Back to Home

Privacy Policy

Privacy Notice

Introduction

We at the Access Group know it is a big responsibility to protect your personal data. This Privacy Notice is meant to help you understand what information we collect, why we collect it, and how you can update, manage, export, and delete your information.

We may from time to time update this Privacy Notice, where we deem it appropriate, we will seek to notify you about the changes, however, we recommend you review this page periodically. 

This Privacy Notice was last updated on: 24th January 2023

Download a copy of  our Privacy Notice [PDF]

About us

The ‘Access Group’ is made up of numerous legal entities which are wholly owned subsidiaries of The Access Technology Group Limited (company registration 05575609). Our primary trading entity is Access UK Ltd (company registration 2343760) – the registered address for both is: The Old School, Stratford St. Mary, Colchester, Essex, CO7 6LZ, United Kingdom.

For this Privacy Notice, Access UK Ltd is the controller of the personal data which is processed by it as a controller. Other Access Group entities may become a joint controller of your information from time to time.

Our Group Data Protection Officer is Danielle Hefford. To contact us regarding our use of personal data, you may email us at  Access.DPO@theaccessgroup.com

We have appointed Core Computer Consultants Ltd (registration number: 91755) as our EU representative under Article 27, EU GDPR. Our representative can be contacted by email at  Core.DPO@theaccessgroup.com

Why we have your information

We process personal data to fulfil our contractual obligations to our customers and to otherwise improve and market our solutions.

There are various ways in which we may obtain your personal data.

For example, because:

  • you have contacted us;
  • you visited our website; and/or
  • you’re using our Adam Procure Service.

On what legal basis we have your information

We will only ever process your personal data where we have a lawful basis to do so. We have expanded upon the reasons for us processing your personal data below.

Where you have contacted us

If you contact us, for example, for technical support, to inquire about our solutions, or to download some of our content, we will record the contact made and log necessary details of the interaction on our systems. We process any personal data collected via these methods as a controller

The data collected (which may be via telephone recording) may include your first and last name, the email address and telephone number you use for business purposes, your job title, and your employer.

Our lawful basis for processing your personal data in this case is legitimate interests. The legitimate interests pursued are to support us delivering on our contractual obligations (where applicable), internal training, to improve the quality of our services, to make information available to you (including marketing), and or to resolve any conflict resolution (where applicable). 

We use third party solutions to record and log the contact made with us; they will therefore process your personal data on our behalf.

Where you visit our website

Your personal data, such as your first and last name, telephone number, email address, postal address, job title, employer and any other relevant contact details may be collected by us when you contact us using any of our online forms. 

The lawful basis for processing this information is legitimate interests. The legitimate interest pursued is to keep you informed about the solutions we offer which we think may be of interest to you (i.e., marketing).

We will also use cookies when you use our website and interact with us via email, to optimise your experience of us and our sites. Please see our  Cookie Policy for more information.

Our lawful basis for processing personal data via cookies is consent. The legitimate interest sought is administration, statistical analysis, and enhancement of our website.

All personal data collected by us through our website is done on the basis that we are the controller.

Where you choose to share your personal data with us through the mechanisms available via the website, we will process that data using third party solutions. These third parties will process your personal data on our behalf.

Where you’re using Adam Procure

Your personal data, that being: your title; first name; surname; job title; email address; and phone number is collected by us in our capacity as a controller to register you as a user of Adam Procure

The lawful basis of processing this information is contractual, as the processing is necessary for the performance of a contract with you.

The information above is shared with the following partners: Marketo Inc, Salesforce Inc and SendGrid.

We may further process the information collected above to market our solutions to you. Our lawful basis for using your information this way is legitimate interests. Our legitimate interest pursued is to keep you informed about the solutions we offer which we think may be of interest to you.

Further processing of your personal data

Where you use one of our solutions, we may derive or create anonymous data and information about your use of that solution. This anonymised data will be further aggregated before being used either by us or a third party nominated by us to improve our products. We may also commercialise this information, for example, to provide insights to third parties.

