Privacy Policy
Effective: 18 November 2024
1. Introduction
Collabit Software Ltd (“Collabit”, “we”, “us”, or “our”) is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, and protect your personal information when you use our website, our applications (“apps”), and our services (collectively, the “Services”).
This Policy applies to both our website and our SaaS platform/app.
We comply with the UK Data Protection Act 2018 and the General Data Protection Regulation (GDPR). Please read this Policy carefully to understand how we treat your personal data.
2. Who We Are
- Data Controller: Collabit Software Ltd, Stephenson House, 2 Cherry Orchard Road, Croydon, CR0 6BA, United Kingdom.
- Company Number: 06045839
- Contact: info@collabitsoftware.com
3. What Data We Collect
We may collect and process the following types of personal data:
- Contact details: Name, email address, phone number, organisation
- User account details: Username, password (encrypted), roles/permissions
- Usage information: IP address, browser type, device information, operating system, access times, activity logs
- App/service data: Information provided through our forms, communications, support requests, and any data uploaded by users to our platform/app (which may include PII, depending on client configuration)
- Cookies and tracking: See our Cookie Policy for details
4. Legal Basis for Processing
We process your personal data only where at least one lawful basis applies:
- Performance of contract: To provide our services and fulfil our obligations to you or your employer
- Consent: Where you have given explicit consent (e.g., marketing)
- Legitimate interests: For service improvement, security, and business operations (not overridden by your rights)
- Legal obligations: To comply with applicable laws or respond to lawful requests
5. How We Use Your Data
We use your information to:
- Provide and operate our website, app, and services
- Create and manage user accounts
- Respond to your queries and support requests
- Monitor and improve our Services
- Send service updates and important notifications
- Comply with legal and regulatory obligations
We do not use your data for automated decision-making or profiling, except as required for security (e.g., access logs, fraud prevention).
6. Data Sharing and Sub-Processors
Your data may be shared with trusted sub-processors (such as Amazon Web Services for hosting, and Google Maps API for address lookups), solely to deliver our services. All third parties are required to comply with strict data protection and confidentiality obligations. A full list of current sub-processors is available upon request.
We do not sell or rent your data to any third parties.
7. International Data Transfers
We primarily store your data in the United Kingdom or European Economic Area (EEA). If data is transferred outside the UK/EEA (for example, to AWS or Google), we ensure adequate safeguards are in place—such as Standard Contractual Clauses (SCCs) or reliance on adequacy decisions—to protect your data as required by law.
8. Data Security
We use appropriate technical and organisational measures to safeguard your personal data, including:
- Encryption at rest (AES-256) and in transit (TLS 1.2+)
- Access controls and authentication (including multi-factor authentication)
- Secure data backup and disaster recovery processes
- Regular security audits and staff training
9. Data Retention
We only keep your personal data as long as necessary to fulfil the purposes it was collected for, including:
- User account and service data: Retained for the duration of your contract/use of our services plus up to 12 months, unless a longer period is required by law or necessary for dispute resolution
- Support and communication records: Retained for up to 24 months
- Backups: Retained securely for up to 90 days before secure deletion
When no longer required, your personal data will be securely deleted or anonymised.
10. Your Rights
Under GDPR and UK law, you have the right to:
- Access your personal data
- Request correction or erasure of your data
- Restrict or object to processing
- Request data portability
- Withdraw consent at any time (where applicable)
- Lodge a complaint with the UK Information Commissioner’s Office (ICO) at www.ico.org.uk
To exercise any of these rights, please contact us at info@collabitsoftware.com.
11. Account Deletion and Data Erasure
You have the right to request deletion of your account and personal data at any time.
To submit a request, please use our dedicated online form at:
https://collabitsoftware.com/data-privacy-and-account-deletion-requests/
Alternatively, you can contact us directly at info@collabitsoftware.com.
Upon receiving your request, we will:
- Verify your identity to ensure the request is legitimate.
- Notify you of any data we are required to retain for legal reasons (and explain the retention period).
- Delete your account and associated data from our active systems and, once eligible, from backups.
- Confirm to you when the deletion process is complete.
Please note: Deleting your account is irreversible and will remove all access to your data and features.
12. Cookies
Our website and platform use cookies and similar technologies to improve your experience and analyze usage. Where required, we ask for your consent before placing non-essential cookies. For more details, please see our Cookie Policy.
13. Children’s Privacy
Our services are not directed at children under the age of 16. We do not knowingly collect personal data from children.
14. Changes to This Policy
We may update this Privacy Policy from time to time. The latest version will always be posted on our website/app, and material changes will be notified to users as appropriate.
15. Contact
If you have any questions or concerns about this Privacy Policy or how we handle your data, please contact:
Email: info@collabitsoftware.com
Post: Collabit Software Ltd, Stephenson House, 2 Cherry Orchard Road, Croydon, CR0 6BA, UK
This Privacy Policy was last updated: 18 November 2024