Who we are
Opal BPM Limited ('we' or 'us') operate this site (www.opalbpm.com) and we are responsible as a 'data controller' for the personal data that we collect from you when you choose to provide it. A data controller determines how and why personal data is processed.
What data do we collect
Personal data is collected when you choose to provide it by completing the form on the Contact page to talk to us. The personal data we request in our site is limited to your name and email address and any information that you choose to provide within a message.
Depending on your enquiry we may receive data about you from other companies within our group, namely Jupiter Prestige Group, and add this data to our database.
We use Google Analytics software to collect information about how you use our site. This includes IP addresses. The data is anonymised before being used for analytics processing.
Google Analytics processes anonymised information about:
- the pages you visit on our site
- how long you spend on each page
- how you got to the site
- what you click on while you’re visiting the site
We do not store your personal information through Google Analytics (for example your name or address).
We will not identify you through analytics information, and we will not combine analytics information with other data sets in a way that would identify who you are.
We continuously test and monitor our data protection controls to make sure they’re effective and to detect any weaknesses.
Why we need your data
We collect information through Google Analytics to see how you use our site. We do this to help:
- make sure the site is meeting the needs of its users
- make improvements, for example improving site search
We also collect data in order to:
- respond to any feedback you send us, if you’ve asked us to
- send emails to provide you with information about our services if you request it
Reasons we can collect and use your data
We rely on legitimate interests, for contacting you about our services, and your consent as our legal basis for processing your data.
The legal basis for processing anonymised data for Google Analytics is your consent.
What we do with your data
When you choose to send us your data using our Contact form we will create an entry in our database and use the collected information to contact you to respond to your enquiry.
The data we collect may be shared with other companies within our group, namely Jupiter Prestige Group. It may also be shared with our technology suppliers, for example our hosting provider.
We will not:
- sell or rent your data to third parties
- share your data with third parties for marketing purposes
- use your data in analytics
We will share your data if we are required to do so by law.
How long we keep your data
We will only retain your personal data for as long as it is needed for the purposes set out in this document or the law requires us to.
We will keep your email data until you unsubscribe. We will keep your feedback data for 2 years. We will delete access log data after 120 days.
Children’s privacy protection
Our site and business services are not designed for, or intentionally targeted at, children 13 years of age or younger. We do not intentionally collect or maintain data about anyone under the age of 13.
Where your data is processed and stored
We design, build and run our systems to make sure that your data is as safe as possible at all stages, both while it’s processed and when it’s stored.
All personal data is stored in the European Economic Area (EEA). Data collected by Google Analytics may be transferred outside the EEA for processing.
Transfers of your information out of the EEA
We may need to transfer your data to the following countries in order to satisfactorily respond to you when you contact us about our services:
- United States
For more information on the basis of any non-EEA transfers and our safeguards, please contact our Privacy Team as described below.
How we protect your data and keep it secure
We are committed to doing all that we can to keep your data secure. We have set up systems and processes to prevent unauthorised access or disclosure of your data - for example, we protect your data using varying levels of encryption and we limit access to your data to those who have a genuine business need to know it.
We are an ISO 27001 registered company. Implementing this international standard helps us manage and protect your data.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
You have a number of important rights that are free of charge.
You have the right to request:
- information about how your personal data is processed
- a copy of that personal data
- that anything inaccurate in your personal data is corrected immediately
You can also:
- raise an objection about how your personal data is processed
- request that your personal data is erased if there is no longer a justification for it
- ask that the processing of your personal data is restricted in certain circumstances
If you have any of these requests, get in contact with our Privacy Team.
Contact us or make a complaint
Contact the Privacy Team if you:
- have a question about anything in this privacy notice
- think that your personal data has been misused or mishandled
The Privacy Team may be contacted as follows:
- e-mail: [email protected]
- post: Opal BPM, 48-50 St John Street, London, EC1M 4DG
- telephone: +44 (0)20 7014 1400
Our data protection officer is Chris Ebbs.
Changes to this privacy notice
We may change this privacy notice. Any changes to this privacy notice will apply to you and your data immediately.
If these changes affect how your personal data is processed, will take reasonable steps to let you know.
This document is reviewed at least annually and may change at any time.