GDPR Policy

GDPR Policy
Your Rights


We are committed to ensuring that all personal data is handled, stored and processed (“processed”) responsibly, fairly and in compliance with all applicable personal data protection laws, including the General Data Protection Regulation (“GDPR”) (“Data Protection Laws”). We are also committed to ensuring that your rights, as a ‘Data Subject’, are handled in accordance with Data Protection Laws and that we ensure that your rights are protected.


This policy/privacy notice applies to you, as a Data Subject, in relation to any of your personal data which is processed by us where we are the ‘Controller’. It sets out your rights under GDPR and provides details on how we handle your rights. We will provide you with any relevant information you request in relation to your rights as soon as practicable, but in no event longer than 1 month of request. To do so, we may request additional information from you for the purpose of identity verification. If we are not able to verify your identity, then we may be exempt from the application of certain rights. If the request is complex or numerous, we may take longer than 1 month (but no more than 2 months) to respond, but we will notify you within 1 month if we need such an extension.


Where we are the ‘Processor’ we will be subject to the instructions of the applicable ‘Controller’ and will assist you in referring your request to the relevant ‘Controller’. We will assist the Controller in responding to your request.

It is important that you read this notice, together with any other privacy notice we may provide when we are collecting or processing personal information about you, so that you are aware of how and why we are using such information.


What is personal data?


Personal data means any information relating to an identifiable living person (“Data Subject”) who can be directly or indirectly identified by reference to an identifier. 


How and on what basis we collect, hold or process your personal information


We will only collect, hold, use and/or process (together “process”) your personal information where we are legally allowed to do so.


We will ensure that your personal information is:

  • Processed lawfully, fairly and transparently
  • Collected for specific, explicit and legitimate purposes
  • Adequate, relevant and limited to what is necessary for the purpose of the processing
  • Kept accurate and up to date
  • Only kept for so long as is necessary
  • Processed securely using appropriate technical and organisational measures to ensure integrity and confidentiality

For Interlink Software, the lawful basis which we rely on will fall into one of the following:

  • Contractual performance: where we process your personal information for contractual performance.
  • This includes enabling us to take steps you request prior to us entering into a contract; and then once we have entered into a contract, to enable us to perform the contract and to provide you with the products and services. We will process your personal information in accordance with the contract.
  • Legitimate interests: where we process your personal information for our legitimate interests. We are a commercial organisation engaged in the provision of information systems dashboards and associated services. We have an interest in promoting, marketing, selling, and supporting our products and services. Where we process your personal information for our interests we will do so only where we have carefully considered both our and your interests. We will not process your personal information if our interests are overridden by your interests or fundamental rights and freedoms.
  • Consent: where we rely solely on your consent to process your personal information. There may be circumstances where we need to or are required to obtain and/or rely upon your consent to process your personal information. If this is the case we will give you:

  • the reason for needing your consent, including details as to how we will process your information
  • the choice as to whether to provide consent
  • information to enable you to withdraw your consent


Why and how do we process personal information? 


We process your personal information for a number of reasons. Primarily this will be to enable you to buy or use our products, services, training, or to send you, or allow you to access our marketing material. We only process your personal information in accordance with the law, including the EU General Data Protection Regulation, as set out in this privacy notice.


Further information is set out below:

  • You are a customer – We will have entered into a contract with you in order to provide products, services, content or training. We will obtain personal information in the following:
  • In pre-contract discussions and correspondence
  • In contractual documents
  • When registering, using or receiving our products and services
  • Where we provide you with support and assistance in the use of our products and services


  • Using our website – To help inform you of our products and services, to report any service issues. Where we process your information, we will do so with your consent. We will obtain personal information:

  • Via specific forms on our website, e.g. when you download case studies or register for trial software
  • Via cookies or our website analytics tools


  • Visiting our office - The legitimate interests for processing information when you visit our office is to ensure our and your security and safety during the visit. We collect personal information:

  • Via our signing in process 
  • Via our pre-attending questions


  • You apply for a job with us - The legitimate interests for processing information you provide us is to facilitate your application for employment. This will typically be when you submit your CV and/or cover letter. 


  • You contact us - The legitimate interests for processing information you provide us when you contact us on a specific enquiry is to enable us to address your query. This will typically be via our online submission form or email directly. 


  • You are a supplier - We will have entered into a contract with you in order for you to supply us with products, goods or services


What personal information do we process?


Depending on the circumstances for processing, personal information we process will include: title/salutation; name; date of birth; address; country or location; employer; e-mail addresses; telephone numbers; IP address and information obtained from that address; information we obtain from use of cookies on your computer; dietary information.

We may also process other personal information about you when needed to provide data, software, products, services or other information that you requested. We will make you aware of what personal information we are processing at the time of when we obtain it.


We do not process any sensitive personal information about you. You should not provide us with any sensitive personal information. Any sensitive personal information provided to us will be deleted.


Who do we share your personal data with? 


We will never sell your information to a third party.


We will only share your information with a third party or transfer your data outside of the UK / EU if we need to. Where we do this, we will comply with all of our legal obligations and we ensure that there are adequate protections in place to protect your information.


If we need your consent, we will:

  • Explain why we need to share your personal information
  • Explain the purpose for which we will be sharing it
  • Provide you with details of the third party
  • Obtain your explicit consent for such


You will be able to easily withdraw your consent in the same way in which you gave it.


Where we rely on a different lawful basis, such as ‘legitimate interests’ or ‘contractual’, we will do so only to the extent permitted by such lawful basis.


