Version number: 4.0
Last updated: 26th October 2022
We treat privacy and confidentiality very seriously at Box UK Ltd and comply with all aspects of the UK’s data protection legislative framework, which includes the retained EU law version of the General Data Protection Regulation ((EU) 2016/679) (UK GDPR) and the Data Protection Act 2018 (DPA 2018) E. In line with this we have developed the below privacy notice to detail exactly what personal information we collect and use.
Company details: Box UK Limited
Registered office address: Capital Tower, Greyfriars Road, Cardiff, CF10 3AG
London address: Octagon Point, 5 Cheapside, London EC2V 6AA
Email contact: firstname.lastname@example.org
Registered in England and Wales: 03606919
VAT Number: GB738835589
ICO Registration Number: Z9488852
Your privacy is important to us and it is our policy that your personal information is private and confidential. This privacy statement details what data we collect from you and how we use it.
We do not collect, use or disclose your personal information for any purposes other than those identified below, except as required by law.
Please read this privacy statement before using the site or providing us with any personal information.
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together in broad classifications as follows:
We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Our careers application form at https://www.boxuk.com/careers/ does request information about criminal convictions and offences and we collect and process that information in accordance with the provision of Schedule 1 of the Data Protection Act 2018.
We use different methods to collect data from and about you including through:
Direct interactions. You may give us your Identity and Contact Data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:
Third parties or publicly available sources. We may receive personal data about you from various third parties (including public sources), which we may combine with or add to personal information you have directly provided to us, as set out below:
We will only collect and use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
Generally, we do not rely on consent as a legal basis for processing your personal data except where data protection or privacy law requires this. You will have the right to withdraw any such consent at any time by contacting us.
If registering interest in our services (via an enquiry for example), the personal information you provide will be stored in a Customer Relationship Management system (CRM) and made available only to the person(s) who require access to it to handle your request.
If you are a client or a representative of a client who we will be providing services to, your personal information will be stored in our CRM and will be made available only to the person(s) who require access to it to perform the contract – this may include our contractors and third parties who may be working on the same project. As applicable, these may be located outside the UK in which case the Data Export provisions below shall apply.
We may disclose your personal data to third-party technical partners that we work with to provide services to you, whether through our website or by other means of communication, for the purposes of our contract with those third-party technical partners and to best ensure we are able to perform our contract with you. Some of our third-party technical partners may be located outside the UK and the Data Export provisions below shall apply. Our contracts with specialist technical partners contain confidentiality obligations and only permit them to process any personal data as instructed by us and in accordance with UK data protection law.
Our third-party technical partners provide services to us which include our CRM platform, email deployment, advertising and marketing, security and system performance monitoring, research, data hosting and auditing. Please contact us for more details of these if you have further questions about these.
If you are registered to receive emails, your information will additionally be stored securely in an Email Marketing Service (EMS), again made available only to the person(s) who require it to respond to this registration.
If visiting Box UK at our offices, the personal information provided to our check-in service will be recorded securely in that service and delivered only to those people you are there to meet.
Personal information supplied as part of a contract signature process will be stored in a secure contracts repository and/or in an electronic signature management tool, made available only to the relevant personnel.
When you sign up to be a usability tester, your information will be securely stored and made available only to those people who require access to it to facilitate the matching of your details to suitable vacancies and your remuneration in the case of being successfully placed within a project.
If you have submitted an application for a vacancy and/or registered your interest in future vacancies, your information will be stored in a separate system, dedicated to the storage of HR information, and will only be made available to the person(s) who require access to it to handle this contact.
In all cases, personal information is not otherwise sold or shared with any third parties.
Where it is reasonable for the operation and development of our business, your personal data may be transferred and stored outside of the UK. It may also be processed by any of our staff (including contractors), other parties who may be working on a project which your personal data is relevant to or our third-party technical partner, who may be located and operating outside of the UK.
Where your personal data is to be transferred outside of the UK, we will ensure that either (a) there is an “adequacy decision” (which complies with the Data Protection Act 2018) with respect to the data protection laws of the country to which it is transferred, (b) there are appropriate safeguards in place providing enforceable rights and effective legal remedies are available for individuals, compliant with UK GDPR; or (c) where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield, which requires them to provide similar protection to personal data shared between the UK / Europe and the US; or (c) we have entered into a suitable data processing agreement with the third party situated in that country to ensure the adequate protection of your data. In all cases, transfers outside of the UK will be protected by appropriate safeguards.
If you have made an enquiry, called in or otherwise engaged with our sales team, registered for an event, or we have obtained your personal information from a third-party or publicly available source we will keep your personal information (Identity and Contact Data) for up to 36 months from the point at which you last have contact with us. After this time, this information will be anonymised so as to be no longer be personal to you and/or it will be deleted.
If you have provided personal information to us as part of our performance of a contract with you or a client that you represent, we will normally keep your personal information (Identity, Contact and Transaction Data) for up to 6 years from completion of the relevant project except where the limitation period in the contract is a longer period of time, in which case we will keep this personal information for that longer period of time. After this time it will be anonymised so as to be no longer personal to you and/or deleted.
If you have supplied personal information for marketing purposes (through registering for a newsletter for example) and you notify us that you no longer wish to receive these communications, we will only retain the personal information required to ensure that this request is complied with (typically email address).
