Privacy Policy

Privacy Policy / February 2022

Welcome to our website (www.comparesoft.com) and thank you for your interest in our company. We take the protection of your personal data very seriously. We process your data in accordance with the applicable legal provisions for the protection of personal data, in particular the UK`s Data Protection Act (DPA) and General Data Protection Regulation (GDPR) given the similarity of both provisions we refer to both collectively as “GDPR”. With the help of this privacy policy, we inform you comprehensively about the processing of your personal data by Comparesoft and the rights to which you are entitled.

What is Personal Data?
Personal data is information that makes it possible to identify a natural person. This includes, in particular, name, date of birth, address, telephone number, e-mail address, but also your IP address. Anonymous data exists when no personal reference to the user can be made.

Responsible person (Data Controller)
Comparesoft Ltd
51 Lime Street
Orega Office
London
EC3M 7DQ

LinkedIn: https://www.linkedin.com/company/comparesoft/
Twitter: https://twitter.com/comparesoft
YouTube: https://www.youtube.com/channel/UC24-fgQAkXQ3g6lRkEnTwmA
Facebook: https://www.facebook.com/comparesoftltd/

Your rights as a data subject.
First of all, we would like to inform you at this point about your rights as a data subject. These rights are standardised in Art. 15 – 22 GDPR. This includes:

• The right to information (Art. 15 GDPR),
• The right to erasure (Art. 17 GDPR),
• The right to rectification (Art. 16 GDPR),
• The right to data portability (Art. 20 GDPR),
• The right to restriction of data processing (Art. 18 GDPR),
• The right to object to data processing (Art. 21 GDPR).

To assert these rights, please contact us. The same applies if you have questions about data processing in our company. You also have the right to lodge a complaint with a data protection supervisory authority. The Information Commissioner’s Office (ICO) in the UK is the for us relevant authority in matters of data protection. You have the right to make a complaint at any time to the ICO (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

Rights of objection
If we process your personal data for the purpose of direct marketing, you have the right to object to this data processing at any time without giving reasons. This also applies to profiling insofar as it is related to direct advertising.

If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes. The objection is free of charge and can be made form-free at any time, preferably using our contact form.

In the event that we process your data for the protection of legitimate interests, you may object to this processing at any time on grounds relating to your particular situation; this also applies to profiling based on these provisions.

We will then no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

Purposes and legal bases of data processing
When processing your personal data, we comply with the provisions of the GDPR and all other applicable data protection regulations. Legal bases for data processing result in particular from Art. 6 GDPR.

We use your data to initiate business, to fulfil contractual and legal obligations, to implement the contractual relationship, to offer products and services and to strengthen the customer relationship, which may also include analyses for marketing purposes, customer satisfaction surveys and direct advertising.

Your consent also constitutes a permission requirement under data protection law. Here we will inform you about the purposes of the data processing and about your right of revocation. If the consent also refers to the processing of special categories of personal data, we will expressly point this out to you in the consent.

Processing of special categories of personal data within the meaning of Art. 9(1) GDPR will only take place if this is required by legal provisions and there is no reason to assume that your legitimate interest in the exclusion of the processing outweighs this.

Disclosure to third parties.
We will only pass on your data to third parties within the framework of the legal provisions or with the corresponding consent. Otherwise, we will not disclose your data to third parties unless we are obliged to do so by mandatory legal provisions (disclosure to external bodies such as supervisory authorities or law enforcement agencies).

Recipients of the data / categories of recipients
Within our company, we ensure that only those persons receive your data who need it to fulfil contractual and legal obligations.

In the course of purchases and enquiries, it may happen that other companies are involved. In some cases, service providers support our specialist departments in the fulfilment of their tasks, e.g., in sending out newsletters. The necessary contractual framework under data protection law has been concluded with all service providers.

Third country transfer / intention to transfer data to third countries
Data is only transferred to third countries (countries outside the UK or the European Economic Area) if this is required by law or if you have given us your consent to do so or if this is necessary for the performance of the contractual relationship. In this case, we take the measures possible and necessary under data protection law in accordance with Art. 44 et seq. GDPR to establish the level of data protection in the third country.

