Privacy Notice & Information Security
What this policy covers
Your privacy is important to us and we like to be transparent about how we collect, use and share information about you. This policy is intended to help you understand:
- What information we collect
- How we use your information
- How to access and control your information
- Other important privacy information
What information we collect
We collect information about:
- visitors to our website;
- people who use our services;
- suppliers who we work with to deliver services; and
- job applicants and our current and former employees (see separate Privacy Notice for this information).
How we get the personal information and why we have it:
Most of the personal information we process is provided to us directly by you for one of the following reasons:
- Completing a form on our website (e.g. to request information, to register for an event, or to sign up to our mailing list)
- Contacting us via email
- Contact details provided as part of the contractual documentation when purchasing one of our products
Under the UK General Data Protection Regulation (UK GDPR), the lawful bases we rely on for processing this information are:
Your consent: This applies where you have explicitly signed up to receive information from us. You are able to remove your consent at any time. You can do this by clicking Unsubscribe at the bottom of our emails.
Contractual obligation: This applies where you or your organisation are an Imosphere customer, and we must process your information in order to fulfil that contract and supply our services to you.
Legitimate interest: This applies where the above lawful bases are not applicable and we have assessed the information to be of interest to you, and your interests and fundamental rights do not override those interests.
How we use your information
How we use the information we collect depends on what product or service you use or access, how you use them, and any preferences you have communicated to us. Below are the specific purposes for which we use the information we collect about you.
Visitors to our website
When someone visits www.imosphere.com, we use a third-party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. We do not make any attempt to find out the identities of those visiting our website. If we do want to collect personally identifiable information through our website, we will be explicit about this. We will make it clear when we collect personal information and will explain what we intend to do with it.
If you provide us with information via one of the forms on our website, we may contact you by telephone and email. You are given the opportunity to opt-in to receiving this information at the appropriate section of the website when you register your details. If you no longer wish to be contacted in the future by us, follow the instructions on the specific mailing list or complete the form on our website: www.imosphere.com/email-preferences.
Website hosting Imosphere uses a third party, CWCS to host its website. To deliver this service, it processes the IP addresses of visitors to the Imosphere website.
If you have opted in to our emails, from time to time, we may send emails to you regarding new services, releases and upcoming events. You may opt out of receiving newsletters and other secondary messages from us by selecting the ‘unsubscribe’ function.
Risk Training Enquiries – Third Party
If you request information specifically about Risk Training, your details will be passed to our Third Party Training Consultants – Way Finder and ARW Consultancy – who will contact you directly to provide the relevant information.
Your details will only be used to contact you about the information requested, unless you have also opted into our Mailing List in which case you will also receive information from Imosphere regarding new services, releases and upcoming events. You can opt out at any time by using the ‘Unsubscribe’ link in our emails.
We use your information to resolve technical issues you encounter, to respond to your requests for assistance and to repair and improve our products and services. We use Jira Service Desk to record help desk issues, with the data stored in their European Data Centre.
People who contact us via social media
People who email us
Any email sent to us, including any attachments, may be monitored and used by us for reasons of security and for monitoring compliance with office policy. Email monitoring or blocking software may also be used. Please be aware that you have a responsibility to ensure that any email you send to us is within the bounds of the law.
People who use our products and services
Our products and services include:
- Atmolytics, our pioneering self-service and devolved analytics platform.
- The UK’s most accurate and widely used resource allocation system for personal budgets.
- An award winning electronic care record.
- Over 100 nationally recognised assessment, care and support planning toolsets.
- Tailored training solutions.
We have to hold the details of the organisations who have requested our product(s) and/or service(s) in order to provide it. However, we only use these details to provide the product and/or service the organisation has requested, and to share information relating to that product and/or service.
Access to personal information
Imosphere tries to be as open as possible in terms of giving people access to their personal information. Individuals can find out if we hold any personal information by contacting us. If we do hold information about you, we will:
- give you a description of it
- tell you why we are holding it
- tell you who it could be disclosed to
- let you have a copy of the information in an intelligible form
To access, update or remove any personal information we hold about you a formal request must be sent to us. Clearly label your request as an ‘Information Request’ and send it to firstname.lastname@example.org.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
We are ISO27001 certified, demonstrating our commitment to keeping your, and our, information secure.
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
Data which is no longer required will be deleted, provided that there are no legal storage and documentation obligations that would require a longer retention.
You have rights as an individual which you can exercise in relation to the information we hold about you.
The right to access: You have the right to request copies of your personal data.
The right to rectification: You have the right to request that we correct any information you believe is inaccurate. You also have the right to request that we complete the information you believe is incomplete.
The right to erasure: You have the right to request that we erase your personal data, under certain conditions.
The right to restrict processing: You have the right to request that we restrict the processing of your personal data, under certain conditions.
The right to object to processing: You have the right to object to our processing of your personal data, under certain conditions.
The right to data portability: You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.
You can read more about these rights here: https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/individual-rights/individual-rights/.
Disclosure of personal information
Imosphere will not disclose personal data without consent from the individual or relevant party, or unless required due to legal or contractual obligations.
Complaints or queries
Imosphere tries to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.
This privacy notice does not provide exhaustive detail of all aspects of Imosphere’s collection and use of personal information. However, we are happy to provide any additional information or explanation needed. Any requests for this should be sent to the address below.
If you want to make a complaint about the way we have processed your personal information, you can contact us.
Links to other websites
This privacy notice does not cover the links within this site linking to other websites. We encourage you to read the privacy statements on the other websites you visit.
Changes to the privacy notice
We keep our privacy notice under regular review. This privacy notice was last updated on 24th July 2023.
How to contact us
Imosphere is an ISO/IEC 27001:2013 certified company, demonstrating our effective information security management system.
ISO/IEC 27001:2013 Information Security Management is the international standard for information security and ensures the correct people, processes, procedures and technology are in place to secure an organisation’s information assets.
Information security ensures the preservation of:
- Confidentiality: ensuring that access to information is appropriately authorised
- Integrity: safeguarding the accuracy and completeness of information and processing methods
- Availability: ensuring that authorised users have access to information when they need it
For further information about our Information Security policy, please get in touch.