This policy was last updated on 10 May 2023
About this policy
This policy explains how we collect and use personal data from and about visitors to our Website (https://amdaris.com/), prospective customers, and customers who engage Amdaris to use our software development and application support services.
As we make changes to our website and business practices, we may need to update this policy. If we make any important changes, we will make sure we bring this to your attention and explain what it means to you.
Who we are
We are the Amdaris Group (Amdaris, we, us, or our) which is formed of the following companies:
|UK||Amdaris Group Limited (registered in England and Wales under company number 10485133 with its registered office at Aurora Studio A, Counterslip, Bristol, England, BS1 6BX)
Information Commissioner’s Office registration number: ZA220379
|Wholly owned subsidiaries of Amdaris Group Limited:|
|Moldova||Amdaris S.R.L (registered in Moldova with its office at Mt.Varlaam 63/23 str, Chisinau, Moldova|
|Bulgaria||Amdaris Bulgaria EOOD, registered in Bulgaria with registration number UIC 206772815 and with its office at Sofia, post code 1000, district Triaditza, ul. “Georgi Benkovski” 11, 3rd floor, 1000 Sofia, Bulgaria|
|Ukraine||Amdaris Ukraine LLC, registered in Ukraine with registration number 44244936 and with its office at 65007, Odessa region, Odessa, street Novoshchipny row, bldg. 15/17|
|Romania||Amdaris Romania S.R.L (registered in Romania with its office at United Business Center 3, Timișoara, Piata Consiliul Europei 2E, Romania, 300088|
|UAE||Amdaris Software Limited (registered in Dubai with its office at Dubai International Financial Centre, Unit Office-8, Office 9, Level 4, Gate District 5, Dubai, UAE|
Our customers are businesses to who we provide technical support to help develop and maintain applications created by their in-house teams. Alternatively, or in addition to our technical support services, we offer our clients advisory services.
If you are a visitor or a key contact working for a prospective or existing customer, Amdaris is the controller for your information (which means that we decide what information we collect and how it is used).
Where you are employed or engaged by our customers and them:
- Provide us your information (e.g. because you are a contact that our team members need to collaborate with); or
- access to your information (e.g. administrative access to their internal systems which hold your information),
Amdaris is the processor for your information (which means we must follow the instructions they give us).
The information we collect about you
Personal data means any information that identifies or could be used to identify a person. We have grouped together the types of personal data we collect and how we receive it:
|Individuals working for our customers|
|Personal Data||Received from|
|Identity data – first name, last name, title, job title, employer, pronouns, work experience (to help us assess any skill gaps or expertise Amdaris needs to provide our services and support our customers’ inhouse team)||
|Contact Data – work email address, work telephone number, social media handle, office address||
|Feedback and enquiries – satisfaction rating and any responses you provide when you rate our services or reply to a survey, any information you send when you contact us||
|Image and audio – profile picture, photograph, video footage, audio recording, CCTV||
|Marketing – your status as a marketing recipient (e.g. if you have signed up to or opted out of receiving communications from us), your preferred method of communication and how you have interacted with our communications and content, your telephone preference service (TPS and CPTS) status||
|Information is available via our access to our customer’s systems: Amdaris are given access to customer systems so that we can provide our services. The types of information we have access to will vary depending on our customer, the project and the systems.||
|Website visitors and individuals interacting with our corporate social media accounts|
|Interactions with our corporate accounts – first name, last name, social media handle, profile picture, content of posts and any additional information you choose to provide||
|Enquiries – information provided in webform submissions, direct messages, social media interactions, by email or by telephone||
|Website usage data – audit logs, chat logs, content or information input or uploaded, clickstream to and on our Website, download or upload errors, length of visit, page interaction||
|Technical data – internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and type of device used to access our Website||
|Marketing – your status as a marketing recipient (e.g. if you have signed up to or opted out of receiving communications from us), your preferred method of communication and how you have interacted with our communications and content||
|Job applicants and prospective employees|
|Identity data – first name, last name, title, current job title, current employer, gender, pronouns||
|Contact data – work email address, work telephone number, personal email address, personal telephone number, social media handle||
|Recruitment – previous job titles, employment history, preferred working hours, qualifications or accreditations, right to work status, professional memberships, CV, application form, outcome of recruitment process, current and desired salary, DBS checks||
|Sensitive – information about your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, data concerning (mental or physical) health, sex life or sexual orientation, trade union members, information about criminal convictions and offences.
