Privacy Policy

Effective: 18 November 2024

1. Introduction

Collabit Software Ltd (“Collabit”, “we”, “us”, or “our”) is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, and protect your personal information when you use our website, our applications (“apps”), and our services (collectively, the “Services”).
This Policy applies to both our website and our SaaS platform/app.

We comply with the UK Data Protection Act 2018 and the General Data Protection Regulation (GDPR). Please read this Policy carefully to understand how we treat your personal data.

2. Who We Are

Data Controller: Collabit Software Ltd, Stephenson House, 2 Cherry Orchard Road, Croydon, CR0 6BA, United Kingdom.
Company Number: 06045839
Contact: info@collabitsoftware.com

3. What Data We Collect

We may collect and process the following types of personal data:

Contact details: Name, email address, phone number, organisation
User account details: Username, password (encrypted), roles/permissions
Usage information: IP address, browser type, device information, operating system, access times, activity logs
App/service data: Information provided through our forms, communications, support requests, and any data uploaded by users to our platform/app (which may include PII, depending on client configuration)
Cookies and tracking: See our Cookie Policy for details

4. Legal Basis for Processing

We process your personal data only where at least one lawful basis applies:

Performance of contract: To provide our services and fulfil our obligations to you or your employer
Consent: Where you have given explicit consent (e.g., marketing)
Legitimate interests: For service improvement, security, and business operations (not overridden by your rights)
Legal obligations: To comply with applicable laws or respond to lawful requests

5. How We Use Your Data

We use your information to:

Provide and operate our website, app, and services
Create and manage user accounts
Respond to your queries and support requests
Monitor and improve our Services
Send service updates and important notifications
Comply with legal and regulatory obligations

We do not use your data for automated decision-making or profiling, except as required for security (e.g., access logs, fraud prevention).

6. Data Sharing and Sub-Processors

Your data may be shared with trusted sub-processors (such as Amazon Web Services for hosting, and Google Maps API for address lookups), solely to deliver our services. All third parties are required to comply with strict data protection and confidentiality obligations. A full list of current sub-processors is available upon request.

We do not sell or rent your data to any third parties.

7. International Data Transfers

We primarily store your data in the United Kingdom or European Economic Area (EEA). If data is transferred outside the UK/EEA (for example, to AWS or Google), we ensure adequate safeguards are in place—such as Standard Contractual Clauses (SCCs) or reliance on adequacy decisions—to protect your data as required by law.

8. Data Security

We use appropriate technical and organisational measures to safeguard your personal data, including:

Encryption at rest (AES-256) and in transit (TLS 1.2+)
Access controls and authentication (including multi-factor authentication)
Secure data backup and disaster recovery processes
Regular security audits and staff training

9. Data Retention

We only keep your personal data as long as necessary to fulfil the purposes it was collected for, including:

User account and service data: Retained for the duration of your contract/use of our services plus up to 12 months, unless a longer period is required by law or necessary for dispute resolution
Support and communication records: Retained for up to 24 months
Backups: Retained securely for up to 90 days before secure deletion

When no longer required, your personal data will be securely deleted or anonymised.

10. Your Rights

Under GDPR and UK law, you have the right to:

Access your personal data
Request correction or erasure of your data
Restrict or object to processing
Request data portability
Withdraw consent at any time (where applicable)
Lodge a complaint with the UK Information Commissioner’s Office (ICO) at www.ico.org.uk

To exercise any of these rights, please contact us at info@collabitsoftware.com.

11. Account Deletion and Data Erasure

You have the right to request deletion of your account and personal data at any time.

To submit a request, please use our dedicated online form at:
https://collabitsoftware.com/data-privacy-and-account-deletion-requests/

Alternatively, you can contact us directly at info@collabitsoftware.com.

Upon receiving your request, we will:

Verify your identity to ensure the request is legitimate.
Notify you of any data we are required to retain for legal reasons (and explain the retention period).
Delete your account and associated data from our active systems and, once eligible, from backups.
Confirm to you when the deletion process is complete.

Please note: Deleting your account is irreversible and will remove all access to your data and features.

12. Cookies

Our website and platform use cookies and similar technologies to improve your experience and analyze usage. Where required, we ask for your consent before placing non-essential cookies. For more details, please see our Cookie Policy.

13. Children’s Privacy

Our services are not directed at children under the age of 16. We do not knowingly collect personal data from children.

14. Changes to This Policy

We may update this Privacy Policy from time to time. The latest version will always be posted on our website/app, and material changes will be notified to users as appropriate.

15. Contact

If you have any questions or concerns about this Privacy Policy or how we handle your data, please contact:
Email: info@collabitsoftware.com
Post: Collabit Software Ltd, Stephenson House, 2 Cherry Orchard Road, Croydon, CR0 6BA, UK

This Privacy Policy was last updated: 18 November 2024

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.