Privacy Policy

INOVEM Limited (trading as Kahootz) and Jonas Software UK (“Jonas”, “we”, “us”, “our”) are committed to protecting your privacy. You might interact with us in various ways, and the information you provide when doing so allows us to improve our services.

This website, our related sites and applications (collectively the “Site”, “Sites”) are owned and operated by INOVEM Ltd., whose principal place of business is Weston Farm Barn, Weston, Newbury Road, Berkshire RG20 8JE.

This policy explains:

What information we collect, and why we collect it;
How we use that information;
How we protect that information;
How you can control your information, including accessing, updating, and deleting what we
store and
How we share information collected.

Acceptance

You should review this policy carefully and understand it before using the Site. Your use of the Site
is deemed to be acceptance of this policy. If you do not agree to this policy, you should not use, and
should immediately terminate your use of, the Site. For purposes of this policy, accessing the Site
only to review this policy is not deemed a use of the Site.

Information We Collect

Information Voluntarily Provided

We may collect or record basic personal data you voluntarily provide through completing forms on
the Site, through questions you send to us, or through other means of communication between you
and us. The categories of personal information you provide may include:

first and last name;
organisation name;
email address;
phone number
your area of business
any other identifier that permits us to contact you.

Information from Site Visits

We collect, store, and use information about your visits to the Site and your computer, tablet,
mobile or other device through which you access the Site. This includes the following information:

technical information, including the Internet protocol (IP) address, browser type, intemet
service provider, device identifier, your login information, time zone setting, browser plug-in
types and versions, operating system and platform, and geographical location; and
information about your visits and use of the Site, including the full Uniform Resource
Locators (URL), clickstream to, through and from the Site, pages you viewed and searched
for, page response times, length of visits to certain pages, referral source/exit pages, page
interaction information (such as scrolling, clicks and mouse-overs), and Site navigation and
search terms used.

Employee Information

We also collect personal information from our employees and from job applicants in connection
with administration of our human resources programs and functions, including, with respect to: job
applications and hiring programs, compensation and benefit programs, performance appraisals,
training, access to our facilities and computer networks, employee profiles, employee directories,
human resource recordkeeping, and other employment related purposes. It is our policy to use
commercially reasonable efforts to keep all past and present employee information from disclosure
to third parties. There are certain business-related exceptions, and they are: to comply with requests
from governmental or regulatory authorities; inquiries from third parties with a signed authorisation
from the employee to release the information, except in situations where limited verbal verifications
are acceptable; and third parties with which we have contractual agreements to assist in
administration of company-sponsored benefits. Prospective employers, government agencies,
financial institutions, and residential property managers routinely contact us requesting information
on a former or current employee’s work history and salary. All such requests of this type shall be
referred to and completed on a confidential basis by the human resources department or payroll
department.

Purposes for which we will Process Information	Legal Basis under the UK GDPR, if applicable, for Processing
To provide you with information and materials that you request from us.	It is in our legitimate interests to respond to your queries and provide any information and materials requested to generate and develop business. To ensure we offer an efficient service, we consider this use proportionate and will not be prejudicial or detrimental to you.
To personalise our services and products and the Sites to you.	It is in our legitimate interests to improve the Site to enhance your experience on the Site, to facilitate system administration and to better our services. We consider this use proportionate and will not be prejudicial or detrimental to you.
To update you on the services, products and benefits we offer.	It is in our legitimate interests to market our services and products. We consider this use proportionate and will not be prejudicial or detrimental to you. For direct marketing sent by email to new contacts (i.e., individuals with whom we have not previously engaged), we need your consent to send you unsolicited direct marketing, which is known as Opting in.
To send you information regarding changes to our policies, other terms and conditions and other administrative information.	It is in our legitimate interests to ensure that any changes to our policies, other terms and administrative information are communicated to you. We consider this use necessary for our legitimate interests and will not be prejudicial or detrimental to you.
To administer the Site, including troubleshooting, data analysis, testing, research, statistical and survey purposes; To help keep the Sites safe and secure.	For all these categories, it is in our legitimate interests to continually monitor and improve our services and your experience of the Site and to have network security. We consider this use necessary for our legitimate interests and will not be prejudicial or detrimental to you.
To measure or understand the effectiveness of any marketing we provide to you and others, and to deliver relevant marketing to you.	It is our legitimate interest to continually improve our offering and develop our business. We consider this use necessary to generate business effectively and will not be prejudicial or detrimental to you. For direct marketing sent by email to new contacts (i.e. individuals who we have not previously engaged with), we need your consent to send you unsolicited direct marketing. Known as Opting in.
To enforce the terms and conditions and any contracts entered into with you.	It is in our legitimate interests to enforce our terms and conditions of service. We consider this use to be necessary for our legitimate interests and proportionate.