Note: we typically only receive this information if you voluntarily complete diversity or inclusion questionnaires, you require reasonable adjustment or the information is publicly available.
How we use your information
We use your personal data to:
- pursue our legitimate interests (our justifiable business aims) but only if those interests are not outweighed by your other rights and freedoms (e.g. your right to privacy)
- to do something that you have given your consent (permission) for
- to comply with a legal obligation that we have
|Respond to enquiries and requests that you submit on our Website or via other online platforms||Legitimate interest (necessary to engage prospective customers, provide customer service)|
|To identify prospective customers and obtain contact details for key contacts (from third party lead generation services)||Legitimate interest (necessary to promote and grow our business)|
|Taking steps to enter into the contract with our customer||Legitimate interests (as our customer is an organisation, as necessary to conclude our contract with such organisation and obtain contact details for key contracts)|
|Provide our technical services to our customer||Legitimate interest (necessary to administer the contract between Amdaris and our customer)|
|Processing payments and collecting and recovering monies owed to us||Legitimate interests (as necessary to recover monies and debts due to us)|
|to make recruitment decisions||legitimate interest (necessary to attract, assess and retain individuals with skills, experience and expertise required to provide our services and conduct other business activities)|
|to investigate and respond to complaints||Legitimate interest (necessary to remedy errors, improve our service and protect our reputation)|
|to lodge or respond to a legal claim||legitimate interest (necessary to enforce our contractual or legal right or to effectively respond to a claim made against us|
|To send service notifications and updates||Legitimate interest (for customers, as necessary to administer the contract between Amdaris and our customer)|
|Administering and protecting products, services and systems (and those of our customers and processors)||Legitimate interests (necessary to provide our services, monitor and improve network security and prevent fraud)|
|Providing insight on how our services are being used||Legitimate interest (necessary to improve and optimise our services)
Legitimate interests (to provide our customer with an overview of service users’ engagement with the service)
Consent (where this information is obtained by non-essential cookies and similar technologies)
|Send you our e-newsletter||Consent (where you have directly subscribed to receive our newsletter)
Legitimate interest (necessary to promote our services to contacts at our business customer)
|Ask you to participate in surveys and other types of feedback||Legitimate interest (necessary to monitor and improve our customer service and Website)|
|Sending you electronic marketing communications||Consent (where you have indicated to us you would like to receive marketing communications, e.g. by subscribing to our mailing list)
Legitimate interests (where we market on a business-to-business, also known as B2B, basis – necessary to promote and grow our business)
|Administer and protect how our Website functions||Legitimate interest (necessary to monitor and improve network security)|
|Analyse how you interact with our Website||Legitimate interest (necessary to improve and optimise our Website and its content)|
|To notify you about changes to this document||Legal obligation|
|To enable a person to exercise their legal rights||Legal obligation|
|To provide reasonable adjustment||Legal obligation|
Who we share your information with
- Our personnel: Amdaris employees (or other types of workers) who have contracts containing confidentiality and data protection obligations.
- Other entities within the Amdaris Group: we share information within our group. We have a data sharing agreement which all our group entities are party to which sets out our responsibilities and data protection obligations and includes appropriate legal mechanisms to allow us to transfer personal data between countries in a safe and lawful way.
- Our customers: where we correspond or administer our services. Our customer is the controller they receive from us (which means they make their own decisions about how they use that information. Where we act as the processor for our customer, we only use personal data in the way they expressly authorise us to in writing or in our contract with them). If you have any questions about how they use the information they receive you should ask to see their privacy information.
- Our supply chain : we engage other organisations to help us administer our Website (such as our hosting, analytics insight, marketing, IT infrastructure, advertising, recruitment agencies). These organisations can only access the information required to provide the service we use them for and are bound by contracts containing confidentiality and data protection obligations.
