Logo

Assuric

Request a demo

Privacy Notice

Our Privacy Notice was last updated July 20, 2024

This Privacy Notice describes how Assuric UK OPCO LIMITED (“Assuric”) collects, uses and discloses information, and informs you about your privacy rights and how the law protects individual rights and freedoms.

Interpretation and Definitions

The words of which the initial letter is capitalised have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural. For the purposes of this Privacy Notice:

  • "Account" means a unique account created for You to access our Service or parts of our Service.
  • "Assuric" (referred to as either "Assuric" or "We", "Us" or "Our" in this Agreement) refers to Assuric UK OPCO LIMITED.
  • "Cookies" are small files that are placed on Your computer, mobile device or any other device by a website, containing the details of Your browsing history on that website among its many uses.
  • “Client” means the organisation that agreed to the Terms of Service (e.g. your employer or another entity or person)
  • "Data Controller", for the purposes of the GDPR (General Data Protection Regulation), refers to a natural or legal person or entity which alone or jointly with others determines the purposes and means of the processing of Personal Data.
  • "Device" means any device that can access the Service such as a computer, a cell phone, mobile device or a digital tablet.
  • "Personal Data" is any information that relates to an identified or identifiable individual. For the purposes of GDPR, Personal Data means any information relating to You such as a name, an identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity.
  • "Services" and “Websites” refers to Assuric’s products and services, including applicable applications (collectively, the “Services”), accessed from assuric.com and other Assuric websites (collectively, the “Websites”).
  • “Service Data” refers to any data submitted through the Services. “Other Information” refers to other information and data. (Service Data and Other information are collectively “Information”).
  • “Terms of Service” refers to a separate agreement governs delivery, access, and use of the Services.
  • "Third-Party Services" refers to any third-party applications or software that integrate with the Services through the Assuric platform, or any other third-party products, services or businesses.
  • "Usage Data" refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).
  • "You" means the individual accessing or using the Service, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable. Under GDPR (General Data Protection Regulation), You can be referred to as the Data Subject or as the “User” as you are the individual using the Service.

Scope of this Privacy Notice

This Privacy Notice applies to Assuric’s Services and Websites and other interactions (e.g., customer service inquiries, user conferences, etc.) you may have with Assuric. If you do not agree with the terms, do not access or use the Services, Websites, or any other aspect of Assuric’s business. ‍ This Privacy Notice does not apply to any Third-Party Services, or any other third-party products, services or businesses. The Client controls its instance of the Services and any associated Service Data.

Types of data collected and received

Assuric may collect, generate, and receive Service Data and Other information and data in a variety of ways:

Service Data

Clients and Users may submit Service Data to Assuric when using the Services.

Account Information

To create or update an Assuric account, you or a Client (e.g., your employer) supply Assuric with an email address, phone number, password, domain and/or similar account details. In addition, Clients that purchase a paid version of the Services provide Assuric (or its payment processors) with billing details such as credit card information, banking information and/or a billing address. This information may be used to contact or identify You.

Usage Data

  • Services metadata. When a User interacts with the Services, metadata is generated that provides additional context about the way Users interact with the Services. For example, Assuric logs what Third Party Services are connected with the Services (if any).

  • Log data. As with most technology services delivered over the Internet, our servers automatically collect information when you access or use our Websites or Services and record it in log files. This log data may include the Internet Protocol (IP) address, the address of the web page visited before using the Website or Services, browser type and settings, the date and time the Services were used, information about browser configuration and plugins, language preferences and cookie data.

  • Device information. Assuric collects information about Devices accessing the Services, including type of Device, what operating system is used, device settings, application IDs, unique device identifiers and crash data. Whether Assuric collects some or all of this information often depends on the type of Device used and its settings.

  • Location information. Assuric receives information from you, your Client and other third parties that may help Assuric approximate your location. Assuric may, for example, use a business address submitted by your employer, or an IP address received from your browser or device to determine approximate location. Assuric may also collect location information from devices in accordance with the consent process provided by your Device. ird-Party Services to its instance of the Service. Typically, Third-Party Services are software services that integrate with Assuric Services, and a Client can permit its Users to enable and disable these integrations for its instance of the Service. Assuric may also develop and offer Assuric applications that connect the Services with a Third-Party Service. Once enabled, the provider of a Third-Party Service may share certain information with Assuric. For example, if a single sign-on service is connected with Assuric, Assuric may receive the username and email address of Users, along with additional information that the application has elected to make available to Assuric to facilitate the integration. Users should check the privacy settings and notices in these Third-Party Services to understand what data may be disclosed to Assuric. When a Third-Party Service is enabled, Assuric is authorised to connect and access Other Information made available to Assuric in accordance with any permission(s) granted by Client (including, by its User(s)). Assuric does not, however, receive or store passwords for any of these Third-Party Services when connecting them to the Services.