Organisations with whom we may share your personal information include:

  • Those whom we use for our back-office systems, for the purpose of hosting those back-office systems.


How long do we keep your personal information?


  • In all cases, we will only keep your personal information for as long as we have a lawful basis for processing it.
  • Where you enter into a contract and/or place an order, we will keep your information for the duration of the contract and/or order, and thereafter for such period as we are permitted by law (to comply with financial legislation), or for so long as is necessary for the establishment, exercise or defence of legal claims.
  • Where you have made a general or specific enquiry but have not entered into a contract or placed an order with us, we will keep your information until that enquiry is resolved.
  • Where you have expressly consented to and/or subscribe to marketing, newsletters, events information or to any other form of communication, we will keep your information only whilst your consent and/or subscription is valid.


Where we no longer need your information and no longer have a basis for keeping it, we will delete it within 6 months.


How do we secure your personal information?


We place a great deal of importance on the security of all personal information. We have in place appropriate technical and security measures which are reviewed routinely. – ISO27001 Certification pending.

Your Rights


We respect and place significant importance on your rights. Further details can be found below. 


In summary, your rights include the right to:

  • Basic information (such as our identity, or that of the controller if not us, the reason and basis on which we process your personal data, together with as much information to ensure fairness and transparency) and to be informed
  • Object: to object to processing of personal data where such is done by us in certain circumstances, for example for our legitimate interests or direct marketing
  • Withdraw consent: to withdraw your previously given consent
  • Access: to be aware of and verify the lawfulness of the processing
  • Rectification: to correct personal data if it is inaccurate or incomplete
  • Erasure: to request the removal or deletion of personal data
  • Restrict processing: to restrict the processing of personal data
  • Data portability: to obtain and reuse personal data
  • Be aware of any automated decision making or profiling, and to request such is restricted


If you wish to object or to withdraw consent, you may contact us through one of the methods detailed in the ‘Contact us’ section. In addition, where we have sent you a marketing email, we will have provided an ‘unsubscribe’ link which you can use to stop any future marketing communications.


Right to access 


We will provide you with all applicable details, including:

  • Whether we are processing your personal data
  • The type of personal data we are processing
  • Where we process your personal data
  • Details of whom we are sharing your personal data with
  • Information relating to your rights
  • The opportunity to make a complaint to the supervisory authority
  • The purposes of our processing
  • The source of your personal data (i.e. where we obtained your data from)
  • The duration for holding your personal data


If requested, we will provide you with a copy of your personal data. Your request will be addressed in an electronic form unless otherwise stated. If your request is deemed by us to be repetitive, manifestly unfounded, or excessive we may charge a reasonable fee to respond (although we will let you know beforehand if that is the case).


Right to rectification


Should your information be inaccurate or incomplete, you have a right to request rectification. Your request will be processed if the data held is proven to be inaccurate or incomplete. Where applicable and possible we will inform any third parties to whom we have provided the personal data of the rectification.


Right to be forgotten


You have a right to request the deletion of your personal data providing:

  • The purpose for which the personal data was originally collected or processed no longer exists
  • You withdraw your previously given consent
  • You object to the processing
  • Your personal data has been unlawfully processed
  • Your personal data must be erased to comply with the law


Your request will be actioned unless we have a lawful basis or overriding legitimate interest to keep and to process your personal data, in which case we will inform you of the reason(s) for such. Where applicable and possible we will inform any third parties to whom we have provided the personal data of the erasure.


Right to restrict processing


You can request to restrict the processing of personal data where:

  • Our processing of your personal data is unlawful
  • You contest the accuracy of your personal data and we need to verify the accuracy
  • You prefer restriction over erasure
  • You object to the basis on which we are processing your personal data and we need to assess whether our legitimate interests override your interests, rights and freedoms.


Where we agree to such a request, we will only hold the personal data and will only use it for agreed limited purposes. We reserve the right to refuse a request where we need to do so for the establishment, exercise, or defence of legal claims, or where we have a valid lawful basis. Where applicable and possible we will inform any third parties to whom we have provided the personal data of the restriction and will inform you when the restriction is lifted.


Right to data portability


You have a right to obtain and reuse your personal data, you can request this where you have provided personal data on the basis of consent or for the performance of a contract, and where our processing is carried out by automated means. Where we agree to your request, we will provide you with a copy of your personal data in a machine-readable, commonly used, and structured form.


Right to object


To object to the processing of personal data where we do this in certain circumstances, for example for our legitimate interests or direct marketing. 


Where your personal data is processed on legitimate interests basis: your request to object will be processed unless we have a compelling legitimate interest for processing your personal data or where your personal data is needed for the establishment, exercise or defence of legal claims. Where we consider the request in relation to legitimate interests, we will assess whether those legitimate interests override your interests, rights and freedoms and we will notify you of the outcome.


Where your personal data is processed for direct marketing: your request will be processed immediately, and we will cease processing your personal data for direct marketing purposes.


Rights related to automated decision-making including profiling 


We do not participate in automated decision making or profiling. 


Right to complain and/or seek judicial remedy


If you feel our processing of your personal data infringes the GDPR or if we do not take action on your request to exercise any of your rights, we will inform you without delay and at the latest within one month of receipt of the request of (a) the reasons for not taking action and (b) the possibility of lodging a complaint with a supervisory authority and seeking a judicial remedy.


Where you exercise one or more of the above rights, we will handle your request in accordance with our internal procedures and work instructions. 


Changes to this privacy notice

We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.


To request information please contact us

Share by: