Privacy Policy

This Privacy Policy applies to SmartFM Group Ltd ("we", "our", or "us"), registered in the United Kingdom, operating as Fidelio.FM. This policy explains how we collect, process, and protect your personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other applicable UK data protection laws.

As a provider of a Computerized Maintenance Management System (CMMS), we understand the importance of maintaining the confidentiality and security of the information we collect and process. We are committed to ensuring that your privacy is protected in compliance with all applicable laws and regulations.

Information We Collect and Process

As a Data Controller, we collect and process the following categories of personal data:

• Identity and Contact Data: Name, job title, email address, telephone number, postal address of your business
• Account Data: Username, password, account settings, and preferences
• Business Data: Company name, business sector, company registration details
• Transaction Data: Details of products and services purchased, purchase history, billing and payment information
• Technical Data: IP address, login data, browser type and version, device information, operating system, time zone setting
• Usage Data: Information about how you use our website, products, and services, including maintenance records, work orders, and asset management data
• Employee Data: When using our CMMS system, you may input data about your employees including their names, job roles, contact details, and work performance metrics
• Third-Party Data: Information about contractors, suppliers, and other individuals whose data you input into our system
• Maintenance Records: Details of equipment, facilities, maintenance activities, work orders, and asset management that may indirectly identify individuals

We collect this information through:

• Direct interactions when you register for our services, place orders, or contact us
• Automated technologies or interactions including cookies and similar technologies
• Third parties or publicly available sources (such as Companies House, business directories)

Legal Basis for Processing

Under the UK GDPR, we process your personal data on the following legal bases:

• Contract: Processing necessary for the performance of our contract with you
• Legitimate Interests: Processing necessary for our legitimate interests, provided your interests and fundamental rights do not override those interests
• Legal Obligation: Processing necessary to comply with our legal obligations
• Consent: Where you have given us consent to process your data for specific purposes

How We Use Your Information

We use your personal data for the following purposes:

• To register you as a new customer and create your account
• To provide and manage our CMMS services to you and your organization
• To process and deliver your orders including managing payments, fees, and charges
• To manage our relationship with you including notifying you about changes to our terms or privacy policy
• To provide technical support and troubleshooting services
• To administer and protect our business and our website
• To deliver relevant content and advertisements and measure the effectiveness of our advertising
• To make suggestions and recommendations about products or services that may be of interest to you
• To enable you to effectively manage your maintenance operations, assets, and work orders
• To provide data analytics and reporting functionality within the CMMS system

Data Sharing and Disclosure

We may share your personal data with:

• Service Providers: IT and system administration providers, cloud service providers, payment processors, and other service providers who help us deliver our services
• Professional Advisers: Including lawyers, bankers, auditors, and insurers who provide legal, banking, accounting, and insurance services
• HM Revenue & Customs, regulators, and other authorities: Who require reporting of processing activities in certain circumstances
• Business Partners: In connection with specific features or services we offer in partnership with them
• Third parties in connection with a business transaction: If we sell, merge, or transfer any part of our business, your personal data may be shared with the new owner

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

International Transfers

We primarily store and process your data within the UK and European Economic Area (EEA). However, some of our service providers may be based outside the UK/EEA or may process data outside these regions.

Whenever we transfer your personal data outside the UK/EEA, we ensure a similar degree of protection is afforded to it by implementing appropriate safeguards, including:

• Transferring to countries that have been deemed to provide an adequate level of protection by the UK Government
• Using UK-approved International Data Transfer Agreements (IDTAs) or standard contractual clauses
• Implementing specific supplementary measures where required

Data Security

As a CMMS provider, we understand the sensitivity of the data we process. We have implemented appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

• Encryption of personal data in transit and at rest
• Regular testing and evaluation of the effectiveness of our security measures
• Strict access controls and authentication procedures
• Regular security assessments and penetration testing
• Staff training on data protection and security
• Data backup and disaster recovery procedures
• Physical security measures at our facilities

In the event of a personal data breach, we have procedures in place to detect, report, and investigate such incidents in accordance with our legal obligations under the UK GDPR.

Data Retention

We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

Different retention periods apply to different types of data:

• Account data: For the duration of your subscription plus 6 years for legal and tax purposes
• Transaction data: 7 years for tax and accounting purposes
• Maintenance records: As specified in your contract with us or as required by law and industry regulations
• Technical and usage data: 2 years from collection

When personal data is no longer needed, we will securely delete or anonymize it.

Your Rights Under UK GDPR

As a data subject in the UK, you have specific rights regarding your personal data:

• Right to be informed: About how we collect and use your personal data
• Right of access: To request a copy of your personal data (also known as a "subject access request")
• Right to rectification: To have inaccurate personal data corrected or incomplete data completed
• Right to erasure (right to be forgotten): To request deletion of your personal data in certain circumstances
• Right to restrict processing: To request restriction or suppression of your personal data
• Right to data portability: To obtain and reuse your personal data for your own purposes across different services
• Right to object: To object to processing based on legitimate interests, direct marketing, and processing for research or statistical purposes
• Rights related to automated decision-making and profiling: Safeguards against potential damaging effects of solely automated decisions

To exercise any of these rights, please contact us using the details provided in the "Contact Us" section below. We will respond to your request within one month. There is no fee for making a request, but we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive.

Children's Privacy

Our services are not intended for children under 16 years of age, and we do not knowingly collect personal data from children. If you become aware that a child has provided us with personal data without parental consent, please contact us. If we become aware that we have collected personal data from a child without verification of parental consent, we will take steps to remove that information from our servers.

Cookie Policy

Our website uses cookies and similar technologies to distinguish you from other users. This helps us to provide you with a good experience when you browse our website and allows us to improve our site.

We use the following types of cookies:

• Strictly necessary cookies: Required for the operation of our website
• Analytical/performance cookies: To recognize and count visitors and analyze how visitors move around our website
• Functionality cookies: To recognize you when you return to our website
• Targeting cookies: To record your visit to our website, the pages you have visited, and the links you have followed

You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly.

For detailed information about the cookies we use and the purposes for which we use them, please see our separate Cookie Policy available on our website.

Changes to This Privacy Policy

We will update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. When we make material changes to this Privacy Policy, we will provide you with notice as appropriate under the circumstances, for example by displaying a prominent notice on our website or by sending you an email. In certain cases, we may disclose changes sooner.

We encourage you to review this Privacy Policy frequently to be informed of how we are protecting your information.

Contact Us

SmartFM Group Ltd is the data controller responsible for your personal data.

If you have any questions about this Privacy Policy or our privacy practices, or if you wish to exercise any of your legal rights, please contact our Data Protection Officer:

Data Protection Officer
SmartFM Group Ltd
Email: [email protected]
Phone: +44 (0)20 1234 5678
Address: London, United Kingdom

Complaints

You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.

Return to homepage