Privacy Policy
-
Important information and who we are
References to "we", "us", "our", "Widgit" and "Widgit Software" are to "Widgit Software Ltd". References to "Widgit Online", "our website", "this website", "the website" or "the service" are to "widgitonline.com". References to "personal data" or "personal details" are to any information about an individual from which they can be identified.
You should be at least 18 years old to create an account on Widgit Online. If you have a group account then you are responsible for the privacy and activity of users on your account.
You should read this privacy policy so that you understand how and why we use your data.
We have appointed a data privacy manager who can respond to questions about this privacy policy and to any requests to exercise your legal rights. To contact the data privacy manager, email privacy@widgit.com or write to:
Privacy
Widgit Software (Widgit Online)
1st Floor
Bishops House
Artemis Drive
Tachbrook Park
Warwick
CV34 6UD, UKFor EEA Residents: You can contact us using the details above or via our EU representative by emailing eurep@widgit.com, telephoning +46 850249258 or writing to:
DPO
Olof Palmes Gata 29
4th Floor
111 12
Stockholm
SwedenThis privacy policy was last updated on 22nd August 2024.
-
What personal data we collect and how
The personal data we collect via the website may include:
- Any personal details you knowingly provide us with through forms and our email, such as name and email address.
- Your preferences and use of email updates, recorded by emails we send you (if you select to receive email updates on news, products and offers).
- Your IP address; this is a string of numbers unique to your computer that is recorded by our web server when you request any page or component on the website. This information is used to monitor usage of the website and to help with technical support issues.
- Data recorded by the Website which allows us to recognise you and your preferred settings; this saves you from re-entering information on return visits to the site. Such data is recorded locally on your computer through the use of cookies. Most browsers can be programmed to reject or warn you before downloading cookies; information regarding this may be found in your browser's 'help' facility.
-
What we do with your personal data
- We'll only use your personal data in relation to providing the Widgit Online service and only when the law allows us to.
- We won't share your personal data with anyone you're not expecting us to.
- We won't send you any marketing emails that you haven't consented to, and you can opt out at any time.
Any personal data we collect will be used in accordance with the UK General Data Protection Regulation in addition to all applicable law concerning the processing of personal data and privacy. If you have opted to be kept informed of any of our products or services, we will use your email address in order to send you that information. In such a case you will always be offered the option to opt in/out of further communication.
We will only use your personal data when we have a lawful basis for doing so. Typically, we will only use your personal data for the following reasons:
- To provide the Widgit Online service under the terms and conditions of use.
- Where it's necessary for our legitimate interests or those of a third party, and where your interests and fundamental rights do not override those interests.
- Where we need to comply with a legal or regulatory obligation.
We have categorised the data (including personal data) that we use as follows:
- Identity - display name and username.
- Technical - your IP address, login credentials and the data sent by your browser, such as its type and version and your device's operating system.
- Activity - information about how you use the website
- Contact - email address and telephone number.
- Communication - details of your communication preferences, such as whether or not you have consented to receive marketing information.
- Financial - your payment details.
- Transaction - details about payments to and from you and details of products and services you have purchased from us.
We have categorised the purposes we use the data for as follows:
Purpose Category of data Lawful basis for processing, including legitimate interest Registration - when you create an account Identity, Technical, Contact, Communication Contractual Order processing - when you purchase a subscription. This includes the ongoing management of payments and fees Identity, Technical, Contact, Communication, Financial, Transaction Contractual, Legitimate Interest (e.g. to recover a debt) Logging In - when you or your users log in Identity, Technical Contractual Communication - when we need to inform you about things like changes to our terms or privacy policy Identity, Contact, Communication Contractual, Legal Obligation, Legitimate Interest (e.g. to keep our records up to date and accurate) Support - when we provide technical support, or need to let you know about technical issues with the website Identity, Technical, Contact, Communication Contractual, Legal Obligation, Legitimate Interest (e.g. provision of services and security) Analytics - when we use statistics and analysis to help us improve the website Technical, Activity Legitimate Interest (e.g. to learn how customers use the website so that we can improve and develop our services, and to inform our marketing strategy) Marketing - when we suggest products or services that may be of interest to you Identity, Contact, Communication Legitimate Interest (e.g. to develop our products and services and grow our business) If we need to use your personal data for another purpose, we will try to ensure that it's compatible with the purposes described here. If it isn't completely compatible then we will notify you, explaining the legal basis for the new purpose.
-
Sharing personal data
We may need to share your personal data with one or more third parties (our "sub-processors"). We require third parties to respect the security of your personal data and to treat it with accordance to all applicable law. We do not allow third parties to use your personal data for their own purposes. We only permit third parties to process your personal data in accordance with our instructions and for the purposes we specify.
Some of the third parties that we might share your personal data with are outside the European Economic Area. When this is the case, we use written contracts to ensure that personal data has the same or similar protections that it would have in the European Economic Area.
