Object Matrix Privacy Policy

(Last updated on: 06/05/2021)

Our Contact Details

Registered Office:

Object Matrix
14th Floor (South),
Capital Tower,
Greyfriars Road,
Cardiff,
CF10 3AG
United Kingdom

+44 2920 382308

sales@object-matrix.com

Our website www.object-matrix.com is owned and operated by Object Matrix Ltd

Object Matrix Ltd is a company registered in England and Wales under registration number 04933751

Please read through carefully and if you have any questions regarding this Privacy Policy, please contact our Data Protection Officer, Jon Morgan, who can be contacted using any of the details above.

1. Introduction

This page explains how we lawfully, fairly and transparently use any personal data we collect, whether you are an existing customer, interested party or website visitor. We collect, use and are responsible for certain personal data about you. We are committed to safeguarding the privacy and security of your personal data. Please read this policy carefully as it contains important information on who, how and why we collect, store and use and share your personal data. It also explains your rights in relation to your personal data and what you can do if you have a complaint.

This policy applies where we are acting as a data controller with respect to your personal data. “Data Controller” means the party who determines the purpose and means of processing personal data, as per the prevailing data protection legislation. We are registered as a data controller with the Information Commissioners Office and we will only use your data in accordance with the prevailing data protection legislation. We are subject to the UK General Data Protection Regulations (UK GDPR). We are also subject to the EU GDPR where you are based in the EU.

2. The type of personal information we collect

We currently collect and process the following information:

a) Identity data: your name; email address, business name and subject matter content.
b) Contact data: including your email address, telephone number (business or personal – whatever you provide us with), the name of your employer (if you contact us in a professional capacity) and address details (where appropriate);
c) Transactional data: relating to the purchase of goods and services by you or your employer/an organisation which you represent;
d) Marketing and communications data: including your preferences for receiving marketing communications from us;
e) Technical data: this is usually collected through cookies and includes your use of our website, IP address, geographical location, referral source, duration of visit, timing & frequency of visits;
f) Any other personal data which you voluntarily provide: as part of our “contact us” form, where you can include details about your enquiry. We will therefore process any additional personal data (not already captured in the above categories) included as part of that form will. This could include information such as your job role;
g) Cookie preferences.

3. How we get the personal information, how we use it and why we have it

Most of the personal information we process is provided to us directly by you for one of the following reasons:

a) You have filled in a contact form.
b) You have contacted us directly and/or requested information from us.
c) You have filled in a form in order to download a document.
d) You have chosen to sign up to our mailing list.
e) You have accepted our cookie policy.
f) Third party introducers or resellers which sell or market products and services on our behalf have passed on information.

If you provide us with your contact details, you will be giving consent for us to contact you.

Under data protection law, we must have a legal basis for processing your personal data. We consider that we have a lawful basis where:

a) You have given us your consent for the specific purposes which we have told you about. You are able to remove your consent at any time. You can do this by contacting sales_uk@object-matrix.com.
b) It is necessary to process your personal data in order to enter into a contract to sell our products or services to you or your employer/the organisation you are acting for. This also includes processing your personal data to perform steps at your request (e.g. responding when you contact us)
c) To pursue our legitimate interests of providing our services or developing new products or services. A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests. We will carry out an assessment when relying on legitimate interests, to balance our interests against your own.
d) To comply with our legal obligations.
e) The law otherwise permits or requires it.
f) We have a contractual obligation.
g) We need it to perform a public task.

We have set out below a list of all the ways we may use your personal data and the legal bases we rely on to do so.

What we use your personal data for
Category of personal data
Our legal basis
Selling products & services to you or your employer, including managing orders or our relationship with you/your employer. Identity data
Contact data
Transactional data
To perform our contract with you or your employer or to take steps at your request before entering into a contract.
To respond to your enquiries or to process your request(s) Identity data
Contact data
Transactional data (where your enquiry relates to this)
Marketing and communications data
To perform steps at your request.
To maintain a suppression list should you opt-out of receiving marketing communications from us Identity data
Contact data
Marketing and communications data
Necessary for our legitimate interests (to ensure that we are not at risk of breaching data protection laws by communicating with you when you have asked us not to) and in order to comply with our legal obligations.
Updating customer records Identity data
Contact data
Transactional data
Marketing and communications data
To perform our contract with you or your employer or to take steps at your request before entering into a contract.
To comply with our legal and regulatory obligations.
For our legitimate interests or those of a third party, e.g. making sure that we can keep in touch with you about existing orders and new services.
Operational reasons including monitoring and making improvements to services., improving efficiency and internal training Identity data
Contact data
Transactional data
Necessary for our legitimate interests in order to maintain competitive by continually enhancing our services and service levels.
Marketing our services to:
—existing and former customers;
—third parties who have previously expressed an interest in our services;
—third parties with whom we have had no previous dealings.
Identity data
Contact data
Marketing and communications data
For our legitimate interests or those of a third party, i.e. to promote our business to existing and former customers or sending things like marketing emails to individuals who have expressed an interest in receiving them.

