Advanced Software (return to the homepage)
Menu

Date: 15 August 2022

Scope

This Statement only applies to the Customer Data of those customers whose data are hosted by Advanced within the Advanced cloud or environment or any other public cloud as agreed with the Customer.

Any references to ‘we’, ‘us’ or ‘our’ in this Statement refer to Advanced and its subsidiaries. 

Any references to ‘you’ or ‘your’ refers to the customer for which Advanced processes Customer Data.

Definitions

Statement

Statement means Services Privacy Statement. In this Statement, we explain how we collect, store, use, maintain and retain Customer Data.

As a Data Processor, we will process all Customer Data strictly on behalf of our customers in accordance with our contractual agreements with them and/or as required or permitted by law.

Applicable Law

Applicable Law means the laws of England and Wales (and any EU regulations from time-to-time retained or applicable under the terms of the European Union (Withdrawal Agreement) Act 2020 or applicable to services provided to EU customers).

Customer Data

Customer Data means Personal Data which our customers and/or their end-users input or upload into the customer portals or services provided to them by Advanced. This does not include Customer Information collected directly by Advanced for business activities such as sales and marketing. 

Advanced is the Data Processor in relation to Customer Data.

Data Protection Legislation

Data Protection Legislation means all applicable privacy or data protection laws and regulations (as amended, consolidated or re-enacted from time-to-time) which relate to the protection of individuals with regards to the processing of personal data to which a party is subject, including the Data Protection Act 2018 and GDPR for as long as any of the above are incorporated into Applicable Law together with any guidance and/or codes of practice issued from time-to-time by the relevant Supervisory Authorities.

Decision of Adequacy

Decision of Adequacy means a finding by the European Commission that a third country, territory, specific sector in a third country or an international organisation offers levels of data protection that are essentially equivalent to that within the EU allowing for the transfer of personal data without specific authorisation.

Services Data

Services Data means the data that resides on Advanced, customer or third-party systems to which Advanced is provided access to perform services, including cloud environments, test environment, development and production environments, in order to perform any of the services and business related functions including but not limited to:

  1. Consultancy and Training
  2. Professional services
  3. Support services
  4. Hosting
  5. IT and Administrative operations
  6. Technical Services
  7. Managed Services
  8. Product / Software Updates and Promotions

Services Data may include Customer Data. Advanced is the Data Processor in relation to Services Data and treats it in accordance with the terms of the contractual agreements with the Customer.

Customer Information

Customer Information means Personal Data we collect from visitors to our websites, data we collect about our customers or prospective customers, vendors, service providers, professional advisers, consultants and other third parties in the course of doing business.

Advanced is the Data Controller in relation to Customer Information. Please refer to our separate Privacy Statements in regard to Customer Information.

Personal Data

Under the UK General Data Protection Regulation (GDPR) personal data is defined as: 

“any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”.

 

Where we process Customer Data or Services Data, that includes Personal Data, this is hereon on referred to as Customer Personal Data.

Data Processor

Under the UK General Data Protection Regulation (GDPR) a processor is defined as a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

As a Data Processor, we  will process all Customer Personal  Data strictly on behalf of our Customers in accordance with our contractual agreements with them and/or as required or permitted by law.

Data Controller

Under the UK General Data Protection Regulation (GDPR) a controller is defined as a natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data;  

Standard Contractual Clauses

Standard Contractual Clauses means the standard data protection clauses for the transfer of personal data to processors established in third countries which do not ensure an adequate level of data protection, as described in Article 46 of the GDPR.

 

Data Processing Activities

 How do we use Customer Data?

Customer Data may be processed by us as a result of customer’s use of the services when our customers or their end-users input to upload information into the relevant service (platform/portal/environment). For example, customers who use any of our products or services may upload Customer Data about themselves or their employees to the customer support portal for the purpose of providing support services. 

Why does Advanced need to collect and store Customer Data?

