ApprovalMax (we/us/our/the Company) is committed to protecting and respecting your privacy.
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
This policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed, stored and disclosed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. By visiting www.approvalmax.com (the Site) or using our mobile application or browser-based application at app.approvalmax.com (collectively, the App) or using any services offered through or associated with our Site or App (the Services), you are deemed to have accepted and consented to the practices described in this policy.
Our Site is owned and operated by ApprovalMax Limited (Company No. 11326265), registered in the 1 Chapel Street, Warwick, CV34 4HL, United Kingdom.
ApprovalMax processes personal data as both a Data Controller and Data Processor, as defined in the UK General Data Protection Regulation (UK GDPR). We are a Data Controller with regard to the client information we process for our own purposes, and we are a Data Processor with regard to all information clients upload to our systems, platforms or software.
The Site and App contain links to and from the websites of our partner networks, advertisers and affiliates or to websites shared by other users. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
ApprovalMax operates as a business-to-business (B2B) organization. Any personal information from you is collected in your capacity as an agent, employee or representative of your business. When submitting information to ApprovalMax, you warrant and represent that you will submit business information (rather than personal information) wherever possible.
We collect and process personal information so we can provide our Services to you. It's important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
The data we collect and process about you is explained in the sections below.
1.1 Data You Give Us
You give us information about you by filling in forms on our Site or App or by corresponding with us by phone, e-mail or otherwise. This includes information you provide when you register to use the Site or App, request a quote, subscribe to our marketing database, subscribe to our services, report a problem with the Site or App, or provide other information in the course of establishing or maintaining our business relationship with you.
The information you give us includes your first name, last name, Skype ID and other social media usernames or profile links, phone/fax number, time zone and company name. We will ask for your explicit consent prior to collecting any information used for our mailing list or marketing communications. The remaining data is necessary for us to fulfil our contractual obligations to you, and we rely on this as a lawful basis to use and process this data.
1.2 Data You Give Us
Each time you visit or use our Site, we automatically collect the following information:
- technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, location, network data, browser plug-in types and versions, languages, operating system and platform.
We use this information as statistical data about your browsing actions and patterns, for system administration, for analytics purposes and to evaluate, provide, protect or improve our Services (including by developing new products and services). Because we collect, use and share this information in the aggregate, it does not identify any individual.
1.3 Data We Receive from Third Parties
- To administer and manage your account, to provide you with information you request from us, and to carry out any other obligations arising from any contracts entered into between you and us.
- To respond to communications from you and to provide you with information, updates and changes about our Services.
- To ensure that content from our Site and App is presented in the most effective manner for you and for your device.
- To identify and authenticate you against our SaaS application(s).
We also use your data to make our Site, App and Services better in the following ways:
- To administer the Site and App and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes.
- As part of our efforts to keep the Site and App safe and secure (such as by conducting analysis required to detect malicious data and understand how this may affect your IT system).
We will not send you any unsolicited marketing or spam and will take all reasonable steps to ensure that we fully protect your rights and comply with our obligations under applicable data protection laws. If you are an existing customer, we will only contact you by electronic means (e-mail or SMS) with information about services similar to those which were the subject of a previous enquiry by you. If you are a new customer, and where we permit selected third parties to use your data, we (or they) will contact you by electronic means only if you have expressly consented to this.
You can ask us or third parties to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or by contacting us at any time. If you do not want us to use your data in this way, or to pass your details on to the third parties we use for marketing purposes, please notify us in writing or by contacting us on approvalmax.com/hello.
Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our Site or App; any transmission is at your own risk. Once we have received your information, we use strict procedures and the security features described above to try to prevent unauthorised access.
- We use marketing providers including HubSpot and Zoho Campaigns (to automate and manage our marketing emails and campaigns), Refiner (to gather information about customer satisfaction, such as our Net Promoter Score and other product feedback), Mailchimp and Mandrill (for systems notifications as part of our Service delivery), UserVoice (to gather customer feedback), and Drift as a chat bot. We also use Tilda, HubSpot and WordPress as content management systems.
- We use storage and security providers including Microsoft Azure (cloud storage) and Sentry and Stackify (to track user interface logs and errors). We use Google Analytics for anonymous analytics of our website performance.