Storage period of the data
We store your data for as long as it is required for the respective processing purpose. Please note that numerous retention periods require that data continue to be stored. This applies in particular to retention obligations under commercial or tax law. If there are no further storage obligations, the data is routinely deleted after the purpose has been achieved.

In addition, we may retain data if you have given us permission to do so or if legal disputes arise and we use evidence within the framework of statutory limitation periods, which can be up to ten years; the regular limitation period is six years.

Secure transfer of your data.
In order to protect the data, we store as best as possible against accidental or intentional manipulation, loss, destruction or access by unauthorised persons, we use appropriate technical and organisational security measures. The security levels are continuously reviewed in cooperation with security experts and adapted to new security standards.

The exchange of data to and from our website is always encrypted. We offer HTTPS as the transmission protocol for our website, in each case using the current encryption protocols.

In addition, we offer our users content encryption as part of the contact forms and for applications. The decryption of this data is only possible for us. There is also the option of using alternative communication channels (e.g., the postal service).

Obligation to provide data.
Various personal data are necessary for the establishment, implementation and termination of the contractual relationship and the fulfilment of the associated contractual and legal obligations. The same applies to the use of our website and the various functions it provides.

In certain cases, data must also be collected or made available due to legal requirements. Please note that it is not possible to process your enquiry or carry out the underlying contractual relationship without providing this data.

Categories, sources, and origin of data.
Which data we process is determined by the respective context: this depends on whether, for example, you enter an enquiry in our contact form, or when you send us an enquiry via social media or submit a complaint.

Please note that we may also provide information separately in a suitable place for special processing situations, e.g., when you upload documents or submit a contact enquiry.

When you visit our website
When visiting this website, your browser transmits the following types of data, which are stored by us:

• the browser type and language,
• the IP address of the accessing computer,
• the server requests (e.g., page requests) including time and
• the referrer URL (i.e., the address of the previously visited website if you accessed our website from there by clicking on a hyperlink).

These first three types of data are technically necessary in order to correctly display the pages you have accessed on this website. In addition, they may be used, if necessary, to maintain the secure operation of this website (e.g., to defend against hacking attempts). The IP address and browser language are also used to suggest the appropriate language setting for our website. The referrer URL is used in anonymised form for statistical purposes. For reasons of technical security and in particular to defend against attempted attacks on our web server, this type of data is also stored for a certain period of time in accordance with Art. 6 (1) lit. f GDPR.

Contact and Shortlist request
With the help of our website, you can make various types of enquiries to us. A contact form is used in each case to record the contact data necessary for communication (e.g., name, telephone number or e-mail address) and to record the content of your message. This data is used for customer relationship management (contact history) and to answer/fill your request.

In order to protect the security and confidentiality of your data as best as possible, we implement appropriate security measures. Your application documents are transmitted to us in encrypted form through our application system. The precautions for data protection always correspond to the current state of the art.

We store your data in the application process in accordance with applicable law and delete it after six months at the latest. Data is only stored beyond this period if we are obliged or entitled to do so, e.g., if you have given us permission to store your data for a specific, longer period of time or for the exercise of legal rights.

Commercial and business services
We process information of our contractual and business partners, e.g., customers and interested parties in the context of contractual and comparable legal relationships as well as related measures and in the context of communication with contractual partners (or pre-contractual), e.g., to answer inquiries.

We process this information to fulfil our contractual obligations, to secure our rights and for the purposes of the administrative tasks associated with this information as well as for business organization. We only disclose the information of the contractual partners to third parties within the scope of the applicable law to the extent that this is necessary for the aforementioned purposes or for the fulfilment of legal obligations or with the consent of the contractual partners (e.g., to participating telecommunications, transport, and other auxiliary services as well as subcontractors, banks, tax and legal advisers, payment service providers or tax authorities).

Unless otherwise specified the purposes of processing are Contractual performance and service, contact requests and communication, office and organizational procedures, administration, and response to requests, visit action evaluation, interest-based and behavioral marketing. And, the Legal bases are Contractual performance and pre-contractual inquiries, Legal obligation, and our Legitimate interests.

