Digital Engagement Platform

Plasmo

Privacy Policy

Introduction

Your privacy and trust are important to us and this Privacy Policy (“Policy”) provides important information about how Plasmo; owned and managed by Salpo Technologies Limited (“Company” “we” or “us”); handles personal information. This Policy applies to personal information which we process in the course of doing business, including information processed through the Company’s website and the services we provide (collectively, our ‘Services’).

Please read this Policy carefully. If you have any questions or wish view the data we hold about you, please email privacy@plasmo.app

It is important that you check back often for updates to this Policy. If we make changes we consider to be important, we will let you know by placing a notice on the relevant Services and/or contact you using other methods such as email.

Purpose of the processing, legal basis and retention periods

We may process personal information about you in different ways depending on our relationship with you. The following are some examples of relationships that may be applicable.

  1. You are or were a customer or an employee of a customer, using the Plasmo platform
  2. You are a third party with whom we are in contact during the delivery of services to our customers or the possible delivery of services to prospective customers. For example – you are signed up to a Plasmo cluster, but do not have a direct commercial relationship with Salpo Technologies
  3. You are a prospective customer or an employee of a prospective customer. You are a prospective supplier or an employee of a prospective supplier
  4. We have received your information from a third party
  5. Your relationship with us is not covered by any of the above

Where you provide us with personal information about another person

If you give us personal information about another person, you must ensure that:

(a) you are legally entitled to give us that information;

(b) the disclosure is in accordance with any applicable data protection or privacy laws; and

(c) such other people have also read this privacy policy.

Personal information we hold

The information we collect about you depends on the products and services you use. All users on the Plasmo platform are required to disclose information sufficient to uniquely identify themselves and to authenticate themselves to the system processes. It includes (but isn’t limited to):

  • Your name (first and last names)
  • Date of birth (to verify your eligibility to use the service)
  • Your preferred email address
  • Your preferred timezone

Administrative or executive roles on the Plasmo elearning platform may have additional information gathered in order to facilitate business processes:

  • Details that we need to check your identity, process an application and perform credit referencing*
  • Financial details, including credit, debit card and bank details to process payments only*
  • Your communications with us, including notes or recordings of calls, emails or letters you send to us*
  • Marketing preferences

When you visit a web property that is part of the Plasmo application suite, we collect the following information:

  • Your IP address
  • Your browser and device information (including but not limited to operating system version, browser version, and relevant device information)
  • The URLs visited during your session(s); and any additional information you may submit via web forms

In addition to the information above, we collect the following information through our mobile applications:

  • Your device ID, make and model
  • Your battery level, storage capacity, internet connection type and available memory
  • Your country of access (inferred through your IP address)

We would not normally process sensitive information, for example, relating to your health, religious belief or sexuality. If that information is relevant to the services we are providing or receiving from you, we will request your agreement to process that information.

Cluster owners/operators on the Plasmo platform may gather additional information from you, or may allow users under 18 years of age to access services. Consent to the provision of service and any additional data gathered is governed by a separate privacy policy, furnished by the cluster operator.

Some of our services provide data and document storage as an integral part of the product or solution offering. Documents and data stored by our customers may contain personal information in business and personal tax forms, payroll and financial data, and legal and litigation-related documents, for example.

Any information stored by or on behalf of our customers is controlled and managed by and only made accessible to those customers or others our customers may authorise from time to time. Our access to this information is limited to the Company personnel who require access in order to provide our Services or for any other critical business reason. Customer data is encrypted both at rest and in transit by industry standard encryption algorithms.

Cookies

We use cookies to track visitors to our websites and help us tailor the pages and features to our customers’ interests and preferences.

What are cookies? Cookies are small files saved to the user’s computer hard drive that track, save and store information about the user’s interactions and usage of the website.

Users are advised that if they wish to deny the use and saving of cookies from this website on to their computer’s hard drive they should take all necessary steps within their web browser’s security settings to block all cookies from our website.

We use tracking software to monitor site visitors to better understand how they use the website. The software will save a cookie to your computer’s hard drive to track and monitor your engagement and usage of the website.

When we share personal information

The Company shares or discloses personal information when necessary to provide Services or conduct our business operations as described below. When we share personal information, we do so in accordance with data privacy and security requirements. We do not sell any personal information to third parties. We may occasionally share non-personal, anonymised, and statistical data with third parties. Below are the parties with whom we may share personal information and why.