- We use business process providers including Zoho Creator (for business process automation), Zoho CRM (for customer relationship management), Zoho Desk (for customer and sales lead support) and Zoom (for scheduling and running meetings and webinars).
- In order to improve user experience, we track some user activity with a tool provided by Hotjar. This monitors all clicks made by trial users during the setup process in the product. Only the clicks on user interface controls are being tracked, we do not capture any financial data.
The only other circumstances under which we would share your personal data are:
- If the third party is a member of our group.
- In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
- If the Company or substantially all of its assets are acquired by a third party, in which case personal data will be one of the transferred assets and the purchaser will be permitted to use the data for the purposes for which it was originally collected by us.
- If we're under a duty to disclose or share your personal data in order to comply with any legal obligation, enforce or apply our Terms & Conditions and other agreements, or to protect the rights, property, or safety of the Company, our customers, or others (including exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction).
We transfer your personal data outside of the UK, for example where our other members of our group or external third-party suppliers are located. Whenever we transfer your personal data out of the UK, we ensure a similar degree of protection is afforded to it by:
- ensuring we will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data; or
- putting in place specific contracts approved for use in the UK which give personal data the same protection it has in the UK.
By submitting your personal data to the Site, you agree to this transfer, storing and processing of your personal data. In addition to the above protections, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
You can obtain more details of the protection given to your personal data when it is transferred outside Europe (including a copy of the standard data protection clauses which we have entered into with recipients of your personal data) by contacting us as described in the Contact paragraph below.
We will ensure that your personal data is processed lawfully, fairly, and transparently and that it will only be processed if at least one of the following bases applies:
- You have given your clear consent to the processing of your personal data for a specific purpose.
- Processing is necessary for the performance of a contract to which you are a party (or for us to take steps at your request prior to entering into a contract with you).
- Processing is necessary for our compliance with the law.
- Processing is necessary to protect someone's life.
- Processing is necessary for us to perform a task in the public interest or in the exercise of official authority and the task/function has a clear basis in law.
- Processing is necessary for our legitimate interests or the legitimate interests of a third party, except where there is a good reason to protect your personal data which overrides those legitimate interests, such as allowing us to effectively and efficiently manage and administer the operation of our business, maintaining compliance with internal policies and procedures, monitoring the use of our copyrighted materials, offering optimal, up-to-date security and obtaining further knowledge of current threats to network security in order to update our security.
7.2 Data Subject Rights
Under the GDPR, you have the right to:
- Withdraw your consent to the processing of your personal data at any time. Please note, however, that we may still be entitled to process your personal data if we have another legitimate reason for doing so (such as to comply with a legal obligation).
- Be informed of what data we hold and the purpose for processing the data, as a whole or in parts.
- Be forgotten and, in some circumstances, have your data erased by ourselves and our affiliates (although this is not an absolute right and there may be circumstances where you ask us to erase your personal data but we are legally entitled to retain it).
- Correct or supplement any information we hold about you that is incorrect or incomplete.
- Restrict processing of the information we hold about you (for example, so that inaccuracies may be corrected-but again, there may be circumstances where you ask us to restrict processing of your personal data but we are legally entitled to refuse that request).
- Object to the processing of your data.
- Obtain your data in a portable manner and reuse the information we hold about you.
- Challenge any data we use for the purposes of automated decision-making and profiling (in certain circumstances-as above, there may be circumstances where you ask us to restrict our processing of your personal data but we are legally entitled to refuse that request).
- Complain to a supervisory authority if you think any of your rights have been infringed by us. (We would, however, appreciate the chance to address your concerns, so please contact us prior to taking this step).
You will not have to pay a fee to access your personal data (or to exercise any of the other rights) unless your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
You have the right to ask us not to process your personal data for marketing purposes. We will get your express opt-in consent before we use your data for such purposes or share your personal data with any third parties for such purposes, but you can exercise your right to prevent such processing by contacting us at the Company Address, on the support page approvalmax.com/hello, or by unsubscribing using the links contained in the marketing emails.
We will notify you and any applicable regulator of a breach of your personal data when we are legally required to do so.