Third-Party Services

A Client can connect Third-Party Services to its instance of the Service. Typically, Third-Party Services are software services that integrate with Assuric Services, and a Client can permit its Users to enable and disable these integrations for its instance of the Service. Assuric may also develop and offer Assuric applications that connect the Services with a Third-Party Service. Once enabled, the provider of a Third-Party Service may share certain information with Assuric. For example, if a single sign-on service is connected with Assuric, Assuric may receive the username and email address of Users, along with additional information that the application has elected to make available to Assuric to facilitate the integration. Users should check the privacy settings and notices in these Third-Party Services to understand what data may be disclosed to Assuric. When a Third-Party Service is enabled, Assuric is authorised to connect and access Other Information made available to Assuric in accordance with any permission(s) granted by Client (including, by its User(s)). Assuric does not, however, receive or store passwords for any of these Third-Party Services when connecting them to the Services.

Contact information

A User is required to provide some contact information (e.g., an email address) when making an account on the Services.

Third-party data.

Assuric may receive data about organisations, industries, lists of companies that are customers, Website visitors, marketing campaigns and other matters related to our business from affiliates and subsidiaries, our partners, or others that Assuric engages with to make Assuric’s own information better or more useful. This data may be combined with Other Information Assuric collects and might include aggregate-level data, such as which IP addresses correspond to zip codes or countries. Or it might be more specific: for example, how well an online marketing or email campaign performed.

Additional information provided to Assuric

Assuric receives Other Information when submitted to our Websites or in other ways, such as if you participate in a focus group, contest, activity or event, apply for a job, enrol in an educational program hosted by Assuric or a vendor, request support, interact with our social media accounts or otherwise communicate with Assuric.

Information transferred via the Google API

Assuric’s use and transfer of information received from Google API’s to any other app will adhere to Google API Services User Data Policy, including Limited Use requirements.

Cookie information

Assuric uses cookies and similar technologies in our Websites and Services to help us collect Other Information. The Websites and Services may also include cookies and similar tracking technologies of third parties, which may collect Other Information about you via the Websites and Services and across other websites and online services. For more details about how Assuric uses these technologies, and your opt-out opportunities and other options, please see Asusric’s Cookie Policy.

How Assuric uses information

Service Data will be used by Assuric in accordance with the applicable Terms of Service, Client’s use of Services functionality, and as required by applicable law. Assuric is a processor of Service Data and Client is the Data Controller. ‍ In addition, Assuric uses Information in furtherance of our legitimate interests in operating our Services, Websites, and business. More specifically, Assuric uses Information:

  • To provide, update, maintain and protect our Services, Websites, and business. This includes use of Service Data and Other Information to support delivery of the Services under the Terms of Service, prevent or address service errors, security or technical issues, analyse and monitor usage, trends and other activities, or at an User’s request.
  • As required by applicable law, legal process, or regulation.
  • To communicate with you by responding to your requests, comments, and questions. If you contact us, Assuric may use Information to respond.
  • To develop and provide additional features. Assuric tries to make the Services as useful as possible for Clients and Users, and Assuric may use aggregated and anonymized Services Data and Other Information to develop new Services or improve existing Services.
  • To send emails and other communications. Assuric may send you service, technical and other administrative emails, messages, and other types of communications. Assuric may also contact you to inform you about changes in our Services, our Services offerings, and important Services-related notices, such as security and fraud notices. These communications are considered part of the Services and you may not opt out of them. In addition, Assuric sometimes sends emails about new product features, promotional communications, or other news about Assuric. These are marketing messages so you can control whether you receive them. If you have additional questions about a message you have received from Assuric please reach out through the contact mechanisms described below.
  • For billing, account management, and other administrative matters. Assuric may need to contact you for invoicing, account management, and similar reasons and Assuric uses account data to administer accounts and keep track of billing and payments.
  • To investigate and help prevent security issues and abuse.
  • For other purposes. We may use Your information for other purposes, such as data analysis, identifying usage trends, determining the effectiveness of our promotional campaigns and to evaluate and improve our Service, products, services, marketing and your experience. If Information is aggregated or de-identified so that it is no longer reasonably associated with an identified or identifiable natural person, Assuric may use it for any business purpose.

