Privacy Notice.
1. PURPOSE AND SCOPE
The Foundry Visionmongers Ltd and its group companies (“Foundry”, “we”, “us”) are committed to protecting Personal Data and the Processing of such data, in accordance with Applicable Data Protection Laws.
If you are a California resident, please see Schedule 1 of this Notice for more information about your specific privacy rights.
When you engage with us via our Website or through our marketing activities, and when you buy or use our products and services we will collect certain information that can be used to identify you.
We collect and use information about you in order to manage our relationship with you, to fulfil our legal duties and to operate our business and develop our products and services. We recognise that we have a duty to ensure that we are open and transparent with you and that we enable you to exercise your choices and preferences in relation to that data quickly and easily.
When we process your Personal Data for these purposes, Foundry is a “Controller”. This means that we are responsible for deciding how we hold and use Personal Data about you. This Privacy Notice (the “Notice”) explains how Foundry generally collects, stores, uses, retains and shares your Personal Data. It also explains which Personal Data we collect and for what purpose. It also lists what rights you have as an individual, and who you should get in touch with if you have questions or concerns.
2. ROLES AND RESPONSIBILITIES
Foundry’s Cyber Committee (the “Committee”) has overall responsibility for ensuring compliance with Applicable Data Protection Laws and with this Notice.
If this Notice does not answer your questions, or if you consider that we have not followed this Notice in respect of your Personal Data, then you can get in touch with the Committee by contacting Foundry’s General Counsel by phone, email or post and we will be happy to help.
How to contact us:
- Phone
- +44 (0)20 7479 4350
- legal@foundry.com
- Address
- The General Counsel The Foundry Visionmongers Ltd. 5 Golden Square London W1F 9HT United Kingdom
3. DEFINITIONS
In this notice the terms set out below have the following meanings:
Applicable Data Protection Laws means, to the extent UK GDPR applies means the UK GDPR, to the extent the EU GDPR applies means the law of the European Union or any member state of the European Union, to which you are subject to which relates to the protection of Personal Data; and in each case together with any associated regulations or instruments, plus other local data protection laws, regulations, regulatory requirements and codes of practice applicable in the jurisdictions Foundry offices are located. It also includes any other legislation, regulations, rules and codes of practice that transpose or supersede the above including any data protection laws amending, replacing and superseding the regulations.
Data Subjects means a living, identified or identifiable individual about whom we hold Personal Data. Data Subjects may be nationals or residents of any country and may have legal rights regarding their Personal Data.
EEA means the European Economic Area.
EU GDPR means the General Data Protection Regulation (EU) 2016/679.
Personal Data means data or information relating to a Data Subject. An identifiable natural person is one who can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Processing means any activity that involves use of the data. It includes obtaining, recording or holding the data, or carrying out any operation or set of operations on the data including organising, amending, retrieving, using, disclosing, erasing or destroying it. Processing also includes transferring Personal Data to third parties.
UK GDPR means the retained EU law version of the EU GDPR as defined in the Data Protection Act 2018.
Website means our website at www.foundry.com.
4. THE PERSONAL DATA WE COLLECT
We collect Personal Data over the course of our relationship with you when you use our Website, when you interact with us directly or via our marketing, and when you purchase and/or use our products or services.
We collect the following main types of Personal Data when we carry out these activities:
• Contact details: information that allows us to contact you directly such as your name, job title, the company you represent, email address, telephone number and billing and shipping addresses associated with your account.
• Payment information: credit/debit card details, bank account details and any other information you provide to make payment for the products and services you purchase from us.
• Purchase and account history: when you arrange trials or purchase products or services from us, we keep records relating to those orders.
• Records of your discussions with our teams: when you share comments and opinions with us, ask us questions or make a complaint we will keep a record of this. This includes when you send us emails, interact with us on social media or contact our support desk.
• How you use Website: when you use our Website, we collect information about where you are visiting from, your interests, the pages you look at and how you use them.
• Website security: when you register with our Website, we store your account details and password. When you buy products or submit forms via our Website, we keep records of your acceptance of our end user license agreements and privacy notices.
• Advertising and direct marketing: through our social media, marketing events, advertisements and direct marketing, we collect information about your interests, how you respond to, or interact with, any marketing or advertising communications directed to you, and any requests for these communications to stop.
• Product usage: when you use our products, we collect information about how and when you make use of them, your license, your email domain name, your computer equipment and network environment including information about the location of that equipment and whether you make use of any of our other products or services on your computer.
