“Consumer” means any person acting for purposes other than their trade, business or profession.
“Data Controller”, “Data Processor”, “processing”, and “data subject” shall have the meanings given to the terms “controller” “processor”, “processing” and “data subject” respectively in Article 4 of the GDPR. “Personal Data” means all such “personal data”, as defined in Article 4 of the GDPR, as is, or is to be, processed by the Data Processor on behalf of the Data Controller, as described in Clause 1.
“Service(s)” means the supply of services by InfoTrack to you including but not limited to property searches, reports and photographs, company searches, trademarks and domain names searches and other searches from time to time and includes our instructions to a Supplier, on your behalf and the dissemination of the information subsequently provided by the Suppliers.
“Sub-Processor” means any organisation or third party appointed by the Data Processor to process the Personal Data on your behalf for the purposes of providing the Services.
“Supplier” means any organisation or third party who provides data or information of any form to InfoTrack for the purposes of providing the Services.
1. Data Subjects and the types of personal data we collect
The type of information we may collect and hold includes (but is not limited to) personal data you may give us when you place an order via Our Website (or other Ordering Methods) or contact our customer service team, or otherwise interact with us and provide personal data about:
• in the case of a Consumer, you personally;
• in the case of a Supplier, your employees (and prospective employees and contractors), your clients, business associates and potential clients and their employees.
• in the case of prospective employees and contractors, you personally.
Personal Data that you give us may consist of names, addresses, contact details, occupations and other information and generally will include:
• name, address, contact telephone numbers, email addresses and other contact or identity details;
• payment information (such as credit card or bank details);
• other personal data required to provide our services in specific cases;
• in the case of a Supplier, personal data of third parties in connection with the products or services you request or order form us, such as the information disclosed in searches of public records you undertake when you use our products or services.
You are not obliged to provide personal data to InfoTrack, however in many cases, if personal data we request is not provided, we may not be able to supply the relevant product or service that you have requested from us.
2. How personal data is collected and held by us
We collect the personal data you provide when you:
• apply to become a customer or user of our products or services;
• fill in and return to us a signed client form;
• use our services by logging into our system or ordering products or services from us via Our Website, by telephone, email or in other ways;
• enter personal data into our system about you or other third parties in connection with your use of our products or services;
• store details of products or services you have ordered or information and data contained in the particular products or services you have ordered - for example if you order a title search which includes personal data and we store that search information so you can retrieve it again later on;
• when you contact us as a prospective employee or contractor of InfoTrack.
When you visit Our Website, we may collect any or all of the following technical data:
• Device Identifiers (the internet protocol address used to connect your device to the internet, your log-in information, browser type and version, regional settings, operating system and platform);
• Data about your use of Our Website (the full Uniform Resource Locators (URL), clickstream to, through and from Our Website (including date and time), products you viewed or searches for, time spent on certain pages or screens, interaction data (such as scrolling, clicks and mouse-overs.
3. How InfoTrack protects personal data
InfoTrack employ a variety of physical and technical measures to keep personal data safe to prevent unauthorised access to, use or disclosure of it. Electronic data and databases are stored on secure computer systems and we control who has access to them (using both physical and electronic means). Our staff receive data protection training and we have a set of detailed data protection policies and procedures which personnel are required to follow when handling personal data.
We store personal data in computer storage facilities, paper-based files and other records. We take steps to protect the personal data against loss, unauthorised access, use modification or disclosure, and against other misuse. These steps include password protection and access privileges for accessing our IT system, encryption of data stored and physical access restrictions to paper files. Some of these services, such as hosting our computer file servers, are provided by third parties in the UK and we endeavour to ensure that they also have adequate privacy safeguards in place through the use of contractual measures to protect personal data.
Because transmission of information over the internet is often insecure, we do not accept responsibility for the security of information you send to or receive from us over the internet, or for any unauthorised access or use of that information by others over the internet.
InfoTrack shall ensure that all personnel who access and/or process any of the personal data are contractually obliged to keep Personal Data confidential.
4. The purposes for which we collect, use and disclose personal data.
• enter into, or perform, a contract with you e.g. to fulfil any orders you place through Our Website or over the telephone;
• perform the services you have asked us to provide;
• comply with a legal duty;
• protect your vital interests;
• remember your preferences (e.g. where you are a Supplier, if you ask not to receive marketing material, we’ll keep a record of this), or
• for our own (or a third party’s) lawful interests, provided your rights don’t override these.
For the purposes connected with providing our products and services to you, we may share your data with third parties but we will not use or share your personal data for any other purpose without first obtaining your consent, unless required by law.
In any event we will only use your personal data for the purposes for which it is collected, or purposes which are very similar.
• to set up your account with us, which (where you are a Consumer) may include confirming your identity and obtaining a credit or reference check from a third party;
• to provide the products or services you have requested from us;
• to answer enquiries you make;
• for payment processing;
• to administer our databases for client services, marketing, credit control and financial accounting purposes;
• to comply with legal requirements regarding collection and retention of information concerning the products and services that we provide; and
We may disclose your personal data (or the personal data of third parties that you may provide to us) to third party service providers who assist us in providing the services you request, including public authorities and providers of information services.