In general, Assuric is the processor of Service Data and the controller of Other Information.

How Assuric shares and discloses information

We may share and disclose Your information in the following situations:

  • Displaying and operating the Services. Because of the nature and functionality of the Services, Information will be displayed as part of the Services to Users in a Client’s instance of the Service. For example, information about which of Client’s employees may have two-factor authentication enabled may be displayed as part of the Services.
  • Third-party service providers and partners. Assuric may engage third parties as service providers or business partners to process Information and support our business. These third parties may, for example, provide virtual computing and storage services. To the extent necessary and applicable, these third-party service providers and partners will be bound by appropriate and commercially reasonable confidentiality obligations.
  • Third-Party Services. Clients may enable or permit Users to enable Third- Party Services. Assuric requires each Third-Party Service to disclose all permissions for information access in the Services, but Assuric does not guarantee that they do so. When enabled and as requested by Client, Assuric may share Information with Third-Party Services. Third-Party Services are not owned or controlled by Assuric and third parties that have been granted access to Information may have their own policies and practices for its collection, use, and sharing. Please check the permissions, privacy settings, and notices for these Third-Party Services or contact the service provider for any questions.
  • Corporate affiliates. Assuric may share Information with its corporate affiliates, parents, and/or subsidiaries.
  • During a change to Assuric’s business. If Assuric engages in a merger, acquisition, bankruptcy, dissolution, reorganisation, sale of some or all of Assuric’s assets or stock, financing, public offering of securities, acquisition of all or a portion of Assuric’s business, a similar transaction or proceeding, or steps in contemplation of such activities, some or all Information may be shared or transferred, subject to appropriate and commercially reasonable confidentiality arrangements.
  • Aggregated or de-identified data. Assuric may disclose or use aggregated or de-identified Information for any purpose. For example, Assuric may share aggregated or de-identified Information with prospects or partners for business or research purposes.
  • To Comply with Laws. If a law enforcement or government agency sends Assuric a demand for Information about a Client, Assuric shall attempt to redirect the agency to request that data directly from the Client. As part of this effort, Assuric may provide the Client’s basic contact information to the law enforcement or government agency. If compelled to disclose Information to a law enforcement or government agency, then Assuric will give the Client reasonable notice of the demand and cooperation to allow the Client to seek a protective order or other appropriate remedy unless Assuric is legally prohibited from doing so. Assuric will not voluntarily disclose Information related to a Client to any law enforcement or government agency, unless required by public authorities, including to meet national security or law enforcement requirements.
  • To enforce our rights, prevent fraud, and for safety. To protect and defend the rights, property, or safety of Assuric or third parties, including enforcing contracts or policies, or in connection with investigating and preventing fraud or security issues.
  • With consent. Assuric may share Information with third parties when Assuric has consent to do so.

Retention of Your Personal Data

Your information is securely stored. Assuric will retain Service Data in accordance with the applicable Terms of Service, Client’s use of Services functionality, and as required by applicable law. Assuric will retain Your Personal Data only for as long as is necessary for the purposes set out in this Privacy Notice.

We will retain and use Personal Data and Other Information to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies. Assuric will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of Our Service, or We are legally obligated to retain this data for longer time periods.

Transfer of Your Personal Data

Your information, including Personal Data, is processed at Assuric’s operating offices and in any other places where the parties involved in the processing are located. It means that this information may be transferred to — and maintained on — computers located outside of Your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from Your jurisdiction. Your consent to this Privacy Notice followed by Your submission of such information represents Your agreement to that transfer.

Assuric will take all steps reasonably necessary to ensure that Your data is treated securely and in accordance with this Privacy Notice and no transfer of Your Personal Data will take place to an organisation or a country unless there are adequate controls in place including the security of Your data and other personal information.

International Transfers under the GDPR

When transferring data internationally we ensure that there is an adequacy decision in place which confirms that there is an adequate level of protection for personal data. We may also use data processors based in locations which are not yet subject to an adequacy decision, however where this is the case we ensure that appropriate safeguards are in place so that enforceable data subject rights and effective legal remedies for data subjects are available. This will usually be achieved through the careful selection of data processors which offer high levels of security for personal data and the use of Standard Contractual Clauses (SCCs) which place binding legal obligations on the recipient to ensure the protection of personal data.

