4. Third-Party Integrations
4.1 Google Analytics Integration
We have the ability to view your Google Analytics data. You can find further information about the processing of your data by Google under the following link: https://developers.google.com/terms/api-services-user-data-policy.
4.2 Zapier
We use Zapier to connect our website with our CRM, Nutshell, to connect our contact us and book a demo form. No PI is stored within Zapier. The legal basis for the transfer of personal data via Zapier is the user’s consent (Art. 6 (1) a GDPR). For more information visit: zapier.com/privacy.
4.3 Poptin
We use Poptin to connect our website with our CRM, Nutshell, to connect our newsletter subscription pop up. We ensure all PI captured by Poptin is removed once logged in our CRM. The legal basis for the transfer of personal data via Poptin is the user’s consent (Art. 6 (1) a GDPR). For more information visit: https://www.poptin.com/privacy-policy
4.4 Cookies Our Website uses so-called cookies. Cookies do not cause any harm to your device and do not contain any viruses. Cookies serve the purpose of making our service more user-friendly, more effective, and safer. Cookies are small text files which are stored on your device and in your browser.This helps us to provide you with a good experience when you browse our website and allows us to improve our website. For detailed information on the cookies we use and the purposes for which we use them see our Cookie policy.
5. Data Processing on our Social Media Pages
We operate pages on the following social media channels:
LinkedIn: linkedin.com or mobile app by LinkedIn Corporation, Legal Department -- Privacy, 1000 W. Maude Ave, Sunnyvale, CA94085, USA / LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place,Dublin 2, Ireland, please also refer to: https://www.linkedin.com/legal/privacy-policy
Twitter: twitter.com or mobile app by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA, please also refer to privacy policy: https://twitter.com/en/privacyWhen you visit our LinkedIn or Twitter page data is processed both by us and by LinkedIn and Twitter as the responsible party.
LinkedIn and Twitter assumes the data protection obligations towards you as the user, such as information on data processing, and is the contact person for your rights. This follows from the fact that LinkedIn has direct access to the relevant information on its page and the processing of your data. However,you are also welcome to contact us if this should become necessary and we will then forward the request to them.When using LinkedIn and Twitter data may also be processed outside the EU.
5.1 Data Processing and Legal Basis
With our LinkedIn and Twitter pages, we can communicate with you and provide you with interesting information. We may receive further data from you through your comments, shared images, messages, and reactions, which we then process to answer or communicate with you. If you use LinkedIn and Twitter on several end devices, a cross-device analysis of the data can take place.
Furthermore, LinkedIn and Twitter may also use cookies and tracking technologies to analyse and improve their services.Data processing takes place with your consent or for the purpose of answering your enquiry (Art. 6 (1) a, b GDPR) or on the basis of legitimate interests in improving the services and presentation to the outside world (Art. 6 (1) f GDPR).
6. Questions?
For further information you may contact us any time, for example via email to dps@invision360.com
7. How we keep this policy up to date
We will review and update this policy from time to time.
This may be to reflect a change in the services we offer or to our internal procedures or it may be to reflect a change in the law.
Each time we update our policy we will update the date shown at the top of this page.
