Last updated 26/03/2023
This Privacy Notice explains what information Drewek.com Limited and its associated entities (collectively “Drewek & Co”) collect about you, why, what we do with that information, how we share it and how we handle the content you place in our products and services. It also explains the choices available to you regarding our use of your personal information and how you can access and update this information. If you do not agree with this policy, do not access or use our Services or interact with any other aspect of our business.
Where we provide the Services under a contract with an organization (for example, your employer) that organization controls the information processed by the Services
Data Protection Officer
We have appointed Nigel Drewek as our Data Protection Officer to oversee compliance with this Privacy Notice and to oversee data protection related matters which affect Drewek & Co.
If you have any questions about this Privacy Notice or how we handle your Personal Data please contact our Data Protection Officer by email at email@example.com.
Privacy Notice Scope
Our Privacy Notice applies to the information we collect when you use one of our Services, when other sources provide it to us, or when you otherwise engage with Drewek & Co, including, but not limited to:
when you visit our website or community website (“Websites“)
when you contact us for assistance
when we connect with you as a prospective customer or as a customer
when you use one of our SaaS or On-Premise products (“Services“)
when an account or profile is created on your behalf in one of our SaaS or On-Premise products (typically by your employer)
when you attend customer or prospective customer events
when you meet us at third party events, gatherings or meetups
Information Collection & Processing
We collect and process information which either you provide to us, we collect passively, or the information is provided by third party sources. We use this information to enable us to deliver better products and services.
Profile & Account Information
We collect information about you (“Personal data“) and your company in the provision and usage of the Services. This information generally includes:
Profile information such as first name, surname, email, job title
Preferences information such as notification and marketing preferences
Company & Billing information such as billing address, headquarters address and place of work
We may incidentally collect your personal information as part of the content we allow you or other users to create, upload or store in the process of using our services.
The Services include the Drewek & Co products you use, where we collect and store content that you post, send, receive and share. This content includes any information about you that you may choose to include.
Information from other sources
We may receive information about you from other Service users (including your employer), from third-party services, from our related companies, social media platforms, public databases, and from our business and channel partners. We may combine this information with information we collect through other means described above. This helps us to update and improve our records, identify new customers, create more personalised advertising and suggest services that may be of interest to you.
We collect Personal Data that you submit to us via our website or third-party tools including, for example, when applying for a job via our website or requesting support in relation to one of our services.
Analytics & Logs
We collect analytics and log information when you use our websites or services to help us improve our product and services. Analytics information also consists of data we collect as a result of running queries against Content created by a user of our SaaS and On-Premise services for the purposes of generating Usage Data. For example, we query the Content to determine the average number of content areas per customer.
Though we may encounter sensitive or other Personal Data as we compile Usage Data from Content across user instances, this is simply a by-product of our efforts to understand broader patterns and trends. In particular, it is not a concerted effort by us to examine the Content of any particular customer.
Legal bases for processing (for UK and EEA users)
If you are an individual in the UK or the European Economic Area (EEA), we collect and process your Personal Data only where we have a legal basis for doing so under applicable EU laws. The legal basis depends on the Services you use and how you use them. This means we collect and use your information only where:
We need it to provide you the Services, including to operate the Services, provide customer support and personalized features and to protect the safety and security of the Services;
It satisfies a legitimate interest (which is not overridden by your fundamental rights and interests), such as for research and development, to market and promote the Services and to protect our legal rights and interests;
You give us consent to do so for a specific purpose;
We need to process your data to comply with a legal obligation; or
If you have consented to our use of information about you for a specific purpose, you have the right to change your mind at any time, but this will not affect any processing that has already taken place. Where we are using your information because we or a third party (e.g. your employer) have a legitimate interest to do so, you may have the right to object to that use though, in some cases, this may mean no longer using the Services.
Using the information we collect
How we use the information we collect depends in part on which Services you use, how you use them, and any preferences you have communicated to us. Below are the specific purposes for which we use the information we collect about you:
to provide the Services and personalize your experience
for research and development
to communicate with you about the Services
to market, promote and drive engagement with the Services
to protect our legitimate business interests and legal rights
Accessing and updating your information
When accessing or updating your information that has been collected and stored in relation to your usage of Drewek & Co Services, you can:
amend or remove your Personal Data in your account settings. This can also be done by your intranet administrator.
amend or remove content using the editing tools associated with that content. In some cases, you may need to contact your intranet administrator to request the removal of Content.
deactivate or remove your Services account by contacting your intranet administrator.
We will retain your account information for as long as your account is active, or as reasonably required for commercial purposes or as necessary to comply with our legal obligations.
You have the right, in accordance with relevant Data Protection Laws, to request a copy of your information, to object to our use of your information (including for marketing purposes), to request the deletion or restriction of our processing of your information, or to request your information in a structured, electronic format. Where the Services are administered for you by an administrator, you may need to contact your administrator to assist with your requests first. For all other requests, you may contact us as provided in the Contact Us section below to request assistance.
We will not sell your Personal Data or content. However, where necessary (and only to the extent necessary) we may share or disclose your Personal Data as follows:
we may provide your information to our business partners, vendors or service providers who perform functions on our behalf particularly as part of our Services
in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.
as required by law, government officials, or other third parties pursuant to a subpoena, court order, or other legal process or requirement applicable to our Company;
when we believe, in our sole discretion, that the disclosure of personal information is necessary to prevent physical harm or financial loss;
to report suspected illegal activity or to investigate violations of our agreements
We have put in place appropriate security measures to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition we limit access to your Personal Data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.
We have also put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspended breach where we are legally required to do so. ISO27001 is the internationally recognised standard for information security and we are also ISO27001 certified for information security.
We hold your Personal Data in your own geolocation. We do use cloud storage. In doing so we ensure that there is an adequate level of protection for your personal information.
We have in place appropriate measures to ensure that your personal information is treated in a way that is consistent with and which respects UK law on data protection by way of binding corporate rules and we are subject to regular audits as a result of our ISO27001 certification, as explained above.
If you require further information about these measures you can request it from the Data Protection Officer.
Drewek & Co Services are not directed towards minors. We do not knowingly collect information from children under the age of 13. If you are aware that a child has provided us with Personal Information, please contact us immediately.
Changes to our Privacy Notice
We may amend this Privacy Notice from time to time. When there are changes to this Privacy Notice, we will update this page. The date will always indicate when we last made changes.
In addition to the general rights set out under this Privacy Notice, if you are a resident of California, Californian law means you have a number of important rights free of charge. In summary, those include rights to:
request information, including a list of the categories of Personal Information (e.g. name, email, and mailing address, and the type of services provided to the customer that a business has disclosed to third parties (including affiliates that are separate legal entities) during the immediately preceding calendar year for the third-parties’ direct marketing purposes, from businesses with whom you have an established business relationship and the names and addresses of all such third parties;
portability of such information and receive the personal information concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations; and
the erasure of personal information concerning you in certain situations.
Notice to End Users
Many of our products are intended for use by organizations. Where the Services are made available to you through an organization (e.g. your employer), that organization is the administrator of the Services and is the Data Controller under GDPR, and is responsible for the accounts and/or Service sites over which it has control. If this is the case, please direct your data privacy questions to your administrator, as your use of the Services is subject to that organization’s policies. We are not responsible for the privacy or security practices of an administrator, which may be different to this policy.
If you have any questions about our Privacy Notice, please contact us. If you are an employee of an Drewek & Co customer and have a query or would like us to stop processing your information, please contact your employer in the first instance.
If you are resident of an EU country, please email firstname.lastname@example.org