Rotamap Support and Marketing Privacy Notice
Revision I, 16 November 2023
Introduction
This privacy notice pertains to Rotamap's customer support and sales and marketing activities.
This notice explains how personal data is used when performing these activities and provides 'privacy information' pursuant to the General Data Protection Regulation (GDPR) and aims to follow the guidelines concerning privacy information and privacy notices set out by the Information Commissioner's Office.
Rotamap acts as data controller when storing or processing personal information and does such storage and processing under either contract or in relation to contract administration or under the rule of legitimate interests both with regard to Rotamap's commercial interests and the client, or potential client's, potential benefit from a business relationship. Rotamap works to ensure that the processing and storage of personal data is appropriate to the scope of these interests.
To correspond with the Rotamap team concerning this privacy notice and the privacy information contained in it or any other requests or enquiries concerning personal data please contact Rotamap at privacy@rotamap.net, or at the contact address provided at the end of this document.
Systems overview
Rotamap's internal systems are based on messaging, fileshares and a customer relationship management (CRM) system. Access between our staff members' computers and mobile devices are performed over HTTPS encrypted web connections. Access to the services is controlled by Rotamap's team.
Contact with individuals at existing or potential customer organisations may be recorded in messaging and/or our CRM system. Documents pertaining to contracts, renewals and other financial matters are recorded on our fileshare systems.
The services are protected by firewall and other access controls and databases are backed up to GPG private/public key encrypted files. The fileshares reside on encrypted filesystems. Backups are transported over SSH encrypted channels.
Rotamap aims to take a ‘data protection by design and default’ approach as recommended by the Information Commissioner's Office.
Personal data held and processed in our systems
The name, role and contact details of organisation representatives may be recorded in our systems, together with a narrative concerning the reason for the communication that has occurred or may occur. Such information may be contextualised in the light of conversations with other representatives at the same organisation or to record, for example, referrals between individuals in different organisations.
Records in our CRM system are kept indefinitely to ensure continuity of contact with organisations and to maintain records of historical contracts. Files pertaining to contracts are similarly retained indefinitely.
Occasional use of email marketing services are used through a third party. This service requires recipients to remain "opted-in" to receive emails. Recipients can choose to "opt-out" of this communication directly with us or via the third party messaging provider. Additionally, messaging information such as email may be stored on our messaging provider's service. The GDPR compliance of both third party providers has been assessed. No personal information is provided by Rotamap to any other third party.
Personal data in the services is not programmatically mixed with information from other sources.
Personal data rights
The UK GDPR sets out various important rights relating to personal data which are summarised on the ICO's website. These rights include the right to be informed, right of access, right of rectification and several others.
Individuals whose personal data are stored in Rotamap's systems who wish to exercise one of these rights can contact Rotamap (as data controller) to do so. We are required to respond to requests in 30 days. Please note that communication regarding your case will be dealt with by Rotamap's Data Protection Officer.
You can make an access request, or exercise one of your rights, by emailing privacy@rotamap.net.