Privacy Policy
SIGNEDUP is an authentication and services platform owned and administered by PDMS Ltd (PDMS), a software development company based in the United Kingdom and the Isle of Man.
Data Controller and Processor
PDMS is both the Data Controller and Data Processor for SIGNEDUP. This Privacy Policy relates entirely to the SIGNEDUP system. Any communication with PDMS outside of the SIGNEDUP system (e.g. via email or telephone) will be considered subject to PDMS’s Privacy Policy.
PDMS has notified the Information Commissioner of the UK and of the Isle of Man that they process personal data to enable them to provide services to its clients, to maintain their internal accounts and records, and to support and manage their staff. The Information Commissioner describes the processing in a register which is available to the public for inspection at:
UK: http://www.ico.org.uk/ - Registration Number: Z3300757
Isle of Man: https://www.inforights.im/ - Registration Number: N000973
Information We Process
PDMS believes in the principle of transparency regarding the collection and processing of your data and SIGNEDUP and its partner services are designed with this in mind.
Anonymous / Pseudonymised Data
We use online tracking systems (such as Google Analytics and HotJar) to gather data on the number of people accessing this service, what pages they visit and what technology they are using. We gather data on where users are clicking on pages, how they are viewing single and multiple pages, and to ask simple polls. This data includes your IP address and information derived from it (such as your county).
We will not use this data to try to identify you personally. Its purpose is to allow us to understand our users as a group, for example by recording what browsers are being used and how they are interacting with the site through visitor behaviour patterns.
Information You Provide
PDMS is the Data Controller for any information you provide on SIGNEDUP. You are still the owner of your data and are considered to be the data subject.
Any personal data processed by SIGNEDUP is for the purpose of registering and subsequently identifying and authenticating a user. All personal data is processed in compliance with Data Protection Law.
The only personal data required to register with SIGNEDUP is your email address. Any further personal data held by SIGNEDUP will be supplied by you and processed under your consent. As the personal data held in SIGNEDUP will be supplied by you, it is your responsibility to ensure it is accurate at the time it is supplied. Where relevant and appropriate, facilities to maintain your data are provided to allow you to ensure that any required changes can be updated, and inaccuracies corrected.
In exceptional circumstances, a PDMS staff member may need to view a user’s personal details for the purpose of supporting them with an issue they have encountered in the system. This will only be done at the express request and consent of the individual.
Information We Collect
We collect analytical data about your usage of the system, by tracking actions you make directly (e.g. a failed login attempt) and indirectly (e.g. a notification has been received).
We collect this information for the purpose of understanding how users are interacting with our service, for example to monitor the popularity of a feature, it may be used for identifying unusual behaviour for the purpose of preventing a security threat. For these purposes, it may be used in aggregate over a group of users or it may be used at an individual level, but it will not be used in conjunction with data to identify the person.
In exceptional circumstances, a PDMS staff member may need to view a user’s audit data for the purpose of supporting them with an issue they have encountered in the system. This will only be done at the express request and consent of the individual.
Cookies
Please see the Cookies Policy for information on the use of cookies on SIGNEDUP.
Information Sharing
Anonymous Data
PDMS reserve the right to use anonymous data gathered from SIGNEDUP and may share it with appropriate third parties. Anonymous data is not subject to data protection legislation.
Data Shared Between Apps and Services
SIGNEDUP can be used to authenticate with partner applications and other SIGNEDUP services. Partner applications and services may be able to utilise SIGNEDUP services and features, such as authentication and the ability to send notifications.
On authenticating with any partner service, you will be required to accept the Terms and Conditions and Privacy Policy of that service and explicitly grant that service access to the SIGNEDUP features it requires. If you do not grant the mandatory requested access, then you will not be able to use the authenticated features of the service. If any additional services and / or features are introduced or required in the future, you will also be required to explicitly grant access.
A service may request to reuse some or all the personal data that you have supplied to SIGNEDUP or partner services, this is for your convenience to avoid inputting the same information repeatedly. This sharing of personal data will be done with your explicit consent, the service collecting the data will then only process this data for the purpose, duration and processing specified.
Retaining Information
SIGNEDUP will only retain your personal information for as long as you desire us to do so. Should you no longer require your data to be held in the system, you can request deactivation of your account at any time, which will result in the deletion of your account and its associated data.
Data Security
PDMS is the Data Processor for SIGNEDUP.
PDMS ensures that information held in our systems is secure, to guard against unauthorised or unlawful processing or accidental loss, destruction of, or damage to personal data. PDMS hold certifications, which are regularly audited, in order to confirm that our systems are providing the necessary safeguards to protect the data we hold.
PDMS uses third-party Data Processors (such as cloud hosting providers) to deliver this service but is committed to ensuring full compliance with national and European Data Protection Legislation by only using Data Processors which meet the following criteria:
- located within the European Economic Area (EEA)
- located in a jurisdiction which has an adequacy agreement with the EEA
- a company with which PDMS has signed a contract or Data Processing Addendum (DPA), incorporating the Standard Contractual Clauses (SCC) approved by the European Commission.
PDMS's privacy policy can viewed on the PDMS's website. (https://www.pdms.com/privacy-policy/)
Links to Other Websites
SIGNEDUP may link to other websites. Linking should not be taken as an endorsement of any kind. We encourage you to read the privacy statements on the other websites you visit, prior to fully using them, as this privacy policy does not extend to those sites.
Your Rights
As detailed within the applicable Data Protection Legislation, each Data Subject is afforded a number of rights.
In accordance with these rights PDMS will, upon request:
- Provide you with all of the data PDMS hold about you, in a machine-readable format;
- Provide you with access to any or all the data that PDMS hold about you, and provide you with details about why we have the data;
- Rectify any information about you that is deemed incorrect, or provide you with the facility to do so yourself;
- Unless we are required to continue doing so by legislation, stop, or where applicable, restrict the processing of data about you;
- Remove all records about you from our systems, providing that there is not a legal reason to retain it. If there is a legal reason, we will inform you of it, and provide you with details about how much longer we are required to retain your data for.
Invoking Your Rights
If you wish to invoke any of the rights afforded to you, then you must request this in writing, providing your contact details. Once you have submitted a request, we may contact you to verify your identity. You should send your request to:
Data Protection Officer
PDMS Ltd
Global House
Isle of Man Business Park
Cooil Road
Douglas
Isle of Man
IM2 2QZ
Email: [email protected]
Complaints About How We Process Your Personal Information
In the first instance, an individual should contact PDMS. Complaints should be addressed to:
Data Protection Officer
PDMS Ltd
Global House
Isle of Man Business Park
Cooil Road
Douglas
Isle of Man
IM2 2QZ
Email: [email protected]
Should you feel that your complaint has not been dealt with in a satisfactory manner, you may escalate your complaint to:
The Managing Director
PDMS Ltd
Global House
Isle of Man Business Park
Cooil Road
Douglas
Isle of Man
IM2 2QZ
Email: [email protected]
Should you again feel that the response provided is not satisfactory, then you should forward your complaint to either the UK or the Isle of Man Information Commissioner’s Office according to where you are located.