Privacy Notice

Who we are

‍

This Privacy Policy sets out how the GetBusy group of companies (including, without limitation, GetBusy UK Limited, GetBusy Australia Pty Limited, and GetBusy New Zealand Pty Limited, collectively GetBusy) process your personal data; whether that be in relation to your use of our websites or any application in our product suite (Workiro, Virtual Cabinet®, HelloPlan and SmartVault).

We are registered as a Data Controller with the Information Commissioner’s Office (ICO), the UK regulator for data protection issues, under number Z2192812.  

We update this Privacy Policy from time to time and encourage you to review it periodically.  Any changes will be posted here.  If there are material changes, we will endeavour to notify you directly via any email address you may have provided.

If you have any queries regarding our use of your personal data, please do not hesitate to contact GetBusy’s Data Protection Officer at privacy@getbusy.com.

You have the right to make a complaint at any time to the ICO – however we would welcome the chance to deal with your concerns before you approach the ICO, so please contact us in advance in the first instance.

‍

Compliance

‍

We take the security and privacy of your data seriously.  We need to gather and use information about you as part of our business and to manage our relationship with you – whether you are a casual visitor to our websites, a customer or a user of our applications or products.

We will comply with our obligations under the Data Protection Act 2018 (UK), Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation or GDPR), GDPR as it forms part of the law of England and Wales, Scotland and Northern Ireland by virtue of section 3 of the European Union (Withdrawal) Act 2018, the Privacy Act 1988 (Australia) and the California Consumer Privacy Act of 2018 (USA).

We act in different ways when we process your data.  These are described below.

‍

1. Website users

1.1 We act as a data controller of your personal data when you use any of our websites; including where you subscribe to any mailing lists, or browse our pages relating to corporate and product information.  We use this data for a variety of purposes, described below.

Analytics

1.2 When you use our websites, we collect personal data to power our site analytics, including:

(i) information about your browser, network and device;

(ii) web pages you visited prior to coming to our websites; and

(iii) your IP address.

1.3 This information may also include details about your use of our websites, including:

(i) clicks;

(ii) internal links;

(iii) pages visited;

(iv) scrolling;

(v) searches;

(vi) timestamps.

1.4 We share this information with our third-party website analytics provider, to learn about site traffic and activity.

‍

Cookies

1.5 Our websites use cookies and similar technologies, which are small files or pieces of text that download to a device when a visitor accesses a website or app.  For information about viewing the cookies dropped on your device, visit our Cookie Policy.

1.6 The necessary and required cookies set out in our Cookie Policy allow us and our third-party service providers to securely serve our websites to you.

1.7 Our websites use analytics and performance cookies to view site traffic, activity and other data.

‍

Visitor Data

1.8 Our websites are hosted by a third-party service provider.  They collect personal data when you visit our websites, including:

(i) information about your browser, network and device;

(ii) web pages you visited prior to coming to our websites;

(iii) web pages you view while on our websites,

(iv) your IP address.

1.9 It needs the data to run our websites and to protect and improve its platform and services.  It analyses the data in a de-personalised form.

‍

2. Customers and users using applications in our product suite

‍

1.1 We act as a data processor of your personal data when you use any of the applications in our product suite.  This includes Workiro, Virtual Cabinet®, HelloPlan, SmartVault or any other product we make available from time to time.  We use this data for the purposes described below.

‍

Customers

1.2 Where you are a GetBusy customer and have agreed to our Terms of Service, we are a service provider processing data on your behalf and under your instruction (you being the controller of that personal data) pursuant to the data protection terms in those Terms of Service.

‍

Third-party Users

1.3 Where you have been invited to collaborate by a GetBusy customer using any of the applications in our product suite under the Virtual Cabinet® Portal Terms and Conditions, we are a service provider processing data on behalf of our customer and under its instruction (it being the controller of your personal data).

‍

3. Information provided in a business context

‍

3.1 We act as a data controller when you provide us with personal data in your professional capacity in working for customers or prospective customers.  This may include your name, email address, telephone number, role within your organisation and any other similar professional information that we may collect, directly or indirectly, about you.

3.2 We may obtain this data from our global network of partners, such as through our lead registration process, co-marketing partnerships, or business and technical partners or from publicly  available sources such as social media platforms.

‍

4. Types of personal data we process

‍

4.1 We may collect, use and hold the following different kinds of personal data about you:

(i) Identity Data including first name, last name, username or similar identifier, title, data of birth and gender.

(ii) Profile Data including your username and password, user preferences, comments feedback and other information that you submit to our products and/or services.

(iii) Contact Data including postal address, email address and telephone numbers.

(iv) Customer Content Data being personal data contained in documents, messages, comments, text and images that you upload to or transmit through the products and services that we provide.

(v) Support Data being comments, feedback and information that you submit to us when using our support services.

(vi) Financial and Transaction Data including bank account, payment card details, billing address and other payment details.

(vii) Technical Data including unique user identifier, internet protocol (IP) address, login data, browser type and version, time zone setting and location, browser plug in types and versions, operating system and platform and other technology on the devices you use to access our products and services.

