Processing Policy

WHAT THIS POLICY APPLIES TO

This processing policy applies to the Client Data that we process when providing Services to you.

This Policy should be read alongside the EULA (“Agreement”) and any other documents referred to in it.

The definitions contained in the Agreement apply to this policy.

INFORMATION THAT COLOSSUS SYSTEMS PROCESSES ON YOUR BEHALF AND INFORMATION ENTRUSTED TO COLOSSUS SYSTEMS AND PURPOSE

INFORMATION PROVIDED IN CONNECTION WITH SERVICES:

You may entrust information that you or your company (“you”) control, to Colossus Systems in connection with use of our services or for requesting technical support for our products. This includes information regarding your customers and your employees (if you are a controller) or data that you hold and use on behalf of another person for a specific purpose, such as a customer to whom you provide services (if you are a processor). The data may either be stored on our servers when you use our services, or transferred or shared to us as part of a request for technical support or other services.

All the information entrusted to Colossus System is collectively termed “Client Data”.

OWNERSHIP AND CONTROL OF YOUR CLIENT DATA:

1. We recognize that you own your Client Data. We provide you complete control of your Client Data by providing you the ability to
   access your Client Data,
2. share your Client Data through supported third-party integrations, and
3. request export or deletion of your Client Data.

HOW WE USE CLIENT DATA:

We process your Client Data when you provide us instructions through the various modules of our Services.

IN PROVIDING THE SERVICES WE WILL:

We shall process your Client Data in the following ways:

• storing data;
• making data available to you in different formats and media; and
• presenting that data to you in the form of summaries and reports based on the data.

For example we shall process your Client Data for the following purposes:

• to collate information together in order to provide the information in an accessible and simple format so you can reference data quickly,
• to allow such data to be edited and expanded on safely and quickly;
• to make tools available to you so that you can analyse the data; and
• to be able to use your Client Data to use our campaign and event marketing tools

RETENTION OF CLIENT DATA

We will carry out these activities for the duration of our Agreement with you. Unless we are required by the Data Protection Legislation to store the Client Data when the Agreement ends we will delete or return the Client Data to you in accordance with your instructions.

WHO WE SHARE CLIENT DATA WITH

Colossus Systems and third party sub-processors: In order to provide services and technical support for our products, the contracting entity within the Colossus Systems engages other group entities and third parties .

Employees and independent contractors: We may provide access to your Client Data to our employees and individuals who are independent contractors of the Colossus Systems entities involved in providing the services (collectively our “employees”) so that they can

1. identify, analyze and resolve errors,
2. manually verify emails reported as spam to improve spam detection, or
3. manually verify scanned images that you submit to us to verify the accuracy of optical character recognition. We ensure that access by our employees to your Client Data is restricted to specific individuals, and is logged and audited. Our employees will also have access to data that you knowingly share with us for technical support or to import data into our products or services. We communicate our privacy and security guidelines to our employees and strictly enforce privacy safeguards within the Colossus Systems.

Third-party integrations you have enabled: Most of our products and services support integrations with third-party products and services. If you choose to enable any third-party integrations, you may be allowing the third party to access your service information and personal information about you. We encourage you to review the privacy practices of the third-party services and products before you enable integrations with them.

Data subject requests
If you are from the European Economic Area and you believe that we store, use or process your information on behalf of one of our customers, please contact the customer if you would like to access, rectify, erase, restrict or object to processing, or export your personal data. We will extend our support to our customer in responding to your request within a reasonable timeframe.

Locations and international transfers
We share your personal information and Client Data within Colossus Systems. By accessing or using our products and services or otherwise providing personal information or Client Data to us, you consent to the processing, transfer, and storage of your personal information or Client Data within the United Kingdom.

Disclosures in compliance with legal obligations
We may be required by law to preserve or disclose your personal information and Client Data to comply with any applicable law, regulation, legal process or governmental request, including to meet legal requirements.

Enforcement of our rights
We may disclose personal information and Client Data to a third party if we believe that such disclosure is necessary for preventing fraud, investigating any suspected illegal activity, enforcing our agreements or policies, or protecting the safety of our users.

Business Transfers
We do not intend to sell our business. However, in the unlikely event that we sell our business or get acquired or merged, we will ensure that the acquiring entity is legally bound to honor our commitments to you. We will notify you via email or through a prominent notice on our website of any change in ownership or in the uses of your personal information and Client Data. We will also notify you about any choices you may have regarding your personal information and Client Data.

Notification of changes
We may modify the Privacy Policy and / or Processing Policy (policies) at any time, upon notifying you through a service announcement or by sending an email to your primary email address. If we make significant changes to the policies that affect your rights, you will be provided with at least 30 days' advance notice of the changes by email to your primary email address. If you think that the updated policies affects your rights with respect to your use of our products or services, you may terminate your use by sending us an email within 30 days. Your continued use after the effective date of changes to the policies will be deemed to be your agreement to the modified policies. You will not receive email notification of minor changes to the policies. If you are concerned about how your personal information is used, you should check back at https://colossus.systems/privacy-policy periodically.