Reapit Limited (‘Reapit’, ‘we’, ‘us’ or ‘our’) is a private company limited by shares, registered in England and Wales with Company Number 03483017 and registered office address at 67 – 74 Saffron Hill, EC1N 8QX London, United Kingdom. Reapit is an information technology company and our core business relates to enterprise software systems development (our ‘Services’).
For the purposes of data protection law and for the vast majority of personal data processing, we are a data processor acting upon the instructions of our clients (‘Clients’). However, in certain circumstances we also act as a data controller.
This Policy addresses personal data processing we carry out in these circumstances.
By submitting personal data to Reapit you acknowledge and accept the practices described in this Policy. We will endeavour to bring this Policy to your attention every time we ask for your personal information. We will seek your specific consent whenever this is required.
The following table summarises the types of data processing activities we undertake in relation to personal information subject to this Policy:
|Information we process
||Purposes for Processing
||Legal Basis for Processing
|Publicly available information
||To contact businesses to enquire whether they are interested in using our Services
||Our legitimate interests, namely the pursuit of our own marketing and business development efforts
|Any information you provide to us, such as names, contact details, occupation, purchase history, etc.
- To help deliver our Services by:
- establishing and maintaining contact between us and you;
- arranging a demonstration of the Services;
- providing training and receiving feedback in relation to the Services;
- any other requests you may have as a Client representative.
- To deliver promotional materials when:
- specifically requested (Reports, Insights, Bespoke Research, etc.);
- authorised in the context of a specific request (other relevant communications).
- To publish testimonials.
- The performance or negotiation of the contractual relationship between us and our Clients
- Your consent (private individuals) or our legitimate interest (fulfilling our contract with existing clients)
- Your consent
|Information you generate when you visit our website
- deliver functionality on our website, to
- analyse its performance, to
- make sure it is safe and to
|Our legitimate interests, namely monitoring and improving our website and services, and your consent whenever required
||Purposes for Processing
||Legal Basis for Processing
|Companies within the Reapit Group (including affiliates and ultimate beneficial owners)
||To facilitate the provision and promotion of the Services and to monitor business development.
||The performance or negotiation of the contractual relationship between us and our Clients, our legitimate interests, namely the pursuit of our own marketing and business development efforts, and your consent whenever required
|Suppliers, such as CRM systems and marketing agencies
||To facilitate the provision and promotion of the Services.
||The performance or negotiation of the contractual relationship between us and our Clients and our legitimate interests, namely the pursuit of our own marketing and business development efforts
|Professional advisors, such as accountants and solicitors
||Only when necessary, limited to what is necessary.
||Our legitimate interests, namely the proper administration of our business, or fulfilling our legal obligations or in relation to enforcing or defending legal claims.
|Competent authorities, such as regulatory authorities, the Police and HMRC
||Only when compelled to and/or when under an obligation to do so.
||Compliance with legal obligations
We work solely with world-class suppliers, some of whom have branches outside the European Economic Area (‘EEA’). Any transfers of your personal data outside the EEA take place only subject to appropriate safeguards as provided in data protection law. These safeguards are intended to secure your rights as a data subject with respect to any relevant non-EEA domiciled entities.
Personal data may in limited circumstances be shared with our affiliates in order to provide and/or develop our Services or where one of the other legitimate interests identified above applies. Personal data collected in the EEA may be accessed from our Australian subsidiary Reapit PTY Limited. This is usually carried out for the purposes of providing 24/7 customer support or in relation to product development. Reapit assumes responsibility for the security of personal data that is accessible by our overseas affiliates.
We are committed to guaranteeing the statutory rights of individuals. If you send us a request regarding your rights under data protection law we will respond within 30 calendar days of receipt and, where possible, address your request within such time. Where necessary, this period may be extended by up to a further 60 days.
The persons to whom this Policy to applies are under no statutory or contractual obligation to provide personal data to Reapit. However, should you decide to submit personal data to us, you will have the following rights, as a data subject, under data protection law as summarised below¹:
|the right to be informed
||the right to access
||the right to rectification
|the right to erasure
||the right to restrict processing
||the right to object to profiling
|the right to data portability
||the right to complain to the Information Commissioner’s Office
||the right to withdraw consent.
¹This summary provides an overview of data subject rights under data protection law and shall not create any rights or obligations
additional to those contained in the Data Protection Act 2018.
Reapit does not engage in profiling which is capable of producing legal or other significant effects for individual data subjects.
Detailed information on the content and the means to exercise your rights is provided by the United Kingdom’s Information Commissioner’s Office, available here
Reapit operates an internal Data Retention Policy. In respect of all personal data within the scope of this Policy, Reapit will retain such personal data until you advise us to securely dispose of it, or until it becomes outdated, or it is no longer appropriate for us to retain such data. You shall inform Reapit of any material changes to your personal data to ensure it is accurate. Outdated personal data is periodically deleted in accordance with our Data Retention Policy which is available for review upon request.
Reapit operates an internal Information Security Policy. We have taken technical and organisational measures to ensure our own and our suppliers’ information security standards are appropriate to the risks associated with the personal data processing we undertake. Our security objectives include guaranteeing the confidentiality, integrity and availability of personal data and the resilience of the systems that process it. Our Information Security Policy is available for review upon request.
We reserve the right to amend this policy from time to time. You will be informed of any material changes without delay.
We reserve the right, in the event that we buy or sell all or part of our business or assets, to disclose personal information held by us to the prospective seller or buyer of such business or assets.
In relation to any queries about this Policy or any other data protection matters, please contact: firstname.lastname@example.org