Privacy
Privacy Policy
iStoreDocs is a software product owned by MAD DEVS Ltd who are committed to protecting and properly using data. This Privacy Policy contains important information on how and why we collect, store, use and share information we collect about you. It also explains your rights in relation to your personal information and how to contact us or supervisory authorities in the event you have a complaint.

We collect, use and are responsible for certain personal information about you. When we do so we are subject to the General Data Protection Regulation, which applies across the European Union (including in the United Kingdom).

1.1 How and why we use your personal information

Under data protection law, we can only use your personal information if we have a proper reason for doing so, e.g.:

to comply with our legal and regulatory obligations;
for the performance of our contract with you or to take steps at your request before entering into a contract;
for our legitimate interests or those of a third party, a legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests; or
where you have given consent.
Generally, we use (process) data on the final two grounds:-

If we process on the grounds of consent, your consent will be requested at the point at which we collect your data. You may withdraw your consent at any time by contacting us.
If we process your data on any other basis, our reasons for doing so are set out below.
1.1.1 If you visit our website

When someone visits www.istoredocs.com we use a third party service, Google Analytics, to collect standard internet log information (your IP address, browser, and type of device) and details of visitor behaviour patterns (where you joined our site from, the path you take through our site and where you leave). We do this for our legitimate interest to monitor the number of visitors to the various parts of the site and engagement levels, which in turn enables us to make improvements. This information is only processed in a way which does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website.

iStoreDocs also uses cookies on our website. You can read more about how we use cookies in our Cookie Policy. This Privacy Policy does not cover the links within this site linking to other websites. We encourage you to read the privacy statements on the other websites you visit.

1.1.2 If you contact us via social media

If you send us a private or direct message via social media, your social media user name and message (including any personal information you choose to include in it) and will be stored and used by MAD DEVS for the legitimate business purposes of monitoring our reputation levels and social media engagement (and taking steps to improve this) and responding to any queries raised in the message. It will not be shared with any other organisations.

1.1.3 If you call our contact numbers

When you call our contact numbers your call may be answered by one of our distributor partners office. Depending on the nature of your enquiry, they may collect person information. We use this information for legitimate business purposes, i.e. address your enquiry to help improve the efficiency and effectiveness of our services.

1.1.4 If you email us

Any email sent to us, including any attachments, may be monitored by us for cybersecurity reasons. Email blocking software may also be used. iStoreDocs has a legitimate interest in using your email address, and any personal data included in your message, to resolve and respond to any issues raised. Your email will be handled in line with our policies, depending on the nature of your enquiry.

We use a third party provider, ZenDesk, to supply and support our Customer Support system, which handles enquiries sent to a support inbox (e.g. support@iStoreDocs.com) This data is stored by ZenDesk in the EEA and sometimes the US. If the data is stored in the US it is done so under the EU-US privacy shield framework (which provides protections for an individual’s personal data when it is transferred from the EU to the US). The data is stored indefinitely by Zendesk. Your email may be shared within iStoreDocs so that your enquiry may be dealt with.

Emails sent to named individuals within iStoreDocs (e.g. john.smith@iStoreDocs.com) will be stored on our systems indefinitely for our legitimate interest of resolving your enquiry and then checking how enquiries have been dealt with, but will not be processed for any other purposes.

In addition to the processing of data above, we may process data we receive from you via email for our legitimate interest to improve operational efficiency (e.g. for training and quality control) and to ensure that our business policies are being followed and adhered to.

1.1.5 If you use our enquiry form

When you submit information via our enquiry form, we collect your name, email address and telephone number. We need to collect this for the legitimate business purpose of processing your enquiry (we collect both email and telephone contact details in case we cannot reach you using one of these).

We may use the data to contact you in the future where we have a legitimate interest in doing so such as to resolve your query, for statistical analysis so that we can monitor and improve the service we provide and for operational efficiency (but you may ask for it to be deleted in accordance with the section below on your rights to manage your personal information).

1.1.6 If you work for a customer

Our customers provide us with names and contact details (email addresses and phone numbers) of people within their business who are involved in managing the iStoreDocs software.

These details are stored within our system for the legitimate business purpose of allowing access to our products. They are retained in the system until the customer chooses to delete them. At the end of the contract with the customer, iStoreDocs will delete the data from the system.

The details are also stored indefinitely on our Capsule CRM System or on Mail Chimp and used for the following legitimate business purposes:

to contact you regarding the running and management of the customer account;
to send you emails about updates to our products;
to send you marketing emails about new products (these emails will contain details of how you can opt out of future marketing communications, or you can opt out using our data preference centre);
to contact you periodically after the end of a contract to see if you are interested in working with us again.
If we contact you as part of an email campaign going to all our contacts, we may use Mail Chimp (a third party e-mail campaign provider).

1.1.7 If you apply for a role at MAD DEVS

If you apply for a role listed on our Careers page you will be asked to provide your name, email address, postal address and telephone number. You will also be asked to upload a CV (we cannot be sure what information you will provide to us but it is likely to contain personal information). All information the you provide to us will processed by ourselves and our sub processors, HLC Recruitment Ltd, Louise Hewett Recruitment and Searchability (UK) Ltd (recruitment agents) for the legitimate business purposes of processing your application and fulfilling roles advertised. iStoreDocs will hold this data for a period of 1 year if your application was unsuccessful and use it to contact you in its legitimate interest if any other suitable roles come up, however for successful applicants this data will form part of your human resources record which will be held for a period of 6 Years after your employment with iStoreDocs ends for legitimate interests connected with your employment.