Advanced needs to collect and store Customer Data which will be limited to the following purposes:

  • To provide and deliver the services;
  • To prevent or to address any service or technical problems;
  • To respond to a customer’s request or instructions, or to provide customer service or support;
  • For any other purpose as provided for in the agreement between us and the customer, or as otherwise authorised by the customer;
  • In accordance with or as may be required by law.

Will Advanced share Customer Data with third parties?

We do not sell Customer Data to any third-parties unless otherwise agreed through a contractual agreement and/or software license or agreement.  

We may share Customer Data with third-parties in the following instances:

  • Within Advanced and its subsidiaries in accordance with this Statement;
  • Trusted agents, consultants and service providers to perform business related functions;

How will Advanced process Customer Data?

Advanced will process (collect, store, use, maintain and retain) Customer Data in a manner compatible with the applicable Data Protection Legislation including the UK General Data Protection Regulation (GDPR). We will endeavour to keep your information accurate and up to date, and not keep it for longer than is necessary.

Legal Basis

The lawful basis for processing Customer Personal Data is determined by the Customer and communicated to Data Subjects as is their responsibility as Data Controller.

How will Advanced retain Customer Data?

Advanced will retain Customer Data in accordance with the contractual agreement the Customer. In addition, Advanced is required to retain information in accordance with the law, such as information needed for income tax and audit purposes. How long certain kinds of Customer Data should be kept may also be governed by specific business-sector requirements and agreed practices.

Advanced will not keep Customer Data longer than required for any of the purposes specified above.

Under what circumstances will Advanced contact you?

We will contact you in order to perform the services or in relation to the products and services provided to you by the Customer. The means of our communication will be compliant with the terms of the contractual agreement with the Customer.

Security

We deploy and maintain appropriate security measures across all our services in order to protect Customer Data from unauthorised disclosure, loss or destruction. However, we expect our customers and their end users to access the services within a secure environment and notify us of any misuse or loss of integrity. If you believe that your password has been misused or compromised, please change it immediately and notify us as soon as possible.

Data Transfer outside EEA

Advanced has a global presence with operations in countries outside the UK and EEA, where there has been no Decision of Adequacy. For this purpose, Advanced has deployed the use of Standard Contractual Clauses, which are issued and authorised by the EU Commission or a supervisory authority and approved by the EU Commission, with the parts of the organisation and Data Processors outside UK/EEA in the absence of a Decision of Adequacy. Advanced will share Customer Personal Data with the staff at offices outside UK/EEA in order to provide services to its Customers.

All Advanced facilities have a data protection compliance framework and secure architecture in place to keep the data secure. Any data transfer to a country outside UK or EEA will be compliant with the applicable data protection legislation and are part of the contractual agreement with the customer.

Data Subject Rights 

As an end user, if you have any questions or concerns about the processing of Customer Personal Data, please contact our customer (Data Controller) directly.  

Similarly please direct any of the following requests, in relation to Customer Data, to the Customer:  

  • Data Subject Access Request
  • Request to rectify/amend/delete your data
  • Request to restrict processing of your data
  • Objections to the processing of your data

 Following your request, if the customer contacts us in order to retrieve, amend or delete your data, we will do so in accordance with our contractual agreement with them and the applicable data protection legislation.

 Contact details 

If you have any questions or concerns regarding this Statement or if you need to access, update, change or remove Personal Data (Customer Information) that we control, please contact the DPO:

Group Data Protection Officer

Advanced
The Mailbox
101 Wharfside Street
Birmingham
B1 1RF

Email: dataprotection@oneadvanced.com

Disclaimer

We reserve the right to change, modify, add or remove parts of this Statement. However, we would notify the customer (Data Controller) in such instances and also alert the end users of these changes by indicating the date on which the Statement was posted. When you access and use our products and services, you are accepting the current version of this Statement posted at that time. We recommend that you visit this Statement occasionally in order to see the latest version.