We take your privacy very seriously. Because of this we want to provide you with explicit information on how we collect, gather, and identify information during your use of the Chemdata app. This information may be expanded or updated as we change or develop our apps.
What we collect and why
User Provided Information
Registration with us is mandatory in order to be able to use more than the basic features of the Application.
When you register with us and use the Application, you generally provide (a) your name, role, organisation, email address and telephone number; (b) your Organisation ID, as supplied by us, and your Device Reference; (c) information you provide us when you contact us for help; and; (d) information you enter into our system when using the Application, such as Chemdata document Private Notes.
Device Reference – We ask you to provide us with your Device Reference in order to provide a reference that is specific to your device for your organisation. The only requirements for the Device Reference is that it is unique within your organisation, must be between 4 and 30 characters long (including spaces) and can be composed of the following:
<space> abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ 0123456789 /#.:-@
Chemdata document Private Notes – If you have enabled sharing of Private Notes for Chemdata within your organisation any Private Notes you add to documents will be shared with other users in your organisation via our secure server.
Automatically Collected Information
In addition, the Application may collect certain information automatically, including, but not limited to, the type of computer or mobile device you use, your device’s unique device ID, the IP address of your device, your operating system, and information about the way you use the Application.
When you first login to authenticate your device we provide a unique Authentication token which is automatically stored on your device. This information is subsequently used by the Application when you use it to identify your device and confirm you have a valid subscription to Chemdata.
How we use the information we collect
We use the information we collect from you to identify your installation of Chemdata and ensure that its use is within the overall Chemdata licence allocation for your organisation.
We may also use the information you provide us to contact you from time to time to provide you with important information and required notices. We will also invite you to consent to receiving relevant marketing promotions.
We collect and process personal data on the basis of the legitimate interests of your organisation to have access to the Chemdata application under the terms of your licence agreement with us.
Individuals whose data is provided will also be invited to consent to receive relevant marketing promotions.
Accessing and updating your personal information
Within the Application the only personal information held is your Organisation ID, Device Reference and Authentication token. The Organisation ID is created by Ricardo-AEA Ltd to identify the additional functionality available to you and the number of installations available to your organisation with that functionality and provided to you by separate communication. The Device Reference is an identifier you provide as a simple identifier for your device to help your organisation’s IT department manage your organisation’s devices that use the Application. Your Device ID is displayed in the Application under About. The Authentication token is provided by Ricardo-AEA Ltd when you first log your device in. This Authentication token is stored on your device but not displayed and solely used by the Application to identify your device. You can request to update your information (name, email address) via email, at firstname.lastname@example.org.
What are my opt-out rights?
You can stop all collection of information by the Application easily by uninstalling the Application. You may use the standard uninstall processes as may be available on your computer, as part of your mobile device or via the mobile application marketplace or network. If you have also consented to receiving marketing promotions you can unsubscribe from these on any of the marketing messages.
Information we share
Only aggregated, anonymised data is periodically transmitted to external services to help us improve the Application and our service. We will share your information with third parties only in the ways that are described in this privacy statement.
We may disclose User Provided and Automatically Collected Information:
- as required by law, such as to comply with a subpoena, or similar legal process;
- when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request;
- with our trusted services providers who work on our behalf, do not have an independent use of the information we disclose to them, and have agreed to contractual conditions governing processing of data that are compliant with the Data Protection Act 2018;
- if Ricardo-AEA Ltd is involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified via email and/or a prominent notice on our website of any change in ownership or uses of this information, as well as any choices you may have regarding this information.
Your information may be shared with others in your organisation that administer your overall Chemdata subscription (for example your IT department). This information is only shared to help organisations ensure they have the appropriate licencing level and help them manage their devices.
Chemdata Private Notes are only shared with other Chemdata users within your organisation when you (and they) have enabled this feature. Chemdata Private Notes are assigned on our server to your organisation and are not attributable to individual users.
Data Retention Policy
We will retain User Provided Information for as long as you use the Application and for up to 2 years. We will retain Automatically Collected Information for long as you use the Application or up to 24 months (whichever is longer) and thereafter may store it in aggregate.
Managing your information
You have a right to be informed about this processing of your personal data as in this notice. You also have the right to request from the controller access to and rectification of your personal data. Further rights are to object to processing of personal data, to restriction of data processing and to erasure of your personal data. These latter rights will be considered together with the legitimate interests of your organisation.
If you’d like us to delete User Provided Information that you have provided via the Application, please contact us at email@example.com and we will respond within 1 month. Please note that some or all of the User Provided Information may be required in order for the Application to function properly.
You also have a right to lodge a complaint about processing of your personal data with a supervisory authority. In the UK this is the Information Commissioner’s Office. Further information is available here.
We do not use the Application to knowingly solicit data from or market to children under the age of 13. If a parent or guardian becomes aware that his or her child has provided us with information without their consent, he or she should contact us at firstname.lastname@example.org. We will delete such information from our files within 1 month.
In the UK, we operate in accordance with the Data Protection Act 2018 which brings into English law the European General Data Protection Regulation. Personal information from the Chemdata app will not be shared with other organisations for marketing purposes. You may request in writing details of personal information which we hold about you under the Data Protection Act 2018. If you would like a copy of the information held on you please contact us at email@example.com. If your details change or information we are holding is incorrect or incomplete then please write or email us as soon as possible and we will make the relevant corrections.
We are concerned about safeguarding the confidentiality of your information. We provide physical, electronic, and procedural safeguards to protect information we process and maintain. For example, we limit access to this information to authorised employees and contractors who need to know that information in order to operate, develop or improve our Application. Please be aware that, although we endeavour to provide reasonable security for information we process and maintain, no security system can prevent all potential security breaches.
If you have any questions regarding privacy while using the Application, or have questions about our practises, please contact our Data Protection Officer via email at DPO.firstname.lastname@example.org.
Date of Issue: 26/10/2020