• Exercising your rights: if you exercise any of your statutory rights under Applicable Data Protection laws, we will keep a record of this and how we respond.
• Account information: we keep copies of the emails you send us and we create identification numbers that allow us to link your account status with your order history, product licenses and payments.
5. WHAT WE USE YOUR PERSONAL DATA FOR AND WHY
We process these items of your Personal Data to enter into or fulfil contracts for the purchase, licensing and support of our products. Where our contract is with you, we process your Personal Data because it is necessary to fulfill the contract we have with you. Where the contract is with the company you represent, we process your Personal Data because it is in our legitimate interests to fulfill the contract with that company.
| Reason or purpose | Personal Data used |
|---|---|
| Provide you with our products and services and maintain your account |
|
| Maintain your account(s) on the Website |
|
| Billing, taking payment for our products and services and performing debt collection |
|
| Respond to requests and provide support and maintenance for our products |
|
| Respond to product support requests |
|
| Verify your eligibility for student / education licences |
|
Where we process your Personal Data because we have a legitimate interest
We process these items of your Personal Data because we have a legitimate interest to improve our service to you, to identify new products you might be interested in, to advertise our products and services to you, to verify licensed usage of our products, to detect and reduce abuse by pirates, and to assist us in complying with sanctions laws:
| Reason or purpose | Personal Data used | Our specific legitimate interest |
|---|---|---|
| Determine products and services that may be of interest to you |
|
|
| Direct marketing via email and phone. If, at any time, tell us that you do not wish to receive direct marketing then we will not send you direct marketing materials. |
|
|
| Maintain and improve our products and services and provide internal training to staff to improve customer experience |
|
|
| Verify licensed product usage and to detect and reduce abuse by pirates |
|
|
| To ensure that you are not listed on any governmental restricted, blocked, denied, sanctioned or barred persons lists |
|
|
Where we process your Personal Data because we are under a legal obligation to do so under applicable law
| Reason or purpose | Personal data used |
|---|---|
| Respond to your statutory rights |
Depending on the nature of your rights and request, any one or more of these category may be used:
|
We process the following types of information that may not be Personal Data on its own but may become Personal Data when combined with other information we hold. We process this for the legitimate interest of preventing and detecting piracy of our software.
To prevent and detect piracy of our software, we process certain information that we do not consider to be your Personal Data alone but which may become your Personal Data when it is combined with other information we collect. The information we process includes the IP address and MAC address of your computer equipment; the MAC address of WiFi access points that are in range of your computer equipment; the email domain of the owner of your computer equipment; and an approximate location for your computer equipment. We also share the MAC addresses of nearby WiFi access points with Google who will then process this information and provide us with an approximate location for your equipment.
Where we process your Personal Data so you can’t be identified any more
We may anonymise and aggregate any of the Personal Data we hold (so that it does not identify you). We may use anonymised and aggregated information for purposes that include testing our IT systems, research, data analysis, improving our Website, developing new products and services or improving our existing portfolio.
6. SOURCES WE COLLECT YOUR PERSONAL DATA FROM
We collect Personal Data from a range of different sources but primarily directly from you. We collect Personal Data by the following means:
• Directly from you: when you set up an account with us, email us, purchase products or services from us, submit information via our Website, complete any forms or surveys we provide to you, request product trials, enter competitions or prize draws, use our products and services, raise queries, make a complaint, submit support requests, contact us by phone, email or communicate with us directly in some other way.
• Our Website & products: when you create an account on one of our Website and when you use or visit the Website or download or use our products.
• Publicly available sources: we make use of public records including your company website, industry publications, industry news Website, LinkedIn and professional listings.
• Government, public authorities and regulators: may provide us with information about you where they are required to do so by law or where you have contacted them.
• Google: Google may provide us with information about the location of equipment on which our software has been downloaded.
• IT usage analytics providers: We may use IT usage analytics providers to provide us with further information in relation to unlicensed usage of our software.
• Sanctions screening providers: We use companies to check that customers are not on any government ‘denied persons’ or similar lists.