INOVEM Ltd and Jonas Software as Data Controller

As a data controller, we will only use your personal data in compliance with applicable law. For example, under the UK GDPR, we may be required to have a legal basis for processing your personal data. The purpose for which we use and process your information and the legal basis on which we carry out each type of processing is explained in the table below. Note that we may process your personal data for more than one legal basis.

Updating Your Information And Opting Out

If you do not wish to provide us with your personal data and processing such data is necessary for the performance of a contract with you and to fulfil our contractual obligations to you, we may not be able to perform our obligations under the contract between us. Where you provide consent, you can withdraw your consent at any time and free of charge, but without affecting the lawfulness of processing based on consent before its withdrawal. No withdrawal of consent will be effective until we receive it and have had a reasonable time to act on it. You can update your details or change your privacy preferences by contacting us as provided in “Contacting Us” below.

To review, correct, update, delete, object, or otherwise limit our use of your personal data that has been provided to us or request portability or details of your personal data that is held by us, please contact us using the contact information listed below in the “Contacting Us” section and clearly describe your request.

If you have registered for an account with us, you can help to ensure that your personal data is accurate and up to date by logging into your account and updating your personal data.

You may unsubscribe from marketing communications at any time by clicking the “Unsubscribe” button at the bottom of any electronic communication we send to you. You may also unsubscribe from any communication medium by contacting us using the information in the “Contacting Us” section below.

INOVEM Ltd and Jonas Software As Data Processor

In certain cases, we also operate as a data processor, collecting, processing, and transferring personal data on behalf of our business customers to provide our services and products. In these circumstances, we are acting as a data processor, but our business customers remain the data controllers with respect to the personal data they provide to us.

Our business customers remain the data controllers for any personal data they provide us for our services. To the extent that we are acting as data processors, we act in accordance with the instructions of such customers regarding the collection, processing, storage, deletion, and transfer of customer data, as well as other matters such as the provision of access to and rectification of personal data. We will only use such personal data to provide the services and products for which our business customers have engaged us.

Our business customers are responsible for ensuring that these individuals’ privacy is respected, including communicating to the individuals in their privacy policies who their personal data is being shared with and processed by. Where we are acting as a data processor, we will refer any request from an individual for access to personal data we hold about them to our customer. We will not usually respond directly to the request.
As data processors, we may share personal data when instructed by our business customers. Where authorised by the business customer, we may also share personal data with third-party service providers who work for us and are subject to security and confidentiality obligations.
We will retain personal data that we process on behalf of our customers for as long as appropriate to provide services and products to them, in accordance with any agreement with them or as permitted by applicable law.

Disclosure Of Your Personal Data To Third Parties

We may share your personal data with our group companies, affiliates, subsidiaries, or contractors as appropriate to carry out the purposes for which the information was supplied or collected (i.e. to provide the services and products you requested) or as otherwise provided in this policy. Personal data will also be shared with our third-party service providers and business partners who assist with running the Site and our services and products (including hosting providers, email service providers and payment processing partners). Our third-party service providers and business partners are subject to security and confidentiality obligations. They are only permitted to process your personal data for specified purposes and in accordance with our instructions.

In addition, we may disclose personal data about you when we believe that such use or disclosure is reasonably appropriate to comply with any legal or regulatory obligation; enforce the terms of our agreements; establish, exercise or defend the rights of INOVEM Ltd, Jonas Software, our staff, customers or others; protect our rights, property, safety or vital interests, or the rights, property, safety or vital interests of our users or other third parties; and implement the purchase of all or substantially all of our assets, a merger, or other similar transaction that results in a change of control.

