Updated and published 1st May 2018.
At Over-C we are committed to protecting and respecting your privacy in compliance with EU- General Data Protection
information, how we use it, the conditions under which we may disclose it to others and how we keep it secure. This
customer contract fulfilment activities, and should be read in conjunction with your terms and conditions. It also
applies to employees, contractors and individuals seeking a job at Over-C.
To find out more, click on any of the sections below:
Who are we?
Over-C develops and delivers digital transformation software that supports our customers’ business operations. Our
company headquarters are located in the United Kingdom, and our subsidiary companies are based in the EEA. The
headquarters’ registered office address is Digital Greenwich, Mitre Passage, London, England, SE10 0ER.
Over-C Limited is the data controller and our Data Protection Officer can be contacted by email: firstname.lastname@example.org
Back to top
When do we collect personal data about you?
Back to top
- When you register as an Over-C user and/or customer, or a user and/or customer of one of our resellers.
- When you ask us to configure your Over-C account.
- When you make changes to, or close your Over-C account.
- When you are using our products and services.
- When you get in touch with us to ask something or report a fault.
- When you order from us or through one of our resellers.
- When you interact with us in person or through correspondence, by phone, by social media, or through our websites.
- When you complete a ‘Contact me’ or other web form on our website (e.g. to download a whitepaper).
- When we collect personal data from other legitimate sources, such as third-party data aggregators, Over-C
marketing partners, public sources or social networks. We only use this data if you have given your consent to them
to share your personal data with others.
- We may collect personal data if it is considered to be of legitimate interest, and if this interest is not
overridden by your privacy interests. Before data is collected we make sure an assessment is made, ensuring that
there is an established mutual interest between you and Over-C.
- When you apply for a job with us or want to partner with our company.
- When you accept a job with us or contract to partner with our company.
Why do we collect and use personal data?
We collect and use personal data mainly to perform direct sales, direct marketing and customer service and to provide to
you our products and services. We also collect data about suppliers, partners and persons seeking a job or working in
We may use your personal data for the following purposes:
Back to top
- To deliver products and services relevant to you (whether we provide them or not) and to manage your account.
- To improve our products and services and develop new ones.
- To manage our products and services and help us run and grow our business.
- To send you information about the products and services that you have purchased from us.
- To follow up on incoming requests (customer support, emails, chats, or phone calls).
- To provide access to our Customer Support portal or the Over-C Community website.
- To perform contractual obligations such as order confirmation, license details, invoice, reminders, and similar.
The contract may be with Over-C directly or with an Over-C partner or reseller.
- To notify you about any disruptions to our services (system messages).
- To send you marketing communications which you have requested. These may include information about our products
and services, events, activities, and promotions of our associated partners’ products and services. This
communication is subscription based and requires your consent.
- To perform direct sales activities in cases where legitimate and mutual interest is established.
- To provide you content and venue details on a webinar or event you signed up for.
- To reply to a ‘Contact me’ or other web forms you have completed on our website (e.g. to download a whitepaper).
- To contact you to conduct surveys about your opinion on our products and services.
- To process a job application or an application to partner with our company.
- To process information in relation to an employment contract.
- To protect the safety and security of our employees and contractors.
Our legal basis for collecting personal data
Collecting personal data based on consents
We use personal data based on the consent that you have provided for one or more specific purposes. We will set out to
you our request for your consent in clear and plain language. You have the right to withdraw your consent at any time.
Collecting personal data based on contracts
We use personal data for fulfilling our obligations related to contracts and agreements with customers, partners and
Collecting personal data based on legal obligations
We use personal data for complying with the law.
Collecting personal data based on legitimate interest
We may use personal data if it is considered to be of legitimate interest, and if the privacy interests of the data
subjects do not override this interest. Normally, to establish the legal basis for data collection, an assessment has
been made during which a mutual interest between Over-C and the individual person has been identified. This legal basis
is primarily related to our sales and marketing purposes. We will always inform individuals about their privacy rights
and the purpose for collecting personal data.
Back to top
What type of personal data is collected?
The information we have about you includes things like who you are, how you use your Over-C products and services and
where you use our products and services.