  • Within the Company’s group: Our business is supported by a variety of people who are part of the Company’s teams and functions, and personal information will be made available to them if necessary for the provision of Services, account administration, sales and marketing, customer and technical support, and business and product development, for instance. All of our employees and contractors are required to follow our data privacy and security policies when handling personal information. The Company has a wholly owned subsidiary in Sri Lanka and may share personal information such as contact details of employees of customers to the group’s support team in Sri Lanka where it is necessary so that we can provide you with support in accordance with our contract with you. We have put in place appropriate safeguards between the Company and our subsidiary and Sri Lanka to ensure your personal information is secure and your rights are protected.
  • Our business partners: We occasionally partner with other organisations to deliver co-branded Services, provide content, or to host events, conferences, and seminars. As part of these arrangements, you may be a customer of both the Company and our partners, and we and our partners may collect and share information about you. The Company will handle personal information in accordance with this Policy, and we encourage you to review the privacy policies of our partners to learn more about how they collect, use, and share personal information.
  • Our third-party service providers: We partner with and are supported by service providers around the UK/world. Personal information will be made available to these parties only when necessary to fulfil the services they provide to us, including (without limitation) software, system, and platform support; payment providers, direct marketing services; cloud hosting services; advertising; data analytics; and order fulfilment and delivery. Our third-party service providers are not permitted to share or use the personal information we make available to them for any other purpose than to provide services to us.
  • Third parties for legal reasons: We will share personal information when we believe it is required, such as:
    • to comply with legal obligations and respond to requests from government agencies, including law enforcement and other public authorities;
    • in the event of a merger, sale, restructure, acquisition, joint venture, assignment, transfer, or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceedings);
    • to protect our rights, users, systems, and Services.

Where we store and process personal information

We take steps to ensure that the information we collect is processed according to this Policy and the requirements of applicable law wherever the data is located.

We store information in a cloud hosting service, through the provider Amazon Web Services. The Company has networks, databases, servers, systems, support, and help desks located in the UK. We take appropriate steps to ensure that personal information is processed, secured, and transferred according to applicable law. In some cases, we may need to disclose or transfer your personal information within the Company or to third parties in areas outside of your home country, but we will not transfer your data outside of the European Economic Area without your express written consent, other than to the Company’s subsidiary in Sri Lanka where it is necessary to provide customers support as set out in the section “When we share personal information“.

How we secure personal information

The Company takes data security seriously, and we use appropriate technologies and procedures to protect personal information. Our information security policies and procedures are closely aligned with widely accepted international standards and are reviewed regularly and updated as necessary to meet our business needs, changes in technology, and regulatory requirements.

How long we keep personal information

We retain personal information for as long as we reasonably require it for legal or business purposes. In determining data retention periods, the Company takes into consideration local laws, contractual obligations, and the expectations and requirements of our customers and suppliers. When we no longer need personal information, or when you request us to delete your information, where this is legal, we will securely delete or destroy it. See section “Purpose of the processing, legal basis and retention periods” for further information on our retention periods.

Your legal rights

We respect your right to access and control your information, and we will respond to requests for information and, where applicable, will correct, amend, or safely delete your personal information.

  • Access to personal information: You have the right to request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it. If you request access to your personal information, we will gladly comply, subject to any relevant legal requirements and exemptions, including identity verification procedures. Before providing data to you, we will ask for proof of identity and sufficient information about your interaction with us so that we can locate any relevant data.
  • Object to processing: of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
  • Request erasure of your personal data: This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see above), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
  • Request restriction of processing: of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
  • Request the transfer: of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
  • Correction of your data: You have the right to request that we correct your personal information if it is inaccurate or requires updating or complete your personal information if the information we hold is incomplete.
  • Withdrawal of consent: If we are processing your personal information on the basis that you have given your consent to us processing that personal information, you have a right to withdraw your consent at any time by letting us know in writing, by email or by telephone.
  • Marketing preferences: To opt out of email marketing, you can use the unsubscribe link found in the email communication you receive from us or let us know in writing, by email or by telephone.
  • Filing a complaint: If you are not satisfied with how the Company manages your personal data, you have the right to make a complaint to the Information Commissioner’s Office.

If you fail to provide personal data

Where we need to collect under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you. In this case, we may have to cancel your contract with us but we will notify you if this is the case at the time.

Change of purpose

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please let us know by using the “Contact Us” option on our website or let us know in writing, by email or by telephone.

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

Third-party links

Our website has links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.

Children’s privacy

Our Services are not directed to children under 13. If you learn that a child under 13 has provided us with personal information without consent, please contact us.

Cluster Privacy Policy

Content stored on Plasmo is also governed by the cluster privacy policy. For more information please login to your cluster and view the privacy policy.

This Privacy Policy was last updated by Salpo Technologies Ltd on 24 August 2020.