Big Sofa Data Compliance & Privacy Policy

Big Sofa Privacy Policy (PDF link)

We, Big Sofa Technologies Group plc (“We," "Us") are committed to protecting and respecting your privacy and keeping you fully informed about our use of cookies.

Everyone has rights with regard to the way in which their personal data is handled. During the course
of our activities we will collect, store and process personal data about our customers, suppliers, participants in studies and other third parties, and we recognise that the correct and lawful treatment of this data will maintain confidence in the organisation and will provide for successful business
operations.
This following Privacy and Cookies Policy sets out the basis on which any personal data we collect
from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
We are mindful of the importance of upholding the security of information under our control. All data collected through the www.bigsofatech.com website (the "Website") and from our customers and data subjects taking part in studies is stored on secure servers and we have stringent security and
confidentiality procedures covering the storage and disclosure of such information, in accordance with UK data protection laws.
For the purpose of UK data protection laws, the data controller is Big Sofa Technologies Group, plc (registered number: 07847321) of Finsgate, 5-7 Cranwood Street, London EC1V 9EE.

DATA PROTECTION PRINCIPLES
When processing your information, we must comply with the six enforceable principles of good
practice. These provide that your personal data must be:
● processed lawfully, fairly and in a transparent manner,
● processed for specified, explicit and legitimate purposes,
● adequate, relevant and limited to what is necessary,
● accurate and kept up-to-date,
● kept for no longer than is necessary, and
● processed in a manner that ensures appropriate security.

INFORMATION YOU GIVE TO US
You may give us information (such as your name, address, email address, ‘phone number,
employment details, age, gender, personal preferences, opinions, comments and preferences)
by:
● filling in forms on the Website, including information provided at the time of registration to use
the Website, subscribing to our service, posting material or requesting further services,
● entering a competition or promotion sponsored by us,
● taking part in one of the projects or studies we carry out for our clients, providing us with video
footage, photographic images and other personal data from which you may be identifiable,
● reporting a problem with our Website,
● participating in discussion boards or other social media functions on our website,
● signing up to our blog and newsletter,
● giving us your business card,
● entering a survey organised by us, or
● corresponding with us by phone, email, letters or otherwise.

We may use the information you give to us for a number of different purposes. For each purpose, we
are required to confirm the ‘legal basis’ that allows us to use your information, as follows:
Purposes for which we will use the
information you give to us Legal basis
To fulfil our obligations under specific legislation. It may be necessary for us to comply with a legal
obligation to which we are subject under
legislation in the country where you are resident.
To carry out our obligations under any contracts
entered into between you and us and to provide
you with the information and services that you
request from us, or that are necessary as part of
the study/project you are participating in.
It will be necessary for the performance of the
contract between you and us.
To provide you with information, products or
services that you request from us or which we
feel may interest you, where you have consented
to be contacted for such purposes.
We will only do this if you give us your consent
by some specific, informed and unambiguous
method.
To notify you about changes to our products and
services
It will be necessary for our legitimate business
interests to ensure you are aware of the latest
updates to the products and services we provide,
or may provide, to you.
To provide you with information about other
services we offer that are similar to those that you
have already purchased or enquired about
We will only do this if you give us your consent
on the form from which we collect your data (the
registration form) or by some other specific,
informed and unambiguous method.
To provide you with information about services
we feel may interest you by electronic means
(email or SMS)
We will only do this if you give us your consent
on the registration form or by some other
specific, informed and unambiguous method.
To provide you, or permit selected third parties to
provide you, with information about goods or
services we feel may interest you by electronic
means (email or SMS)
We will only do this if you give us your consent
on the registration form or by some other
specific, informed and unambiguous method.
To tailor our services to suit your particular
business needs and meet your objectives
It will be necessary for our legitimate business
interests, namely providing the best possible
service for your business.
Any other purpose that we notify to you, but are
not expressly listed in this table
We will only do this if you give us your consent
by some specific, informed and unambiguous
method.
As stated in the table above, it is a legal obligation for you to provide us with certain information. If you
do not provide us with that information, we may not be able to provide our services to you.
It is also a contractual requirement for you to provide us with certain information. If you do not provide
us with that information, we may not be able to perform the contract.
All other information you give us is given entirely at your discretion. If you do not provide that
information, then we will be unable to provide a comprehensive and bespoke service to accurately
capture the needs of your business, or fulfil our contract.