We may also disclose your personal data to third parties who work with us in our business to promote, market or improve the services that we provide, including:
• providers of customer relations management database services and marketing database services;
• marketing consultants, promotion companies and website hosts; and
• consultants and professional advisers.
We may also combine your personal data with information available from other sources, including the entities mentioned above, to help us provide better services to you.
We may share your personal data within the InfoTrack Group of Companies, including InfoTrack, STL Group Limited, and Perfect Portal (UK) Limited in connection with the fulfilment of the contract between us only.
You can withdraw your consent at any time to our processing of your personal data for any purpose at any time, by contacting us by email or at the postal address set out in paragraph 8.By submitting an Order, you understand that we use Sub-Processors for the purpose of providing the Services and by submitting the Order you give consent to use Sub-Processors for the purpose of providing the Services.
In the event we engage another Sub-Processor after you have placed your order for Services and before this order for Services is completed, we will give you prior written notice. If you object to any new Sub-Processor you may, despite anything to the contrary in the Terms, terminate the Agreement and your right to access and use the Services without penalty on written notice provided your notice is received by the effective date of our notice.
InfoTrack will only use suppliers that meet the requirements of the Data Protection legislation.
Where you are a Supplier, and as an existing customer, we may wish to send you details regarding:
• new services and products offered by us;
• details of meetings, events and seminars that may be of interest to InfoTrack customers and clients;
• our newsletters and other marketing publications.
We may contact you inviting you to opt-in to receiving this information. This means that you will be given the choice as to whether you want to receive these messages and will be able to select how you want to receive them (email, telephone or post).
You may opt-out of receiving direct marketing or the disclosure your personal data for the purpose of direct marketing by:
• contacting our Data Privacy Officer at DPO@infotrack.co.uk;
• by using any unsubscribe facility contained in email communications that you receive from us;
• writing to us at InfoTrack Limited, 10 John Street, London, WC1N 2EB.
The information we hold is never used for marketing purposes and is never marketed, rented or sold to any third parties.
6. Where we store your personal data
The data that we collect from you will be transferred, stored and processed using Amazon Web Servers (AWS) which are held at a destination within the European Economic Area (“EEA”). AWS servers offer the highest level of security and are ISO 27001 compliant. If we transfer any data outside the EEA we will take steps to make sure adequate levels of privacy protection, in line with UK Data Protection legislation, are in place.
The data we collect will be stored and kept for as long as is necessary.
The duration of processing is limited to the duration in which we provide the Services to you.
If you wish to opt out of communications from us or withdraw your consent, your data will be deleted without undue delay. We continually review the personal data we hold and delete what is no longer required.
7. How you can access your personal data
We want to ensure you remain in control of your personal data. Part of this is making sure you understand your legal rights which are as follows:
• the right to erasure of personal data (although this will not apply where it is necessary for us to continue to use the data for a lawful reason);
• the right to have inaccurate data rectified;
• the right to object to your data being used for marketing or profiling;
• where technically feasible, you have the right to see any personal data you have provided to us which we process automatically on the basis of your consent to a performance of a contract. This information will be provided in a common electronic format;
• the right to make a subject access request (“SAR”) at any time to find out more about the personal data which InfoTrack holds about you (and obtain a copy of it). InfoTrack will usually respond to SAR’s within one month of receipt (however this may be extended by up to two months in the case of complex and/or numerous requests, and in such cases you shall be informed of the need for the extension).
• Your right to be notified immediately if InfoTrack become aware of any form of personal data breach, including any unauthorised or unlawful processing, loss of, damage to, or destruction of any of the personal data
InfoTrack will, on one months’ prior written notice, submit to audits and inspections and provide you with any information reasonably required in order to assess and verify compliance with the provisions of this Agreement and both Parties’ compliance with the requirements of the GDPR.
If you would like further information on your rights or you wish to exercise them please write to us at DPO@infotrack.co.uk or InfoTrack Limited, Level 11, 91 Waterloo Road, London, SE1 8RT.
Please bear in mind that there are exceptions to the rights above and, though we will always try to respond to your satisfaction, there may be situations where we are unable to do so. If you are not happy with our response, or you believe that your data protection or privacy rights have been infringed, you should contact the UK Information Commissioner’s Office, which oversees data protection compliance in the UK. Details of how to do this can be found at www.ico.org.uk
8. How to contact us or make a complaint
Lloyd Smith - InfoTrack Data Privacy Officer
writing to us at InfoTrack Limited, Level 11, 91 Waterloo Road, London, SE1 8RT
We will acknowledge and investigate any complaint about the way we manage personal data as soon as practicable. We will take reasonable steps to remedy any failure to comply with our privacy obligations. We are not responsible for the privacy policies or privacy practices of the organisations we provide links to from Our website. We suggest that you check the privacy policies and practices of those organisations.
A 'cookie' is a piece of information that allows the server to identify and interact more effectively with your computer. The cookie assists us in identifying what our users find interesting on Our website.
When you use Our website we allocate you a unique identification number (cookie). A cookie will be allocated each time you use Our website. The cookie does not identify you as a user in our data collection process. It does identify your Internet Server Provider.