Security of Your Personal Data

The security of Your Personal Data is important to Us and Assuric uses industry-standard technical and organisational measures to protect Information from loss, misuse, and unauthorised access or disclosure. The nature of communications and information processing technology is that no method of transmission over the Internet, or method of electronic storage is 100% secure. While We strive to use commercially acceptable means to protect Your Personal Data, We cannot guarantee its absolute security. When you click a link to a third-party site, you will be leaving our site and Assuric doesn’t control or endorse what is on third-party sites.

Detailed Information on the Processing of Your Personal Data

We use data processors who are third parties who provide elements of services for us, including cloud based storage providers. We have contracts in place with our data processors. This means that they cannot do anything with your personal information such as share it with other organisations unless we have instructed them to do it. They will hold your personal data/information securely and only retain it for the period we instruct.

Children's Privacy

Our Service does not knowingly address anyone under the age of 13. We do not knowingly collect personally identifiable information from anyone under the age of 13. If You are a parent or guardian and You are aware that Your child has provided Us with Personal Data, please contact Us. If We become aware that We have collected Personal Data from anyone under the age of 13 without verification of parental consent, We take steps to remove that information fromThe Our servers. If We need to rely on consent as a legal basis for processing Your information and Your country requires consent from a parent, We may require Your parent's consent before We collect and use that information.

Email Marketing

We may use Your Personal Data to contact You with newsletters, marketing or promotional materials and other information that may be of interest to You. You may opt-out of receiving any, or all, of these communications from Us by following the unsubscribe link or instructions provided in any email We send or by contacting Us at privacy@assuric.com.

Legal basis for processing under the GDPR

We may process Personal Data under the following conditions:

  • Consent: You have given Your consent for processing Personal Data for one or more specific purposes. Your consent can be withdrawn at any time by contacting us at privacy@assuric.com.
  • Performance of a contract: Provision of Personal Data is necessary for the performance of an agreement with You and/or for any pre-contractual obligations thereof.
  • Legal obligations: Processing Personal Data is necessary for compliance with a legal obligation to which Assuric is subject.
  • Vital interests: Processing Personal Data is necessary in order to protect Your vital interests or of another natural person.
  • Public interests: Processing Personal Data is related to a task that is carried out in the public interest or in the exercise of official authority vested in Assuric.
  • Legitimate interests: Processing Personal Data is necessary for the purposes of the legitimate interests pursued by Assuric.

In any case, Assuric will gladly help to clarify the specific legal basis that applies to the processing, and in particular whether the provision of Personal Data is a statutory or contractual requirement, or a requirement necessary to enter into a contract.

Your Rights under the GDPR

Assuric undertakes to respect the confidentiality of Your Personal Data and to guarantee You can exercise Your rights. You have the right under this Privacy Policy, and by law if You are within the EU, to:

  • Your right of access. You have the right to ask us for copies of your personal information.
  • Your right to rectification. You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
  • Your right to erasure. You have the right to ask us to erase your personal information in certain circumstances.
  • Your right to restriction of processing. You have the right to ask us to restrict the processing of your personal information in certain circumstances.
  • Your right to object to processing. You have the right to object to the processing of your personal information in certain circumstances.
  • Your right to data portability. You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you. However, If the request is manifestly unfounded or excessive we may either request a reasonable fee to cover our administrative costs or we may refuse to comply with the request.

Exercising of Your GDPR Data Protection Rights

You may exercise Your rights of access, rectification, erasure and opposition by contacting Us. Please contact us at privacy@assuric.com if you wish to make a request. Please note that we may ask You to verify Your identity before responding to such requests. If You make a request, We will try our best to respond to You as soon as possible. You have the right to complain to a Data Protection Authority about Our collection and use of Your Personal Data. For more information, if You are in the European Economic Area (EEA), please contact Your local data protection authority in the EEA. For the United Kingdom, this is the Information Commissioner's Office (ICO): https://www.ico.org.uk

Data Protection Officer

To contact Assuric’s DPO please contact:

  • Email: privacy@assuric.com
  • Address: Assuric UK OPCO LIMITED 20 Wenlock Road, London, United Kingdom N1 7GU

Changes to This Privacy Notice

Assuric may change this Privacy Notice from time to time. Laws, regulations, and industry standards evolve, which may make those changes necessary, or Assuric may make changes to our services or business. Assuric will post the changes to this page and encourage you to review our Privacy Notice to stay informed. If Assuric makes changes that materially alter your privacy rights, Assuric will provide additional notice, such as via email or through the Services. If you disagree with the changes to this Privacy Notice, you should cease interacting with the Services. Contact the applicable Client if you wish to request the removal of Personal Data under their control.