(viii) Usage Data being information about how you use our products and services (for example, through metadata, we log the areas, activity types, people, features, content and links you interact with, the type of files you share and what third party services you use, if any).

(ix) Marketing Data including your marketing preferences in relation to receiving marketing communications from us and, where relevant, third parties.

‍

5. What we do with personal data

‍

5.1 We are required by law to be clear about the purposes for which we are processing your personal data and the lawful basis for doing so; note that there may be more than one legal ground depending on the specific purpose.  

5.2 We use your personal data to operate, provide and improve the GetBusy product offerings.

5.3 Our purposes for using your personal data include:

(i) Providing GetBusy products:  We will use your personal data to provide and deliver our products and process transactions related to those products; including registrations, subscriptions and payments.

(ii) Securing and protecting the GetBusy products and users:  We will use your personal data to investigate and help prevent security incidents, such as through the verification of new accounts and to detect and prevent product abuse.  This includes enforcing our Acceptable Use Policy.

(iii) Measuring, supporting and improving GetBusy products:  We use your personal data to measure the use of, analyse the performance of, fix errors in, provide support for, improve and develop GetBusy products.

(vi) Communicating with you:  We use your personal data to communicate with you in relation to GetBusy products via different channels, such as email,telephone or instant messaging and to respond to any requests that you send us.

(v) Marketing:  We use your personal data to market and promote GetBusy products.  You may opt out of marketing communications at any time by unsubscribing from emails or otherwise contacting us to specify your marketing preferences.

(vi) Complying with legal obligations:  In certain situations, we may have a legal obligation to collect, use or retain your personal data.

(vii) Purposes for which we seek your consent:  We may also seek your consent to use your personal data for a specific purpose that we communicate to you.

5.4 We are a provider of products and services and you are not obliged to provide your personal details to us.  However, if you choose not to, we may not be able to respond to your queries or provide our products or services to you.

‍

6. Legal basis for processing personal data

‍

6.1 Our legal basis for collecting and using your personal data will depend on the personal data concerned and the specific context in which it is collected.  However, we will normally only collect personal data from you only where we have your consent to do so, where we need the personal data to perform a contract with you, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms.  In some cases, we may also have a legal obligation to collect personal data from you.

6.2 If we ask you to provide personal data to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your personal data is mandatory or not (as well as the possible consequences if you do not provide your personal data).  Similarly, if we collect and use your personal data in reliance on our legitimate interests (or those of a third party), we will make clear to you at the relevant time what those legitimate interests are.

‍

7. How we share personal data

7.1 We are not in the business of selling your personal data to others.  However, in order to provide the products and services set out above, we do need to share your personal data with third-parties and will do so only as described below:

(i) GetBusy Affiliates:  We may share your personal data across the GetBusy group of companies and with any future parent, affiliates, subsidiaries and other entities under common control and ownership to the extent necessary to fulfil your request or for other purposes permitted under this Privacy Policy.

(ii) Service Providers and Business Partners:  We may share your personal data with our third party service providers (such as our cloud services provider) and business partners (such as integrators) to support our websites, products and services.  This may include our internet services provider, or other service providers we use for application development or monitoring or customer support.  These providers are prohibited from using your personal data except for the provision of services for which they are contracted and are required to maintain the confidentiality of your personal data.  

(iii) Corporate Events:  If the GetBusy group is acquired by another company, whether by merger, acquisition, bankruptcy or otherwise, that company would receive all personal data collected by the GetBusy group.  In this event, you will be notified via email and/or a prominent notice on the GetBusy website, of any change of ownership, uses of your personal data and choices you may have regarding your personal data.

(iv) Compelled Disclosure:  We reserve the right to use or disclose your personal data if required by law or if we reasonably believe that use or disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or comply with a law, court order or legal process.  

7.2 An up-to-date list of the third-party subprocessors we use currently to process your personal data is set out below:

‍

8. How we transfer personal data internationally

‍

8.1 GetBusy is an international business.  To facilitate our global operations, we may transfer personal data to other GetBusy affiliates and the subprocessors listed above for the purposes set out in this Privacy Policy.

8.2 We have taken appropriate safeguards to require that your personal data is protected wherever it is transferred and this Privacy Policy will apply at all times.  Where we share personal data of individuals in the EEA, the UK or Switzerland, we rely on the Standard Contractual Clauses (approved by the European Commission and relevant Swiss authorities)  and the UK Addendum to the Standard Contractual Clauses (approved by the relevant UK authorities) where required.

8.3 Please contact privacy@getbusy.com if you want further information on the specific mechanism used by us when transferring your data internationally.

‍

9. How we store and secure personal data

‍

9.1 At GetBusy, security of your personal data is our highest priority.  We design our products with your security and privacy in mind.  We use a variety of security technologies and procedures to help protect your personal data from unauthorised use, access or disclosure.  All personal data is protected using appropriate physical, technical and organisational measures.  For example, the computer servers on which we host your personal data are kept in a controlled, secure environment and protected from anauthorised access.

9.2 For more information about our security practices, please see here.

9.3 GetBusy has put in place robust procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

‍

10. Retention of your personal data

‍

10.1 We retain your personal data where we have an ongoing legitimate business need to do so (such as to service our agreement with you or comply with our legal obligations).

10.2 Where we no longer have an ongoing legitimate business need to process your personal data, we will delete the information in a secure manner from our systems.  On occasion, we may anonymise your personal data where deletion is not possible or appropriate or where we wish to use it for research or statistical purposes, in which case we may use this data indefinitely without further notice to you.

10.3 You may request the deletion of your personal data at any time in accordance with your rights at law as a data subject.

10.4 If you have elected to receive marketing communications from us, we will retain information about those preferences for a reasonable period of time from the date you last expressed interest in our products or services; such as when you elected to end your subscription or last opened an email from us.  We retain the information we derive from cookies and other tracking technologies for a reasonable period of time from the date such information was created.

‍

11. Your privacy rights and choices

‍

11.1 Depending on your location and the law that applies to you, you may have certain rights in relation to your personal data.  This may include the following rights:

(i) Access, correction or deletion:  You can request access to, correction of or the deletion of your personal data;

(ii) Objection or restriction:  You can object to our processing of your personal data and/or ask us to restrict it;

(iii) Data portability:  You can request that your personal data be transferred to another party; or

(iv) Withdraw consent:  You can in some circumstances (where we rely on your consent to process your personal data) withdraw your consent for ongoing processing;

11.2 If you wish to exercise any of your rights in relation to how we process your personal data, please contact privacy@getbusy.com.  Please note that whilst you will not have to pay a fee to exercise your personal data rights, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive.  Alternatively, we may refuse to comply with your request in those circumstances.

11.3 We may need to request specific information from you to confirm your identity and ensure your right to access your personal data.  This is to ensure that personal data is not disclosed to any person who has no right to receive it.  We may also contact you to ask for specific or further information in relation to your request to expedite our response.

11.4 We will try and respond to all legitimate requests within one (1) month.  Occasionally, it may take us longer if your request is particularly complex or you have made a number of different requests.  We will notify you if necessary and keep you updated.  

‍

12. Information about children

‍

12.1 In accordance with our Terms and Conditions and (if applicable) your Terms of Service contract with us, our websites, products and services are not intended for or targeted at children under 16, and we do not knowingly or intentionally collect personal data about children under 16.  

12.2 If we believe, or are informed, that we have collected personal data about a child under 16, we will delete the relevant personal data promptly.

‍

13. California privacy rights

‍

13.1 This section 13 applies solely to individuals residing in the State of California (California Consumers).  We adopt this section to compy with the California Consumer Privacy Act of 2018 (CCPA), as amended by the California Privacy Rights Act of 2020 (CPRA) and other California privacy laws.  Any terms defined in the CCPA/CPRA have the same meaning when used in this section 13.

Information we collect

13.2 For a complete list of personal data we process, please refer to section 4.  However, we collect the following categories of personal information, as defined under CCPA/CPRA:

(i) Identifiers:  Name, email address, IP address, and other similar identifiers;

(ii) Commercial information:  Records of products or services purchased, obtained or considered;

(iii) Internet or network activity:  Browsing history, search history and interactions with our services;

(iv) Geolocation data:  Precise or approximate location data, where applicable;

(v) Professional information:  Jjob title and employer information, where provided;

(vi) Inferences:  Derived information reflecting your preferences or behaviour.

Rights of California Consumers

13.3 As a California Consumer, you have the following rights:

(i) Right to know:  You may request information about the categories of personal information we have collected, the sources of the information, the purpose for which we use the information and the categories of third-parties with whom we share it.

(ii) Right to access:  You may request a copy of the specific pieces of personal information we have collected about you.

(iii) Right to delete:  You may request that we delete personal information we have collected from you, subject to certain exceptions.

(iv) Right to correct:  You may request that we correct inaccuracies in your personal information.

(v) Right to opt-out of sale or sharing:  We do not sell your personal information in exchange for money.  However, we may share information for cross-context behavioral advertising purposes and you have the right to opt out of such sharing.

(vi) Right to limit use of sensitive personal information:  If applicable, you may request restrictions on our use of sensitive personal information for certain purposes.

‍

Exercising your rights

13.4 To exercise your California privacy rights, you may contact us by emailing us at privacy@getbusy.com.

13.5 We will verify your identity before processing your request to ensure that we are protecting your information.  You may designate an authorised agent to make a request on your behalf, provided that the agent presents proof of their authorization.

‍

Response timeline

13.6 We will acknowledge and respond to verifiable consumer requests within the timeframes required by law:

(i) Initial acknowledgement within 10 business days; and

(ii) Substantive response within 45 calendar days, extendable by another 45 days with prior notice.

‍

Non-discrimination

13.7 We will not discriminate against you for exercising any of your rights under the CCPA/CPRA.  This means we will not deny you services, charge different prices or provide a different level or quality of services unless permitted by law.