GrassSAT™ is a trading name and a trade mark of Rezatec Ltd (“Rezatec“). Rezatec may from time to time use the GrassSAT™ trading name in relation to any information or activities associated with your use of the GrassSAT website (https://grass-sat.com/).
Rezatec Ltd (company number: 07940023) (“Rezatec” / “we”/ “our”/ “us”) takes your privacy very seriously and is committed to protecting and respecting your personal data. This policy describes the processing of personal data by Rezatec including how it is collected, protected, how long it is retained, with whom it is shared and the privacy options available concerning that personal data.
If you wish to contact us regarding this policy, please contact us using the details set out here. Rezatec Limited is the data controller (Information Commissioner’s Office registration number: ZA095953). Our registered office is at Quad One, Becquerel Avenue, Harwell, Didcot, Oxfordshire, OX11 0RA.
This policy sets out the basis on which we will process any personal data that we collect from you when you interact with us, that we are provided with by a third party or that you provide to us through your use of https://rezatec.com and / or https://grass-sat.com/ (the “Websites”).
This policy does not apply to your use of the Rezatec Landscape Intelligence Portal (the “Rezatec Portal”), which is subject to the Rezatec Portal Privacy and Cookies Policy) or to any websites that you may be able to access via links on the Website and/or activities offered by third parties. Please ensure you review any relevant policies on any third party websites before proceeding. We are not responsible for the collection or use of your personal data from third party websites.
- PERSONAL DATA COLLECTED FROM YOU OR ABOUT YOU AND OUR SOURCES OF THAT DATA
- PURPOSE AND THE LEGAL BASIS FOR PROCESSING
- DISCLOSURE OF PERSONAL DATA
- PAYMENT DETAILS AND CARD DETAILS
- WHERE PERSONAL DATA IS PROCESSED
- SECURITY AND THE PROTECTION OF PERSONAL DATA
- RETAINING PERSONAL DATA
- YOUR RIGHTS AND HOW TO EXERCISE THEM
- CHANGES TO THIS POLICY
- KEEPING US UPDATED / HOW TO CONTACT US
Please read this policy carefully to understand our views and practices regarding your personal data and how we will treat it.
We may collect and process the following information about you:
- Data you give us. You may give us data about you:
- by filling in forms on our Websites. For instance, to book a demonstration or to register your interest for a Rezatec product, such as Grass SAT;
- if you sign up to receive marketing communications from us such as news or updates about Rezatec;
- if you contact or correspond with us (for example, by email at firstname.lastname@example.org or phone) for any reason (for example, to request further products or services from us);
- if you enquire about our services or products (for example, the Rezatec Portal) or how we could work together;
- if you purchase any goods or services from the Websites;
- if you report a problem with the Websites; and
- if you provide us with feedback, opinions and/or comments. For example, regarding the Websites.
- Data we collect about you. Each time you use the Websites we may automatically collect the following data:
- when you use the Websites, we will keep a record of the details of that usage, including the date, time, location, frequency and duration of the usage;
- technical information about your computer or mobile device for system administration and analysis, including your internet protocol (IP) address used to connect your device to the internet, Uniform Resource Locators (URL), your login information, time zone settings, browser plug-in types and versions, clickstreams, unique device identifiers, operating system, wireless network interface, device telephone number and network and browser type and version; and
- other information about your use of the Websites, including the date and time of visits to the Websites, pages you viewed, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page.
- Data we collect or are provided with by third parties. We may be given or collect personal data about you by / from third parties such as:
- our channel partners, who you may contract with to have access to the Rezatec Portal; or
- data available from publicly available sources (for example, LinkedIn or your corporate website).
