This privacy notice was last updated on 23/11/2022. Endjin reserves the right to make changes to this policy at any time, you should regularly check for updates.
At endjin we respect your privacy and value the trust you place in us when you share your personal information with us.
This document defines what personal information we collect about you, how and why we use it, who we disclose it to, and how we protect it. It also tells you about your rights.
It applies to you if you use our website, have signed up to one of our events, subscribe to our newsletters or contacted us with an enquiry. It also applies to you if we have a professional or business relationship or connection with you.
If you have any questions or need any further clarity, please get in touch with us.
What is personal information?
Personal information broadly means any information about a living individual who can be identified from that information directly, or indirectly (for example if it is combined with other available information).
What personal information do we collect?
We will collect the information about you under the following circumstances:
Visitors to our websites. We use Google Analytics to collect information about how visitors use our website. This information won't be used to identify you unless you submit your contact details via the website, where we may then connect your prior activity on our website with your personal information. We also use Intercom and Calendly on our website so that visitors can choose to start a live chat or arrange a call with us, respectively.
People who use our products and services (for example commenting on a blog, subscribing to newsletters, completing an online survey, registering for events or downloading publications) or contact us with an enquiry. We'll collect the information you submit via our website or when you contact us, for example your name, contact details, details about the service you're interested in or your enquiry.
Business contacts. We'll collect your contact details and information about your role. We'll also collect publicly-available information, such as information from social media sites such as LinkedIn if you connect with anyone who works for us.
Clients, prospective clients and related persons. We'll collect information about the identity of clients and prospective clients and (where relevant) management, directors, officers and other related persons for verification purposes. This information will be collected from you or publicly-available sources or both.
We do not collect special categories of personal information (also known as “sensitive personal data”, which includes information about health, racial or ethnic origin, political opinions, religious or philosophical beliefs and sexual life). We ask you, please, not to send us this kind of information.
We will always try to keep the amount of personal information we collect to the minimum needed.
What do we use your personal information for?
We use your personal information for the following purposes:
Providing our products and services, or responding to your enquiry. Primarily so that we can communicate effectively with you online, via email, by telephone or in person. For example, to send you one of our newsletters by email, to schedule an online meeting, or to send a response to a question you may have raised in relation to one of our blogs.
Providing website features and security. We'll use information we collect to help ensure that content from our site is presented in the most effective manner for you and for your device, monitor how our website is used in order to improve them, and to help ensure that access to our site is secured.
Direct marketing and business development. If you are a business contact, client or prospective client, we'll use your information to help us with business development. We may also send you direct communications about topics which we feel may be relevant and of interest you, such as information about events, thought leadership and topical updates. If you would prefer not to receive this type of communication, please get in touch with us.
Research and analysis. We'll use relevant information (for example, survey responses) to inform our research and analysis. We will always make sure that information is anonymised or aggregated so that you can't be identified from anything we publish.
Identification checks (clients, prospective clients and related persons). We are obliged to verify the identity of prospective and (in some circumstances) existing clients. This involves checking the identity and good standing of clients and related persons. We may use third-party software to perform checks and carry out risk scoring.
We do not use any form of automated decision-making (including profiling) which could have a negative impact on you.
The lawful basis for us having this information
In general, we do not require your consent to process your personal information because the processing is necessary:
in order to provide you with the information or services that you've requested, or
in order to respond to your enquiry, or
for our legitimate interests, which are:
- to improve our products and services, and
- to keep our systems secure, and
- to develop our business
in order to comply with the law. For example, under Section 221 & 222 of the Companies Act 1985, we need to keep payment records for 3 years in order to comply with accounting law, or
in order to fulfil the public interest. For example making sure we verify our clients' identities.
However you do have the right to object to how we process your personal information, or ask us to restrict processing.
If you object to or ask us to restrict the processing of your personal information, this won't affect the lawfulness of the processing we've already carried out.
Please see Your data protection rights for more details.
Who we share your information with
The personal information you provide to us will be retained only for as long as necessary to fulfil the purposes for which the information was collected as required by law. We do not share personal information with third parties except as required by law or other legal processes. We never sell your personal information.