Who you are includes:
- Your name, role, mobile number and email address in addition to your company’s name and contact information.
- Your IP-address and actions taken when visiting our websites and support pages.
How you use your Over-C products and services includes:
- Details about your usage of the Over-C products we supply to you. This includes the date and time you use them,
how long for and what you use them for.
Where you use our products and services:
need to know your location when you use our products and services. We call this sensor location. It works by identifying
the location of your mobile device through the scanning of sensors at known locations, providing us with a rough
location so we can identify your geographic position.
Your mobile device might also have a Global Positioning System (GPS) receiver, that’s used by your mobile device and
certain applications, including the Over-C application. It’s more accurate than sensor location alone, because it uses
satellites. If you’re using the Over-C application, or third party applications that are used by the Over-C application,
we, or our partners, might collect some of your GPS location information.
GPS location is different from sensor location. We don’t control it. GPS is based on satellites and is set up on the
mobile device itself. Look at your mobile device’s settings to configure it. Remember, if you choose not to share your
location, you might not be able to use certain services that need to know where you are for those services to work.
Other information we have about you:
We may also collect feedback, comments and questions received from you in service-related communication and activities,
such as meetings, phone calls, documents, and emails.
We collect name, role, company phone numbers and company email address, in addition to your company’s name and contact
If you upload photos or videos, add posts or comments, etc. on our Community website, the information can be read by
anyone with access to the Community site and used for purposes over which Over-C or you have no control. Therefore,
Over-C is not responsible for any information you submit to the Community website.
If you apply for a job at Over-C, and are subsequently employed by Over-C, we collect the data you provide during the
application and on boarding process.
If you apply, or we chose, to partner with your company, we collect the data you provide during the application and
Over-C does not collect or process any special categories of personal data, such as public unique identifiers or
sensitive personal data.
Back to top
How long do we keep your personal data?
We store personal data for as long as we find it necessary to fulfil the purpose for which the personal data was
collected, while also considering our need to answer your queries or resolve possible problems, to comply with legal
requirements under applicable laws, to attend to any legal claims/complaints, and for safeguarding purposes. This means
that we may retain your personal data for a reasonable period of time after your last interaction with us.
How long we keep it depends very much on the type of information and purpose.
For example, we might need to sort out disagreements, stop fraud and abuse, prove that you had an account with us or
follow our legal obligations. Or law enforcement agencies may need it as evidence. We may also keep information about
how you use our products or services.
In each case, the length of time that we need to keep the information may be different, but we will only keep the
information for as long as we need it. When the personal data that we have collected is no longer required, we will
delete it in a secure manner. We may process data for statistical purposes, but in such cases, data may be aggregated
and will be anonymised.
Back to top
Your rights to your personal data
You have the following rights with respect to your personal data:
Back to top
- The right to request a copy of your personal data that Over-C holds about you.
- The right to request that Over-C corrects your personal data if inaccurate or out of date.
- The right to request that your personal data is deleted when it is no longer necessary for Over-C to retain such
- The right to withdraw any consent to personal data processing at any time. For example, your consent to receive
- The right to request a restriction on further data processing, in case there is a dispute in relation to the
accuracy or processing of your personal data.
- The right to request that Over-C provides you with your personal data and, if possible, to pass on this
information directly (in a portable format) to another data controller when the processing is based on consent or
- The right to object to the processing of personal data, in case data processing has been based on legitimate
interest and/or direct marketing. Any query about your privacy rights should be sent to email@example.com.
websites. Website Navigational Information includes standard information from your web browser, such as browser type and
browser language; your Internet Protocol (“IP”) address; and the actions you take on the company’s websites, such as the
web pages viewed and the links clicked.
This information is used to make websites work more efficiently, as well as to provide business and marketing
information to the owners of the site, and to gather such personal data as browser type and operating system, referring
page, path through site, domain of ISP, etc. for the purposes of understanding how visitors use a website. Cookies and
similar technologies help us tailor our website to your personal needs, as well as to detect and prevent security
threats and abuse. If used alone, cookies and web beacons do not personally identify you.
