This section defines terms used within this document.
|Personal Data||Any information relating to an identifiable individual.|
|Identifiable Individual||One who can be identified either directly or indirectly.|
|Data Processor||Processes data on behalf of the Data Controller.|
|Data Controller||Determines the purpose and manner in which data is to be processed.|
|Client||A contracted or prospective Bidlogix Limited customer who will use Bidlogix Limited software. This does not incorporate end-users.|
This is an end-user whose data is controlled by the Client (Data Controller). Bidlogix (the Data Processor) offers software solutions that store this data on behalf of the Client.
|Bidlogix Limited||This is the full name of the Bidlogix Limited company. Throughout this document the company will be predominantly referred to as Bidlogix, bidlogix, us, we, I, etc. All instances should be interpreted as Bidlogix Limited.|
|Bidlogix||Bidlogix is the most regularly used name for the company Bidlogix Limited. Throughout this document Bidlogix Limited will be predominantly referred to as Bidlogix, bidlogix, us, we, our, I, etc. All instances should be interpreted as Bidlogix Limited.|
This document refers to the company Bidlogix and all software created, maintained and developed by Bidlogix. Explicitly, this refers to Bidlogix, BidJS and AssetFlow.
In summary, Bidlogix provides a software solution for auction purposes. This includes asset management, and intrinsically requires a solution to storing and accessing the personal data of software users (Customers). As a result, our software solution includes hosting and storage.
Bidlogix provides a service to Clients and Clients use the software with their Customers. Bidlogix accesses the Customer and Client information only for support purposes. Bidlogix does not have any business interest in Customer personal data, and only access this data in conjunction with Client requests for support or similar tasks. Clients have complete control of their own data. We have security protocols in place that are explained in the Security sections of this document.
Bidlogix provides Clients with the ability to export information for purposes such as sale management, marketing and support among other reasons. Information such as whether Customers have given consent to be contacted via email can be found in this way by Clients. It is the Clients’ responsibility to ensure they are GDPR compliant with regards to exported information.
Bidlogix does not share Customer information. Bidlogix does not access Customer information unless requested to do so by a Client for legitimate purposes such as, but not limited to, technical or process support.
Bidlogix abides by the laws and guidelines set out in the Data Protection Act (UK) 1998 and the General Data Protection Regulation (GDPR) (EU) 2016/67. Our Clients will be made aware of any changes to our policy or procedures and may have access to this policy at any time.
Bidlogix as a Data Controller
Bidlogix acts as a data controller concerning Client information. This means that when potential Clients enquire with us or become a contracted Client, we store certain personal data about them.
Bidlogix's Responsibility - Our Role in the Processing of Your Data
As a Data Controller, Bidlogix stores its Clients’ information for the purposes outlined in the Personal Information & Usage - What do we Collect and Why section of this document. This information is only used for specified purposes such as invoicing and providing support. Action is only taken using this data when a specified task is required.
Bidlogix uses third party analytics software. We do not perform any Client profiling using personally identifiable Client information or perform any automated advertising. All interactions are consensual.
Sign-up Process for Clients
Potential Clients register their interest with Bidlogix via our website: https://bidjs.com/#start. Clients are then asked to provide consent to be contacted for marketing purposes.
Client information is stored only when legitimate interest has been expressed. This will be in the form of direct contact from the Client and will only extend as far as that legitimate interest is expressed. Clients can opt-out of further contact at any time.
Clients who have signed a contract have their data stored in a third party contact repository (See the Third Parties & Sharing Information section below) and paper copies of their contracts are kept on file.
We use third-party software to gather and collate this information. As part of our GDPR responsibilities, we ensure that these third parties are GDPR compliant.
Potential Clients register their interest with Bidlogix via our website: https://bidjs.com/#start. Clients are then asked to provide consent to be contacted for marketing purposes. Every marketing email the Client receives contains an Unsubscribe link, allowing the Client to unsubscribe at any time. Alternatively, Clients can contact us directly to remove their consent.
Contact information will be stored in a GDPR compliant repository where Clients may be tagged into platform specific groups for relevant contact where there is a legitimate reason to do so.
Before entering into any contract negotiations, Bidlogix ensures that prospective Clients are of appropriate age.
Personal Information & Usage - What do we Collect and Why?
