Privacy Policy
1. How Peraison manages privacy
With increasing privacy/data protection regulations, in particular the EU General Data Protection Regulation (GDPR), Peraison Group LLP (“Peraison”), realises that privacy is a significant concern for its customers and partners. takes this concern seriously and adheres to data protection laws by implementing both security-by-design and privacy-by- design methods in its development process.
The purpose of this policy is to inform you of our practices regarding the collection, use and sharing of personal data that is provided to Peraison through the use of our services, products or website.
​
Peraison understands the importance of the General Data Protection Regulation (GDPR) and tries constantly to apply it to its fullest extent. The GDPR has not only direct application in the European Union, but also a principle of extraterritoriality and under certain circumstances, protection of personal data is extended outside European borders.
In our Privacy Notice we use a few GDPR terms; the understanding of these terms is essential, in order to better understand your rights and our Privacy Notice. Below you will find some terms as defined in the GDPR:
​
Personal data:
any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
​
Processing:
any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
​
Controller:
the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
​
Processor:
a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
​
Consent:
any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
​
2. Personal data & Sources of data
This Privacy Policy applies to personal data provided by our clients (which may include the organisation, firm or entity for whom you work) and their staff, and any third party suppliers whose data we process. In this notice “you” refers to any individual whose personal data we hold or process.
​
For the vast majority of services provided by Peraison, Peraison is qualified as a controller when it collects data for processing. However, Peraison is not the controller of any personal data contained in user-generated content which is provided to Peraison in consulting engagements. Furthermore, no data is collected (personal or other) through Peraison products such as the Peraison Write Back Extension.
​
Any data we do hold per acceptance with our clients is done so as a data processor. The relevant user of our service is the controller for this data. Our terms require that such users process this data in accordance with applicable data legislation. In our Terms & Conditions this is defined as “Collaborator Personal Data” and the processing of Collaborator Personal Data by us will be governed by the terms of our Data Processing Agreement (“DPA”).
​
PERSONAL DATA AUTOMATICALLY COLLECTED:
Furthermore, Peraison collects automatically data via its website IP addresses, connection data, types and versions of Internet browsers used, types and versions of your browser plugins, data about your browsing path on our website, the content that you access or view, the search terms used, the length of time that certain pages are viewed, the advertising ID of your device, the interactions with the page and any number of pages.
3. Our Commitment
​
DATA MINIMISATION:
Adequate, relevant and limited to what is strictly necessary in relation to the processing purposes. When ordering a service, we only ask you to provide data that is necessary for Peraison in order to provide you with our services or products.
​
ACCURACY:
Accurate and kept up to date; if Peraison becomes aware that it is processing any inaccurate data it is erased or rectified without delay.
​
STORAGE LIMITATION:
Data is stored no longer than is necessary for the processing purposes; Any personal data collected by Peraison from our clients and their users is kept during the entire duration of the contractual relationship and for the following 12 months. At the end of this retention period, such data is completely erased from all media and backups. We will hold information for suppliers for up to 7 years from the date on which our agreement with that supplier terminated.
​
INTEGRITY & CONFIDENTIALITY:
Your data is processed in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures.
​
4. Your Rights
Peraison takes appropriate measures to provide you with any information related to your data and your rights. We also want to facilitate the exercise of your data rights. Please contact us at contact@peraison.com, if you have any questions or you want to exercise any of your rights (see below); we will respond to your request as soon as possible and no later than a month after receiving your request. Please note that any reasonable information queries related to your data or the exercise of your rights is free of charge.
​
RIGHT OF ACCESS:
You have the right to obtain from Peraison confirmation as to whether or not your personal data is being processed.
​
In addition to that, you have the right to access your personal data and obtain information about the purposes of the processing, the categories of personal data concerned, the recipients or categories of recipient to whom the personal data has been or will be disclosed, the envisaged period for which the personal data will be stored, your GDPR rights, any available information as to the source of your data and finally the existence of automated decision-making, including profiling. Furthermore, in case of transfer to a third country, you have the right to be informed about measures of security relating to the transfer.
​
In order to exercise your right to access your personal data, Peraison shall provide a copy of the personal data undergoing processing.
​
A number of the above questions are answered in the present Privacy Policy. Although, within a month from your request you will receive a copy of specific information about your personal data. Be aware that Peraison will ask you to provide proof of identity, in order for you to exercise your rights.
​
RIGHT TO RECTIFICATION:
You have the right to demand rectification of inaccurate personal data and complete any incomplete personal data.