7. WHO WE SHARE YOUR PERSONAL DATA WITH
In certain circumstances, we will share your Personal Data with third parties. The main third parties we may share your Personal Data with are:
| Who | Examples of Sharing |
|---|---|
| Approved Resellers |
If you are located in a region where we have an approved reseller of our products and: (a) you have previously purchased our products via an approved reseller; (b) we believe your needs are better served by dealing with a local approved reseller; or (c) we believe you are pirating our software, then we may pass your contact details and your purchase and account history to that authorised reseller. In addition, we may provide details of your product usage if we believe that you are pirating our software. We will not share your contact details with a reseller in a different region to you. |
| Payment agents |
If you pay us via debit or credit card, via PayPal or another third party payment service then we will share details with the relevant payment agent so that they can process the transaction. |
| Debt collection agencies, lawyers, resellers of our software and enforcement bodies |
If you have an overdue debt which is owing to us, if we believe that you are using pirated version(s) of our products or if we believe that you have breached our agreement(s), we may pass your details to local our software resellers, local debt collection agencies, enforcement bodies or lawyers. |
| The government or regulators |
Where we are required to do so by law or to assist them with their investigations or initiatives, including, in the UK, the Information Commissioner’s Office. |
| Police and law enforcement |
To assist with the investigation and prevention of crime, including software piracy. |
| IT and cloud service providers, support teams and advisors |
We use IT systems and cloud platforms for our everyday business functions including email, financial management, data storage and customer account records. We also engage third parties to support our systems and help us deliver services to you, and to help detect and prevent piracy of our software and to support the operation and analyse the usage of our Website. |
| Purchasers and sellers of businesses and their professional advisors |
If we sell or buy any business or assets, or the shareholders in our corporate group decide to sell any shares, we may disclose your Personal Data to the prospective seller or buyer of such business, assets or shares and its professional advisors. |
We do not buy any marketing lists from external providers, nor do we sell your information to any other company or entity.
Our Website may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these Website, please note that these Website and any services that may be accessible through them have their own privacy policies and that we do not accept any responsibility or liability for these policies or for any Personal Data that may be collected through these Website or services.
8. TRANSFERRING YOUR DATA INTERNATIONALLY
If you live in a country in the UK and/or EEA, the data that we collect from you may be transferred to, and stored at, a destination outside the UK and/or EEA (including to other affiliates of the Roper Group in the US). It may also be processed by staff operating outside the UK and/or EEA who work for us or for one of our suppliers.
To ensure that your Personal Data is secure, we will only transfer information to a country outside of the UK and/or EEA where we do so in accordance with the Applicable Data Protection Laws. This requires that one of the following conditions apply:
• the European commission or the UK government has decided that the country to which we transfer the Personal Data provides an adequate level of protection for your Personal Data;
• appropriate safeguards are in place such as binding corporate rules, standard contractual clauses approved for use in the UK, an approved code of conduct or a certification mechanism is in place;
• you have provided explicit consent to the proposed transfer after being informed of any potential risks; or
•the transfer is based on an exemption from the GDPR and UK GDPR restrictions on transferring Personal Data outside of the EEA or the UK as applicable.
Foundry and the Roper Group have executed Standard Contractual Clauses, as approved by the European Commission and/or by the United Kingdom’s Information Commissioners’ Office. These clauses permit us (or the Roper Group) to transfer data from the EEA and the UK to third countries, including the United States. Regardless, in all events, we shall apply the provisions of this Notice to your Personal Data wherever it is located.
9. AUTOMATED DECISION MAKING AND PROFILING
Automated decision making happens when a computer uses Personal Data to make decisions about a person without any human intervention which have legal effects or similarly significant effects for the person. We do not engage in any form of automated decision making.
Profiling happens when a computer system uses Personal Data to evaluate a person’s characteristics. We undertake profiling in the following areas of our business:
| Purpose of Profiling | Logic Used | Potential Consequences for You |
|---|---|---|
| To understand your preferences | We collect and combine Personal Data, including your purchase and account history and how you use Website, to better understand your buying habits and your product interests. | The combined data helps our Sales team determine which products and services we should bring to your attention |
| To prevent piracy of our software | We analyse mismatches between product usage and account information to identify unlicensed use of our products and services. | Our License Compliance team team may investigate the mismatch and determine whether or not to pursue unlicensed users. |
10. HOW LONG WE KEEP YOUR DATA
We will keep your Personal Data for as long as necessary in order to achieve the purpose of data Processing plus, where necessary, an extended period to cover statutory limitation periods.
11. YOUR RIGHTS IN RELATION TO YOUR PERSONAL DATA
Under certain circumstances, you have the following rights in relation to your Personal Data:
• The right of access to your Personal Data: This enables you to receive a copy of the personal information we hold about you and check that we are lawfully processing it.
• The right to have your Personal Data rectified: This enables you to have any incomplete or inaccurate information we hold about you corrected.