If you have supplied your information while checking in at our offices this (and the associated information about when you were there) will be kept for a period of one month before being deleted.
Personal information supplied as part of a contract signature process will kept in line with the contract retention period, typically seven years from end of service provision.
If you have supplied personal information in signing up to be a usability tester it will be kept only for as long as is necessary to facilitate the project in question, unless you have asked to be contacted in future about additional testing opportunities. In the case of having registered for future contact, your details will be retained until such point as you notify us that you no longer wish to be registered for this service.
If you have supplied personal information in applying for a vacancy it will be kept for 6 months after the end of the recruitment process for that role unless you have asked to be contacted in future about other such vacancies. In the case of having registered for future contact, your details will be retained until such point as you notify us otherwise.
If at any point you believe the information we hold about you is incorrect you can request to see this information and have it corrected, restricted or deleted by emailing us at email@example.com. An unsubscribe option is additionally included in every marketing email you receive.
You may request us to provide you with any personal information we hold about you; provision of such information will be subject to
We may withhold personal information that you request to the extent permitted by law.
In certain circumstances you have the right to have personal data we hold about you erased. This will be done without undue delay. These circumstances include the following: it is no longer necessary for us to hold personal data in relation to the purposes for which it was originally collected or otherwise processed; you withdraw your consent to any processing that requires consent; the processing is for direct marketing purposes; or the personal data has been unlawfully processed.
However, there are certain general exclusions of the right to erasure, including where processing is necessary: for exercising the right of freedom of expression and information; for compliance with a legal or regulatory obligation; or for establishing, exercising or defending legal claims.
In certain circumstances you have the right for the processing of your personal data to be restricted. This is the case where: you do not think that the personal data we hold about you is accurate; your data is being processed unlawfully, but you do not want your data to be erased; it is no longer necessary for us to hold your personal data for the purposes of our processing, but you still require that personal data in relation to a legal claim; or you have objected to processing, and are waiting for that objection to be verified.
Where processing has been restricted for one of these reasons, we may continue to store your personal data. However, we will only process it for other reasons: with your consent; in relation to a legal claim; for the protection of the rights of another natural or legal person; or for reasons of important public interest.
You may object to us processing your personal data on grounds relating to your particular situation, unless our legal basis for the processing is that it is necessary for: the performance of a task carried out in the public interest, or in the exercise of any official authority vested in us; or the purposes of our legitimate interests or those of a third party.
If you make an objection, we will stop processing your personal information unless we are able to: demonstrate compelling legitimate grounds for the processing, and that these legitimate grounds override your interests, rights and freedoms; or the processing is in relation to a legal claim.
If you think that our processing of your personal data infringes data protection laws, you have the right to lodge a complaint at any time to the Information Commissioner’s Office the UK regulator for data protection issues (www.ico.org.uk).
We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance at firstname.lastname@example.org and we assure you that your concerns will be promptly and properly investigated.
Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site. The table below explains the cookies we use and why.
|ActiveCampaign||Targeting or advertising||ac_subscriber||Session||This cookie allows us to identify a user if they have started their journey via Active Campaign link i.e by clicking a link in an email.|
|Google Analytics||Performance|| _ga
|These cookies are used to collect information about how visitors use our website. We use the information to compile reports and to help us improve the website. The cookies collect information in an anonymous form, including the number of visitors to the website, where visitors have come to the website from and the pages they visited.|
|These cookies are used to collect information about how visitors use our website. We use the information to compile reports and to help us improve the website. The cookies collect information on how users engage with various elements of the page and what they click on.|
|The _lfuuid cookie allows a website to track visitor behaviour on the sites on which the cookie is installed. Tracking is performed anonymously until a user identifies themself by submitting a form.|
|These cookies are used to track how individual content pieces are performing.|
To opt out of being tracked by Google Analytics across all websites visit http://tools.google.com/dlpage/gaoptout.
Images, text, software, documentation, electronic text and image files, audio and video files and clips, and other materials on the Box UK website are protected by copyright laws and may be covered by other restrictions as well. Box UK retains all rights, including copyright, in data, image, text, and any other information contained in these files. Box UK expressly prohibits the copying of any protected materials on this website, except for the purposes of fair use as defined in copyright laws and as defined below.
Fair use of copyrighted material includes the use of protected materials for non-commercial educational purposes, such as teaching, scholarship, research, commentary and news reporting. Unless otherwise noted, users who wish to download or print text, audio, video, image and other files from the Box UK website for such uses are welcome to do so with our express permission. Users must cite the author and source of this material as they would material from any printed work; the citation should include the URL https://www.boxuk.com. By downloading, printing, or otherwise using text, audio, video, image and other files from this website, whether accessed directly from this website or via other sites or mechanisms, users agree that they will limit their use of such files to fair use and will not violate Box UK’s or any other party’s proprietary rights.
Unauthorised publication or exploitation of Box UK’s files is specifically prohibited. Anyone wishing to use any of these files or images for commercial use, publication, or any purpose other than fair use as defined by law, must request and receive prior permission from Box UK.
Box UK’s website may occasionally link to other sites that we deem relevant to our users. We are not responsible for the accuracy or reliability of the content on third party websites, nor do we necessarily endorse the sites and their content.