INFORMATION WE COLLECT ABOUT YOU FROM OTHER SOURCES
When you visit our website, we may collect information about you (such as the Internet protocol (IP)
address used to connect your computer to the Internet, your login information, browser type and
version, time zone setting, browser plug-in types and versions, operating system and platform).
When you visit our website, using a mobile device, we may collect information about you (such as
country code, language, device name, operating system name and version, GPS location data).
We may also collect information about you by conducting searches of public records (e.g. Companies
House, electoral roll, DVLA database), or in the process of confirming your identity via our online
ID verification provider.
We may use the information we collect about you for a number of different purposes. For each
purpose, we are required to confirm the ‘legal basis’ that allows us to use your information, as
follows:
Purposes for which we will process the
information Legal basis for the processing
To administer our website and for internal
operations, including troubleshooting, data
analysis, testing, research, statistical and survey
purposes, to allow you to participate in interactive
features of our service, when you choose to do
so, to measure or understand the effectiveness of
advertising we serve to you and others, and to
deliver relevant advertising to you and to make
suggestions and recommendations to you and
other users of our site about services that may interest you or them
It will be necessary for our legitimate business
interests to ensure you receive the best
experience possible when accessing and using
our website.
To obtain further information about you, any
organisation you represent, with a view to us
entering into a contract with you or the
organisation you represent
It will be necessary for our legitimate business
interests to ensure we are fully aware of all
issues relating to your organisation that is the
subject of the services you have requested from
us.
You can change the settings on your internet browser to restrict the amount of information that we can
collect when you visit our website. If you do not allow us to collect this information, then we may be
unable to offer you the best experience possible when accessing and using our website.
By clicking on a link to another website or location, you will leave our website and navigate to the
other website; in this case, your personal information or anonymous data may be collected by another
location. We do not monitor or review these external websites or their contents and shall not be liable
for them or their contents. Please check the privacy policies of these other websites before you submit
any personal data to them.


COOKIES
Our Website uses cookies to distinguish you from other users of our Website. This helps us to provide
you with an enhanced experience when you browse our Website and also allows us to improve our
site.
A cookie is a small text file of letters and numbers that is stored on your computer by websites that
you visit. Cookies are widely used in order to make websites work, or to make them work more
efficiently, as well as to provide information to the owners of the site. Cookies allow a website to
remember things like your preferences or what is in your shopping basket. Cookies may be set by the
website you are visiting ("First Party Cookies") or they may be set by other websites who run content
on the page you are viewing ("Third Party Cookies"). Some of these cookies are essential in order
for you to use our website however some cookies are optional.
We use different types of cookies including session cookies which are deleted after each visit and
permanent cookies that remain in place across multiple visits to our site. We also use a third party
cookie called "Google Analytics" which monitors use of our website, page visitor numbers etc. Google
Analytics cookies do not collect personal data about you.
We use cookies to keep track of your information during the time you view the Website and to identify
your particular areas of interest so as to enhance your future visits to this Website. We also use them
to collect information about how visitors generally use our Website, as well as to recognise return
visitors.
Most web browsers allow some control of cookies through the browser settings. You may refuse to
accept certain cookies by activating the setting on your browser, which allows you to refuse the
setting of cookies. However, if you select this setting you may be unable to access certain parts of the
Website. Unless you have adjusted your browser settings so that it will refuse cookies, our system will
issue cookies when you log on to our Website.


You can easily remove from your computer any cookies that have been created in the cookie folder of
your browser. The process for doing this may vary from device to device, however, if you click on the
'Help' function from your 'Start' button and enter cookies, you should be able to search for information
on how to locate the folder. For information on how to remove cookies on your mobile phone browser,
please see your handset manual.
For more information about cookies, including how to see what cookies have been set, how to delete
cookies and how to disable them from your browser, please visit: www.allaboutcookies.org.
Your continued use of the Website signifies that you agree to such use of your data and your
agreement to the terms of this Privacy and Cookies Policy.


‘SPECIAL CATEGORY’ DATA
During the course of dealing with you, we may collect information about you relating to your racial or
ethnic origin, political opinions, religious or philosophical beliefs, trade union membership,
physical or mental health, criminal convictions, sex life or sexual orientation, or certain types of
genetic or biometric data (such information is known as ‘special category’ data).
This is most likely to occur, for example, if we are conducting a particular study for a client
researching a product or service which relates to this type of data.
We will use any ‘special category’ data that we collect about you in order to perform our analytical and
research services for our clients :
● provided we have your explicit consent to use it, or
● we believe that we need to use that data to protect your vital interests where you are not able
to provide us with your explicit consent, or
● you have previously made that data public knowledge, or
● we need to use that data to establish, exercise or defend legal claims.


DISCLOSURE OF YOUR INFORMATION
You agree that we have the right to share your personal information (subject to appropriate
confidentiality undertakings) with:
● any bona fide regulatory, legal, or Governmental body to whom we are legally obliged to disclose
data;
● our auditors and any Quality Assurance Assessors;
● Dropbox, OneDrive, Google Drive and other online cloud providers;
● selected third parties including:
● business partners, customers, suppliers and sub-contractors to the extent we reasonably
consider that it is in your best interests for us to do so, or it is necessary for our legitimate
business interests;
● analytics and search engine providers that assist us in the improvement and optimisation
of our site;


We will disclose your personal information to third parties:
● in the event that we enter into negotiations to sell or buy any business or assets, in which case we
will disclose your personal data to the prospective seller or buyer of such business or assets;
● if we or substantially all of our assets are acquired by a third party, in which case personal data
held by it about you will be one of the assets transferred to the third party; or
● if we are under a duty to disclose or share your personal data in order to comply with any legal
obligation, or in order to enforce or apply any contract between you or us, or our website terms of
use, or to protect the rights, property, or safety of us, our customers, or others. This includes
exchanging information with other companies and organisations for the purposes of fraud
protection and credit risk reduction.


