1. Our Policy’s Aims
1.1 This Policy applies to this website for the Doubtfire Fund and Manhandle Press Limited.
1.3 Personal data refers to any information relating to an identified or identifiable natural person (“data subject”), where this identification can be made directly or indirectly, by means of identifiers such as your name, identification number, email address, phone number, online identifiers such as cookies in some circumstances, your location, your genetic, economic, cultural or social identity or other information that is specific to you.
1.4 We do not mean information that only refers to a business corporation or organization. We also do not mean information that has been "anonymized," either by removing or de-identifying all specific identifiers. Anonymous data is not personal data when the anonymization is irreversible. When we refer to anonymous data, we mean data that cannot be reversed into personal data.
1.5 As a data controller, we commit ourselves to protecting the privacy of our website visitors and users of our products and services with respect to the processing of your personal data.
Where we collect and process your personal data, we will limit the collection and retention to what is adequate, relevant and necessary for our purposes and it will be kept in a form which allows for your identification no longer than necessary for the purpose for which we process your personal data. We refer to this as data minimisation.
1.7 Where we store your personal data for longer periods for statistical purposes, as permitted, we will use appropriate safeguards. Applicable law defines ‘statistical purpose’ as any collection of personal data, where the result of processing is for aggregate data, so the personal data we collect from you is anonymized or pseud-anonymized. For example, the processing of your personal data may be for the business-related process of counting users, products, sales and various metrics. We may also share statistical data that has been anonymized and aggregated geographically and so, cannot be used to identify individuals, with third parties for trend analytics.
1.8 Our policy provides you with the legal bases for the collection of your personal data, lets you know how long personal data is stored and the reasons why, and how in some circumstances, they are necessary to retain.
1.9 Some of the legal bases we rely on are contractual and service necessity, consent, legitimate interests and compliance with legal obligations.
1.11 We strive to keep the policy easy to understand and transparent, and so we refrain from technical information overload. If you wish to have further details on how we process your personal data, please contact us.
2. Talk to Us about Your Data
2.1 We try to ensure that the users of our products and services always have an open line of communication with us. You can contact us at any time if you have any questions, queries or requests about your personal data and, if European law applies to the processing of your data, about your right to request access to, modify, remove or export your data, or object to our processing of your data. You have the right to complain to supervisory authorities in your Country should you feel your privacy has been breached, however we would appreciate it if you reach out to us first before you approach any supervisory authorities or courts. You may submit requests to us at email@example.com. We will action your request within one month of receiving a request from you concerning any one of your rights as a data subject. Should we be inundated with requests or particularly complicated requests, the time limit may be extended to a maximum of another two months. If we fail to meet these deadlines, we would, of course, prefer that you contact us to settle the matter informally.
2.2 We process your personal data where it is lawful and fair for us to do so. The legal bases we rely for processing your personal data are contractual necessity, consent, legitimate interests and compliance with legal obligations.
2.3 There could be instances where you are using our products or services, but we do not have your personal data, even though you have purchased our products or services. These include situations where you purchase our products from our service provider, a reseller, or an app store. Because your relationship in these cases is with that service provider, reseller or an app store, we do not actually have your personal data and will not be able to perform your request to access or delete your information. In such circumstances, please contact your service provider, reseller, or app store where you purchased the products or services, as this person is the primary controller of your personal data.
3.1 Online activities
Any personal data collected from you when you visit our websites or use our products or services
3.2 Phone contacts
Any personal data collected from you when you call us for sales, service, or customer support.
3.3 Offline contacts
Any personal data collected from you at a "live" or in-person event such as a trade show or promotion.
3.4 Reseller information
Any personal data, including contact information such as telephone number and email address, collected from our resellers or sub-resellers.
3.5 Other circumstances
Any personal data collected from you when you contact us by email .
4.1 Third Party Sites
5. Disclosing Your Personal Data to Third Parties
5.1 Disclosure to third parties
We are required to disclose your personal data to unrelated third parties in limited circumstances:
5.2 We are also required in a few limited situations to share our users' personal information with third parties. For example, if you request a specific service or product from us, and if that product or service is administered by a third party working for us, we may share your personal information with the third party to respond to your request. This third party may also transmit back to us any new information obtained from you in connection with providing the service or product.
6. International Transfers of Your Personal Data
6.1 Our website is shown globally and products we sell are available around the world. In order to reach all of our users and provide all of them with our software, we operate on an infrastructure that spans the globe. The servers that are part of this infrastructure may therefore be located in a country different than the one where you live. In some instances, these may be countries outside of the European Economic Area (“EEA”), where the level of protection provided by the laws of these countries may be different than the high standard enshrined in the GDPR. Regardless, we provides the same GDPR-level of protection to all personal data it processes.
At the same time, when we transfer personal data outside of the EEA, we always make sure to put in place appropriate and suitable safeguards, such as standardized contracts approved by the European Commission, which legally bind the receiving party to adhere to a high level of protection, and to ensure that your data remains safe and secure at all times and that your rights are protected.
7. Sharing of Information
7.1 Our data collection and management practices do not vary by location. We follow the same “data minimisation” procedure with respect to all personal data in our possession, regardless of the jurisdiction from which it was collected.