Administration, financial accounting, office organisation & contact management
We process data in the context of administrative tasks as well as organisation of our operations, financial accounting and compliance with legal obligations, such as archiving. In this regard, we process the same data that we process in the course of providing our contractual services. The processing bases are Article 6 (1) (c) GDPR, Article 6 (1) (f) GDPR. Customers, interested parties, business partners and website visitors are affected by the processing. The purpose and our interest in the processing lies in the administration, financial accounting, office organisation, archiving of data, i.e., tasks that serve the maintenance of our business activities, performance of our tasks and provision of our services. The deletion of data with regard to contractual services and contractual communication corresponds to the data mentioned in these processing activities.

In this context, we disclose or transfer data to the tax authorities, consultants, such as tax advisors or auditors, as well as other fee offices and payment service providers.

Furthermore, based on our business interests, we store information on suppliers and other business partners, e.g., for the purpose of contacting them at a later date. This data, most of which is company-related, is generally stored permanently.

Contact us by e-mail or telephone
If you write to us or call us, we process the data you provide in the contact form to contact you and answer your questions and requests, (Art. 6 para. 1 lit. a, b GDPR). If you contact us by e-mail, we will process the personal data provided in the e-mail solely for the purpose of processing your request.
If you call us, we will collect your name and telephone number in order to process your request.

When using all communication channels, the principle of data economy and data avoidance is observed in that you only have to provide the data that we absolutely need from you to contact you and to process your respective enquiry.

In addition, your IP address will be processed for reasons of technical security and to defend against any attempted attacks.

Testimonial
Within the Testimonial section, you may be able to display certain personal information, share certain details, engage with others, exchange knowledge and insights, post and view relevant comment. Comment and data are publicly viewable. You have choices about the information on your comment. You don’t have to provide additional information on your comment; however, comment information helps you to get more from our Services. It’s your choice whether to include sensitive information in your comment and to make that sensitive information public. Please do not post or add personal data in your comment that you would not want to be available.

Customer and supplier data
In the context of a contractual relationship outside the website, we process the following personal data:
• Contact data (e.g., first/last names of current and, if applicable, previous contact persons as well as name supplements, company name and address of the customer (employer), mobile, landline telephone number with extension, e-mail address).
• Job-related data (e.g., function in the company, department)
• If applicable, bank details (in the context of a direct debit mandate also the first name/last name of the account holder)
• If applicable, preferred payment system, information on creditworthiness and credit behaviour
• If applicable, date of birth, length of service, etc. (for customer service purposes if you provide us with this information voluntarily).

In principle, we receive your personal data from you as part of the contract initiation process or during the ongoing contractual relationship.

Purposes and legal basis of data processing
Even when processing your personal data outside the website, the provisions of the GDPR and other relevant legal provisions are always complied with.

Your personal data is processed exclusively for the implementation of pre-contractual measures (e.g., for the preparation of offers for products or services) and for the fulfilment of contractual obligations (e.g., for the implementation of our service or for order/order/payment processing), (Art. 6 para. 1 p.1 lit. b GDPR) or if there is a legal obligation to process (e.g., due to tax law requirements) (Art. 6 para. 1 p.1 lit. c GDPR). The personal data were originally collected for these purposes.

Of course, your consent to data processing can also constitute a data protection permission requirement (Art. 6 para. 1 p. 1 lit. a GDPR). Before granting consent, we will inform you about the purpose of the data processing and about your right of revocation according to Art. 7 (3) GDPR.

For the detection of criminal offences, personal data will only be processed under the conditions of Art. 10 GDPR.

Recipients of the data / categories of recipients
In the course of the necessary business processes, our specialist departments are supported by external service providers in order to fulfil their tasks. To protect the data to be processed, the necessary data protection contracts have been concluded with all service providers.

These are, in particular, service providers, as well as financial and consulting companies, which provide support in checking order-relevant data. In addition, we make use of specialised IT experts from manufacturers and partner companies who have the relevant product know-how to support us in individual specialist areas. For project processing (registration, project notification, offer preparation, order processing), your data may be forwarded to the relevant manufacturers of the products offered or ordered. These may also be located in a third country outside the UK.

We pass on information on payment processing, to check payment behaviour and creditworthiness to credit, trade and business information agencies.

If necessary, your personal data may also be processed in the cloud in order to optimise existing processes (for example, for more efficient communication and contract processing). We have concluded the necessary contracts for this from a data protection perspective. If the cloud provider is located in a country outside the UK / EEA (third country), we take the measures possible and necessary under data protection law pursuant to Art. 44 et seq. GDPR in order to establish the level of data protection in the respective third country. In doing so, we use technical and organisational measures to ensure that only those persons who need your data to fulfil their contractual and legal obligations receive it.