IDENTIFYING YOU AS A CLIENT
If you are a business client, we may identify you as our client in our marketing material, although we
will never publicly disclose any confidential information without having obtained your prior consent. If
you do not agree to us identifying you as our client, please notify us by writing to the address at the
top of this policy, or by emailing us at info@bigsofatech.com


WHERE WE STORE YOUR PERSONAL DATA
We will take all steps reasonably necessary to ensure that your data is treated securely, including
taking the following safeguards:
● Entry controls. Access to our premises is manned by a security guard during working hours
and the entrance to our premises is locked outside working hours.
● Secure lockable drawers and cupboards. Desks and cupboards are kept locked when not
in use if they hold confidential information of any kind.
● Methods of disposal. Paper documents are disposed of by shredding in a manner that
ensures confidentiality.
● Equipment. Our internal policies require that individual monitors do not show confidential
information to passers-by and that users lock or log-off from their computer when it is
unattended.
● Firewalls. Some of the data that we collect from you may be transferred to, and stored at, a destination outside the United Kingdom. It may also be processed by personnel operating outside the United Kingdom
who work for us. This includes staff engaged in, among other things, the processing of your payment details and the provision of support services in order for us to provide our clients the services they require. By submitting your personal data, you agree to this transfer, storing or processing. If you are
concerned about the levels of data security in any of those countries, please let us know and we will endeavour to advise what steps will be taken to protect your data when stored overseas. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our Website; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.


HOW LONG WE WILL STORE YOUR PERSONAL DATA
The length of time that we will store your data will depend on the ‘legal basis’ for why we are using
that data, as follows:
Legal basis Length of time
Where we use/store your data because it is
necessary for the performance of the contract
between you and us
We will use/store your data for as long as it is
necessary for the performance of the contract
between you and us
Where we use/store your data because it is
necessary for us to comply with a legal obligation
to which we are subject
We will use/store your data for as long as it is
necessary for us to comply with our legal
obligations
Where we use/store your data because it is
necessary for our legitimate business interests
We will use/store your data until you ask us to
stop. However, if we can demonstrate the
reason why we are using/storing your data
overrides your interests, rights and freedoms,
then we will continue to use and store your data
for as long as it is necessary for the
performance of the contract between you and
us (or, if earlier, we no longer have a legitimate
interest in using/storing your data)
Where we use/store your data because you have
given us your specific, informed and unambiguous
consent
We will use/store your data until you ask us to
stop, or until the purpose for which the
information was collected is no longer valid


YOUR RIGHTS
You have various legal rights in relation to the information you give us, or which we collect about you,
as follows:
● You have a right to access the information we hold about you free-of-charge, together with
various information about why and how we are using your information, to whom we may have
disclosed that information, from where we originally obtained the information and for how long
we will use your information.
● You have the right to ask us to rectify any information we hold about you that is inaccurate or
incomplete.
● You have the right to ask us to erase the information we hold about you (the ‘right to be
forgotten’). Please note that this right can only be exercised in certain circumstances and, if
you ask us to erase your information and we are unable to do so, we will explain why not.
● You have the right to ask us to stop using your information where: (i) the information we hold
about you is inaccurate; (ii) we are unlawfully using your information; (iii) we no longer need to
use the information; or (iv) we do not have a legitimate reason to use the information. Please
note that we may continue to store your information, or use your information for the purpose
of legal proceedings or for protecting the rights of any other person.
● You have the right to ask us to transmit the information we hold about you to another person
or company in a structured, commonly-used and machine-readable format. Please note that
this right can only be exercised in certain circumstances and, if you ask us to transmit your
information and we are unable to do so, we will explain why not.
● Where we use/store your information because it is necessary for our legitimate business
interests, you have the right to object to us using/storing your information. We will stop using/storing your information unless we can demonstrate why we believe we have a legitimate business interest which overrides your interests, rights and freedoms.
● Where we use/store your data because you have given us your specific, informed and
unambiguous consent, you have the right to withdraw your consent at any time.
● You have the right to object to us using/storing your information for direct marketing purposes.
If you wish to exercise any of your legal rights, please contact us at info@bigsofatech.com
You also have the right, at any time, to lodge a complaint with the Information Commissioner’s Office
if you believe we are not complying with the laws and regulations relating to the use/storage of the
information you give us, or that we collect about you.


AUTOMATED DECISION-MAKING
We do not use automated decision-making processes.


CHANGES TO OUR POLICY
Any changes we make to our policy in the future will be posted on our website and, where
appropriate, notified to you by email. Please check our Website frequently to see any updates or
changes to our policy.


CONTACT
Questions, comments and requests regarding this policy are welcomed and should be emailed to us
at info@bigsofatech.com
Our Data Protection Officer is Emma Langdon

edit