Our lawful basis for the anonymisation and aggregation process is legitimate interests, and we carry out this processing as a controller. 

The legitimate interest pursued is statistical analysis to drive informed decision making, for the benefit of both the Access Group and other third parties.

Post completion of this anonymisation and aggregation process (which is irreversible), the data is no longer considered personal data for the purpose of applicable data protection legislation. 

Sharing your personal data

We may have to ad hoc share your personal data with regulators, law enforcement bodies, government agencies, courts or other third parties where we think it’s necessary to comply with applicable laws or regulations, or to exercise, establish or defend our legal rights. 

We have also partnered with reputable third parties to provide a best-in-class service offering to you and our wider customer base (as described throughout this privacy notice and or the relevant contracts). Where sharing your personal data with our trusted partners means a transfer to a third country (without an adequacy decision or adequacy regulations, as applicable) is to take place, we will ensure we put in place appropriate safeguards and supplementary measures to ensure an essentially equivalent level of protection (as compared to the UK and EU GDPR) to your personal data will be given.

We may also share your personal data with other members of the Access Group: we will only do this where we have a lawful basis for doing so, for example, fulfilment of contract or legitimate interests. Where the receiver of your personal data is an Access Group entity which is in a third country without an adequacy decision or adequacy regulation (as applicable), the transfer will be safeguarded by, at minimum, an intra-group agreement (which includes recognised model clauses and the UK’s IDTA). 

Lastly, we may share your personal data with third parties in connection with a sale of the Access Group (or any part thereof). Where that divested entity becomes a controller of your information, they will supply or otherwise make available to you their relevant privacy notice.

Storage and disposal of your personal data

Where we have your personal data acting in our capacity as a controller, we will delete your personal data in accordance with our data retention schedule (available via our  Security Portal ), or as otherwise required by data protection legislation: including where you choose to exercise your rights as a data subject (see ‘Your Rights’ section for more information).

Where we have your personal data acting in our capacity as a processor, we will delete your personal data in accordance with the controller’s instruction, or as otherwise required by data protection legislation. If we are required by law to retain any of your personal data, we will inform the controller of this lawful obligation.

Your rights

We will process your personal data in accordance the  Principles - external link  and  Individuals’ Rights - external link  of The General Data Protection Regulation (both the EU version (2016/679/EU) and UK retained version thereof).

Your data protection rights

Under data protection law, you have rights including:

  • Your right of access  - You have the right to ask us for copies of your personal information.
  • Your right to rectification  - You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
  • Your right to erasure  - You have the right to ask us to erase your personal information in certain circumstances.
  • Your right to restriction of processing  - You have the right to ask us to restrict the processing of your personal information in certain circumstances.
  • Your right to object to processing  - You have the right to object to the processing of your personal information in certain circumstances.
  • Your right to data portability  - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.

To exercise any of these rights, please contact  Access.DPO@theaccessgroup.com

Where we rely on consent as a lawful basis of processing, you may withdraw your consent at any time by emailing us at  Access.DPO@theaccessgroup.com

Important note:  If you feel we have not processed your data in accordance with the Principles and Rights of the individual under GDPR (EU or UK), please contact  Access.DPO@theaccessgroup.com  (or our EU representative,  Core.DPO@theaccessgroup.com ) for our complaints procedure, or you may raise a complaint with the  Information Commissioners Office - external link  (or other relevant supervisory authority) but we would like the opportunity to resolve any issues first.




COOKIE POLICY

Last updated  9th  March 2023

This Cookie Policy explains how the Access Group  (" Company , ”  " we , ”  " us, ” and " our ") uses cookies and similar technologies to  recognise  you when you visit our websites at www.adamprocure.co.uk (" Websites"). It explains what these technologies are and why we use them, as well as your rights to control our use of them.

In some cases we may use cookies to collect personal information, or that becomes personal information if we combine it with other information. 