- Our professional advisers: such as our accountants or legal advisors.
- Regulatory authorities such as national tax authorities (for example, HM Revenue & Customs in the United Kingdom).
- Social medial platforms linked to our Website: where you click a link on our Website which transfers you to a third-party website (such as LinkedIn, Twitter, Facebook, YouTube).
- Any actual or potential buyer of our business.
If we are asked to provide your information (e.g. by the police) we follow strict internal processes to ensure it is a valid request and carefully consider the potential impact on you before we decide to share information. We can decide to seek legal advice to help us decide whether to respond to or reject a request.
If we are the processor for that information, unless we are not allowed to do so, we notify our customer (the controller) and they will decide what to do next.
Where your information is located or transferred to
Where we transfer personal data outside the UK or the EEA we will only do so to a country that is subject to an adequacy decision given by the UK Secretary of State or the European Commission or in reliance upon a valid mechanism for transferring personal data under UK or EEA law.
If you would like further information about international transfers and the specific mechanism relied upon by us for a specific transfer, please contact us at email@example.com
How we keep your information safe
We have security measures to reduce the risk of your personal data being accidentally lost, used or accessed in an unauthorised way, altered or disclosed (a data breach). Some examples of the measures we use are:
- https technology
- technical measures (e.g. monitoring and security alert systems, intrusion detection and prevention systems, internal vulnerability scans and penetration testing, backups, encryption technologies, MFA)
- organisational measures (e.g. incident reporting processes, internal policies and procedures, staff training, internal audits, risk analysis)
- external audits (e.g. penetration testing, vulnerability testing, Information Security System audits, network scanning)
- procurement processes (supplier analysis, NDAs).
Where there has been a suspected data breach, if we are the controller for the affected data then we will notify you and the relevant regulator where required to do so. If we are the processor for the affected information, we inform the relevant controller and support them with their investigation and response to the data breach.
How long we keep your information for
We only keep your personal data for as long as necessary in connection with the purposes we collected it for and to comply with any legal, accounting or reporting requirements. To decide how long we keep your personal data for, we consider the amount, nature and sensitivity of the personal data, the purposes for which it was collected and the potential risk of continuing to keep it.
- Where you submit an enquiry via our Website, we keep the information for 60 months (unless your organisation subsequently becomes our customer, or engages in ongoing discussions with our company in which case we keep it for three years after our relationship has ceased.
- We keep the analytical data about how you used our Website for 60 months.
- Where you subscribe to our newsletter or marketing communications, we actively use your information until you unsubscribe or your email becomes permanently unavailable. When you unsubscribe, we keep a record of your preference to ensure that you are not
- We return information or cease to have access to most personal data at the end of our customer relationship but we retain key contact information for three years so we have a point of contact on our CRM system.
- We may keep information for longer where there is a legal obligation to do so (e.g. finance records) or we have a legitimate interest (e.g. to defend against legal claims).
Where Amdaris has converted personal data into anonymous data (which means it is no longer possible to identify a person from the information) we keep that information indefinitely.
Where you have indicated you would like to receive marketing emails from Amdaris, we use Salesforce, Mailchimp and ActiveCampaign and Pardot to deliver and monitor those emails. Their digital tools let us see whether a recipient has clicked any of the links in our email, which help us understand what content that individual might find interesting and allow us to personalise the content of future emails.
Pixels (which are a similar technology to cookies) within those emails enable Amdaris to see:
- if the email was opened
- where the device opening the email was located (based on the device’s IP address)
- the type of email client (e.g. Outlook) that was used
- if the email (or its content) were shared on social media
- if the email was flagged as spam
Our marketing emails always include a link which allows you to unsubscribe at any time.
Additional information for individuals based in the UK or EEA
You have specific legal rights under data protection law. These are equivalent in the UK and EEA so we have grouped them together. They are the right to:
- Access: you must be told if your personal data is being used. You can ask for a copy of your personal data as well as information about how we are using it to make sure we are abiding by the law.
