Privacy & Data policy.

Introduction

 Onexpand is a product of SME Project Management Services Limited (hereinafter called “SMEPMS”).

At SMEPMS we care about the privacy of your data and are committed to protecting it. This Privacy Policy explains what information we collect about you and why, what we do with that information, and how we handle that information.

This notice applies across all websites that we own and operate and all services we provide, including our online portals, mobile applications, and any other services we may offer (for example, events or training). For this notice, we will just call them our “services”.

When we say “personal data” we mean identifiable information about you and your end users, like your name, email, address, telephone number, support queries, community comments and so on. If you cannot be identified (for example, when personal data has been aggregated and anonymised) then this notice does not apply. Check out our Terms & Conditions for more information on how we treat your other data.

We may need to update this notice from time to time. Where a change is significant, we will make sure to let you know – usually by sending you an email or in app notification.Last updated: 25 May 2020

Who are ‘we’? 

When we refer to ‘we’ (or ‘our’ or ‘us’), that means SMEPMS. Our headquarters are in the United Kingdom, but we operate and have offices all over the world. Address details for all SMEPMS offices are available on our Contact Us pages on www.onexpand.co.uk.

On 28 June 2021, the EU approved adequacy decisions for the EU GDPR and the Law Enforcement Directive (LED). This means data can continue to flow as it did before, in the majority of circumstances.

Both decisions are expected to last until 27 June 2025.The General Data Protection Regulation has been kept in UK law as the UK GDPR.

This guidance is aimed at UK businesses who receive data from or have offices in the EU and European Economic Area (EEA). It gives a basic overview of the changes to data protection since the UK left the EU and now has an approved adequacy decision.

With regards Data Protection and the EU ‘Adequacy is a term the EU uses to describe countries, territories, sectors or organisations it deems to have an ‘’essentially equivalent’’ level of data protection to the EU.

The EU Commission have adopted adequacy decisions for the UK GDPR and the Law Enforcement Directive. This means data can continue to flow freely from the EU to the UK, in the majority of cases.

Now the EU has an approved adequacy decisions for the UK, most EEA processors will be able to send personal data back to UK controllers with no restrictions.

The ICO remains the independent supervisory body regarding the UK’s data protection legislation.https://ico.org.uk/for-organisations/dp-at-the-end-of-the-transition-period/overview-data-protection-and-the-eu/#organisations

For European Union data protection purposes, when we act as a controller in relation to your personal data, SME PROJECT MANAGEMENT SERVICES LIMITED (company number 06992310) is a member of the Information Commissioners Office (ICO) in the United Kingdom.

How we collect your data

 When you visit our websites or use our services, we collect personal data. The ways we collect it can be broadly categorised into the following:

Information you provide to us directly: When you visit or use some parts of our websites and/or services we might ask you to provide personal data to us. For example, we ask for your contact information when you sign up, join us on social media, take part in training and events, or contact us with questions or request support.

If you do not want to provide us with personal data, you do not have to, but it might mean you cannot use some parts of our portal or websites.

Information we collect automatically: We collect some information about you automatically when you visit our websites or use our services, like your IP address and device type. We also collect information when you navigate through our websites and services, including what pages you looked at and what links you clicked on. This information is useful for us as it helps us get a better understanding of how you’re using our websites and services so that we can continue to provide the best experience possible (e.g. by personalising the content you see). Some of this information is collected using cookies and similar tracking technologies.

Information we get from third parties: Most of the information we collect, we collect directly from you. Sometimes we might collect personal data about you from other sources, such as publicly available materials or trusted third parties like our marketing and research partners. We use this information to supplement the personal data we already hold about you, to better inform, personalise and improve our services, and to validate the personal data you provide.

Where we collect personal data, we will only process it:

  • to perform a contract with you, or

  • where we have legitimate interests to process the personal data and they are not overridden by your rights, or

  • in accordance with a legal obligation, or

  • where we have your

If we do not collect your personal data, we may be unable to provide you with all our services, and some functions and features on our portals may not be functional and websites may not be available to you.

If you are someone who does not have a relationship with us, but believe that an SMEPMS subscriber has entered your personal data into our websites or services, you will need to contact that SMEPMS subscriber for any questions you have about your personal data (including where you want to access, correct, amend, or request that the user delete, your personal data).

How we use your data

 First and foremost, we use your personal data to operate our websites and provide you with any services you have requested, and to manage our relationship with you. We also use your personal data for other purposes, which may include the following:

To communicate with you. This may include:

  • providing you with information you have requested from us (like training or education materials) or information we are required to send to

  • operational communications, like changes to our websites and services, security updates, or assistance with using our websites and

  • marketing communications [about Onexpand, about product announcements, software updates, and special offers] in accordance with your marketing

  • asking you for feedback or to take part in any research we are conducting (which we may engage a third party to assist with).

To support you: This may include assisting with the resolution of technical support issues or other issues relating to the websites or services, whether by email, in-app support or otherwise.

To assist you: SMEPMS have several qualified sales & support agents throughout the world. You may ask a local agent / advisor to contact you regarding your product.

The purpose of these advisors is to assist with the scope, implementation, and ongoing support of your SMEPMS system. You may ask SMEPMS to not be contactable by anyone during the signup process by responding to SMEPMS at either sales@onexpand.co.uk or support@onexpand.co.uk.