This is a list of the third parties ("sub-processors") that we use:
-
Payment and Invoicing Sub-processors
If you purchase a subscription through the Widgit Online website, Widgit will process your order.-
PayPal (EU/USA)
Widgit Online uses PayPal to process payment transactions.
PayPal’s terms and conditions: https://www.paypal.com/uk/webapps/mpp/ua/legalhub-full -
The Education Company (UK)
Widgit uses customer relationship management tools from The Education Company. -
Sage (UK)
Widgit uses Sage to securely process order details and invoices. -
Vision33 (UK)
Widgit uses Vision33 to securely transfer order details.
Amazon Web Services (EU)
Widgit Online uses Amazon Web Services to host and manage the website and databases. -
-
CloudFlare (EU/USA)
Widgit Online uses Cloudflare for content distribution, security and DNS services. -
MailerSend (EU)
Widgit Online uses MailerSend to send emails related to user accounts. -
Mailchimp (USA)
Widgit Online uses Mailchimp to send emails related to user accounts, marketing and new features of the service. -
WebPurify (USA)
Widgit Online uses WebPurify for automated image moderation. -
Rollbar (USA)
Widgit Online uses Rollbar to support error logging on the service for the sole purposes of maintaining and improving the service. The data gathered using Rollbar may include elements of entered text which may constitute personal data. Should this happen, the text will be deleted.
-
-
Cookies
For a list of the cookies we use, see "Cookies". Please note that if you set your browser to disable or reject cookies, parts of the website may not be accessible or function properly.
-
Security
We have security measures in place to prevent your personal data from being accidentally lost, disclosed, used or accessed in an unauthorised way. We also limit access to your data to the employees and third parties that need access to it in order to provide the Widgit Online service.
All Widgit staff with access to your data are subject to a duty of confidence and have been trained in privacy awareness and the handling of personal data.
-
Data Retention (How long we keep your personal data for)
It's possible that a subscription might lapse and an account might lay dormant until the subscription is renewed. We do not want you to lose the materials you (and your users if you have a group account) have created, so we will keep a record of your account and materials for a maximum of 2 years after your trial or subscription has lapsed.
For tax reasons, we are legally required to keep basic information about our customers (including Contact, Identity, Financial and Transaction data as described) for 6 years after they cease being customers.
In some circumstances you can ask us to delete your personal data (for more information, see 'Your other rights').
Your right to object
You have the right to object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and you feel that it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
Your other rights
Subject to circumstances, account holders have rights under data protection laws in relation to their personal data. If you wish to exercise any of the rights described here, please contact us using the details in "Important information and who we are".
Please note that if you have a group account, we cannot respond to requests from your users regarding their privacy. We will assist you in responding to requests from your users and allowing your users to exercise their rights. If the supervisory authority contacts us in relation to your account, or if we are contacted by anyone in relation to the privacy of a user on your account, we will notify the account holder using the email address that they have provided.
Request access to your personal data
You can ask for a copy of the personal data we hold about you to check that we are lawfully processing it.Request correction of the personal data that we hold about you
You can ask us to correct any incomplete or inaccurate data we hold about you, although we may need to verify the accuracy of the new data you provide to us.Request erasure of your personal data
You can ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see "Your right to object"), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with applicable law. Note that we may not always be able to comply with your request of erasure for specific legal reasons which you will be informed of, if applicable, at the time of your request.Request restriction of processing of your personal data
You can ask us to suspend the processing of your personal data:- if you want us to establish the data's accuracy
- where our use of the data is unlawful but you do not want us to erase it
- where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims
- when you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
Request the transfer of your personal data to you or to a third party
You can ask us to provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to information that you initially provided consent for us to use or where we used the information to perform a contract with you.Withdraw consent at any time
If we are relying on consent to process your personal data then you can withdraw that consent at any time. This does not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent. -
Other websites
This privacy policy only covers this website. Any other websites which may be linked to by our website are subject to their own policy, which may differ from ours.
-
Cookies
What are "cookies"?
Cookies are very small text files that are stored in your browser by the websites you visit.
Cookies can be used to identify you to a website, to help it remember your preferences or to track your usage of the website so that the people who run it can give you a better service.
How Widgit Online uses cookies
The Widgit Online website uses three cookies, which are described below. All of the cookies that Widgit Online uses are strictly necessary to ensure that the website does the things that you would expect it to do.
-
User Credentials
("user_credentials")
This cookie identifies you to the website so that you don't need to log in every time you visit. If you click the "Stay logged in" option when logging in, this cookie will remain valid for 3 months. If you don't, it will remain valid until the end of the current browsing session. -
Online Session
("_session_id")
This cookie identifies your current browsing session to the website so that you can edit documents. It will remain valid until the end of the current browsing session. -
Image Security Check
("_cf_bm")
This cookie identifies requests sent from Widgit Online to our image provider (Pixabay) as genuine. It remains valid for a few seconds after each request.
-
User Credentials