We may use the personal data we hold about you in the following ways:
|Purpose of processing||Type of personal data||Legal basis for processing|
|To process any forms you may fill out on our Websites||Your name, email address, phone number, your organisation, region and sector||Legitimate interests – to enable us to respond to your request|
|To book a demo of the Rezatec Product||Your name, your email address, phone number, your organisation, the region where you are based and your sector and your reasons for the demo||Legitimate interest – to enable us to demo the Rezatec Product|
|To receive services or products from you||Your name, your email address, phone number and your organisation||Legitimate interest – performance of a contract by your organisation|
|To provide the Rezatec Product to your organisation and tell you if the subscription is about to expire||Your name, email address, phone number, your organisation and payment details||Legitimate interest – to allow us to perform our contract with your organisation|
|To ensure that the Websites are presented in the most effective manner for you and for your device||The technical information as mentioned above||Legitimate Interest – to allow us to present the Websites better|
|For our internal operations, including data analysis, testing, research, statistical purposes and troubleshooting||The technical information as mentioned above||Legitimate Interest – to better understand our visitors and continuously improve the Website|
|As part of our efforts to keep the Websites safe and secure||The technical information as mentioned above||Legitimate Interest – to improve and ensure the safety of the Websites|
|To deal with any enquiries, correspondence, concerns or complaints you have raised||Your name, information about the issue raised, your organisation (if applicable), phone number and email address||Legitimate Interest – to deal with your enquiry or correspondence and allow us to improve our services and the Websites (if relevant)|
|To compile reports (which do not personally identify you) about the use of the Websites||The technical information mentioned above||Legitimate interest – to improve the Websites|
|To notify you about changes to any element of the Rezatec Products, our services, the Websites for example, an update or upgrade, or this policy||Your name, your organisation and email address||Legitimate interest – to allow us to perform our contract with your organisation|
|To send you direct marketing by email, such as our email newsletter||Your name, your organisation and email address||Consent for data collected going forward or our legitimate interest to conduct marketing for data we already hold|
|To contact you for feedback on our services or products||Your name, your organisation and email address||Legitimate interests – to better understand our users|
|To process your payment information when you purchase a Rezatec product, such as GrassSAT||Your cardholder name, email address, payment card details, location and bank details (processed by Stripe only – please see the below section “Payment and Card Details” for more information)||To allow us to perform our contract with you
Legitimate interest – to deliver services or products that you have requested.
|To process any contracts that are entered into by you via the Websites||Bank, credit or debit card details, your name, your organisation and email address||To allow us to perform our contract with the you|
Where we have a legal basis to use your personal data without consent (as we have described above), this policy fulfils our duty to process personal data fairly and lawfully and in a manner that you would expect given the nature of our relationship with you, by giving you appropriate notice and explanation of the way in which your personal data will be used.
Where consent is required for our use of your personal data as described above, we will request your consent. Typically, we would collect your consent by you performing an action such as ticking the appropriate consent box or otherwise communicating your consent to us (for example, by email), you consent to our use of that personal data as set out in this policy.
We would like to provide you with information by email about us, as well as our products and services, which may be of interest to you. If we have asked for your consent to provide you with marketing communications, we will only send you with marketing communications if you would like us to. Otherwise, we will provide you with marketing communications unless you ask us not to.
If you no longer wish to receive marketing communications from us, please contact us by emailing email@example.com or using the unsubscribe link at the bottom of our marketing messages.
We may disclose or share your personal data with selected third parties in accordance with this policy, including:
- service providers, for example of IT services, business partners, suppliers and/or sub-contractors, for the performance of any contract that we enter into with you, but also when providing you with marketing communications;
- any member of our group of companies;
- analytics and search engine providers that assist us in the improvement and optimisation of the Websites;
- professional advisers including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services; or
- government or other law enforcement agencies, in connection with the investigation of unlawful activities or for other legal reasons (this may include your location information);
- if we sell or buy any business assets or receive investment into our business, we may disclose your personal data to the prospective or actual buyer, seller or investee of such business or assets;
- if you make a purchase online, we will not collect your payment details ourselves but will pass you to a third party payment processor such as Stripe who will directly collect from you the details needed to process payment transactions (see the below section “Payment and Card Details” for more information);
- if you make a purchase and we take payment information from you, we will share payment information with banks and other entities that process payment transactions;
- if Rezatec Limited or substantially all of its assets are acquired by a third party, in which case personal data held by us, including your data and data about our customers, suppliers and correspondents will be one of the transferred assets; and
- if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply any contract between us and you or your organisation or to protect the rights, property or safety of us, our customers or others.
Except as explained above, we will not disclose your personal data to any third parties for any other purpose unless we legally have the right or obligation to do so.