When a prospective Client contacts Bidlogix, we collect the following information:
Personal Data Type
Reason for Collection
|Full Name||We require potential Clients to enter their full name for data integrity and security purposes. It may also be used where any contact of legitimate interest is required so that all correspondences are accurate and, in cases such as invoices being sent, legally accurate|
|Email addresses are collected as the primary form of contact, implied by the fact that this field is not optional. Interested Clients will not be contacted automatically and there is no verification for this sign up process.|
|Telephone (optional)||Telephone numbers are collected as the secondary form of contact and are optional|
|Consent to contact||On providing their details and clicking “Submit” Clients are contacted automatically by the webform provider to give consent to Bidlogix to contact them for marketing purposes. Consent can be withdrawn at any time.|
Bidlogix saves the following personal information for Clients who have signed a contract:
Personal Data Type
Reason for Collection
|Full name||We require potential Clients to enter their full name for data integrity and security purposes. It may also be used where any contact of legitimate interest is required so that all correspondences are accurate and, in cases such as invoices being sent, legally accurate.|
For identification purposes.
|Various forms of contact.|
|Telephone||Contact and support purposes.|
|Company Name||Legal purposes.|
|Address||Legal purposes and invoicing.|
Security Protocol - What are we Doing to Keep Things Safe?
Bidlogix has protocol in place to protect the information we gather about our Clients.
We use software to collect this data on our behalf and have fulfilled our due diligence in ensuring that this provider is following their own adequate security protocols.
Only staff members have access to this information repository. This access is given only when their job requires it, purely for marketing purposes and only with explicit consent to contact the Client in place.
This information is not exported to other software except in the case that direct contact is required (for example, when sending an email, this information is naturally stored in the email client software). Bidlogix ensures its employees use two factor authentication when accessing their work emails. Bidlogix also uses an email provider that encrypts emails during transit.
Physical copies of personal information (such as paper contracts, etc.) are kept in a locked cabinet and only staff with explicit need due to their role have access to these files.
Third Parties and Sharing information
Bidlogix does not request consent to share Client information with third parties for marketing purposes because Bidlogix does not share Client information for marketing purposes.
To ensure safe payment we use a secure third party payment service provider. Please see the relevant providers’ information below.
To ensure safe storage of potential Client and existing Client information, we use secure third party repository providers. Please see the relevant providers’ information below.
Bidlogix uses third party analytics software. We do not perform any form of Client profiling using personally identifiable Client information or perform any automated advertising. All interactions are consensual.
Third Party software used by Bidlogix for non-analytic tasks are listed below. Please click the relevant link to find out more about each third party provider:
Bidlogix as a Data Processor
Bidlogix provides a software solution that includes storage of Customer data on behalf of our Clients. We act only as the Data Processor and our Clients are the Data Controllers. We provide a service that includes the ability to store Customer information. The type of data stored is explored in our document "GDPR - What personal data does Bidlogix store, why do we store it and how do we use it?"
Bidlogix's Responsibility - Our Role in the Processing of your Customers’ Data
Bidlogix provides the software solution for Clients to collect and store their Customers’ personal data. Below is generalised list of our considerations as a Data Processor.
We do not:
- Have responsibility for how this personal data is treated outside of our software.
- Store Customer data except on behalf of Clients as part of our software solution.
- Access Customer information outside of explicit request from the Client.
- Provide a solution with tiered admin access to Customer information.
- Use appropriate security measures to ensure data safety and safe guard against data breaches.
We provide our Clients the ability to control and define content where Customer's consent is requested, for example when opting-in to marketing emails.
Details of Customer Data Storage and Collection
Please see further documentation, available here in our document "GDPR - What personal data does Bidlogix store, why do we store it and how do we use it?"
Your Role – Client’s Responsibility
Although Bidlogix provides tools to manage data, it is you, the Client, who ultimately holds the responsibility for upholding GDPR on behalf of your Customers. This means your Customers have the following rights:
- Right to be informed as to how Customer data is being stored and why. This must be in an accessible format without complicated wording.
- Right to access your data. Bidlogix provides you, the Client, with the ability to export Customer information easily.
- Right to correct any incorrect data. Bidlogix enables Clients to edit or request editing of data on their behalf, at any time. The Client’s duty is to respond and process this request within one calendar month.
- Right to erase any personal data. Bidlogix enables Clients to delete Customer data at any time via the process outlined in this document. The Client’s duty is to respond and ensure the completion of this request within one calendar month.
- Right to restrict processing. Bidlogix enables Clients to hold data for Customers without the ability to, for example, contact them. The Client’s duty is to respond and process this request within one calendar month.