​
RIGHT TO ERASURE:
You have the right to make a request about the erasure of your personal data or request that your personal data be transferred or exported to another organisation. This right is not absolute and must be based on specific circumstances. You should be aware that Peraison may reject your request on the basis of GDPR rules. For more information, please do not hesitate to contact us.
​
RIGHT TO RESTRICTION OF PROCESSING:
You may have the right to obtain restriction of processing for specific reasons mentioned in the GDPR. For more information, please do not hesitate to contact us. Peraison shall inform you before the restriction of processing is lifted.
​
RIGHT TO DATA PORTABILITY
You have the right to receive your data in a structured, commonly used and machine- readable format, in order to transmit it to another service provider. To exercise your data portability right you can request that your data be transmitted directly to the service provider that you shall indicate to Peraison, if technically possible.
​
RIGHT TO OBJECT:
You can at any time object to processing of your personal data. As of such request, Peraison shall no longer process your data.
To exercise this right you must provide Peraison with an objection on grounds that are related to your situation in particular.
​
RIGHT TO WITHDRAW CONSENT
At any time, you may withdraw any permission you have given us to process your personal data. For example, you can request that your personal data will not be used to contact you for direct marketing purposes. You also have the right to request that your personal data will not be used for profiling purposes.
​
RIGHT TO COMPLAIN:
If you are not satisfied with the way Peraison applies the GDPR rules or if Peraison does not respect the one-month response time previously announced, please be aware that you have the right to lodge a complaint with a supervisory authority; The supervisory independent authority in the United Kingdom is the ICO (Information Commissioner’s Office).
​​
5. Subcontractors & Data Transfers
Peraison keeps your personal data in the European Union. However, it is possible that personal data we collect as part of our services will be transferred to other countries, some of which may have less protective personal data protection legislation.
This is particularly the case regarding data transmitted to our subcontractors located outside the EU, in particular in the United States. Subcontractors are called processors by the GDPR. Peraison has contracts with processors that provide sufficient guarantees about data protection, respect the GDPR or the Privacy Shield and only act on Peraison instructions.
​
Peraison has verified that our non-EU subcontractors are Privacy Shield certified. The Privacy Shield is a self-certification mechanism for companies established in the United States that has been recognised by the European Commission as providing an adequate level of protection for personal data transferred by a European entity to companies established in the United States.
This mechanism is therefore considered to offer legal guarantees for such data transfers.
​
There are certain additional circumstances in which we may disclose your personal data to third parties, as follows:
-
we may be required to disclose certain data to regulators or other lawful authorities;
-
we may disclose information to our group companies;
-
if we are under a duty to disclose or share your personal data in order to comply with any legal obligation (for example, if required to do so by a court order or for the purposes of prevention of fraud or other crime);
-
in order to enforce any terms and conditions or agreements for our services that may apply;
-
if we are sub-contracting services to a third party we may provide information to that third party in order to provide the relevant services;
-
we may transfer your personal data to a third party as part of a sale of some or all of our business and assets to any third party or as part of any business restructuring or reorganisation or investment round, but we will take steps with the aim of ensuring that your privacy rights continue to be protected;
to protect our rights, property and safety, or the rights, property and safety of our users or other third parties. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
​
6. Security Measures
Peraison takes the necessary precautions by having implemented appropriate technical and organisational measures to preserve the security and confidentiality of personal data, in particular to prevent any accidental, unauthorised or unlawful access, disclosure, alteration, loss or destruction. If personal data we hold about you is subject to a breach or unauthorised disclosure or access, we will report this to our management team and/or the Information Commissioner’s Office (ICO) as is deemed necessary. If a breach is likely to result in a risk to your data rights and freedoms, we will notify you as soon as reasonably possible.
​
7. Summary of Commitment
-Data minimisation;
-transparency about our processes, policies & actions;
-daily backups;
-an authorisation management system that limits access to data only to those who need access to it in the context of their duties and scope of activity;
-a strict password policy for Peraison personnel including two-way authentication;
-processes to trace all actions performed on our information system; we perform regular penetration tests and write reports in the event of an incident affecting our customers’ data;
-a limited storage period (12 months after your contract term);
-regular reviews of personal data;
-encryption by default;
-contracts with GDPR or Privacy Shield compliant subcontractors;
-Data Protection Impact Assessment reports for future projects.
​
8. Updates to Privacy Policy
Peraison regularly reviews its Privacy Policy. We will communicate changes to our policy on our website and to clients where instructed to help ensure you are always aware of the information we collect, how we use it, and in what circumstances, if any, we share it with other parties.