We require our service providers to comply with data protection laws whenever they process your personal data.
Please note that we do not collect or process your credit or debit card details for any purchases you make on the Websites. These are however collected and processed by our payment processing service provider: Stripe Payments Europe, Ltd (“Stripe”).
Where Stripe processes payments, the type of information it might collect includes cardholder name; email address; unique customer identified; order ID; bank account details; payment card details; card expiration date; CVC code; data / time/ amount of transaction; merchant name / ID; location.
Stripe may, from time to time:
- provide us with information regarding the credits and debits made to your card in order to enable us to reconcile our accounts and provide you with access to the items that you have purchased;
- may transfer your personal data outside of the EEA or to Stripe’s appointed sub-processers as detailed here: https://stripe.com/gb/privacy; and
- act as a data controller in regards to your payment information. Where Stripe is acting as a data controller Stripe may use your payment information to:
- monitor or track potential fraudulent payment transactions;
- comply with its legal or regulatory obligations, including in respect to any applicable anti-money laundering regulations; and
- to assist in the improvement and development of Stripe products.
The majority of the personal data we collect is processed in the UK and European Economic Area (the “EEA”). Where information is acquired and processed outside of the EEA, we ensure at least one of the following safeguards is implemented:
- We transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. To find out which countries are covered by this, please see here.
- Where there is no adequacy decision by the European Commission in respect of these countries (to the extent that they are outside the EEA), which means they are not deemed to provide an adequate level of protection to your personal data, we ensure that your personal data receives an adequate level of protection. We have therefore put in place the following measures to ensure that your personal data is treated by those third parties in a way that is consistent with EU and UK laws on data protection:
- EU-US Privacy Shield; and/or
- EU standard contractual clauses.
If you would like to find out more about these safeguards in respect of processing of your personal data, please contact us at firstname.lastname@example.org.
We will take all steps reasonably necessary to ensure that your personal data is treated securely and in accordance with this policy.
The security of our information and systems is extremely important. All personal data collected, whether electronically, on paper, or by other means, is protected appropriately in line with our data protection obligations.
All information you provide to us is stored on secure severs. We will use appropriate technical and organisational measures to safeguard your personal data. Our security controls are under regular evaluation to manage risks to the confidentiality, integrity and availability of your personal data.
We maintain, and ensure that anyone we share your personal data with maintains, appropriate technical and organisational measures to ensure an appropriate level of security in respect of all personal data we process.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to the Websites and you acknowledge that any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features which are appropriate to the type of personal data you have provided to try to prevent unauthorised access or inadvertent disclosure.
All online payment transactions will be processed by third party providers, such as Stripe, as detailed above. As a result we do not collect or store credit and debit card information for any payment transactions on the Websites.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. If you would like to find out more about the details of applicable retention periods, please contact us.
Most browsers allow cookie settings to be changed. These settings will typically be found in the “options” or “preferences” menu of a browser.
We use the following cookies:
- Strictly necessary cookies. These are cookies that are required for the operation of the Websites.
- Analytical/performance cookies. They allow us to recognise and count the number of visitors and to see how visitors move around the Websites when they are using it. They also enable us to see how users use the Website. This helps us to improve the way the Websites work.
- Functionality cookies. These are used to recognise you when you return to a Website. This enables us to personalise our content for you.
- Targeting cookies. These cookies record your visit to the Websites, the pages you have visited and the links you have followed. We will use this information to make the websites displayed on it more relevant to your interests.
