It sets out how we handle the personal data of our customers, suppliers, end users and other third parties.
Who is responsible for data protection and data security?
Maintaining appropriate standards of data protection and data security is a collective task undertaken by Paxonomy Limited (“Paxonomy”) and all its staff. Paxonomy has overall responsibility for ensuring that all personal information is collected, processed and stored in compliance with the requirements of applicable data protection laws, namely the Data Protection Act 1998, the Privacy Communications (EC Directive) Regulations 2003 (as revised), the Data Protection Directive (1995/46/EC) and the EU General Data Protection Regulation (2016/679) (“GDPR”), together the “Data Protection Laws”.
Paxonomy has a Data Protection Officer with day-to-day responsibility for data processing and data security.
Types of personal data collected directly
‘Personal Information’ is any information relating to an identified or identifiable individual (or ‘data subject’). Such information we collect depends on the products and services used or subscribed to. Such data includes, but is not limited to, the following:
Types of personal data collected via use of the website (“Cookies”)
By using and browsing the Paxonomy website, you consent to cookies being used in accordance with this policy. If you do not consent, you must refrain from using the site.
Most browsers allow you to turn off cookies. To do this, look at the ‘help’ menu on your browser. Switching off cookies may restrict your use of the website and/or delay or affect the way in which it operates.
How we use personal information
In some circumstances, the Data Protection Laws dictate that a data subject’s prior consent is required before processing of the Personal Information is permitted. Please refer to the Consent section below for further details.
We may collect, use and disclose personal information in order to:
Who we share Personal Information with
We may share and/or process Personal Information with:
Such third parties are not authorised to use Personal Information in any way other than is required for them to undertake their obligations and further, they are bound under contractual obligations entered into with Paxonomy to implement appropriate measures to protect such data.
Where we store Personal Information
Most Personal Information collected and processed during the use of any of our products or services is stored on servers located in the European Economic Area (“EEA”). Information may be transferred to our other offices and/or to third parties, which may be situated outside the EEA (for example in the country of the local service provider) and may be processed by staff operating outside the EEA.
Such transfer and processing are done via express individual consent, or where the transfer is necessary for one of the other reasons set out in the GDPR such as:
We may send you by post or email details of products, services, special offers, promotions and other information that we think may be of interest to you.
Third parties may also, working on our behalf, market to you via telephone, email and/or direct mail. From time to time we may also contact you for customer research purposes. You can unsubscribe from such communications at any time, by the unsubscribe link found at the bottom of every marketing email.
Personal Information can only be processed on the basis of one or more of the lawful bases set out in the Data Protection Laws, one of which includes consent. Consent is obtained if the data subject concerned has indicated his or her agreement clearly either by a statement or positive action to the processing. Express consent is usually required for processing sensitive Personal Information, for example, racial or ethnic origin, political opinions, genetic or biometric data, sexual orientation.
Paxonomy obtains such consent by notification at time information collected, through an ‘opt-in’ option to receive marketing materials at all points of data capture. To comply with the Data Protection Laws, Paxonomy is required to evidence that consent was captured at the necessary time and must maintain records of all such consents and withdrawals.
Data subjects must be easily able to withdraw their consent at any time and withdrawal will be promptly implemented by Paxonomy following receipt by it of any such written request (please see ‘Data subjects’ rights’ section below for further information).
We may retain certain Personal Information for any residual aspect of the purposes set out above, or to comply with accounting tax rules and regulations, the specific retention requirements of which differ. In all circumstances, however, Personal Information will not be retained longer than is necessary in relation to the purpose for which such data is processed.
Certain customer, supplier or end-user account information will be held for 6 years from the end of any contract with us, to ensure we comply with our legal and regulatory obligations (even if the services are no longer being provided).
We also retain Personal Information to comply with accounting tax rules and regulations, the specific retention requirements of which differ.
We will keep any contact information for a reasonable period of time after a contract has ended, in case the data subject chooses to use our services or products again.
In such an event and unless the data subject has opted out of marketing, we may contact them about our services or products during this time.
Protection of Personal Information
The Personal Information we collect is stored by us and/or our third party service providers on databases protected through a combination of physical and electronic access controls, firewall technology, and other reasonable organisational, technical and administrative measures.
Once the Personal Information has been received, these strict procedures and security features are in place to prevent unauthorised access.
Data subjects’ rights
All data subjects have the right to:
All such requests should be in writing using the contact information listed below under the ‘Contact’ section. For any excessive or repeated requests, we may charge a reasonable administrative-cost fee.
Paxonomy has adequate resources and controls in place to ensure and document its GDPR compliance, including:
Changes to this Policy
Any changes made will be communicated via our main website
Changes are effective when they are posted and any customer, partner, end user or supplier acknowledges and agrees to such changes by continuing to use our products and services.
Contact – questions or complaints
Questions, comments and requests regarding this Policy are welcomed and should be addressed to
11 Old’s Approach, Tolpits Lane,
or can be emailed to firstname.lastname@example.org