To enhance our websites and services and develop new ones: For example, by tracking and monitoring your use of websites and services so we can keep improving, or by carrying out technical analysis of our websites and services so that we can optimise your user experience and provide you with more efficient tools.

To protect you: So that we can detect and prevent any fraudulent or malicious activity, and make sure that everyone is using our websites and services fairly and in accordance with our Terms & Conditions.

To market to you: In addition to sending you marketing communications, we may also use your personal data to display targeted advertising to you online – through our own websites and services or through third party websites and their platforms.

To analyse, aggregate and report: We may use the personal data we collect about you and other users of our websites and services (whether obtained directly or from third parties) to produce aggregated and anonymised analytics and reports, which we may share publicly or with third parties.

 

By using the Service, you consent to your personal information being collected, held, and used in this way and for any other use you authorise. SMEPMS (Onexpand) will only use your personal information for the purposes described in this Policy or with your express permission. It is your responsibility to keep your password to the Service safe. You should notify us as soon as possible if you become aware of any misuse of your password or portal sites, and immediately change your password within the Service or via the “Forgotten Password” process.

SMEPMS (Onexpand) does not store your credit card details

If you choose to pay for your once off Activation / First Registration using your credit card, your credit card details are not stored by SMEPMS and cannot be accessed by SMEPMS (Onexpand) staff.

How we can share your data 

There will be times when we need to share your personal data with third parties. We will only disclose your personal data to:

  • third party service providers and partners who assist and enable us to use the personal data to, for example, support delivery of or provide functionality on the website, or

  • services, or to market or promote our goods and services to you,

  • regulators, law enforcement bodies, government agencies, courts or other third parties where we think it is necessary to comply with applicable laws or regulations, or to exercise, establish or defend our legal Where possible and appropriate, we will notify you of this type of disclosure,

  • an actual or potential buyer (and its agents and advisers) in connection with an actual or proposed purchase, merger, or acquisition of any part of our business other people where we have your

International Data Transfers

When we share data, it may be transferred to, and processed in, countries other than the country you live in – such as to Ireland, where our data hosting provider’s servers are located. These countries may have laws different to what you are used to. Rest assured, where we disclose personal data to a third party in another country, we put safeguards in place to ensure your personal data remains protected.

For individuals in the European Economic Area (EEA), this means that your data may be transferred outside of the EEA. Where your personal data is transferred outside the EEA, it will only be transferred to countries that have been identified as providing adequate protection for EEA data (like South Africa), or to a third party where we have approved transfer mechanisms in place to protect your personal data – i.e., by entering into the European Commission’s Standard Contractual Clauses, or by ensuring the entity is Privacy Shield certified (for transfers to US-based third parties).

For further information, please contact us using the details set out in the contact us section below.

If you do not want your personal information to be transferred to a server located in Ireland, South Africa or United Kingdom, you should not provide SMEPMS (Onexpand) with your personal information or use the Service.

Security

Security is a priority for us when it comes to your personal data. We are committed to protecting your personal data and have appropriate technical and organisational measures in place to make sure that happens.

Retention

The length of time we keep your personal data depends on what it is and whether we have an ongoing business need to retain it (for example, to provide you with a service).

We will retain your personal data for as long as we have a relationship with you and for a period of time afterwards where we have an ongoing business need to retain it, in accordance with our data retention policies and practices. Following that period, we will make sure it is deleted or anonymised.

If your subscription lapses, within 90 days following lapse, SMEPMS (Onexpand) can provide the Account Owner with a full export of the Organisation’s data in a common file format determined by SMEPMS (Onexpand), for a fee.

The Organisation’s data may be permanently deleted by SMEPMS (Onexpand) 90 days after the Organisation stops paying to use SMEPMS (Onexpand), or at the Account Owner request (a fee may be applicable for such requests).

Your rights

It is your personal data and you have certain rights relating to it. When it comes to marketing communications, you can ask us not to send you these at any time – just follow the unsubscribe instructions contained in the marketing communication or send your request to privacy@onexpand.co.uk.

You also have rights to:

  • know what personal data we hold about you, and to make sure it is correct and up to

  • request a copy of your personal data or ask us to restrict processing your personal data or delete

  • object to our continued processing of your personal

You can exercise these rights at any time by sending an email to privacy@onexpand.co.uk. If you are not happy with how we are processing your personal data, please let us know by sending an email to privacy@onexpand.co.uk. We will review and investigate your complaint and try to get back to you within a reasonable time frame. You can also complain to your local data protection authority. They will be able to advise you how to submit a complaint.

How to contact us 

We are always keen to hear from you. If you are curious about what personal data, we hold about you or you have a question or feedback for us on this notice, our websites, or services, please get in touch.

As a technology company, we prefer to communicate with you by email – this ensures that you are put in contact with the right person, in the right location, and in accordance with any regulatory time frames.

If you wish to complain about how we have handled your personal information, please provide our Privacy Officer with full details of your complaint and any supporting documentation:

  • by email at privacy@onexpand.co.uk, or

  • by letter to The Privacy Officer, SME Project Management Services Ltd, 30 Clover Drive, Poole, Dorset BH17

Our Privacy Officer will endeavour to:

  • provide an initial response to your query or complaint within 10 business days, and

  • investigate and attempt to resolve your query or complaint within 30 business days or such longer period as is necessary and notified to you by our Privacy

Our email is privacy@onexpand.co.uk