About this privacy notice
At Demand Logic we respect your privacy and are committed to protecting your personal data. This “privacy notice” explains what we do with your personal data, why we want to use it, how we protect it, and what rights you have to control our use of it.
It applies not just to use of our website and the Demand Logic platform, but also personal data that we process through other interactions with individuals in the course of running our organisation and delivering our services, such as people working for our customers, partners and suppliers. Our website and services are not intended for children and we do not knowingly collect data relating to children.
Information about us
This privacy notice is for the Demand Logic Ltd (company number 06458599) (referred to as "Demand Logic", "we", "us" or "our" in this privacy notice). We collect, use and are responsible for certain personal data about you. When we do so we are regulated under the General Data Protection Regulation ("GDPR"), which applies across the European Union (including the United Kingdom) and we are responsible as "data controller" of that personal information for the purposes of the law.
If you want to contact us about any of the points in this notice, or just generally about how we protect your privacy, please email us at firstname.lastname@example.org. Our contact address is Runway East, The Hickman, 2 Whitechapel Road, London, E1 1EW
The purpose and lawful basis for processing your personal data
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We use personal data from different categories of individual for several different purposes and each with its own lawful basis. This section describes these in detail and, although it’s technical, we’re required by law to explain this to you.
If you visit our website: We use Google Analytics on our website to track visitor numbers and user activity. We record masked IP addresses so we can tell how each user and repeat visitor is using our site (your IP address is also a piece of your personal data) as well as browser type and information about technology on the devices you use to access this website. We do this on the basis that it is necessary for our legitimate interests in monitoring and improving our website. The information will be held for 26 months after last user activity.
If you fill in a form on our website to contact us: we will store the data you enter (name, contact details, message) for the purposes of responding to your enquiry and business development. We do this on the basis that it is necessary for our legitimate interests in promoting our business to interested parties. We store your data for as long as we need to interact with you for these purposes. In all cases if you would like us to update or delete your information, please send us an email (see “How to contact us” below).
If you receive our email update newsletter: we will hold your name and email address for the purpose of sending you updates on Demand Logic and industry news and occasionally inviting you to events that we think you will find interesting. We process this data on the basis that we have your consent. You can withdraw your consent at any time by using the “unsubscribe” links at the bottom of each email.
If you are a Demand Logic account holder: we will collect your name, organisation, email address and photograph for the purposes of:
- providing you with secure access to your online account;
- setting up your online profile so that other users with appropriate permissions (within the limits of the Demand Logic system) can see and interact with you.
We do this on the basis that it is necessary for our legitimate interests in operating a software tool for our clients which provides actionable intelligence to property managers and building contractors. You, your employer or another party working with you or your employer will have provided these details through the account creation and invitation process. If you want to update your details you can log in and do so. If you no longer require your account or want to delete your data please email us (see “How to contact us” below). We will hold your information until you or we delete your account.
If you work for our clients or a supplier of our clients, or if you are an industry contact or working in a field relevant to our mission: we may hold your name, company, job title and contact details. We will have been provided with this data either by you or your employer or in some cases we may have sourced it from publicly available sources, such as LinkedIn and internet searches. We need this data in order to interact with you (or your employer) for the following purposes:
- Operating and promoting our business;
- Communicating with interested people regarding events, news and updates.
We do this on the basis that it is necessary for our legitimate interests in running and growing our business. We will hold your details for as long as we need to interact with you for these purposes. In all cases if you would like us to update or delete your information, please send us an email (see “How to contact us” below).
If you are a supplier or work for a supplier: we may hold your name and contact details because we have a legitimate interest in doing business with your company. Our purpose for processing your personal data is to interact with you or your employer to procure and pay for goods and services. We will hold this information for as long as we need to interact with you for these purposes. In all cases if you would like us to update or delete your information, please send us an email (see “How to contact us” below).
If you agree to be filmed or photographed by us: then we will hold and use video or picture files containing your image (which is also your personal data). We use this for the purposes of promoting Demand Logic by telling customer stories through our website and social media as well as documenting the history of our company. We do so on the basis that it is necessary for our legitimate interests in promoting our business.
Our use of website cookies
We may also store information about you using cookies, which we can access when you visit our site in future. Cookies are small files, which are sent by us to your computer or other access device, that track, save and store information about your interactions and usage of our website. Overall, cookies help us provide you with a better service by enabling us to monitor which pages you find useful and which you do not.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. Information on deleting or controlling cookies is available at http://www.allaboutcookies.org. Deleting or disabling cookies may prevent you from taking full advantage of our website and services.
Whether information has to be provided by you and if so why
We need to collect certain personal data from you if we wish to invite you to attend our events or receive the benefits of our software platform. If you do not provide the personal data requested, you will not be able to benefit from those events or software.
Who we share your personal data with
We use a number of different service providers (acting as ‘data processors’) who provide services or cloud-based software to enable us to operate our business and the services we provide to our customers. Your personal data is transferred to (and stored by) these service providers (as our ‘data processors’), who generally fall under the following categories:
- Website analytics
- Internet hosting and backup services
- Document storage
- Email, contacts and calendar
- CRM, customer services, accounting and billing
These ‘data processors’ only process data on our behalf and won’t use your personal data for their own purposes and we only permit them to use it in accordance with our instructions and the law.