7.2 We reserve the right to store and use the information collected by our software to improve our current and future products and services, to help us develop new products and services, and to better understand the behaviour of our users.
8. Storage, Retention, and Deletion of Your Personal Data
8.1 Storage of Information
We store information that we collect on our servers or on the servers of our subsidiaries, affiliates, contractors, representatives, contractors, agents, or resellers who are working on our behalf.
The data on our servers can only be accessed from our physical premises, or via an encrypted virtual private network (“VPN”). Access is limited to authorised personnel only, and company networks are password protected, and subject to additional policies and procedures for security.
8.2 Access by our contractors
We or our contractors, subsidiaries, affiliates, representatives, agents, or resellers who are working on our behalf undertake regular maintenance of your personal data. All third parties must agree to observe the privacy of our users, and to protect the confidentiality of their personal information. This means your personal data cannot be shared with others, and there must be no direct marketing by the third parties.
8.3 Retention and Deletion of Your Personal Data
We retain and delete the various types of personal data we collect in compliance with the legal requirement that personal data be kept in a form that permits identification of our data subjects for no longer than is necessary for the purposes for which the personal data is being processed.
We will not keep your personal data in a form that allows you to be identified for longer than reasonably necessary with regards to the purpose for which the information was collected. We will also anonymize and aggregate data to the extent possible.
In general, we strive to delete or obfuscate Internet Protocol (IP) addresses within 60 days when the purpose for which they were collected has been fulfilled. We may retain online identifiers, location data and other personal data for statistical purposes as permitted under applicable law.
We may also amend the personal data we keep in such a way that you cannot be identified, for example, by hashing. We may retain a “key” to the hashing, but we will securely store it separately from the hashed data.
We will only keep your personal data for additional periods following the expiration of the purpose for which we collected it when permitted as compatible for our legitimate interests or required by law, for example tax, contract, secrecy or criminal laws. Otherwise, your personal data will be automatically deleted from our system once the legal basis for the collection and processing has been fulfilled.
If you participate in a giveaway or promotion that we offer, we will retain your data long enough to administer the promotion, plus any additional time that is permitted or required by law.
For the purpose of licensing products that are registered on a periodic basis, we will keep your personal data on the legal basis of contractual necessity for as long as you are actively using the product and thereafter for legal compliance. Thereafter, your personal data will be deleted.
9. How You Can Request Deletion
For our paid customers of products and services for your personal computer, you will be able to email us to request deletion of your personal data.
In some circumstances and to the extent permitted by law, for example, to provision the service or contract, for compatible use for our legitimate interests, under national tax, contract, criminal, or secrecy laws, we may retain your personal data despite your requests for erasure.
10. Effects of Request – How Long Before Deletion and Consequences of Deletion
10.1 Depending on what you request and how many requests we receive, it is possible for your requests to be actioned from within a day to three months.
10.2 If you request the erasure of your data (“right to be forgotten”), we will generally action this within 30 days, which may only include a record in our system that once the legal basis for processing your personal data has been fulfilled, your personal data needs to be promptly deleted.
11. Data Security
11.1 Safeguards for protection of personal information We maintain administrative, technical, and physical safeguards for the protection of your personal data.
11.2 Administrative safeguards
Access to the personal data of our users is limited to authorized personnel who have a legitimate need to know based on their job descriptions, for example, employees who provide technical support to end users, or who service user accounts. In the case of third-party contractors who process personal information on our behalf, similar requirements are imposed. These third parties are contractually bound by confidentiality clauses, even when they leave. Where an individual employee no longer requires access, that individual's credentials are revoked.
11.3 Technical safeguards
We store your personal information in our database using the protections described above.
11.4 Physical safeguards
Access to user information in our database by Internet is not permitted except using an encrypted virtual private network (VPN). Otherwise, access is limited to our physical premises. Physical removal of personal data from our location is forbidden. Third-party contractors who process personal data on our behalf agree to provide reasonable physical safeguards.
We strive to collect no more personal data from you than is required by the purpose for which we collect it. This, in turn, helps reduce the total risk of harm should data loss or a breach in security occur: the less data we collect, the smaller the overall risk.
11.6 Notification in the event of breach
In the unlikely event of a breach in the security of personal data, we will notify all users who are actually or potentially affected.
We may tailor the method of notice depending on the circumstances. We reserve the right to delay notification if we are asked to do so by law enforcement or other authorities, or if we believe that giving notice immediately will increase the risk of harm to our user body overall.
12. Other Jurisdictions
We comply with the laws of countries outside the EU to the extent required by any country based in the UK.
13. Policy Changes
13.3 Where the changes are major, we will notify you by email if you have an account or through posts on our website.
14. Contacting Us
14.1 Both Manhandle Press Limited and The Doubtfire Fund are registered at: Timberleys, Littlehampton, West Sussex, UK.
14.2 Dispute resolution
We make every effort to conduct our business in a fair and responsible manner. In the unlikely event of a disagreement or complaint about the way that your personal data is handled, please contact us.
15. Data Protection Officer
15.1 As required under the GDPR, we have a data protection officer (DPO) to monitor our compliance with the GDPR, provide advice where requested and cooperate with supervisory authorities. You can contact our data protection officer via Admin@doubtfire.co.uk