Sometimes we need to share your personal information with others. We'll only do this for the purposes explained in this privacy notice and we'll take steps to ensure they keep the information secure and confidential and use it only for the agreed purposes.
We may share your personal information with the following:
with any member of our company, for the purposes of providing information or services and developing our business relationship with you,
our service providers, for example professional advisers, so that we can run our business,
your organisation, in connection with any services we provide to them, for example to organise a meeting or workshop,
regulators, ombudsmen, dispute resolution bodies, government bodies or the courts, where we are under a legal obligation to do so, or to protect our rights or property, or the safety of our people, clients or others, so that we can meet our legal obligations.
Some of these may be located outside the UK, where data protection laws are different. However we will ensure that we comply with data protection laws when making any transfers outside the UK (for example, by signing appropriate contracts) to make sure your personal information is protected. Please contact us if you would like more details about transfers outside the UK.
How we protect your personal information
We have put physical, technical and administrative measures in place to prevent unauthorised access or use of your information:
We have chosen technology providers that are accredited with relevant, internationally-recognized standards relating to information security, such as ISO-27001
All data is encrypted at rest and in transit
How long we will retain your information
We will keep your personal information for as long as we are using it for the purposes explained in this notice.
When we no longer need it, we will archive your personal information after a certain period and then delete it permanently after an additional period. We set these periods according to the time limits on legal claims. This is for our protection and yours.
We may in certain circumstances need to hold your personal information for longer, for example in relation to a legal dispute or because of regulatory requirements.
Your data protection rights
Under data protection law, you have rights including:
- Your right of access - you have the right to ask us for copies of your personal information
- Your right to rectification - you have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete
- Your right to erasure, also known as ‘the right to be forgotten' - you have the right to ask us to erase your personal information
- Your right to restriction of processing - you have the right to ask us to restrict the processing of your personal information
- Your right to data portability - you have the right to ask that we transfer the personal information you gave us to another organisation, or to you
How to exercise your rights
If you would like to make a request to access or correct your personal information, or to exercise any of your other rights, you can contact us at any time. We will respond to your request within one month from the date we receive it.
Please note that some of your rights are restricted, and apply only in certain circumstances. For example, we may refuse to delete your personal information whilst we need it for a valid purpose, including to defend any potential legal claims. We will set out in our response our reasons if we are unable to meet your request.
If you have any concerns about our use of your personal information, you can make a complaint to us or to the ICO. The ICO's address is:
Information Commissioner's Office
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk
What is GDPR?
The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy in the European Union (EU) and the European Economic Area (EEA). It came into effect in 2018. The primary aim of the GDPR is to give individuals control over their personal data.
Who is the ICO?
The Information Commissioner's Office (ICO) is the UK's independent body set up to uphold information rights. You can find out more on the ICO website.
Will my personal information ever be shared with an outside company?
We have a “no-share” policy that means we do not share your personal information with outside companies who may want to use your data for their own benefit, for example for marketing purposes. This does not mean that outside companies will never receive personal information about you. For example, we rely on some outside companies to assist us in providing the services that you use. These companies are declared in our privacy notice and the use of that information by these outside companies is strictly limited to providing the services that we have requested.
Why are you using cloud computing?
We are using cloud computing to host many of our products and services because it provides the following benefits:
- Security: We think that the cloud is the most secure place to store data and run applications. The cloud's industrial-grade infrastructure plays a role in addressing cyber security risks, for example.
- Scalability: The cloud provides the scalability to meet the demands from our users by allowing us to dynamically increase compute power and storage capacity.
- Agility: The cloud helps us to shorten the development lifecycle, enabling us to better meet the evolving needs of our users by delivering new features more quickly.
- Innovation: Being on the cloud opens up access to a range of new technologies that we wouldn't otherwise be able to take advantage of.
Is your chosen cloud provider secure?
Microsoft Azure is ISO27001 certified and meets the security, privacy, compliance and risk management requirements as defined in the ISO/IEC 27002 code of best practices for information security management and the Cloud Security Alliance Cloud Control Matrix. For comprehensive information about security, visit the Microsoft Azure Trust Centre.
Why do you have a privacy notice?