1.1.8 If you make a complaint to us

When we receive a complaint, we create a digital file containing the details of the complaint and store it on our system. The file normally contains the identity of the complainant (together with any contact details provided) and any other individuals involved in the complaint.

We may have to disclose the complainant’s identity to any individuals at MAD DEVS who the complaint relates to. This is inevitable where, for example, the accuracy of a person’s record is in dispute. If a complainant does not want information identifying him or her to be disclosed, we will try to respect that. However, it may not always be possible to handle a complaint on an anonymous basis.

We will only use the personal information we collect for legitimate business purposes, i.e. processing the complaint and checking on the level of service we provide.

We will keep personal information contained in complaint files in line with our retention policy. This means that information relating to a complaint will be retained for six years from closure. It will be retained in a secure environment and access to it will be restricted according to the ‘need to know’ principle.

1.1.9 If we have access to your data via the iStoreDocs software

Our iStoreDocs software is used by vehicle dealerships to collect and process your information (including personal information). At the point that your information is collected, you will be asked to consent to the processing of your information.

Your information will remain under the control of the dealership who will be responsible as ‘controller’ of your personal information for the purposes of data protection laws. The dealership’s privacy policy will detail the manner in which your information will be processed. Our role in relation to your personal information will be as “processor” meaning that will be directed as to how your personal information is to be processed by the dealership or “controller”. We will not use your personal information for any other purpose.

1.1.10 What we use your personal information for

The table below explains what we use (process) your personal information for, our reasons for doing so and examples of which of the above categories these may apply to:

What we use your personal information for  
Our reasons

To provide services to you For the performance of our contract with you or to take steps at your request before entering into a contract
Gathering and providing information required by or relating to audits, enquiries or investigations by regulatory bodies To comply with our legal and regulatory obligations
Ensuring business policies are adhered to, e.g. policies covering security and internet use For our legitimate interests or those of a third party, i.e. to make sure we are following our own internal procedures so we can deliver the best service to you
Operational reasons, such as improving efficiency, training and quality control For our legitimate interests or those of a third party, i.e. to be as efficient as we can so we can deliver the best service
Ensuring the confidentiality of commercially sensitive information For our legitimate interests or those of a third party, i.e. to protect trade secrets and other commercially valuable information
To comply with our legal and regulatory obligations

Statistical analysis to help us manage our business For our legitimate interests or those of a third party, i.e. to be as efficient as we can so we can deliver the best service
Preventing unauthorised access and modifications to systems For our legitimate interests or those of a third party, i.e. to prevent and detect criminal activity that could be damaging for us and for you
To comply with our legal and regulatory obligations

Updating customer records For the performance of our contract with you or to take steps at your request before entering into a contract
To comply with our legal and regulatory obligations

For our legitimate interests or those of a third party, e.g. making sure that we can keep in touch with our customers about existing orders and new products

Statutory returns To comply with our legal and regulatory obligations
Ensuring safe working practices, staff administration and assessments To comply with our legal and regulatory obligations
For our legitimate interests or those of a third party, e.g. to make sure we are following our own internal procedures and working efficiently so we can deliver the best service to you

External audits and quality checks, e.g. for ISO or Investors in People accreditation and the audit of our accounts For our legitimate interests or a those of a third party, i.e. to maintain our accreditations so we can demonstrate we operate at the highest standards
To comply with our legal and regulatory obligations

1.2 Who we share your personal information with

Other than as outlined above (for example where we use third party service providers), we will not usually disclose personal data. However, we may disclose your information to third parties in the following circumstances:

if we are under a legal or regulatory obligation to do so;
if we believe your use of our websites has or may violate any law, regulation or our legal policy
We may also share personal information with external auditors, e.g. in relation to ISO accreditation and the audit of our accounts.

We may also need to share some personal information with other parties, such as potential buyers of some or all of our business or during a re-structuring. Usually, information will be anonymised but this may not always be possible. The recipient of the information will normally be bound by confidentiality obligations.

1.3 Your rights

You have the following rights, which you can exercise free of charge:

Access The right to be provided with a copy of your personal information (the right of access)
Rectification The right to require us to correct any mistakes in your personal information
To be forgotten The right to require us to delete your personal information – in certain situations
Restriction of processing The right to require us to restrict processing of your personal information – in certain circumstances, e.g. if you contest the accuracy of the data
Data portability The right to receive the personal information you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party—in certain situations
To object The right to object:
– at any time to your personal information being processed for direct marketing (including profiling);

– in certain other situations to our continued processing of your personal information, e.g. processing carried out for the purpose of our legitimate interests.

Not to be subject to automated individual decision-making The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you
For further information on each of those rights, including the circumstances in which they apply, please contact us or see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals’ rights under the General Data Protection Regulation.

If you would like to exercise any of those rights, please:

email, call or write to us see below: ‘How to contact us’; and
let us have enough information to identify you;
let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill); and
let us know what right you want to exercise and the information to which your request relates.
1.4 Keeping your personal information secure

We have appropriate security measures to prevent personal information from being accidentally lost, or used or accessed unlawfully. We limit access to your personal information to those who have a genuine business need to access it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality. we continually test our systems and are ISO27001 certified, which means we follow top industry standards for information security.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

1.5 How to complain

We hope that we can resolve any query or concern you may raise about our use of your information.

The General Data Protection Regulation also gives you right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns or telephone: 0303 123 1113.

1.6 Changes to this privacy policy

This privacy notice was published on 15th May 2018 and last updated on 23rd May 2018

We may change this privacy notice from time to time—when we do we will inform you via our website. Please therefore regularly check our website for any updates.

1.7 How to contact us

Please contact us by post, email or telephone if you have any questions about this privacy policy or the information we hold about you.
Share by: