Identity
Reapit Limited (‘Reapit’, ‘we’, ‘us’ or ‘our’) is a private company limited by shares, registered in England and Wales with Company Number 03483017 and registered office address at 67 – 74 Saffron Hill, EC1N 8QX London, United Kingdom. Reapit is an information technology company and our core business relates to enterprise software systems development (our ‘Services’).
For the purposes of data protection law and for the vast majority of personal data processing, we are a data processor acting upon the instructions of our clients (‘Clients’). However, in certain circumstances we also act as a data controller.
This Policy addresses personal data processing we carry out in these circumstances.
Scope
This Privacy Policy (‘Policy’) applies to anybody who browses our webpage(s), who is mentioned on our webpage(s), who submits an inquiry via or webpage(s) or who requests certain communications via our webpage(s). It also applies to personal data processed in pursuit of our own marketing and business development efforts. This policy does not apply to the personal data that our Clients control and process via our software systems. This policy does not apply to the personal data of our Job Applicants, Employees, Agents and Contractors. The fair, lawful and secure processing of these types of data is governed by other company policies outside the scope of this Policy.
Acknowledgement
By submitting personal data to Reapit you acknowledge and accept the practices described in this Policy. We will endeavour to bring this Policy to your attention every time we ask for your personal information. We will seek your specific consent whenever this is required.
Processing Activities
The following table summarises the types of data processing activities we undertake in relation to personal information subject to this Policy:
| Information we process | Purposes for Processing | Legal Basis for Processing |
|---|---|---|
| Publicly available information | To contact businesses to enquire whether they are interested in using our Services | Our legitimate interests, namely the pursuit of our own marketing and business development efforts |
| Any information you provide to us, such as names, contact details, occupation, purchase history, etc. |
|
|
| Information you generate when you visit our website | To
|
Our legitimate interests, namely monitoring and improving our website and services, and your consent whenever required |
Third Parties
| Third Party | Purposes for Processing | Legal Basis for Processing |
|---|---|---|
| Companies within the Reapit Group (including affiliates and ultimate beneficial owners) | To facilitate the provision and promotion of the Services and to monitor business development. | The performance or negotiation of the contractual relationship between us and our Clients, our legitimate interests, namely the pursuit of our own marketing and business development efforts, and your consent whenever required |
| Suppliers, such as CRM systems and marketing agencies | To facilitate the provision and promotion of the Services. | The performance or negotiation of the contractual relationship between us and our Clients and our legitimate interests, namely the pursuit of our own marketing and business development efforts |
| Professional advisors, such as accountants and solicitors | Only when necessary, limited to what is necessary. | Our legitimate interests, namely the proper administration of our business, or fulfilling our legal obligations or in relation to enforcing or defending legal claims. |
| Competent authorities, such as regulatory authorities, the Police and HMRC | Only when compelled to and/or when under an obligation to do so. | Compliance with legal obligations |
International Transfers
We work solely with world-class suppliers, some of whom have branches outside the European Economic Area (‘EEA’). Any transfers of your personal data outside the EEA take place only subject to appropriate safeguards as provided in data protection law. These safeguards are intended to secure your rights as a data subject with respect to any relevant non-EEA domiciled entities.
Personal data may in limited circumstances be shared with our affiliates in order to provide and/or develop our Services or where one of the other legitimate interests identified above applies. Personal data collected in the EEA may be accessed from our Australian subsidiary Reapit PTY Limited. This is usually carried out for the purposes of providing 24/7 customer support or in relation to product development. Reapit assumes responsibility for the security of personal data that is accessible by our overseas affiliates.
Your Rights
We are committed to guaranteeing the statutory rights of individuals. If you send us a request regarding your rights under data protection law we will respond within 30 calendar days of receipt and, where possible, address your request within such time. Where necessary, this period may be extended by up to a further 60 days.
The persons to whom this Policy to applies are under no statutory or contractual obligation to provide personal data to Reapit. However, should you decide to submit personal data to us, you will have the following rights, as a data subject, under data protection law as summarised below¹:
| the right to be informed | the right to access | the right to rectification |
| the right to erasure | the right to restrict processing | the right to object to profiling |
| the right to data portability | the right to complain to the Information Commissioner’s Office | the right to withdraw consent. |
¹This summary provides an overview of data subject rights under data protection law and shall not create any rights or obligations
additional to those contained in the Data Protection Act 2018.
Reapit does not engage in profiling which is capable of producing legal or other significant effects for individual data subjects.
Detailed information on the content and the means to exercise your rights is provided by the United Kingdom’s Information Commissioner’s Office, available here.
Retention Period
Reapit operates an internal Data Retention Policy. In respect of all personal data within the scope of this Policy, Reapit will retain such personal data until you advise us to securely dispose of it, or until it becomes outdated, or it is no longer appropriate for us to retain such data. You shall inform Reapit of any material changes to your personal data to ensure it is accurate. Outdated personal data is periodically deleted in accordance with our Data Retention Policy which is available for review upon request.
Security Measures
Reapit operates an internal Information Security Policy. We have taken technical and organisational measures to ensure our own and our suppliers’ information security standards are appropriate to the risks associated with the personal data processing we undertake. Our security objectives include guaranteeing the confidentiality, integrity and availability of personal data and the resilience of the systems that process it. Our Information Security Policy is available for review upon request.
Changes
We reserve the right to amend this policy from time to time. You will be informed of any material changes without delay.
We reserve the right, in the event that we buy or sell all or part of our business or assets, to disclose personal information held by us to the prospective seller or buyer of such business or assets.
Contact
In relation to any queries about this Policy or any other data protection matters, please contact: dpo@reapit.com.
Last updated:31/05/18