Below is a list of the cookies we have set and our reasons for doing so:
|lang||Remembers the user’s selected language version of a web site|
|_ga||Registers a unique ID that is used to generate statistical data on how the visitor uses the web site.|
|_gat||Used by Google Analytics to throttle request rate|
|_gid||Registers a unique ID that is used to generate statistical data on how the visitor uses the web site|
|collect||Used to send data to Google Analytics about the visitor’s device and behaviour. Tracks the visitor across devices and marketing channels.|
|personalization_id||This cookie is set by Twitter. The cookie allows the visitor to share content from the web site on his/her Twitter profile.|
|_hjIncludedInSample||Determines if the user’s navigation should be registered in a certain statistical placeholder.|
|ads/ga-audiences||Used by Google Ad Words to re-engage visitors that are likely to convert to customers based on the visitor’s online behaviour across web sites|
|bcookie||Used by the social networking service, Linked In , for tracking the use of embedded services|
|bscookie||Used by the social networking service, Linked In , for tracking the use of embedded services|
|fr||Used by Facebook to deliver a series of advertisement products such as real time bidding from third party advertisers.|
|IDE||Used by Google DoubleClick to register and report the website user’s actions after viewing or clicking one of the advertiser’s ads|
|lidc||Used by the social networking service, Linked In , for tracking the use of embedded services|
|test_cookie||Used to check if the user’s browser supports cookies|
By clicking ‘ok’ on the cookie consent box when you first access a website and by continuing to access and use a website you accept our use of the cookies.
You may control and block the cookies used by websites generally by modifying the settings on your browser or device. However, if you use your browser or device settings to block all cookies (including essential cookies) you may not be able to access all or parts of our Websites.
For more detailed information about cookies and how they can be managed and deleted please visit www.allaboutcookies.org.
You have specific rights over your personal data gathered and processed by Rezatec as described below:
- Access. You have the right to request access your personal data held by Rezatec via a Subject Access Request. You may be asked to provide documentation to verify your identity.
- Rectification. You have the right to request that we rectify your personal data.
- Right to be ‘forgotten’ or to request erasure. You have the right to request that your personal data is removed or deleted. Please note, if you request that we erase any personal data that we require in order to provide the Websites to you, you may no longer be able to use the Websites. It is likely to be necessary for us to retain your personal data to enable us to carry out a contract with your organisation, and your rights under applicable law to request erasure may be limited accordingly. Please also note that this right does not extend to non-personal data.
- Data portability. You have the right to request a copy of your personal data in a format that would allow it to be transferred to another company in a safe and secure way if the legal basis for processing such personal data is consent or performance of a contract.
- Restrict data processing. You have the right to request that the processing of your personal data is restricted if the data is inaccurate, the processing is unlawful or we no longer need to process your personal data for the purposes for which we hold it.
- Object / withdraw consent. You have the right to request that we stop processing your personal data where we are relying on a legitimate interest (or those of a third party). You can also change your data processing preferences at any time. For example, if you have given your consent to direct marketing, but have changed your mind, you have the ability to opt out of receiving marketing communications by contacting us using the details provided below or clicking the relevant link in any communication you receive.
- Automated decision making. We do not currently carry out decisions based solely on automated processing, including profiling. If we change our practices to do this in a way which has legal or similarly significant effects on you, you may have the right to object. If this becomes relevant in the future, we will update this privacy and cookies policy to provide further information.
- Complaints. We take great care to comply with the laws governing the protection of personal data. If, however, you do want to complain about our use of personal data, please send an email with the details of your complaint to the Data Protection Compliance Officer at email@example.com and we will look into your concerns. If for any reason you are not happy with the way that we have handled your personal data, please contact us. If you are still not happy, you have the right to make a complaint to the Information Commissioner’s Office.
If you would like to exercise any of the above rights in respect of your payment information (i.e. relating to your use of credit or debit card details on the Websites) you may wish to contact Stripe using the contact details included here: https://stripe.com/gb/privacy. We do not collect or store your credit and debit card information for any payment transactions.
Please note that if you ask us to stop processing your personal data in a certain way or erase your personal data, and this type of processing or data is needed to facilitate your use of any of the Websites, services or products you may not be able to use them as you did before, or at all. This does not include your right to object to direct marketing, which can be exercised at any time without restriction. Please allow at least 3 working days for any request to be actioned.
Any changes we make to this policy in the future will be posted on here. Please check back frequently to see any updates or changes to this policy.
Questions, comments and requests regarding this policy are welcomed and should be addressed to the Data Protection Compliance Officer at Rezatec Limited, Quad One, Becquerel Avenue, Harwell, Didcot, Oxfordshire, OX11 0RA. You may also email us at firstname.lastname@example.org or call us on +44 1865 817500.
This policy was last updated on 8 March 2019.