Advertising purposes Existing customers
Comparesoft is interested in maintaining the customer relationship with you and in sending you information and offers about our products / services, Art. 6 (1) lit. f GDPR. Therefore, we process your data to send you relevant information and offers by e-mail and for customer satisfaction surveys.

If you do not wish this, you can object to the use of your personal data for direct marketing purposes at any time; this also applies to profiling insofar as it is related to direct marketing. If you object, we will no longer process your data for this purpose.

The objection can be made free of charge and without formalities without giving any preferably using our contact form.

Careers
Thank you for your interest in working for Comparesoft. We are aware of the importance of your data and process the personal data you provide in the application form only for the purpose of effective and correct handling of the application process and for contacting you in the course of the application process, Art. 6 para. 1 lit. a, b GDPR. No data will be passed on to third parties without your consent.

In order to protect the security and confidentiality of your data as best as possible, we implement appropriate security measures. Your application documents are transmitted to us in encrypted form by our application system.

We store your data for the above-mentioned purposes until the application process is completed and any relevant deadlines have expired – at the latest six months after receipt of a decision. However, you have the option of us storing your application documents for longer and matching them with other vacancies that match your profile.

To do this, we need your consent, which you can give us by clicking the checkbox before uploading your application documents. In this case, we will store your data for 365 days. You can, of course, revoke your consent at any time without stating reasons with effect for the future preferably using our contact form.

Cookies
Our website uses so-called cookies in several places. They serve to make our offer more user-friendly, effective and secure. Cookies are small text files that are stored on your computer and saved by your browser (locally on your hard drive). Based on our legitimate interest (Art. 6 para. 1 p. 1 lit. f GDPR), we use technically necessary cookies that are required for the operation of the website and to ensure its functionality. Depending on the purpose, these are stored permanently – even after the session has ended – (so-called persistent cookies, e.g., opt-out) or are deleted when the browser is closed (so-called session cookies – these are only valid for one browser session). For further information please refer to our Cookie Policy.

Creation of user profiles or use of cookies that are not purely functional
We use the following tools or services on our website:

Google Analytics
On our website we use the tracking tool Google Analytics of Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. This enables us to record and systematically evaluate your interactions with our website.

The following data is stored from you:

• IP address
• Usage data
• Click path
• App updates
• Browser information
• Device information
• JavaScript support
• Visited pages
• Referrer URL
• Downloads
• Flash version
• Location information
• Purchase activity
• Widget interactions
• Date and time of visit

The legal basis for the processing of your personal data is your consent pursuant to Art. 6 para. 1 p. 1 lit. a GDPR. You can revoke your consent at any time here. The purpose of processing your personal data through the Google Analytics service is to analyse the interaction of our website visitors with our website. By evaluating the data obtained here, we can optimise our offer and increase user-friendliness. We delete or anonymise the data collected by Google Analytics as soon as it is no longer required for our purposes. This is the case after 26 months.

This service may transfer the collected data to another country. Please note that this service may transfer data outside the UK and the European Economic Area and to a country that does not provide an adequate level of data protection. If the data is transferred to the US, there is a risk that your data may be processed by US authorities for control and monitoring purposes, without any possible redress available to you. However, we take the possible measures necessary under data protection law in accordance with Art. 44 et seq. GDPR to establish the level of data protection in the third country.

Social plugins of social networks
On our website you will find social plugins to the social media services of Facebook, Twitter, YouTube, and LinkedIn. You can recognise links to the websites of the social media services by the respective company logo. If you follow these links, you will reach our company websites on the respective social media service. When you click on a link to a social media service, a connection is established to the servers of the social media service. This transmits to the servers of the social media service that you have visited our website. In addition, further data is transmitted to the provider of the social media service. These are for example:

• Address of the website on which the activated link is located.
• Date and time when the website was called up or the link was activated
• Information about the browser and operating system used
• IP address

If you are already logged in to the corresponding social media service at the time the link is activated, the provider of the social media service may be able to determine your username and possibly even your real name from the transmitted data and assign this information to your personal user account with the social media service. You can exclude this possibility of assignment to your personal user account if you log out of your user account beforehand.