We do not collect or process special category data. However, if we are required to do so, we will also ensure we are permitted to do so under data protection laws, by:

a) Collecting your explicit consent; or
b) Where the processing is necessary to protect your (or someone else’s) vital interests where you are physically or legally incapable of giving consent; or
c) Where the processing is necessary to establish, exercise or defend legal claims.

4. Marketing

We may use your personal data to:

a) Add you to our mailing list, and therefore:
b) Send you updates (by email) about our products and services, including exclusive offers, promotions or new products or services.
c) Inform you about other Object Matrix updates we think you would be interested in.

We have a legitimate interest in using your personal data for marketing purposes (see above ‘How we use your personal data’). This means we do not usually need your consent to send you marketing information. However, where consent is needed, we will ask for this separately and clearly.

You have the right to opt out of receiving marketing communications at any time by contacting us at sales@object-matrix.com. We may ask you to confirm or update your marketing preferences if you ask us to provide further products or services in the future, or if there are changes in the law, regulation, or the structure of our business. We will always treat your personal data with the utmost respect and never sell it with other organisations marketing purposes. We will never attain your contact details via this website without your consent or without you providing them. Our current customer relationship management (CRM) system provider is Send In Blue and by signing up to our newsletter, you acknowledge and consent that the personal information you provide will be automatically submitted to Send In Blue for processing. You can read more about Send In Blue’s Privacy Policy and how they safeguard your data by following this link.

5. Sharing your personal data

We routinely share personal data with:
a) Companies within the Object Matrix’s group;
b) Third parties we use to help deliver our products and services to you, e.g. payment service providers;
c) Other third parties we use to help us run our business, e.g. marketing agencies, CRM platforms and our website hosts;
d) Third parties approved by you, e.g. social media sites you choose to link your account to or third party payment providers.

We only allow our service providers to handle your personal data if we are satisfied they take appropriate measures to protect your personal data. We also impose contractual obligations on service providers to ensure they can only use your personal data to provide services to us and to you. Our service providers processing of your personal data is covered by this privacy policy.

We may also need to:
a) Share personal data with external auditors, e.g. in relation to external accreditation and the audit of our accounts;
b) Disclose and exchange information with law enforcement agencies, professional advisors and regulatory bodies to comply with our legal and regulatory obligations;
c) Share some personal data with other parties, such as potential buyers of some or all of our business or during a restructuring—usually, information will be anonymised but this may not always be possible. Where your personal data is shared as part of a corporate deal, the recipient of the information will be bound by confidentiality obligations.

If you would like more information about who we share our data with and why, please contact us using the details at the top of the page.

We will not share your personal data with any other third party.

6. Transferring your personal data outside of the UK

To deliver services to you, it is sometimes necessary for us to share your personal data outside the UK and European Economic Area, for example:

a) With our offices or other companies within our group located outside the UK/EEA;
b) With your and our service providers located outside the UK or EEA;
c) If you are based outside the UK/EEA;
d) Where there is a European and/or international dimension to the services we are providing to you.

Under data protection law, we can only transfer your personal data to a country or international organisation outside the UK/EEA where:

a) The UK government or, where the EU GDPR applies, the European Commission, has decided the particular country or international organisation ensures an adequate level of protection of personal data (known as an ‘adequacy decision’);
b) There are appropriate safeguards in place, together with enforceable rights and effective legal remedies for data subjects; or
c) A specific exception applies under data protection law.

We may transfer your personal data to certain countries, on the basis of an adequacy decision. These include: all European Union countries, plus Iceland, Liechtenstein and Norway (collectively known as the ‘EEA’); Gibraltar; and Andorra, Argentina, Canada, Faroe Islands, Guernsey, Israel, Isle of Man, Japan, Jersey, New Zealand, Switzerland and Uruguay.

The list of countries that benefit from adequacy decisions change from time to time. We will always seek to rely on an adequacy decision, where one exists.

