2 Data collected by third parties
With the exception of It’seeze website subscription payments, detailed in section 4.8 below, we do not collect financial information, such as bank account and credit/debit card numbers. Parts of the editing system that take payment do so through third-party payment gateways. These payment gateways have their own privacy policies:
The editing system makes use of additional third-party services covered by the following privacy policies:
Our clients may use their websites to collect information from their visitors and store it within their own systems. The collection and use of such data is covered by the privacy policies of the clients concerned.
3 Access to and sharing of data
With the exception of data collected on behalf of our clients, detailed below, access to data we collect is limited to the members of our staff who require that data to perform their duties. Our staff are bound by confidentiality agreements that prohibit them from sharing data inappropriately.
In addition to any circumstances described below, we may share any data we collect in the following two circumstances:
- If, in the course of their day-to-day activities, one of SpotOn Corporation Limited or Spoton.net Limited require data collected by the other
- If we are required to share data with the legal authorities to fulfil our obligations under United Kingdom law
4 Data we collect and how we use it
4.1. Web server access logs
As is standard practice within the industry, our web servers log all requests they receive. For each request, the logs include the IP address from which the request originated, the date and time of the request, the URL requested, and the user-agent string sent by the software making the request. We use these logs as a diagnostic tool when developing the editing system. In addition, we may access these logs in order to provide technical support.
4.2 Mail server access logs
As is standard practice within the industry, our mail servers log all requests they receive. For each request, the logs include the date and time of the request, the intended recipient (if the request was a message being received), and the account (if the request was someone accessing their e-mail account). The log does not contain the content of any message sent or received. We may access these logs in order to provide technical support.
4.3 Unauthorised access logs
As is standard practice within the industry, our servers log any failed attempt to access a restricted service. For each failed attempt, the logs include the date and time of the attempt, and the IP address from which the attempt originated. Such attempts are illegal under the Computer Misuse Act, and the logs may be used as evidence in a court of law.
Our servers host e-mail accounts for both us and our clients. E-mails sent to these accounts are stored on the server until the account holder’s e-mail software connects to the server, downloads the e-mail to the account holder’s system, and deletes the e-mail from the server. We may access a listing of the e-mails for a particular client account in order to provide technical support, but we do not read the content of the e-mails. Once e-mails have been downloaded to clients’ systems, the collection and use of such data is covered by the privacy policies of the clients concerned. E-mails sent to our staff accounts are stored on our systems in order to respond to client queries and to improve our services.
4.5 Stored form data
The editing system allows clients to construct forms on their websites. Clients may choose to have submitted data e-mailed to them, or to have us store it on their behalf for them to download at a later time. Our staff do not access this data. Once such data has been downloaded to clients’ systems, the collection and use of such data is covered by the privacy policies of the clients concerned.
4.6 Editing system statistics
The editing system temporarily logs all requests for pages it receives. For each request, the logs include the date and time of the request, the page requested, the referring page as reported by the software making the request, and the user-agent string sent by the software making the request. Our staff do not access this data. Approximately once an hour for each site this data is aggregated and the original log files deleted. The aggregated data for the past year is made available to the client concerned. The aggregated data includes the number of page views and visits grouped by day or month, the first and last pages of visits grouped by month, referring pages grouped by month, search terms grouped by month, and the date and time of the last visits by various search engine robots.
4.8 Financial information for It’seeze website subscription payments
We store the following data in relation to each transaction: the amount paid, the payment date, the payment reference code, and the AVS (Address Verification System) and CVV (Card Verification Value) check responses supplied by PayPal. We will access this data only to prepare our company accounts and financial reports, and to track payments made and monies owed by our clients.