The servers of the social media services are located in the USA and other countries outside the UK. The data may therefore also be processed by the provider of the social media service in countries outside the UK. Please note that companies in these countries are subject to data protection laws that do not generally protect personal data to the same extent as they do in the UK.

Please note that we have no influence on the scope, type and purpose of the data processing by the provider of the social media service. For more information on the use of your data by the social media services integrated on our website, please refer to the privacy policy of the respective social media service.

Links to other providers
Our website also contains – clearly recognisable – links to the websites of other companies. Insofar as there are links to websites of other providers, we have no influence on their contents. Therefore, no guarantee or liability can be assumed for these contents. The respective provider or operator of the pages is always responsible for the content of these pages.

The linked pages were checked for possible legal violations and recognisable infringements at the time of linking. Illegal contents were not recognisable at the time of linking. However, permanent monitoring of the content of the linked pages is not reasonable without concrete indications of a legal violation. Such links will be removed immediately if infringements of the law become known.
Online offers for children.

Persons under the age of 16 are not permitted to transmit personal data to us or to submit a declaration of consent without the consent of their legal guardians. We encourage parents and guardians to actively participate in the online activities and interests of their children.

Presence in social media
We are present in various “social media” in order to communicate with the customers, interested parties and users registered there and to be able to inform them about our offers there.

We would like to point out that you use these platforms and their functions on your own responsibility. This applies in particular to the use of the interactive functions (e.g., commenting, sharing, rating).

We would also like to point out that your data may be processed outside the UK.

In addition, your data may be processed for market research and advertising purposes. For example, usage profiles can be created from your usage behaviour and the resulting interests. This allows, for example, advertisements to be placed within and outside the platforms that presumably correspond to your interests. Cookies are usually stored on your computer for this purpose. Independently of this, data that is not directly collected from your end devices may also be stored in the usage profiles (especially if you are a member of the respective platforms and are logged in to them).

We, as the provider of this information service, do not collect and process any data from your use of our service beyond this.

The processing of users’ personal data is based on our legitimate interests in providing users with effective information and communicating with users pursuant to Art. 6 para. 1 p.1 lit. f. GDPR. If you are asked by the respective providers for consent to data processing, the legal basis for processing is Art. 6 para. 1 sentence 1 lit. a., Art. 7 GDPR.

If you are a member of a social network and do not want the network to collect data about you via our website and link it to your stored membership data with the respective network, you must

• log out of the respective network before visiting our website,
• delete the cookies on your device and
• close and restart your browser.

After logging in again, however, you will once more be recognisable to the network as a specific user.

For a detailed description of the respective processing and the opt-out options, please refer to the information of the providers linked below.

In the case of requests for information and the assertion of user rights, we would also like to point out that these can most effectively be asserted with the providers. Only the providers have access to the users’ data and can take appropriate measures and provide information directly. If you still need help, you can contact us.

• Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) – Privacy policy: https://www.facebook.com/about/privacy/,
Opt-Out: https://www.facebook.com/settings?tab=ads and http://www.youronlinechoices.com,.
• Google / YouTube (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) – Privacy policy: https://policies.google.com/privacy,
Opt-Out: https://adssettings.google.com/authenticated,
• Twitter (Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA) – Privacy policy: https://twitter.com/privacy,
Opt-Out: https://twitter.com/personalization,.
• LinkedIn (LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland) – privacy policy https://www.linkedin.com/legal/privacy-policy ,
Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out,

Hosting
The services for hosting and displaying our platform are partly provided by our service provider (Amazon Web Services (AWS)) as part of processing on our behalf. Unless otherwise explained in this privacy policy, all access data and all data collected in forms provided for this purpose on our platform are processed on their servers. If you have any questions about our service providers and the basis of our relationship with them, please contact us.

Changes and updates to the privacy policy
We kindly ask you to regularly inform yourself about the content of our privacy policy. We will amend the privacy policy as soon as changes to the information processing activities we carry out make this necessary. We will inform you as soon as the changes require an act of cooperation on your part (e.g., consent) or other individual notification.

Concerns and Contact
If you have any concerns about a possible compromise of your privacy or misuse of your personal information on our part, or any other questions or comments, you can contact us.