Please note that this policy does not apply to any company or person outside Thesaurus Software Ltd.
The purpose of this policy is to give you information about how Thesaurus Software Ltd. collects and processes your personal data. Also included in this policy are your privacy rights including contact information in the event you have further questions.
This policy applies where you have, directly or indirectly, provided us with your personal data in any of the ways described in section C below.
Thesaurus Software shall be the data controller of the information you provide to us when purchasing our software.
If you are using Connect as an employee
Your employer shall remain the data controller of the information you have provided to them. This policy sets out how we process your personal data on behalf of your employer and the rights that you have in relation to such information.
You may submit your information to us for a number of reasons:
Additional data we may collect about you if you are an employee:
We will not process special categories of personal data such as race, ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data (other than outlined above). Nor do we collect any information about criminal convictions and offences.
We may obtain information through our online applications that you or your users install. We may gather information related to a user’s use of that application and use of specific features within the application.
Providing us with information about others
Should you give us personal data about someone else, you are responsible for ensuring that you comply with all data protection laws. In advance of submitting any information to us you should have notified them that data is shared and clarified how we collect, use and retain their personal information.
We undertake to design our systems and products in such a way as to minimise the use of personal data. Where data is required, the purpose for which you are invited to give us information is clear. We will not use your information for purposes that are not clear when you provide your details. Should we intend to use your data for any other purpose, we will not do so without first notifying you in writing.
We use your information to:
We do not employ automated decision making methods in relation to any of your personal data stored.
Software Users' information will be held for as long as permitted for legal, regulatory, and fraud prevention, currently 6 years.
As a Connect user, should you opt to discontinue using the Connect service, we will retain your Connect data for a period of three months after you opt-out of the service.
Your information we use for marketing purposes will be kept with us until you notify us that you no longer wish to receive this information – the option to ‘Opt-Out’ is available on all marketing correspondence from us. Please also see section E below.
To ensure continuity and transparency in our recruitment campaigns, all applicant details will be kept for no longer than 14 months after the end of the recruitment process.
We will send users email notifications regarding purchases (such as invoices and renewal notifications) as well as emails relating to essential software maintenance, including product upgrades and releases.
We may contact users and prospective users with additional marketing information such as free webinars, CPD events, special offers and newsletters from our group companies. We may contact you for this purpose by telephone, post, SMS or email. You have the ability to unsubscribe from these communications at any time. Alternatively, you can let us know your preferences by:
In the following circumstances, we may send your personally identifiable information to others.
Internally, we limit access to personal information about you to only those Thesaurus Software Ltd. employees who we believe reasonably need to come into contact with that information to provide products or services to you or in order to do their job.
Third Party Service Providers
In providing you with the product or service you request, we may occasionally use third party companies to manage collation, processing and storage of your personal information on our behalf. These companies are carefully selected and screened to ensure maximum protection of your security and privacy and are permitted to use the information only in accordance with our instructions.
These third party providers are not permitted to further transfer your personal data nor are they permitted to use your personal data for their own business purposes.
International Data Transfers
Where possible, we only process your information within the European Economic Area (EEA). However, some of the service providers referred to above may be based outside of the EEA.
We take steps to ensure that where your information is transferred outside of the EEA to our service providers and hosting providers, appropriate measures and controls are in place to protect that information in accordance with applicable data protection laws and regulations.
We measure visitors to our websites using Google Analytics. This records what pages you view on our site, how you arrived at our site and some basic information about your computer. All of that information is anonymous. We don’t know who you are – just that somebody visited our site.
The information we collect from analytics helps us understand what parts of our website are doing well, how people arrive at our site, and so on. Like most websites, we use this information to make our website better.
Cookies are small text files that are placed on your computer by websites you visit. Cookies help make this website work and provide information to us about how users interact with our site. We use this information to improve our website.
By using our website, you agree that we can place these types of cookies on your device.
We use a variety of providers to process payments. These companies will have access to your personal and payment information. The third parties we use are Realex and AIB Merchant Services.
We share information with these companies only to the extent necessary for the purposes of processing payments you make via our website. Thesaurus Software Ltd. has carried out due diligence on the privacy policies of both Realex and AIB Merchant Services, to the best of our knowledge they are fully compliant with Data Protection legislation.
Where you have submitted payment details to our online billing account, your card details are stored on the Microsoft Azure, PCI compliant platform.
Thesaurus Software Ltd. has no control over the authority, the quality or safety of the data input. You, and you alone are responsible for the accuracy and completeness of your records.
Where applicable, you are responsible for keeping your password and user details confidential. Nobody at Thesaurus Software Ltd. will ever ask you for your password, please do not trust anybody asking for it.
Customers using Desktop Software
Thesaurus Software Ltd. does not have access to your data files, except where they have been submitted for support reasons.
Whilst we have security measures in place to protect your data, it remains your responsibility to keep your sign in details secret, to sign off from the Thesaurus Software Ltd. product when you are not using it and to ensure there is no unauthorised access to your computer.
Customers using Cloud Software
You acknowledge that apart from data format validation checks, Thesaurus Software Ltd. does not monitor, edit or review whether the data provided by you is correct
You can edit your stored data at any time by signing in to your account and making the necessary changes. You can also request the deletion of your account by contacting Thesaurus Software Ltd. in writing. We undertake to stop processing your data upon receiving notification, in some instances we may need to request specific information from you to help us confirm your identity before deleting any data. We reserve the right to regularly delete any data that we deem to be out of date or no longer required.
From time-to-time, in order to resolve a customer query, it may be necessary for us to request a backup of your data file or a payroll related document. We are extremely mindful that this information contains sensitive personal data and we take numerous steps to ensure their security. Data received is processed only for the purposes of resolving your query as advised in writing by you, and is done so by trained
Thesaurus staff, your backup will never be shared externally without prior approval from you. Customer backups are retained for the minimum amount of time necessary, usually no longer than one week.
Every effort has been taken to maintain the highest possible levels of security, however we would draw your attention to section M below.
We are committed to compliance data protection law and where necessary will make available to customers any information necessary to demonstrate compliance with their processing obligations.
If you are providing a backup to us in a bureau capacity, you are responsible for ensuring that you comply with all data protection laws and that you have prior approval to send the data to us.
Should you select to use our software’s emailing feature, your employee’s payslips/P60s will be sent through our secure server. Every effort has been taken to maintain the highest possible levels of security and all emails are automatically deleted from our server once sent. To enhance the security of emailed files, we highly recommend that Customers utilise the password feature contained within the software. Finally, we would draw your attention to section M below.
We take the security of your data very seriously. Thesaurus Software Ltd. take technical and organisational measures to prevent the loss, misuse or alteration of your personal information. These precautions include:
Whilst we undertake to maintain the highest possible levels of security practicable to protect data it should be realised that no data transmission over the Internet or information storage technology can be guaranteed to be 100% secure, and there is always some risk of unauthorised access. Thesaurus Software Ltd. cannot be held liable for any breach of security. Any information submitted to us is done so at your own risk.
Should you have any questions in relation to this policy or you would like to exercise any of your rights, set out below, please contact us using the below contact details.
In certain circumstances, you have rights under data protection law in relation to your personal data. You have the right to:
If you wish to raise a complaint on how we have handled your personal data, please contact us and we will investigate the matter.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have a number of requests. In this case, we will notify you and keep you updated.
Our contact details are:
|Address:||BrightPay, Thesaurus Software Ltd., 3 Shortlands, Hammersmith, London, W6 8DA|
|Phone:||0345 939 0019|
If you are not satisfied with our response or believe our processing of your personal data is not in accordance with the law you can complain to the Information Commissioner's Office.