- Right to data portability. Customers may request a copy of the data held about them at any time and use it as they wish across any other services.
- Right to object. Customers may object to their data being used for direct marketing and must be made aware of their right to do so. Bidlogix enables Clients to add their own terms and conditions and to control the wording of any opt-in marketing via its software. The Client’s duty is to respond and process this request within one calendar month.
- Right to know how your data is being used for automated purposes.
As the Data Controller, it is the Client’s responsibility to inform their Customer of information such as, but not limited to, the following:
- What you do with the personal data you collect.
- What data you collect.
- Whether you use personal data for profiling or automated tasks.
- Whether you share Customer data and why.
- Whether you use Customer data for analytics purposes.
Sign-up Process for Customers
It is the Client’s responsibility to provide clear terms and conditions and wording for consent to be given. Clients must ensure that the content they provide explicitly lets Customers know what they are giving consent for and what their information will be used for. Customers must positively opt-in: We do not allow Clients to disable or automatically complete consent tick-boxes presented on the account creation form.
It is also the Client’s responsibility to keep a record of what this text says and when it changes. Our software gives Clients the ability to see when Customers signed up, but not the exact text, which must therefore be auditable via the Client's records.
It is the Data Controller's responsibility to verify that their registrants/Customers are of appropriate age according to their Terms & Conditions.
Bidlogix enables Customers to opt-out of consent to contact at any given time by accessing their own details via the software. It is the Client's responsibility to monitor their Customer's opt-in/opt-out activity as notification of changes is not automated in the Bidlogix software.
Personal Information & Usage - What do we Collect and Why?
Please see further documentation, available in our document callt "GDPR - What personal data does Bidlogix store, why do we store it and how do we use it?"
Bidlogix uses a range of responsible, established and secure technologies and service providers/partners such as, but not limited to, the following:
- Hosting/infrastructure/storage providers.
- Payment processors.
- Analysis tools providers.
- Customer Support tools providers.
- Marketing and email providers.
- Internal communication tools providers.
Bidlogix ensures all service providers/partners employ responsible methods of treatment for all stored and processed data. See Security sections of this document.
Third Parties and Sharing Information
Bidlogix does not provide access to, nor share Customer or Client information, with third parties. Bidlogix enables Clients to request explicit consent from Customers to share their information with third parties. The content for this request is controlled by Clients.
Bidlogix has measures in place to ensure compliance with the General Data Protection Regulation and the Data Protection Act (UK) 1998. These measures include, but are not limited to:
- The use of cloud hosting partners with state of the art security.
- Tiered administrator access to our software solutions.
- Encrypting all internet traffic to and from our software solutions.
- Ensuring any and all Personally Identifiable Information has been removed from test data used internally for development purposes.
- Ensuring that only required staff have access to live production data.
Bidlogix Software GDPR Statement
Bidlogix acts as a Data Processor to its Clients, who are in turn Data Controllers.
As a Data Controller, the Client’s GDPR responsibility includes ensuring that we process data for you according to GDPR guidelines.
As a Data Processor we ensure the following:
- We ensure that data is processed lawfully, fairly and in a transparent manner. We allow Clients to view and present all Customer information we store on their behalf via the Bidlogix software. We also provide Clients with the ability to collect data in the same way.
- We enable Clients to store information that is collected for an explicit, specified and legitimate purpose. We do not further process this information or share data with third parties. Data Controllers are responsible for ensuring they do not export and share Customer data inappropriately.
- We enable Clients to store information that is adequate, relevant and limited to what is necessary, as explained in our document "GDPR - What personal data does Bidlogix store, why do we store it and how do we use it?"
- We enable Clients to delete and remove information that is inaccurate.
- We enable Clients to delete data that is no longer required at any time via the process outlined in this document. The Client’s duty is to respond and ensure the completion of this request within one calendar month.
- We protect Customer data using appropriate security, including protection against unauthorised or unlawful access as well as including accidental loss, destruction or damage. This is done via both technical and procedural measures.
- We are able to provide Clients with clear, easy to understand information regarding how their data is stored and used.
What Should you Do in Case of Privacy Violation?
If you believe we have infringed your rights in terms of Privacy, we encourage you to get in contact with us using the contact details at the end of this document. Let us know the details of your concern, which will allow us to investigate and assist as quickly as possible.
How to Contact Us
69 Middle Street
+44 (0)845 056 1277