Privacy policy

Data handling & privacy policy

Shireburn takes your privacy very seriously. We have implemented systems and processes that place privacy at the forefront of our work and these have been further strengthened in line with the General Data Protection Regulations (GDPR).

This privacy policy is designed to help you understand what information we collect and how we use and share that information as well as how we ensure the rights of data subjects as these relate to their personal data and specifically to put you in control of your own personal data.

As used in this privacy policy, “Shireburn” or “us” refers to any company in the Shireburn group consisting of subsidiaries, associate companies and affiliates, although this currently consists of Shireburn Software Limited and Shireburn Co Limited.  The “client”, “you”, “your” and the “user” means an existing Shireburn client, or a user of one of Shireburn’s applications or websites.

The term “websites” means Shireburn’s principle websites (including but not limited to www.shireburn.com and indigo.shireburn.com).

Shireburn never sells personal data and we commit to process personal data strictly in compliance with the EU General Data Protection Regulation (“GDPR”) as well as the Laws of Malta (together the “applicable law”).

How do we use this personal data?

Shireburn will not sell, rent, or loan our email lists or personal data to any 3^rd party.

We will store and/or process your personal data in any of the following circumstances:

1. Where it is necessary for Shireburn’s legitimate business interests to manage the relationship with you as a client, prospective client, employee or supplier or your legitimate interests, provided that this processing does not override the data subject’s fundamental rights;
2. Where our client, as the data controller, needs to process this personal data for the performance of a contract with the data subject as per (Art 6(1)(b) of GDPR). e.g. where a Shireburn Software product is used to manage the personal data of data subjects;
3. Where the processing is necessary for the performance of a contract between Shireburn and you;
4. Where Shireburn needs to comply with a legal or regulatory obligation.

We use the information we collect from all of our services to provide, protect, maintain, support, administer and improve our products/services. When you contact Shireburn for sales, software and support services we keep a record of your contact to help solve any issues you might be facing or to provide the requested service to you as well as to administer our relationship with you.

We may use your email address to inform you about our services and products such as letting you know about upcoming changes or improvements and/or new product modules.  You will always give you the right to opt out. We will request specific consent (opt-in) to allow us to communicate with you for purposes other than those related to our relationship.

People have different privacy concerns. Our goal is to be clear about what information we collect, so that you can make meaningful choices about how it is used.

If you receive emails from us, we may use certain analytics tools, to capture data such as when you open our email or click on any links or banners our email contains. This data helps us to gauge the effectiveness of our communications and marketing campaigns.

What personal data do we collect?

Contacting Shireburn

You may choose to contact Shireburn for pre-sales or post-sales services, support or other type of enquiries either via telephone, messaging services, email, a contact form on a website or even through real-time chat facilities made through our software or websites.

These types of contact may result in us asking you for certain information to allow us to respond and provide you with our services including your name, address, phone number, email address.  In the case of the chat facility this will also result in the  storage of the contents of the chat sessions including the company name, and the chat activity. We will retain and process this personal data in our systems to allow us to service your request and the ongoing relationship with you whether you are a client, prospective client or supplier. Your rights as data subject, as defined below, will of course be preserved.

We also collect personal data such as name, email and physical addresses and even credit card information, where necessary, to support our licensing and billing processes.

We collect information in the following ways:

• Information you give us like your name, email address, telephone number and the company/individual with whom you work.
• Information we get from your use of our services. We collect information about the version numbers of the software that your use, serial numbers, number of users and number of companies.
• In some of the licensing procedures, we maintain a list of companies which are required to enable us to generate software activation keys.
• In the software hosted by use, we maintain log information and this includes:
• details of how you used our service, such as your browsing pages history.
• login and logout date and time
• name and company
• device event information, such as crashes, system activity, hardware settings, browser type, browser language, the date and time of your request and referral URL.
• cookies that may uniquely identify your browser.
• Location information from where you are using our services
• We may collect and store information (including personal information) locally on your device using mechanisms such as browser web storage (including HTML 5) and application data caches.

Payment information

When you purchase a good or service online through one of our websites, we utilise 3^rd party providers of payment processing and the data related to your credit card is processed by the 3rd party provider and we do not have access to that credit card information. See our current Sub-contracts/Sub-Processors list.

Cookies

Shireburn websites utilise cookies to process user usage and behaviour information in a bid to improve user experience.

If your browser has been enabled by you to allow this, Shireburn will store cookie information onto the device used by you to access these sites. You will be able to use your browser’s capabilities to view and delete these cookies.  The functionality of the web site may change based on the ability of Shireburn to utilise these cookies.

Online help

Use of the online help facilities that may be made available on the websites will record the details of the user name accessing the online help facility, the help centre activity related to the documents accessed and the location.

E-mail contact

Should you consent to be contacted by Shireburn, we shall use the personal data provided by you to communicate with you regarding those services for which you have consented to be contacted. This shall be on an opt-in basis.

If you are a user of our software or services, or an end-user of one of our clients, who is obtaining support or needs to be notified of technical or commercial aspects of the use of our software or services, we shall retain the right to communicate with you as a result of a legitimate business interest provision as defined under GDPR.

Server logs

Like most websites, our servers automatically record the page requests made when you visit our websites. These “server logs” typically include your web request, internet protocol address, browser type, browser language, the date and time of your request and one or more cookies that may uniquely identify your browser.

Firewall logs

Accessing of our systems and network is controlled through security infrastructure including firewall protection. As is industry practice, the firewall automatically logs traffic requests made when you access our systems. These “firewall logs” typically include details such as your internet protocol address, request type, and the date and time of your request. These logs are maintained for 1 year.

Where do we store & transmit your data?

Unless with explicit, prior, written consent, Shireburn shall only store personal data either within the European Economic Area (EEA) or in a manner which is undertaken by Shireburn through one of the following mechanisms:

• As a result of the recognition by the European Commission, on the basis of article 45 of GDPR, of the country where the data is stored and processed offers an adequate level of data protection, whether by its domestic legislation or of the international commitments it has entered into;
• The standard contractual clauses;
• Binding corporate rules as defined in Article 47 of the GDPR.

How long do we keep it?

Shireburn’s data retention policy varies according to the nature of data itself and details of this policy can be located in Shireburn’s data retention policy found at www.shireburn.com/dataprotection/dataretention.

Your data subject rights

DPR provides a data subject with the following rights:

• The right to be informed;
• The right of access;
• The right to rectification;
• The right to erasure;
• The right to restrict processing;
• The right to data portability;
• The right to object;
• Rights in relation to automated decision making and profiling.

Shireburn of course respects these rights, subject to our obligations to retain and process data under other laws.  For instance, while we might receive a request for erasure of data from a data subject related to that subject, we may not be able to erase data related to that subject which is necessary for the performance of our legal obligations for record keeping.  A simple example is that we could erase non-critical correspondence but we are obliged to retain details of the purchase orders, invoices etc which relate to that data subject for period as required by laws related to accounting and business record keeping.

Should you wish to exercise any of these data subject rights please send a request to gdpr@shireburn.com.

Changes log:

4 Aug 2020

• Removal of EU-US Privacy Shield as a basis for the transfer and storage of data outside the EU.
• Addition of Binding Corporate Rules