Our approach
We value your data privacy.
Whether you’re streaming a movie on your smartphone or buying groceries from your web browser, your personal information – from your email address to your credit card details – is being held and processed by more and more companies and organisations online. This means we can all enjoy faster, more convenient and cost-effective services, but it also means your information can be vulnerable to theft or misuse.
When it comes to online services and transactions, there is no such thing as a foolproof cyber security plan, but the risk of data loss or theft can be significantly reduced through the diligent implementation of risk-based business practices; including investing in suitable staff training and IT infrastructure, as well as submitting to regular independent IT and data protection audits. Not every company, however, has the same level of cyber security in place, which is why the UK Data Protection Act 2018 which implemented the EU General Data Protection Regulation (GDPR), gave individuals new and enhanced rights over how their personal information is used, as well as new responsibilities to the companies handling your data.
At Legado, we provide software as a service and so we must adhere to strict rules about how we collect, handle and store your personal information. Our team has chosen to make privacy a core value of our business practice and, therefore, upholding your privacy and protecting your personal data will always be our priority.
Definitions
When reading our Legado privacy policy, it may be useful to note that the law differentiates between a data controller, an organisation that determines the purposes and means by which your personal data is processed, and a data processor, an organisation that processes data on behalf of the controller.
Legado acts as the data controller of some of your personal information if you are:
- A visitor to our website
- Applying for a job with us
- Providing a reference in relation to a job applicant
- One of our employees
- Referred to us by one of our employees for a potential employee position
- A subscriber to Legado marketing
Legado acts as the data processor of some of your personal information if you are:
- A client registered user of our application
When using Legado’s application the company providing Legado’s service – usually a company which you have a product with or receive a service from – is the data controller of your personal information and you should therefore refer to their company privacy policy first.
If you have any questions about the Legado’s privacy policy you are welcome to contact our Data Protection Lead at hello@joinlegdo.com, or if you’d like further information about your data rights, the Information Commissioner’s Office provides excellent information.
Who we are
- Legado Technologies Limited
- Company Registration Number: 11597076
- Data Protection Registration Number: ZA556461
- Company Registered Address: Legado, Wsm Advisors Connect House, 133-137
- Alexandra Road, Wimbledon, London, United Kingdom, SW19 7JY
- E mail: hello@joinlegado.com
In this policy ‘Legado’, ‘we’, ‘us’ or ‘our’ refers to: our company, Legado Technologies Ltd
We are an award-winning data and communication company selling software as a service and you can learn more about our team and our values on our website. Privacy is one of our core business values and we take protecting your data very seriously, so if you have any concerns about how we use your data, do not hesitate to contact us at the details below.
Your rights
Under UK data protection law, you have certain rights regarding how any company or organisation holds personally identifying information about you. Personally identifying information is defined as any information that could potentially identify you as an individual, directly or indirectly by reference to an identifier such as a name, email address, national insurance number or details associated with a bank account.
Below we have set out some of the most relevant rights you have in relation to engaging with our business, but, if you would like further information, we recommend consulting the impartial Information Commissioner’s Office.
Right of access
You have the right to ask us for copies of your personal information. This right always applies. There are some exemptions, which means you may not always receive all the information we process. You can read more about this right here.
Right of rectification
You have the right to ask us to rectify information you think is inaccurate, for example, your email address or other personally identifying information. You also have the right to ask us to complete information you think is incomplete. This right always applies. You can read more about this right here.
Right of erasure
You have the right to ask us to erase your personal information in certain circumstances. You can read more about this right here.
Right to restriction of processing
You have the right to ask us to restrict the processing of your information in certain circumstances. You can read more about this right here.
Right of data portability
If we are processing your personally identifying information (i) based on your consent, or in order to enter into or carry out a contract with you and (ii) the processing is being done by automated means, you have the right to ask us to provide that information to you or another service provider in a machine-readable format. You can read more about this right here.
Right to object to data processing
You have the right to object to your personal data being processed if we are doing this on the lawful basis of legitimate interests. In these circumstances, we will consider your request in relation to our legitimate reasons for continuing to process your information. You have an absolute right to object to direct marketing. If you wish to opt-out of receiving marketing materials from us, please contact us at any time.
Please note that exceptions apply to a number of these rights and not all rights will be applicable in all circumstances, but we will always respond to any request related to your rights within a month. If we are unable to do so, we will inform you of the reasons for the delay. You are not required to pay any charge for exercising your rights.
If you have specific questions, or wish to exercise any of these rights please contact us using the contact details below.
How to contact us
If you have any questions about this privacy policy or wish to exercise your rights please contact us by email or by post. We look forward to hearing from you.
Data Protection Team
Wsm Advisors Connect House, 133-137 Alexandra Road, Wimbledon, London, United Kingdom, SW19 7JY
hello@joinlegado.com
Please note that our Data Protection Officer is Josif Grace who can be contacted at josif@joinlegado.com
Our role as a data controller
We act as a data controller, determining the purpose and means of how some of your personally identifiable information is collected, processed and stored in the circumstances listed below. All personally identifiable information is used and held in accordance with our privacy and security policies.