For security reasons we do not name all our service providers in this privacy notice. The types of personal data we hold about you (and that may be transferred to our data processors) are set out above. Please contact us (see below) if you want further information on specific data processors or the types of personal data they process for us.
If you attend an event that we have organised:
The name and company of attendees at our events are usually shared with speakers, third party event hosts and may be shared with other attendees. This is done to share knowledge and enable access to the venue.
If you are a Demand Logic account holder:
We enable account holders from different organisations to collaborate on building performance. For example, to identify issues, suggest solutions, assign actions, and to update the status of an action. To make collaboration possible users need to know about others that may be involved in or have a view on a property's performance. This means that your personal data including your name and a photo (if you have one set on your profile) may be seen by users in your own or another organisation.
In addition, administrative level users in your own or a parent account, have access to the email address that you have signed up with. This may be used to manage accounts - for example in account recovery or direct support enquiries.
Other circumstances in which we may need to share personal data with third parties:
We may also share your personal data with the following third parties in certain circumstances:
- Other companies within our group;
- Law enforcement or regulatory authorities (such as tax authorities) if required by applicable law;
- Professional advisors such as lawyers, bankers, accountants or auditors in order to provide legal, finance, accounting or auditing services.
We may also share personal information with third parties to whom we may choose to sell, transfer, or merge parts of our organisation or our assets or in situations where acquire other organisations or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice.
We will not sell or rent your information to third parties and we will never share your information with third parties for marketing purposes.
International transfers of personal data, and the measures in place to safeguard it
We do not directly transfer any of your personal data outside the European Economic Area (EEA). However, some of our data processors may do so and this section explains the impact of these international transfers and how your information is protected.
Many of our data processors operate “cloud-based systems”, which means the information is held in information data centres in different locations. Most of them reserve the right to hold copies of your personal information outside the EEA. Please note that the reason companies may choose to do this is to hold back-up copies, so they can guarantee recovery.
In each case we and our processors employ one or more of the following mechanisms that are designed to help safeguard your privacy rights:
- Certain processors only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the UK Information Commissioner’s Office (ICO). For further details, see What countries or territories are covered by adequacy regulations?
- With certain service providers, we may use specific contractual clauses modelled on those approved by the UK Information Commissioner's Office to cover transfers outside such areas. For more, please see the ICO website.
Please contact us (see below) if you want further information on the specific mechanisms used by our data processors when transferring your personal data out of the EEA.
Your personal data rights
The personal data we hold about you is your data, so you have certain rights over the data under the GDPR. This section summarises your rights and how you can exercise them (generally free of charge).
You have the right to request a copy of all personal data we hold relating to you. You also have the right to require us to correct any mistakes in the personal data we hold relating to you.
Where we are processing your data based on your consent you can withdraw that consent and we must immediately stop processing your data. Please note that up to that point, we’re acting lawfully with your consent, withdrawal of consent cannot be backdated.
Where we process your data based on a “legitimate interest” (underlined in the section on “purpose and lawful basis”, above) you still have the right to object to our processing of that data if you feel it impacts on your fundamental rights and freedoms. From that point, we must stop processing your data until we have determined whether your rights override our interests.
You also have the right to object where we are processing your personal data for direct marketing purposes. The easiest way to do this is to use the unsubscribe links at the bottom of all marketing emails.
In certain situations, you have the right to require us to erase personal data where there is no good reason for us continuing to process it. However, note that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
You have the right to request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data's accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) where you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
Finally, you have the right to request the transfer of your personal data to you or a third party in a structured, commonly used, machine-readable format. Note that this right only applies to automated processing of information about you, if carried out based on your consent or where it is necessary to perform a contract with you.
For further information on each of these rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals rights under the General Data Protection Regulation.
If you would like to exercise any of these rights, the easiest way is by dropping us an email (see “How to contact us” below). Please note:
- We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.
- We try to respond to all legitimate requests quickly, but in any event within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
Your rights to lodge a complaint with the Regulator
At all times, you have the right to report a concern or lodge a complaint with the Information Commissioner’s Office. Please refer to the ICO at https://ico.org.uk/make-a-complaint/ or by calling them on 0303 123 1113. Of course, we hope that we can resolve your issue quickly and fairly ourselves.
Automated decision-making using personal data
You have a right to object to any decisions being taken through the processing of your personal data by automated means if they produce legal effects concerning you or similarly significant effects on you. We can confirm that we do not undertake any automated decision-making, or profiling, based on the processing of personal data.
Keeping your personal information secure
We have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. In addition, we limit access to your personal data to those employees, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
Changes to this privacy notice
This privacy notice was last updated on 17th January 2022 and historic versions can be obtained by contacting us. We may change this privacy notice from time to time by amending this page.
How to contact us
If you have any questions, concerns or just want some more details about our information security policy or privacy management, drop us a line at email@example.com.