Changes to GDPR post Brexit

In addition to the existing legislation, the UK government has issued a statutory instrument titled ‘The Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019’. In simple terms, this amends the original law and merges it with the requirements of GDPR. The outcome will be a new data protection framework known as the ‘UK GDPR’.

Having left the EU as a non-member state, it will be reclassified as a ‘third country’.

The ICO will remain the independent supervisory body of UK data protection legislation.

The UK government will continue to work towards maintaining close working relationships between the ICO and other countries’ supervisory authorities.

International Transfers

If you are based in the EU or EEA

We may share your personal data within the Jonas group of companies. This involves transferring your data outside the European Economic Area (EEA) to Jonas’ affiliates and third-party service providers in Canada, United States, Australia, New Zealand, South Africa, and Malaysia. Canada and New Zealand have been deemed by the EU as having an adequate level of protection for personal data.

Whenever we transfer your personal data outside the EEA to the countries identified above, which have not been deemed by the EU to have an adequate level of protection for personal data, and specifically to the United States, we ensure a similar degree of protection is afforded to it by using standard data protection clauses approved by the European Commission (as permitted under Article 46(2)(c)) that are designed to help safeguard your privacy rights or by certifying under the E.U.-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield.

Security Of Your Personal Data

The security of your personal data is important to us. We follow generally accepted industry standards to protect the personal data we receive. We use commercially reasonable measures to safeguard personal data, which are appropriate to the type of information maintained and follow applicable laws regarding safeguarding any such information under our control. No method of transmission over the Internet or method of electronic storage can be 100% secure. Therefore, we cannot guarantee the absolute security of your personal data. The Internet is a public forum, and we encourage you to use caution when disclosing information online. Often, you are in the best situation to protect yourself online. You are responsible for protecting your username and password from third-party access and for selecting secure passwords.

Data Retention: How Long We Keep Your Personal Data

We will retain personal data, which we process on behalf of our customers for as long as it is appropriate to provide services and products to our customers following any agreement with them and for other legitimate purposes. When you contact us, we may keep a record of personal data in your communication to help solve any issues you might be facing. Your personal data may be retained for as long as appropriate to fulfil the purposes we collected it for, including to satisfy any legal, accounting, or reporting requirement and other legitimate purposes. We will consider all relevant factors to determine how long we will retain personal data.

Your Rights

You may request from us access to, correction of, blocking of or deletion of your personal data in line with applicable law. You may also withdraw your consent for us to process your personal data. However, this will not affect the lawfulness of any processing before you withdraw your consent. Where your personal data is processed by us with your consent or for the performance of a contract by automated means, we will, to the extent required by applicable law, provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format upon request.

Responding To Requests

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights) under applicable law. This security measure protects personal data from being disclosed to anyone with no right to receive it. We may also contact you for further information about your request to speed up our response. We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made several requests. In this case, we will notify you and keep you updated. You will not have to pay a fee to access your personal data (or to exercise any of your other rights) under applicable law. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we may refuse to comply with your request in these circumstances. Also, please note that we may refuse a request for blocking or deletion where continued processing is necessary to comply with a legal obligation or required for the establishment, exercise, or defence of legal claims or for other purposes permitted by applicable law.

Use Of Cookies

We may collect data in connection with your use of the Sites using small files commonly known as “cookies”. A cookie is a small amount of data that often includes a unique identifier sent to your computer, mobile phone or other devices from the Sites and stored on your device’s browser or hard drive. We may also collect data your browser sends us, such as your IP address, browser type, location, language, access time and referring website addresses. Such data may be used to analyse trends, administer the Site, track your movements around the Site and gather demographic data about our visitor base as a whole. The data collected by these cookies is in the form of aggregated anonymous data.

By continuing to browse the Sites, you agree to our use of cookies.

If you don’t want us to use cookies when you use the Sites, you can set your browser not to accept cookies or notify you when you receive a cookie, allowing you to decide whether to accept it or decline at any time. However, if you block cookies, some of the features on the Sites may not function.

You can find more information about how to manage cookies for all the commonly used internet browsers by visiting www.allaboutcookies.org. This website will also explain how you can delete cookies already stored on your device.