- Correct: you can ask us to correct your personal data if it is inaccurate or incomplete. We might need to verify the new information before we make any changes.
- Delete: you can ask us to delete or remove your personal data if there is no good reason for us to continuing holding it or if you have asked us to stop using it (see below). If we think there is a good reason to keep the information you have asked us to delete (e.g. to comply with regulatory requirements), we will let you know and explain our decision.
- Restrict: you can ask us to restrict how we use your personal data and temporarily limit the way we use it (e.g. whilst you check that the personal data we hold for you is correct).
- Object: you can object to us using your personal data if you want us to stop using it. We always comply with your request if you ask us to stop sending you marketing but in other cases, we decide whether we will continue. If we think there is a good reason for us to keep using your information, we will let you know and explain our decision.
- Transfer: you can ask us to send you or another organisation an electronic copy of your personal data.
- Complain: we hope that we can answer any questions or respond to any concerns you might have, so please contact us in the first instance by emailing firstname.lastname@example.org. However, if you are unsatisfied with our response or would prefer to escalate immediately, you can contact the relevant authority.
- If you are in the UK: you can contact the ICO.
- If you are in the EEA: you can contact the supervisory authority of your country.
It is usually free for you to exercise your rights and we aim to respond within one month. We might ask you to verify your identity before we begin working on your request as part of our security measures (to keep personal data safe).
It might take us longer to deal with more complicated requests or where multiple requests are made at the same time, but we will always let you know first and will only ever extend the deadline by a maximum of two months.
The only time we charge a fee or refuse to respond is if we feel the request is unfounded or excessive, but we will always let you know and explain our decision.
We do not respond directly to requests which relate to personal data for which we act as the processor. In this situation, we forward your request to the relevant controller and await their instruction before we take any action.
If you want to make any of the right requests above, you can reach us at email@example.com.
Additional information for individuals based in the State of California
Any reference to personal data in this policy include references to personal information as defined under California Consumer Privacy Act (CCPA).
You have specific legal rights under the CCPA which differ from the rights granted to individuals based in the UK and EEA. They are the right to:
- Access and delete: the rights to access and delete information as described above are limited to the personal data that we have collected over the previous 12 months and are subject to the exceptions set out in the CCPA.
- Opt-out of sale of information: we do not sell your personal data but you are free to inform us that you wish us to continue with this policy.
- Non-discrimination: you must not face any discrimination for exercising your legal rights under the CCPA (such as denying you access to our Services).
We confirm that we have not sold any personal data in the past 12 months.
For the purposes of the CCPA, we are deemed to routinely undertake disclosures of personal information to third parties for business purposes. We enter contracts with those third parties which include binding confidentiality clauses and restrictions which prevent them using your information for any other purpose. In the past 12 months we have disclosed all of the categories of personal information listed in the Information we collect about you section which our supply chain for the purposes of hosting our Website and marketing systems, detecting and protecting against security incidents and debugging to identify and repair errors.
We do not respond directly to requests which relate to personal data for which we act as the processor. In this situation, we forward your request to the relevant controller and await their instruction before we take any action.
You (or another person authorised by you and registered with the California Secretary of State) can make a request under the CCPA by emailing firstname.lastname@example.org.
What are cookies?
Cookies are small text files that are downloaded to your device when you access a website. Cookies contain a uniquely generated references which are used to distinguish you from other visitors on a website. They allow information gathered on one webpage to be stored until it is needed for use on another, allowing a website to provide you with a personalised experience (like remembering your favourites) and the website owner with statistics about how you interact with their (and sometimes third party) webpages.
Cookies are not harmful to your devices (like a virus or malicious code) but some individuals prefer not to share their information (for example, to avoid targeted advertising).
Different types of cookies
- Session vs. persistent cookies: cookies have a limited lifespan. Cookies which only last a short time or end when you close your browser are called session cookies. Cookies which remain on your device for longer are called persistent cookies (these are the type of cookies allow websites to remember your details when you log back onto them).