Back to top
Do we share your data with anyone?
We do not share, sell, rent, or trade your information with any third parties without your consent, except from what is
Third-party Service Providers working on our behalf:
We may pass your information on to our resellers, carriers, distributors, agents, sub-contractors and other associated
organisations (“partner”), or prospective partners, with the purpose of them providing services to you on our behalf.
This includes other Over-C companies and their respective partners, agents and sub- contractors.
New and prospective owners of Over-C:
We may pass your information on to new and prospective owners of Over-C.
We may pass your information on to our recruitment partners, with the purpose of them providing resourcing services to
you and us.
If required by law:
We, or our partners, will disclose your information if required by law or if we, as a company, or our partners,
reasonably believe that disclosure is necessary to protect our company’s, or our partner’s company’s, rights and/or to
comply with a judicial proceeding, court order or legal process. However, we will do what we can to ensure that your
privacy rights in law continue to be protected. We may also share your information if there’s an emergency and we think
you or other people are at risk.
Back to top
Use of sub-contractors (processors and sub-processors)
We may use sub-contractors to process personal data on our behalf. We are responsible for making sure they commit
If the sub-contractor processes Personal Data outside the EU/EEA area, such processing must be in accordance with the EU
Privacy Shield Framework, EU Standard Contractual Clauses for transfer to third countries, or another specifically
stated lawful basis for the transfer of personal data to a third country.
Back to top
If we make changes that significantly alter our privacy practices, we will notify you by email or post a notice on our
websites prior to the change taking effect.
Back to top
Other important things to know
Communicating over the internet:
Please remember, any emails or other communications you send over the internet aren’t safe unless they’ve been
encrypted. They might go through a few countries before they get to the recipient who is located in the same country.
Unfortunately, that’s the nature of the internet. If someone gets into your emails without your permission, or your
personal data is shared publicly, we can’t accept responsibility. It is out of our control.
Pages on over-c.com and other companies’ sites:
On our website there may be pages that are branded with both the Over-C name and logo, as well as other companies’ names
and logos. We, and other companies working with us, look after these pages.
Back to top
Requesting your personal data from Over-C
Under Chapter III of the EU- General Data Protection Regulation (GDPR) 2016/679, dated 27th April 2016, you have the
right to access your personal data held by Over-C. This is known as a Subject Access Request (SAR). The process you
should follow to do this is set out below.
You can make a SAR to receive your own personal data. Or a third party can make a SAR for you, with proof they have your
Only information considered to be your personal data will be released under a SAR.
To make a valid SAR, you must:
- Put your request in writing to Over-C.
- Provide proof of your identity. There is no fee for dealing with a SAR however we may charge a ‘reasonable fee’
when a request is manifestly unfounded, excessive or repetitive.
The more specific you are and the more information you provide, the quicker we’ll be able to respond. We’ll respond to
your request within 30 calendar days of verifying your details.
Over-C is not obliged to comply with a SAR from an individual if the request is similar or identical to a request that
Over-C has already complied with in relation to that individual. This exemption will not apply if a reasonable interval
has elapsed between the two requests and further information has been processed since the first request. Over-C also
reserves its rights to act under any other exceptions or exemptions under the Act.
Back to top
Your right to complain to a supervisory authority
If you are unhappy with the way in which your personal data has been processed, you may, in the first instance, contact
us at firstname.lastname@example.org
If you remain dissatisfied, then you have the right to apply directly to your national supervisory authority for a
decision. The supervisory authorities can be contacted at:
Back to top
Commission de la protection del la vie prive´e / Commission for the Protection of Privacy privacycommission.be
An Coimisine´ir Cosanta Sonrai / Data Protection Commissioner dataprotection.ie
Each individual German state has a Data Protection Authority which is responsible for the enforcement of data
protection laws and competent in respect of data controllers established in the relevant state.
Competent authorities can be identified according to the list provided under Aufsichtsbehorden
Autoriteit Persoonsgegevens / Personal Data Authority autoriteitpersoonsgegevens.nl
- United Kingdom:
The Information Commissioner’s Office (ICO) ico.org.uk