We currently use the following cookies:

Google Analytics

Name of Cookie	Purpose	Expires
_ga	Used to distinguish users	2 years
_gat_gtag_UA_104780386_1	Used to throttle request rate	1 minute
_gid	Used to distinguish users	24 hours
AMP_TOKEN	Used to retrieve a Client ID from AMP Client ID service	30 seconds to 1 year
_gac_ UA_104780386_1	Contains campaign related information for the user.	90 days
__utma	Used to distinguish users and sessions	2 years from set/update
__utmt	Used to throttle request rate.	10 minutes
__utmb	Used to determine new sessions/visits	30 mins from set/update
__utmc	Historically, this cookie operated in conjunction with the __utmb cookie to determine whether the user was in a new session/visit.	End of browser session
__utmz	Stores the traffic source or campaign that explains how the user reached your site	6 months from set/update
__utmv	Used to store visitor-level custom variable data	2 years from set/update

X (Twitter)

These cookies are used by X in order to integrate functionality into our website in the form of X feeds and follow buttons. The cookies are used for a variety of purposes including analytics.

Name of Cookie	Expires
external_referer	1 week
personalization_id	2 years
guest_id	2 years
_twitter_sess	Session
ct0	6 hours
_ga	2 years
_gid	24 hours
lang	Session
_gat	2 years

Communigator

Name of Cookie	Purpose	Expires
_ASP.NET_SessionId	IIS Session cookie	Session
ASPXAUTH	CommuniGator Product Authentication	Session
wow.session	IIS Session Code	Session
wow.anonymousid	Anonymous Visitor ID	2 years
wow.schedule	Load Balance Session Queue	Session
wow.utmvalues	Stores the UTM values for the session	Session
wow.trackingdata	CommuniGator encrypted identifier for the session	Session
wow.data	Encrypted GatorMail identification	2 years

Other

Name of Cookie	Purpose	Expires
DYNSRV	Load balancing to manage server traffic demand.	Session
catAccCookies	Cookie set by the UK cookie consent plugin to record that you accept the fact that the site uses cookies.	30 days

We are obliged by Google Analytics to state the following:

The Sites’ use Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the Sites analyse how users use the Sites. The information generated by the cookie about your use of the Sites (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of the Sites, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser, however, please note that if you do this you may not be able to use the full functionality of the Sites. By using the Sites, you consent to the processing of data about you by Google in the manner and for the purposes set out above.

IP Addresses And Aggregate Information

An Internet Protocol (“IP”) address is associated with your computer’s connection to the Internet. We may use your IP address to help diagnose problems with our server, administer the Site, and maintain contact with you as you navigate through the Site. Your computer’s IP address may also provide you with information based on your navigation through the Site. Aggregate information is used to measure the visitors’ interest in and use of various areas of the Site and the various programs that we administer. We will rely upon aggregate information, which is information that does not identify you, such as statistical and navigational information. With this aggregate information, we may undertake statistical and other summary analyses of the visitors’ behaviours and characteristics. Although we may share this aggregate information with third parties, none of this information will allow anyone to identify you or determine anything else personal about you.

Links To Third Parties

Our Sites may contain links to third-party websites. These third-party websites are operated by companies outside our control, and your activities at those third-party websites will be governed by the policies and practices of those third parties. INOVEM Ltd and Jonas Software do not in any way endorse or make any representations about such third-party websites and applications. As such, we are not responsible for the privacy practices or content of third-party websites and applications subject to their own privacy policies. If you choose to access such links, we encourage you to review all third-party site privacy policies before submitting any of your personal data.

Social Media And Online Engagement

We occasionally use various new technologies and social media options to communicate and interact with customers, potential customers, employees, and potential employees. These sites and applications include popular social networking and media sites, open-source software communities and more. To better engage the public in ongoing dialogue, certain of our businesses use certain third-party platforms, including, but not limited to, Facebook, Twitter, LinkedIn, Instagram, Pinterest, and Google+. Third-Party Websites and Applications (TPWA) are Web-based technologies not exclusively operated or controlled by us. You may reveal specific personal data to us or third parties when interacting on those websites. Other than when used by our employees to respond to a particular message or request, we will not use, share, or retain your personal data.

