Powering the employee journey from Onboarding to Payment

Customer Login

Privacy Policy

Privacy Notice

Introduction

We at the Access Group know it is a big responsibility to protect your personal data. This Privacy Notice is meant to help you understand what information we collect, why we collect it, and how you can update, manage, export, and delete your information.

We may from time to time update this Privacy Notice, where we deem it appropriate, we will seek to notify you about the changes, however, we recommend you review this page periodically.

This Privacy Notice was last updated on: 10th August 2021.

Download a copy of our Privacy Notice [PDF]

About us

Ezitracker is part of The Access Group. The Access Group is made up of numerous enterprises which are wholly owned subsidiaries of The Access Technology Group Limited (company registration 05575609), The Old School, Stratford St. Mary, Colchester, Essex, CO7 6LZ, United Kingdom: our primary trading entity is Access UK Ltd (company registration 2343760).

For a full list of entities that collectively make up the Access Group, on the About page.

Our group Data Protection Officer is Tracy Wiseman. To contact us regarding our use of personal data, you may email us at Access.DPO@theaccessgroup.com

While our parent company is registered in England and Wales, our effective and real exercise of activity through stable arrangements with our Irish entity, Core Computer Consultants Ltd (registration number: 91755) means there is no requirement for us to appoint a representative under Article 27, GDPR.

Why we have your information

We process personal data to fulfil our contractual obligations to our customers and to otherwise improve and market our solutions.

There are various ways in which we may obtain your personal data.

For example, because:

  • an organisation you work for uses one of our solutions
  • an organisation you have engaged with uses our solutions to provide a service to you
  • you’ve called us
  • you work for us
  • you visited our website
  • your personal data was provided to us by a third party or
  • as a result of other lead-generating activities done by us.

On what legal basis do we have your information

We will only ever process your personal data where we have a lawful basis to do so. We have expanded upon the possible reasons for us processing your personal data below.

Where an organisation you work for uses one of our solutions

If you use our solutions through your employer, for example, our HR, Payroll, or eLearning solutions, then we will process your personal data as a processor (your employer is the controller).

We recommend you read your employer’s privacy policy for information explaining what personal data is collected, and what for, etc.

Third parties may have access to your personal data. The details of these third parties will be included in the contract we hold with the controller.

Where you have engaged with an organisation that uses our solutions

If you use our solutions via a third-party organisation, for example, to book a table at a restaurant or to submit your CV to a recruitment agency, then we will process your personal data as a processor (the relevant third-party organisation is the controller).

We recommend you read the third-party organisation’s privacy policy for information explaining what personal data is collected, and what for, etc.

We also have dedicated privacy notices for some of our product lines, accessible via our Security Portal.

Third parties may have access to your personal data. The details of these third parties will be included in the contract we hold with the controller.

Where you have called us

If you call us, for example, for technical support or to enquire about our solutions, we may record the call and log necessary details of your request on our systems – we process the personal data collected via these methods as a controller. These recordings are primarily for training and quality purposes but may also be referred to in the event of conflict resolution.

Depending on the nature of the call, personal data may be shared and collected by us.

Our lawful basis for processing your personal data in this case is legitimate interests. 

We use third party solutions to record and log the calls you make to us. 

Where you work for the Access Group

If you are an employee of ours, then we will process your personal data as a controller. 

Our lawful basis for processing is described in the privacy notice: it is comprised of reasons including fulfilment of contract, consent, and legitimate interests. 

The relevant privacy notice is made available to you on our internal systems. If you need help locating it, please ask your leader.

Where you visit our website

Where you visit our website we will log your IP address and session information, such as the duration of the visit to the site and the nature of the browser used. This information is used for administration, statistical analysis, and enhancement of our website.

Your personal data, such as your name, telephone number, email address, postal address, job title, employer and any other relevant contact details may be collected by us when you complete any of our online forms. This information is used to keep you informed about the solutions we offer which we think may be of interest to you.

We will also use cookies and Google Analytics when you use our website and interact with us via email, to optimise your experience of us and our sites. Please see our Cookie Policy for more information.