Other countries we are likely to transfer personal data to do not have an adequacy decision (such as the USA). This does not necessarily mean they provide poor protection for personal data, but we must look at alternative grounds for transferring the personal data, such as ensuring appropriate safeguards are in place or relying on an exception, as explained below.

Where there is no adequacy decision, we may transfer your personal data to another country or international organisation if we are satisfied the transfer complies with data protection law, appropriate safeguards are in place, and enforceable rights and effective legal remedies are available for data subjects.

The safeguards will usually include using legally-approved standard data protection contract clauses. We also put contractual provisions, including standard contractual clauses, in place between our group companies where necessary.

7. Retention of personal data

Your information is securely stored on our CRM system. All personal data that we process for any purpose shall not be kept for longer than is necessary for that purpose. We then delete the information from our system once the user has unsubscribed, or contacted us to request a removal.
Our data retention policies and procedures are designed to ensure that we comply with our legal obligations in relation to the personal data that we retain. Notwithstanding the above, we may retain your personal data where such retention is required in order for us to comply with our legal obligations.

8. Cookie policy & use of browser cookies

We will ask you to consent to our use of cookies in accordance with the terms of this policy when you first visit our website.

What are Browser Cookies?

Internet Browser Cookies are small data files that are stored on your (the user’s) computer whilst visiting a website. They vary in their use from core functionality of CMS (content management systems) and e-commerce carts to tracking the amount and types of users visiting a website. They are also used as a ‘memory’ store, for example; on re-visiting a website a user won’t have to re-enter information, preferences or log back in.

Why would you want to remove Browser Cookies?

Some users may not want to give up personal information. There are also scenarios where if cookies aren’t implemented properly then users may be open to security vulnerability and ‘hackers’.

Types of cookies we use.

Google Analytics/Performance Cookies – These cookies allow us to analyse how anonymous users use and engage with our site. They allow us to learn how you arrive on our website, for example; from social media, and how you navigate through our site. This allows us to analyse specifics such as which content is popular, so we can improve your journey and our content to best suit your preferences. Google’s privacy policy can be found here.

Functionality Cookies – These cookies allow our website to function. These cookies include our content management system that maintains our website and the security we have in place to protect our website from hackers and bots.

Marketing/Advertising Cookies – These cookies allow us to market and advertise our website online through platforms such as Google, Facebook, Twitter and Instagram. They help to ensure that any ads are suitable for you, your interests and allow us to measure how successful our campaigns have been.

If you would like a list of the specific Cookie Plugins we use, please see our Cookie Policy Banner. If you have already accepted this banner, clear your cache and cookies from your browser and it will reappear.

How to remove Cookies from your browser?

Search ‘Browser Cookie Settings’ for your chosen website browser online, as each browser may have a difference process. This usually involves clearing your data history, cache and cookie settings.

9. Your data protection rights

Under data protection law, you have rights including:
Your right of access – You have the right to request a copy of any information which we hold about you. This is called a “subject access request”. In order to receive such information,
please send your request to our registered office along with your full contact
details.
Your right to rectification – You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure – in certain circumstances, you have the right to have all of your personal data erased. This is also known as the “right to be forgotten”.
Your right to restriction of processing – In certain circumstances, you have the right to require us to restrict processing of your personal data, e.g. if you contest the accuracy of the data.
Your right to object to processing – You have the the right to your personal data being processed for direct marketing (including profiling) at any time. You have the right to object in certain other situations to our continued processing of your personal data, e.g. processing carried out for the purpose of our legitimate interests.
Your right to data portability – You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.
Your right not to be subject to automated decision making – You have the right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you.

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.

Please contact us at sales_uk@object-matrix.com if you wish to make a request.

10. Keeping your personal data secure

We have appropriate security measures to prevent personal data from being accidentally lost, or used or accessed unlawfully. We limit access to your personal data to those who have a genuine business need to access it. We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

If you want detailed information from Get Safe Online on how to protect your information and your computers and devices against fraud, identity theft, viruses and many other online problems, please visit www.getsafeonline.org. Get Safe Online is supported by HM Government and leading businesses.

11. Policy updates

We may update this policy from time to time and therefore you should occasionally check this policy to ensure you are happy with these updates. Our website will notify users of any changes to this policy when they occur. If there are any major changes we will update our users via email.

12. How to complain

If you have any concerns about our use of your personal information, you can make a complaint to us at sales@object-matrix.com. We hope we will be able to resolve any issues you may have.

You can also complain to the ICO if you are unhappy with how we have used your data.
The ICO’s address:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk/make-a-complaint/