The Facebook data policy is available at: http://www.facebook.com/policy.php
The Twitter privacy policy is available at: http://twitter.com/privacy
The LinkedIn privacy policy is available at: http://www.linkedin.com/static?key=privacy_policy
The Instagram data policy is available at: https://help.instagram.com/519522125107875?helpref=page_content
The Pinterest privacy policy is available at: https://policy.pinterest.com/en/privacy-policy
The Google privacy policy is available at: https://policies.google.com/privacy?hl=en

Age

We do not sell our services to children, and the Site is not intended for or directed at children under 16 years of age. As such, the Sites are designed for adult user interaction. We do not intentionally collect personal data from children under 16. If you believe that we may have collected personal data from someone under 16 without proper consent, please let us know using the methods described in this policy.

General Data Protection Regulation

Subject to certain limitations and exceptions, if you are in the European Economic Area, you have the following rights under the GDPR:

Access to personal data. This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.

Correction of personal data. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.

Request erasure of personal data (Right to be forgotten). This enables you to ask us to delete personal data when there is no good reason for us continuing to process it. You also have the right to ask us to delete your personal data when you have successfully exercised your right to object to processing (see below), when we may have processed your information unlawfully or when we are required to erase your personal data to comply with applicable law.

When rights to be forgotten can be overridden

However, an organisation’s right to process someone’s data might override their right to be forgotten. Here are the reasons cited in the GDPR that trump the right to erasure:

The data is being used to exercise the right of freedom of expression and information.
The data is being used to comply with a legal ruling or obligation.
The data is being used to perform a task that is being carried out in the public interest or when exercising an organization’s official authority.
The data being processed is necessary for public health purposes and serves in the public interest.
The data being processed is necessary to perform preventative or occupational medicine. This only applies when the data is being processed by a health professional who is subject to a legal obligation of professional secrecy.
The data represents important information that serves the public interest, scientific research, historical research, or statistical purposes and where erasure of the data would likely to impair or halt progress towards the achievement that was the goal of the processing.
The data is being used for the establishment of a legal defence or in the exercise of other legal claims.

Restriction of processing personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) when our use of personal data is unlawful, but you do not want us to erase it; (c) when you want us to hold personal data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of personal data, subject to our verifying whether we have an overriding legitimate interest to continue using it.

Request transfer of personal data. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format.

Right to withdraw consent. You can withdraw your consent at any time when we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent.

Complaints

If we receive formal written requests or complaints, we will follow up with the party making the request or complaint. To the extent required by applicable law, where we would not adequately address your request properly, you have the right to complain with the competent data protection authority in your locality (for example, in the UK, the supervisory authority would be the Information Commissioner’s Office).

Otherwise, any complaint by you regarding personal data or otherwise relating to this policy must first be submitted to INOVEM Ltd as outlined in the Contacting Us section, and we must be given a reasonable opportunity of not less than 30 days to investigate and respond to your complaint. Upon completing such investigation and responding, we and you must then, in good faith, attempt to resolve any remaining aspects of your complaint promptly. If any aspect of your remains unresolved after an additional reasonable period of not less than 30 days, you may commence litigation against us in connection with the unresolved portion of your complaint only in a court located in the county (or other similar municipality) in which Jonas is located. You consent to any such court being a proper venue for such litigation and waive any right to object to such venue for inconvenience or otherwise.

Contacting Us

We have appointed a Data Protection Contact to whom you can reach out about any queries about this policy. Suppose you have any questions about this policy or your information or exercise any of your rights described in this policy or under applicable laws. In that case, you can contact us at:

INOVEM Limited

Weston Farm Barn, Newbury Road

Weston, Berkshire

RG20 8JA

Email: dataprotection@kahootz.com

You have the right to take any complaints about how we process your personal data to the Information Commissioner:

Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

https://ico.org.uk/concerns/ 0303 123 1113

Changes To This Policy

We may change this policy from time to time. If this policy changes, the revised policy will be posted at the “Privacy Policy” link on the Site’s home page. If the change is significant or material, we will notify you of such a change by revising the link on the home page to read “Newly Revised Privacy Policy.” Please check this policy on the site frequently. Your continued use of the Site constitutes acceptance of such changes in this policy, except where further steps are required by applicable law. This policy was last updated on the date set out at the end of the policy.