Our lawful basis for processing is legitimate interests.

All personal data collected by us through our website is done on the basis that we are the controller.

Where you choose to share your personal data with us through the mechanisms available via the website, we will process that data using third party solutions.

Where your data was provided to us by a third party

We work with several reputable third parties for the purpose of them supplying to us business contact details to allow us to effectively market our solutions. We may also collect information about you from other sources, for example, public sources or third-party social networks.

Our lawful basis for processing is legitimate interests.

All personal data obtained by us through our sources is done on the basis that we are the controller. 

Where we obtain your personal data through these sources, we will process that data using third party solutions. 

Where we collect your data through lead generating activities done by us

We may collect your personal data through various lead generating activities such as events, webinars, and other networking activities.

Our lawful basis for processing is legitimate interests.

All personal data collected by us is done on the basis that we are the controller.

Where we obtain your personal data through these activities, we will process that data using third party solutions.

Google disclosure

The Access Group has a variety of applications available via the Google Play Store, including SpitFire, PeopleXD, Applause, and others.

Spitfire's use of information received, and any of our transfers of information to any other app, from Google APIs will adhere to Google API Services User Data Policy and Google’s Limited Use Requirements.

Further processing of your personal data

Where you use an Access product, we may derive or create anonymous data and information about your use of that product. This anonymised data will be further aggregated before being used either by us or a third party nominated by us to improve our products. We may also commercialise this information, for example, to provide insights to third parties.

Our lawful basis for the anonymisation and aggregation process is legitimate interests and we carry out this processing as a controller. 

Post completion of this anonymisation and aggregation process (which is irreversible), the data is no longer considered personal data – because you cannot be identified from the data (Recital 26 of the GDPR).

Sharing your personal data

We may have to ad-hoc share your personal data with regulators, law enforcement bodies, government agencies, courts or other third parties where we think it’s necessary to comply with applicable laws or regulations, or to exercise, establish or defend our legal rights.

We have also partnered with reputable third parties to provide a best-in-class service offering to you and our wider customer base.

We may also share your personal data with other members of the Access Group: we will only do this where we have a lawful basis for doing so, for example, contract or legitimate interests. Where the receiver of your personal data is an Access Group entity which is outside of the UK (or the EU, in the case of EU personal data), the transfer will be safeguarded by, at minimum, an intra-group agreement (which includes recognised model clauses).

Where sharing your personal data with our trusted partners means transferring your personal data outside of the UK or     European Union we will ensure we put in place appropriate safeguards and supplementary measures (where necessary).

Storage and disposal of your personal data

 Where we have your personal data acting in our capacity as a controller, we will delete your personal data in accordance with our data retention schedule (available via our Security Portal), or as otherwise required by data protection legislation: including where you choose to exercise your rights as a data subject (see Your Rights section for more information).

Where we have your personal data acting in our capacity as a processor, we will delete your personal data in accordance with the controller’s instruction, or as otherwise required by data protection legislation. If we are required by law to retain any of your personal data, we will inform the controller of this lawful obligation.

Your rights

We will process your personal data in accordance the Principles - external link and Individuals’ Rights - external link of The General Data Protection Regulation (both the EU version (2016/679/EU) and UK retained version thereof).

Your data protection rights

Under data protection law, you have rights including:

  • Your right of access - You have the right to ask us for copies of your personal information.
  • Your right to rectification - You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
  • Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.
  • Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal information in certain circumstances.
  • Your right to object to processing - You have the right to object to the processing of your personal information in certain circumstances.
  • Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.

Currently, we do not rely on consent as a lawful basis of processing – however, should this change, you may withdraw your consent at any time by emailing us at Access.DPO@theaccessgroup.com


Important note: If you feel we have not processed your data in accordance with the Principles and Rights of the individual under GDPR, please contact Access.DPO@theaccessgroup.com for our complaints procedure, or you may raise a complaint with the Information Commissioners Office - external link but we would like the opportunity to resolve any issues first.