Data Privacy Policy
1. Introduction
Blackstone DataSync (“DataSync”, "we," "our," or "us") is committed to protecting and respecting your privacy. This Data Privacy Policy outlines how we collect, use, disclose, and safeguard the personal data of our clients, their employees, and other individuals with whom we interact while providing our services.
Effective date: 22 August 2024.
2. Scope
This policy applies to all personal data processed by “DataSync” in connection with our SaaS offerings and services provided to our clients. It covers data collected directly from clients, their employees, or other individuals and data provided by third parties.
3. Data We Collect
3.1 Personal Data
We may collect and process the following types of personal data:
- Identification Data: Name, job title, company name, email address, phone number, and other contact information.
- Professional Data: Information related to employment, role, responsibilities, and professional experience.
- Financial Data: Billing information, payment details, and transaction history.
- Technical Data: IP address, login credentials, browser type, device information, and other technical information related to the use of our services.
- Usage Data: Information about how clients and their employees interact with our software, including logs of usage and preferences.
3.2 Special Categories of Data
We do not intentionally collect special categories of personal data (e.g., data about health, ethnicity, or religious beliefs) through our SaaS platform. If you provide us with such data, you must ensure that you have a lawful basis to do so.
4. Purpose of Data Processing
We process personal data for the following purposes:
- Provision of Services: To provide, operate, and maintain our SaaS solutions, including customer support and service enhancements.
- Contractual Obligations: To fulfil our contractual obligations to our clients, including billing and account management.
- Compliance: To comply with legal obligations, including those related to financial regulations, data protection, and record-keeping.
- Security: To ensure the security of our services, including monitoring and protection against fraud, unauthorised access, and other threats.
- Marketing and Communication: To communicate with clients and prospective clients about our services, updates, and other relevant information, subject to appropriate consent.
5. Legal Basis for Processing
We process personal data based on the following legal grounds:
- Contractual Necessity: Processing is necessary for the performance of a contract to which the data subject is a party or to take steps at the request of the data subject before entering into a contract.
- Legal Obligation: Processing is necessary for compliance with a legal obligation to which we are subject.
- Legitimate Interests: Processing is necessary for the purposes of our legitimate interests, such as improving our services, ensuring security, and conducting marketing activities, provided that such interests are not overridden by the data subject's rights and interests.
- Consent: Where required by law, we will obtain consent before processing personal data for specific purposes.
6. Data Sharing and Disclosure
We may share personal data with the following categories of recipients:
- Service Providers: Third-party service providers who assist us in providing our services, such as hosting, payment processing, and customer support, who are bound by contractual obligations to protect personal data.
- Legal and Regulatory Authorities: Governmental, regulatory, or judicial authorities where we are legally required to do so or where necessary to protect our rights or the rights of others.
- Business Transfers: In the event of a merger, acquisition, or sale of assets, personal data may be transferred as part of the transaction, subject to appropriate confidentiality arrangements.
7. International Data Transfers
As a UK-based company, we primarily process personal data within the UK and the European Economic Area (EEA). However, personal data may be transferred to and processed in countries outside the UK and EEA that may have different data protection laws. In such cases, we ensure that appropriate safeguards are in place to protect personal data, such as standard contractual clauses or other lawful transfer mechanisms.
8. Data Retention
We retain personal data for as long as necessary to fulfil the purposes for which it was collected, including to comply with legal, regulatory, or contractual obligations. We regularly review our data retention policies to ensure compliance with applicable laws and best practices.
9. Data Security
We implement appropriate technical and organisational measures to protect personal data from unauthorised access, loss, or misuse. These measures include encryption, access controls, regular security audits, and staff training on data protection.
10. Data Subject Rights
Individuals have the following rights regarding their personal data:
- Access: The right to request access to the personal data we hold about them.
- Rectification: The right to request correction of inaccurate or incomplete personal data.
- Erasure: The right to request the deletion of personal data, subject to certain legal obligations.
- Restriction: The right to request the restriction of processing in certain circumstances.
- Portability: The right to receive personal data in a structured, commonly used, and machine-readable format and to request the transfer of that data to another controller.
- Objection: The right to object to the processing of personal data based on legitimate interests or for direct marketing purposes.
- Withdrawal of Consent: The right to withdraw consent where processing is based on consent.
To exercise these rights, please contact us using the details provided in the "Contact Us" section below.
11. Updates to This Policy
We may update this Data Privacy Policy from time to time to reflect changes in our practices, legal obligations, or industry standards. We will notify clients of any significant changes and update the "Effective Date" at the top of this policy.
12. Contact Us
If you have any questions or concerns about this Data Privacy Policy or our data processing practices, please contact us at:
DataSync
Email: info@blackstonedatasync.com
---
This Data Privacy Policy ensures compliance with the UK Data Protection Act 2018 and the General Data Protection Regulation (GDPR). We are committed to safeguarding the privacy of our clients and the individuals whose data we process and to maintaining the highest standards of data protection.