What are cookies?

Cookies are small data files that are placed on your computer or mobile device when you visit a website. Cookies are widely used by website owners in order to make their websites work, or to work more efficiently, as well as to provide reporting information.

Cookies set by us are called "first party cookies". Cookies set by parties other than us are called "third party cookies". Third party cookies enable third party features or functionality to be provided on or through the website (e.g., advertising, interactive content, and analytics). The parties that set these third-party cookies can recognize your computer both when it visits the website in question and also when it visits certain other websites.

Why do we use cookies?

We use first and third-party cookies for several reasons. Some cookies are required for technical reasons in order for our Websites to operate, and we refer to these as "essential" or "strictly necessary" cookies. Other cookies also enable us to track and target the interests of our users to enhance the experience on our Websites. Third parties serve cookies through our Websites for advertising, analytics and other purposes. This is described in more detail below.

How can I control cookies?

You have the right to decide whether to accept or reject cookies. You can exercise your cookie rights by setting your preferences in Admin - My Profile - Cookies

If you choose to reject cookies, you may still use our Websites though your access to some functionality and areas of our Websites may be restricted. You may also set or amend your web browser controls to accept or refuse cookies. As the means by which you can refuse cookies through your web browser controls vary from browser-to-browser, you should visit your browser's help menu for more information.

The specific types of first and third-party cookies served through our Websites and the purposes they perform are described in the table below.

Name

Purpose

Type

First or Third-Party?

Expires in

EAP.AppTitle

This is required to display the application title on each page in the adam Procure.

Essential

1 st

End of session

EAP.LOGOUT

This is required to provide the correct logout page whenever a User logs out of the adam Procure.

Essential

1 st

End of session

EAP.CULTURE

This is required to provide the correct language for the User e.g. English.

Essential

1 st

30 days

EAP.Root

This is required to provide the correct login page e.g. if the User clicked a link within an email from the adam Procure to be directed to the adam Procure login page.

Essential

1 st

End of session

EAP.AppKey

This is required to identify the application that the User is requesting to use.

Essential

1 st

End of session

EAP.CREDCACHE

This is required so that the application knows whether we should be caching the User's credentials. Note: This cookie does not store User credentials itself.

Essential

1 st

30 days

EAP.UTKN

This is required to store the user session token.

Essential

1 st

End of session

EAP.InitDst

This is required to support login-through requests (e.g. if you clicked a link from an email).

Essential

1 st

Earlier of 30 days or once it has been used.

ASP.NET_SessionId

This is required to record the .Net user session token.

Essential

1 st

End of session

What we mean by the “Type”?

Essential Website Cookies:  These cookies are strictly necessary to provide you with services available through our Websites and to use some of its features, such as access to secure areas.

Performance and functionality cookies:  These cookies are used to enhance the performance and functionality of our Websites but are non-essential to their use. However, without these cookies, certain functionality (like videos) may become unavailable.

Analytics and customisation cookies:  These cookies collect information that is used either in aggregate form to help us understand how our Websites are being used or how effective our marketing campaigns are, or to help us customise our Websites for you.

Advertising cookies : These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests.

Social networking cookies:  These cookies are used to enable you to share pages and content that you find interesting on our Websites through third party social networking and other websites. These cookies may also be used for advertising purposes.

Unclassified cookies : These are cookies that have not yet been categorised. We are in the process of classifying these cookies with the help of their providers.

How often will you update this Cookie Policy?

We may update this Cookie Policy from time to time to reflect, for example, changes to the cookies we use or for other operational, legal or regulatory reasons. Please therefore re-visit this Cookie Policy regularly to stay informed about our use of cookies and related technologies.

The date at the top of this Cookie Policy indicates when it was last updated.

Where can I get further information?

If you have any questions about our use of cookies or other technologies, please email us at  access.dpo@theaccessgroup.com

Where relevant, our EU Representative can be contacted at  core.dpo@theaccessgroup.com