• The right to deletion of your Personal Data: This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it, you withdraw your consent, we are unlawfully holding your Personal Data or we should erase your Personal Data to comply with Applicable Data Protection laws. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
• The right to object to processing of your Personal Data your particular situation which makes you want to object to processing on this ground. You also have the right to object to us processing your Personal Data where we are processing your personal information for profiling and/or for direct marketing purposes.
• The right to restriction of processing of your Personal Data: This enables you to ask us to suspend the processing of Personal Data about you, for example if you want us to establish its accuracy or stop us deleting Personal Data which you need for a legal claim.
• The right to have your data transferred to another services provider: This enables you to have the Personal Data you have provided us to be transferred to another party.
• Withdraw your consent to the Processing of your Personal Data (to the extent we base Processing on consent and not on another lawful basis).
You can exercise your rights at any time by contacting us at legal@foundry.com and providing sufficient information for us to identify you and your Personal Data.
We will always aim to help you when you wish to exercise your rights but in some instances we may have lawful grounds to reject your request depending on the legal reason why we collected your Personal Data.
12. COOKIES
Cookies are very small text files that are stored on your computer device when you use it to visit many Website. For more information on the types of cookies we place on your computer, how they are used and how long they remain as well as how to control them, please read our cookies policy.
13. CHANGES TO THIS NOTICE
This Notice has been updated in October 2024. We reserve the right to amend our Notice and any changes we may make in the future will be posted on this page.
This Notice will be reviewed and updated on an annual basis to comply with applicable new requirements, regulations, insights, strategies, processes or technologies. We recommend that you check for updates to this Notice from time to time but we will notify you directly about changes to this Notice or the way we use your Personal Data when we are legally required to do so.
14. CONTACT AND COMPLAINTS
Questions, comments and requests regarding this Notice are welcomed and should be addressed to Data & Privacy Policy Enquiries, The Foundry Visionmongers Ltd, 5 Golden Square, London W1F 9HT, UK or legal@foundry.com.
If you do not agree with a decision we make in relation to a rights request or believe that we are in breach of Applicable Data Protection laws then you can lodge a complaint with a data protection supervisory authority in the EU or the UK. You can contact the data protection supervisory authority for the UK using its contact details on its website https://ico.org.uk/.
CALIFORNIA CONSUMER PRIVACY ACT DISCLOSURES
This California Consumer Privacy Act disclosure page ("Disclosure") supplements the Privacy Notice which can be found at https://www.foundry.com/privacy-notice and is effective as of November 2024. The Privacy Notice describes the personal information that we collect, the sources from which we collect it, the purposes for which we use it, the limited circumstances under which we share personal information, and with whom we share it. These additional disclosures are required by the California Consumer Privacy Act.
- CATEGORIES OF PERSONAL INFORMATION COLLECTED
The personal information that we collect, or have collected from consumers in the twelve months prior to the effective date of this Disclosure, fall into the following categories established by the California Consumer Privacy Act:
- identifiers (e.g., name, address, phone number, IP address);
- protected classifications (e.g., age, gender, gender identity);
- financial and commercial information (e.g., credit card numbers, purchase history);
- internet or other online activity information;
- geolocation data (e.g., computer/device location);
- professional/educational information; and
- inferences drawn from any of the above.
Categories of personal information disclosed for a business purpose. In the 12 months prior to the effective date of this Disclosure, we have disclosed to the third parties identified in the “Who We Share Your Personal Data With” section of the Privacy Notice above personal information that falls into the following categories established by the California Consumer Privacy Act:
- identifiers;
- protected classifications; ;
- financial and commercial information; ;
- internet or other online activity information; ;
- geolocation data; and ;
- professional/educational information.;
- RIGHT TO ACCESS TO OR DELETE PERSONAL INFORMATION
The California Consumer Protect Act may provide you with the right to request information about the personal information we collect about you, to receive a copy of your personal information, or delete the personal information we hold. If you wish to do any of these things, please visit here or contact our legal team at Foundry. Depending on your data choices, certain services may be limited or unavailable. You may exercise these rights by sending us an email at legal@foundry.com, writing to us at Data & Privacy Policy Enquiries, The Foundry Visionmongers Ltd, 5 Golden Square, London W1F 9HT, UK, or by calling +44 (0)20 7479 4350. We will respond to any such requests within 30 days of receipt.
- NO SALE OF PERSONAL INFORMATION
We have not sold any personal information of consumers, as those terms are defined under the California Consumer Privacy Act, in the 12 months prior to the effective date of this Disclosure.
- NO DISCRIMINATION
We will not discriminate against any consumer for exercising their rights under the California Consumer Privacy Act.