- First party vs third party cookies: cookies placed on your device by the website owner are called first party cookies. When the website owner uses other businesses’ technology to help them manage and monitor their website (for example, they use Google Analytics to see how many visitors their website has), the cookies added by the other business are called third party cookies.
- Categories of cookies: cookies can be grouped by what they help the website or website owner do.
- Essential cookies are cookies whose only function is to help the website work.
- Functional cookies help the website to run properly.
- Performance cookies help a website owner understand and analyse how website visitors use their website.
- Advertising cookies tailor online adverts to reflect the content you have previously browse and help inform companies about your interests so they can show you relevant adverts.
- to track how visitors use our Website
- to record whether you have seen specific messages we display on our Website
- to record the conversation thread when you use our webchat function.
The cookies we use are:
|USED BY||COOKIE||TYPE||DURATION||WHAT IT DOES|
|Pardot||Visitor_id*-Hash||Functional||persistent||The visitor hash cookie contains the account ID and stores a unique hash. For example, the cookie name visitor_id12345-hash stores the hash “855c3697d9979e78ac404c4ba2c66533”, and the account ID is 12345. This cookie is a security measure to make sure that a malicious user can’t fake a visitor and access corresponding prospect information.|
|Salesforce Pardot||visitor_id<accountid>||Marketing/Tracking||12 months||The visitor cookie includes a unique visitor ID and the unique identifier for your account. For example, the cookie name visitor_id12345 stores the visitor ID 1010101010. The account identifier, 12345, makes sure that the visitor is tracked on the correct Pardot account. The visitor value is the visitor_id in your Pardot account. This cookie is set for visitors by the Pardot tracking code.|
|Pardot||LPV*||Statistics||30 minutes||This LPV cookie is set to keep us from tracking multiple page views on a single asset over a 30-minute session. For example, if a visitor reloads a landing page several times over a 30-minute period, this cookie keeps each reload from being tracked as a page view.|
|Active Campaign||Ac_enable_tracking||Functional||1 month||This cookie is associated with Active Campaign and is set to confirm that tracking has been enabled for the website. Tracking is used to create reports of our web traffic and improve the user experience of the website.|
|Google Analytics||_ga_*||Statistics||1 year||to store and count pageviews.|
|AEC||Functional||6 months||Ensure that requests within a browsing session are made by the user, and not by other sites|
|Active Campaign||Prism_*||Marketing/Tracking||2 years||to Store and track interaction.|
|Cloudflare||_cfuvid||Functional||30 days||The ‘__cfduid’ cookie is established by the CloudFlare service to identify trusted website traffic. It does not correspond to any user ID on the web application nor does it store identifying personal data.|
|Google Ads Optimization||NID||Marketing/Tracking||6 months||to provide ad delivery or retargeting, store user preferences.|
|OTZ||30 days||cookie used by Google Analytics that provides an aggregate analysis of Website visitors. The “S” cookie may collect certain information used to help improve services, including the pages users visit most often and whether users get error messages from certain pages.|
|ws.zoominfo.com||visitorId||1 year||Preserves users states across page requests.|
|Google Analytics||__utmz||Statistics||6 months||to store used keyword and search engine.|
|personalization_id||Tracking||12 months||This cookie tracks activities off Twitter for a personalized experience|
|t.co||muc_ads||Advertising||2 years||This cookie collects data on user behavior and interaction in order to optimize the website and make advertisement on the website more relevant.|
|Google Analytics||__utma||Statistics||persistent||to Store the calculation of days and time to purchase.|
|_fbp||Marketing/Tracking||3 months||to store and track visits across websites.|
|Google Analytics||__utmc||Statistics||30 minutes||to store time of visit.|
|Cookie Notice for GDPR||Cookie_notice_accepted||Functional||persistent||to read if cookies can be placed.|
Accepting or declining cookies (and how to delete them)
You can choose to decline cookies but if you turn off necessary cookies, some pages and functions on our websites may not work properly.
You can manage cookies through your browser settings (the websites All About Cookies and About Cookies have helpful guides) or device settings (your user manual should contain additional information).
You can also delete cookies directly with the relevant third parties (for example, you can disable Google Analytics on their website)