Legado will collect usage data such as IP address, length of visit and referral source. You may not be identifiable solely from this information and it is only used to assist us in providing an effective service. Under the UK General Data Protection Regulation (UK GDPR), the lawful basis we rely on for processing this information is: we have a legitimate interest.
Legado will collect personal information including but not limited to name, address, date of birth, professional qualifications and pre employment checks. Additionally, sensitive information including but not limited to marital status, nationality and gender will also be collected. We do this to comply with our legal obligations with regards to hiring. (This category of personal information can sometimes be collected from employment agents or existing employees.) Under UK GDPR, the lawful basis we rely on for processing this information is: we have a legitimate interest.
Legado will collect information such as your name, company, your position held and relationship to the applicant. Additionally, we will ask for a contact number/ email address in relation to your role as voluntary referee throughout the application process. Confirming certain details of an applicant’s employment history with their consent is an essential part of our due diligence before offering a contract of employment. Under UK GDPR, the lawful basis we rely on for processing this information is: we have a legitimate interest.
Legado will collect personally identifiable information and unique identifiers such as NI number, as well as sensitive and special category of personal information in compliance with legal requirements. We use this information for the administration of your employment contract, career progression and well-being. Under UK GDPR, the lawful basis we rely on for processing this information is: we have a legitimate interest.
One of our employees has provided us with your name and email address in order to refer you for a potential employee position. Under UK GDPR, the lawful basis we rely on for processing this information is: we have a legitimate interest.
- For subscribers to Legado marketing
Legado will collect and process information you have chosen to provide us when signing up to receive updates. Under UK GDPR, the lawful basis we rely on for processing this information is: we have a legitimate interest.
Most of the personal information we process as data controller is provided to us directly by you. However we also receive information indirectly from certain sources, as indicated above.
We do not share personal information we process as data controller with any third party.
In relation to each category of personal data we hold as data controller, we remove/destroy that data on request or where no longer applicable/required for the original purpose.
Our role as a data processor
Our customers are corporate/professional organisations which make our application available to you, their customer. Our corporate/professional customer providing the Legado application is the data controller of your personal information which is processed and you should refer to their privacy policy first.
In this context, where you are a registered user of our application which is provided by our customer, we act as a data processor, processing your personal information on behalf of our customer.
Legado will collect account data such as name and email address, with the source of this data being you (or our customer providing the Legado service to you) for the purpose of operating our website, providing our services and maintaining back-ups of our databases and communication with you.
When we act as processor, processing your personal information on behalf of our customer, we process personal data in accordance with and for the purpose of the agreement we have in place with our customer. Types of personal data we process in this context include:
- Name and email address;
If certain features are enabled, such as upload:
- special category data (e.g. passport images)
We process such personal data in accordance with this privacy policy, the agreement we have in place with the customer, and applicable data protection laws. Legado will not process your data for any marketing-related purposes as we are not instructed to do so by the data controller. All data stored by Legado is within a UK-based server and backed up by servers located in the UK.
Keeping your information safe
Handling your personal information with respect and transparency is an essential part of upholding your data privacy. At Legado, we therefore work to exceed the minimum requirements set by the UK government’s cyber security accreditation scheme Cyber Essentials Plus; we are certified to the ISO/IEC 27001:2013 standard, in addition to procuring third-party services to provide ongoing analysis, reporting and monitoring of online activity at national level.
When you provide us with personally identifying information, we take steps to ensure that appropriate cybersecurity and organisational controls are in place to protect it. These include:
Data encryption
We encrypt data using industry standard algorithms throughout all verification steps. This means that any data input to our systems for verification is securely sent and received. Data is also encrypted at rest when on our servers using AES256 encryption standards.
Monitoring
All of our web traffic is encrypted over TLS /SSL and protected by Certificate Pinning to prevent man in the middle attacks. Our security team monitor and carry out daily automated vulnerability scanning across all of our systems and infrastructure.
Third parties
We use a number of carefully selected third parties to help provide our services to you. We expect these third parties to uphold security policies that adhere to the same requirements we ourselves impose.
When we use a third-party (a data processor) to process personal data, we enter into a written contract and data processing agreement to ensure that they fulfil the obligations of the data protection law.
If we are requested to share sensitive information by law enforcement, we will do so in accordance with our obligations under UK law.
Security policies
Legado has developed a set of security policies for our team and partners. Further information about these security policies can be made available upon request.
Keeping your information up-to-date
We want to ensure all personally identifying information is kept accurate and up-to-date. Should your details change, please do not hesitate to contact us using the contact details above.
Changes to this policy
As our business changes and grows, we reserve the right to update this privacy policy to reflect our most current business practices.
How to complain
Please report any complaint to Legado Data Protection Team using the contact details above and we will work to resolve any question or concern that you wish to raise about our use of your information within a reasonable time period.
If we are unable to resolve your complaint, you may contact the Information Commissioner’s Office or by telephone at: 0303 123 1113.