Schedule it Ltd - Privacy Policy
The term 'Schedule it', 'us', 'we' or 'our' refers to Schedule It Ltd, and our authors. The term 'you' or 'end user' refers to the user or viewer of our website or any other products we supply.
If you continue to browse and use this website, or use any of our products, you are agreeing to comply with and be bound by our
terms and conditions of use, which together with our
privacy policy govern our relationship with you in relation to this website and any goods or services we provide.
This privacy policy is for this website; scheduleit.co.uk and scheduleit.com and any products or services provided by Schedule it Ltd and governs the privacy of its users who choose to use it. It explains how we comply with the GDPR (General Data Protection Regulation), the DPA (Data Protection Act) [pre GDPR enforcement] and the PECR (Privacy and Electronic Communications Regulations).
This policy will explain areas of this website that may affect your privacy and personal details, how we process, collect, manage and store those details and how your rights under the GDPR, DPA & PECR are adhere to. Additionally, it will explain the use of cookies or software, advertising or commercial sponsorship from third parties and the download of any documents, files or software made available to you (if any) on this website. Further explanations may be provided for specific pages or features of this website in order to help you understand how we, this website and its third parties (if any) interact with you and your computer / device in order to serve it to you. Our contact information is provided if you have any questions.
We instruct an independent external security company to perform penetration testing and other security tests on our software and services every month. Please contact us for the latest PCI-DSS, OWASP or ISO27001 compliance reports.
The DPA & GDPR May 2018
We and this website complies to the DPA (Data Protection Act 1998) and already complies with the GDPR (General Data Protection Regulation) which came into effect May 2018.
Please take this statement as our confirmation to you that we comply with our understanding of the GDPR in its current form as of April 2018.
Click here for more details on our
GDPR compliance.
Security
We use reasonable organizational, technical and administrative measures to protect Personal Data within our organization. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If You have reason to believe that Your interaction with us is no longer secure (for example, if You feel that the security of Your account has been compromised), please contact us immediately.
We instruct an independent external security company to perform penetration testing and other security tests on our software and services every month. Please contact us for the latest PCI-DSS and OWASP TOP10 compliance reports.
Encryption: We use TLS/SSL (256-bit encryption) to encrypt all information passed between our servers and your browser or our mobile apps (data not at REST). All the stored information we hold about you (data at REST) at our head office is also encrypted using AES256. Passwords and higher security fields are additionally encrypted with a one way randomly salted hash using SHA256. Access to this data internally is only allowed by approved staff with the required approval and security level.
Storage: Our cloud infrastructure service is hosted at Telecity Group's state-of-the-art Powergate facility in London with peering to many well connected providers including Deutsche Telekom, Interoute, Level3, PCCW-BTN, Telia and Tiscali. This is the same company that hosts major Cloud Service Providers within their London IBXs including AWS, Microsoft Azure, Oracle and Google Cloud.
World-class security and certifications include: ISO 14001:2015, ISO 22301:2012, ISO/IEC 27001:2013, ISO 50001:2011, ISO 9001:2015, OHSAS 18001:2007, PCI DSS, SOC 1, SOC 2 Type 2. Get more details
here and
here. Schedule it Ltd is additionally covered by the Cyber Essentials certification.
Data Retention
Your data is stored whilst you make payment to keep your account active + 14 days, after which your data is securely deleted.
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure there are in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect or you choose to store on our servers. All information we store online, even if encrypted should be considered public despite the suitable physical, electronic and managerial procedures we have in place. Should there be discovered some unknown vulnerability your information, or encrypted data, maybe publicly available and accessible. If you do not want your information publicly available please store your data locally and not on our online servers, and ask us to remove all your information that we hold online.
Patch Management: We use CVSS as a guide when patching critical vulnerabilities but additionally we also consider how dangerous and easy to exploit any possible vulnerability is. Security updates should be applied and vulnerabilities addressed within 30 days, or equivalent mitigations deployed, or dispensation formally approved. See our
Patching Policy here.
Use of Cookies
This website uses cookies which are needed to allow you to login and remain logged in if you use our online service, and to better the users experience while visiting the website. As required by legislation, where applicable this website uses a cookie control system, allowing the user to give explicit permission or to deny the use of /saving of cookies on their computer / device.
What are cookies? Cookies are small files saved to the user's computers hard drive that track, save and store information about the user's interactions and usage of the website. This allows the website, through its server to provide the users with a tailored experience within this website.
Users are advised that if they wish to deny the use and saving of cookies from this website on to their computers hard drive they should take necessary steps within their web browsers security settings to block all cookies from this website and its external serving vendors or use the cookie control system if available upon their first visit. You will be unable to use our online products without allowing the use of cookies.
Breach Reporting
Under the breach reporting rules set out in UK eIDAS Regulation Article 19, where Schedule it Ltd believes that an incident has or is likely to have a significant (more than minimal) impact on the trust service or the personal data we hold, we will:
notify the ICO;
consider whether to notify our users; and
consider whether to inform anyone else who might be affected.
If we are not sure about whether the impact of an incident is significant or not, it is our policy to report the breach.
We will notify the ICO within 72 hours of becoming aware of the breach, or sooner if it’s reasonable to do so.
Website Visitor Tracking
This website uses tracking software to monitor its visitors to better understand how they use it. The software will save a cookie to your computers hard drive in order to track and monitor your engagement and usage of the website, but will not store, save or collect personal information.
Our software monitor providers are; Google Analytics and you can read their
privacy policy here, FullStory and you can read their
privacy policy here.
Adverts and Sponsored Links
This website contains no sponsored links or adverts and your details are not shared.
Downloads, Uploads & Media Files
Any documents, files or media made available on this website are provided to users at their own risk. While all precautions have been undertaken to ensure only genuine users are advised to verify their authenticity using third party anti virus software or similar applications.
We accept no responsibility for third party downloads and downloads provided by external third party websites and advise users to verify their authenticity using third party anti virus software or similar applications.
Files uploaded to our temporary storage are available via a public, but hard to guess, URL. If you do not want your uploaded files to be stored in a public folder you should use other file storage solutions that we can integrate with.
Contact & Communication With Us
Users contacting this us through this website do so at their own discretion and provide any such personal details requested at their own risk. Your personal information is kept private and stored securely until a time it is no longer required or has no use.
Where we have clearly stated and made you aware of the fact, and where you have given your express permission, we may use your details to send you products/services information through a mailing list system. This is done in accordance with the regulations named in 'The policy' above.
Email Mailing List & Marketing Messages
We operate an email mailing list program, used to inform subscribers about products, services and/or news we supply/publish. Users can subscribe through an online automated process where they have given their explicit permission. Subscriber personal details are collected, processed, managed and stored in accordance with the regulations named in 'The policy' above. Subscribers can unsubscribe at any time through an automated online service, or if not available, other means as detailed in the footer of sent marketing messages (or unsubscribe from all lists). The type and content of marketing messages subscribers receive, and if it may contain third party content, is clearly outlined at the point of subscription.
Email marketing messages may contain tracking beacons / tracked clickable links or similar server technologies in order to track subscriber activity within email marketing messages. Where used, such marketing messages may record a range of subscriber data relating to engagement, geographic, demographics and already stored subscriber data.
Our EMS (email marketing service) provider is; Sendinblue and you can read their privacy policy
here.
External Website Links & Third Parties
Although we only look to include quality, safe and relevant external links, users are advised to adopt a policy of caution before clicking any external web links mentioned throughout this website. (External links are clickable text / banner / image links to other websites)
Shortened URL's; URL shortening is a technique used on the web to shorten URL's (Uniform Resource Locators) to something substantially shorter. This technique is especially used in social media and looks similar to this (example: http://bit.ly/12345abc). Users should take caution before clicking on shortened URL links and verify their authenticity before proceeding.
We cannot guarantee or verify the contents of any externally linked website despite our best efforts. Users should therefore note they click on external links at their own risk and we cannot be held liable for any damages or implications caused by visiting any external links mentioned.
Social Media Policy & Usage
We adopt a Social Media Policy to ensure our business and our staff conduct themselves accordingly online. While we may have official profiles on social media platforms users are advised to verify authenticity of such profiles before engaging with, or sharing information with such profiles. We will never ask for user passwords or personal details on social media platforms. Users are advised to conduct themselves appropriately when engaging with us on social media.
There may be instances where our website features social sharing buttons, which help share web content directly from web pages to the respective social media platforms. You use social sharing buttons at your own discretion and accept that doing so may publish content to your social media profile feed or page. You can find further information about some social media privacy and usage policies in the resources section below.
Disclaimer
The information contained in this website is for general information purposes only. The information is provided by Schedule it Ltd and while we endeavour to keep the information up to date and correct, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the website or the information, products, services, or related graphics contained on the website for any purpose. Any reliance you place on such information is therefore strictly at your own risk.
In no event will we be liable for any loss or damage including without limitation, indirect or consequential loss or damage, or any loss or damage whatsoever arising from loss of data or profits arising out of, or in connection with, the use of this website or our products.
Every effort is made to keep the website up and running smoothly. However, Schedule it Ltd takes no responsibility for, and will not be liable for, the website being unavailable.
Updates to this Privacy Policy and Notifications
We may change this Privacy Policy. Any changes are effective when we post the revised Privacy Policy.
We may provide You with disclosures and alerts regarding the Privacy Policy or Personal Data collected by posting them on our website and, if You are a User, by contacting You through your Schedule it Dashboard or email address. You agree that electronic disclosures and notices have the same meaning and effect as if we had provided You with hard copy disclosures. Disclosures and notices in relation to this Privacy Policy or Personal Data shall be considered to be received by You within 24 hours of the time they are posted to our website or, in the case of Users, sent to through one of means listed in this paragraph.
Contact Us
If You have any questions about this Privacy Policy, please contact us at privacy@scheduleit.com
Sensitive Information. Because email communications are not always secure, please do not include credit card or other sensitive Data (such as racial or ethnic origin, political opinions, religion, health, or the like) in Your emails to us.