Version number: 4.0

Last updated: 16th February 2022

Contact us for details of the latest changes…

Introduction

We treat privacy and confidentiality very seriously at Box UK Ltd and comply with all aspects of the UK’s data protection legislative framework, which includes the retained EU law version of the General Data Protection Regulation ((EU) 2016/679) (UK GDPR) and the Data Protection Act 2018 (DPA 2018) E. In line with this we have developed the below privacy notice to detail exactly what personal information we collect and use.

Company information

Company details: Box UK Limited

Registered office address: Westgate Court, Westgate Street, Cardiff CF10 1DD

London address: Octagon Point, 5 Cheapside, London EC2V 6AA

Email contact: info@boxuk.com

Registered in England and Wales: 03606919

VAT Number: GB738835589

ICO Registration Number: Z9488852

Your personal information

Your privacy is important to us and it is our policy that your personal information is private and confidential. This privacy statement details what data we collect from you and how we use it.

We do not collect, use or disclose your personal information for any purposes other than those identified below, except as required by law.

Please read this privacy statement before using the site or providing us with any personal information.

You are encouraged to review the privacy policy on a regular basis to make sure that you understand how any personal information you provide will be used.

The personal data / information we collect

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

We may collect, use, store and transfer different kinds of personal data about you which we have grouped together in broad classifications as follows:

  • Identity Data includes first name, maiden name, last name, social media account usernames or similar identifier, date of birth and gender.
  • Contact Data includes billing address, delivery address, email address, social media account details and telephone numbers.
  • Experience and Education Data includes details of salary expectations, educational and professional qualifications, current and previous employment and work experience (as typically provided in a curriculum vitae).
  • Transaction Data includes details of any services we may have provided to you or a customer you may represent as well as details of your involvement in and communication with you in the course of providing those services.
  • Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.
  • Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our website.
  • Usage Data includes information about how you use our website, products and services.

We may also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy.

We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Our careers application form at https://www.boxuk.com/careers/ does request information about criminal convictions and offences and we collect and process that information in accordance with the provision of Schedule 1 of the Data Protection Act 2018.

How we collect personal information

We use different methods to collect data from and about you including through:

Direct interactions. You may give us your Identity and Contact Data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:

  • enquire about our products or services;
  • interact with us as a client or on behalf of a client (when we will also collect Transaction Data);
  • apply for employment or engagement as a contractor or user experience tester with us (when we will also collect Education and Experience Data as well as information about criminal convictions)
  • give us feedback or contact us.
  • create any account on our website (as applicable);
  • subscribe to any of our services or publications;
  • request marketing to be sent to you; or
  • enter any competition, promotion or survey we may operate.

Automated technologies or interactions. As you interact with our website, we will automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies and other similar technologies. Please see our cookie policy below for further details.

Third parties or publicly available sources. We may receive personal data about you from various third parties (including public sources), which we may combine with or add to personal information you have directly provided to us, as set out below:

  • Identity and Contact Data from publicly available sources such as Linked In, Companies House.
  • Contact data which we obtain by working with third party technical partners such as Lead Forensics who can provide corporate (but not personal) website visitor information based upon IP Address information, in combination with publicly available sources such as LinkedIn.
  • Technical Data from analytics providers such as Google Analytics, who may be based outside the UK;

The legal basis for collection and use of personal data

We will only collect and use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

  • Where we need to perform the contract we are about to enter into or have entered into with you (or a company you may work for or represent).
  • Where we reasonably believe it is in our legitimate interest for the efficient and proper conduct and development of our business and your interests and fundamental rights do not override those interests.
  • More specifically, where you are either a client or a representative of a client or where we are marketing our services based upon leads generated through use of third party provided information (which may be based upon use of anonymised website visitor identification in combination with publicly available contact information as set out above), we assert it is in our legitimate interest to send you marketing communications via email or to your social media accounts. All of these communications will include a facility to opt-out from receiving any further communication or your social media platform will provide a facility to block further communications from us.
  • Where we need to comply with a legal obligation.

Generally, we do not rely on consent as a legal basis for processing your personal data except where data protection or privacy law requires this. You will have the right to withdraw any such consent at any time by contacting us.

Who your personal information will be shared with

If registering interest in our services (via an enquiry for example), the personal information you provide will be stored in a Customer Relationship Management system (CRM) and made available only to the person(s) who require access to it to handle your request.

If you are a client or a representative of a client who we will be providing services to, your personal information will be stored in our CRM and will be made available only to the person(s) who require access to it to perform the contract – this may include our contractors and third parties who may be working on the same project. As applicable, these may be located outside the UK in which case the Data Export provisions below shall apply.

We may disclose your personal data to third-party technical partners that we work with to provide services to you, whether through our website or by other means of communication, for the purposes of our contract with those third-party technical partners and to best ensure we are able to perform our contract with you. Some of our third-party technical partners may be located outside the UK and the Data Export provisions below shall apply. Our contracts with specialist technical partners contain confidentiality obligations and only permit them to process any personal data as instructed by us and in accordance with UK data protection law.

Our third-party technical partners provide services to us which include our CRM platform, email deployment, advertising and marketing, security and system performance monitoring, research, data hosting and auditing. Please contact us for more details of these if you have further questions about these.

If you are registered to receive emails, your information will additionally be stored securely in an Email Marketing Service (EMS), again made available only to the person(s) who require it to respond to this registration.

If visiting Box UK at our offices, the personal information provided to our check-in service will be recorded securely in that service and delivered only to those people you are there to meet.

Personal information supplied as part of a contract signature process will be stored in a secure contracts repository and/or in an electronic signature management tool, made available only to the relevant personnel.

When you sign up to be a usability tester, your information will be securely stored and made available only to those people who require access to it to facilitate the matching of your details to suitable vacancies and your remuneration in the case of being successfully placed within a project.

If you have submitted an application for a vacancy and/or registered your interest in future vacancies, your information will be stored in a separate system, dedicated to the storage of HR information, and will only be made available to the person(s) who require access to it to handle this contact.

In all cases, personal information is not otherwise sold or shared with any third parties.

Data Export

Where it is reasonable for the operation and development of our business, your personal data may be transferred and stored outside of the UK. It may also be processed by any of our staff (including contractors), other parties who may be working on a project which your personal data is relevant to or our third-party technical partner, who may be located and operating outside of the UK.

Where your personal data is to be transferred outside of the UK, we will ensure that either (a) there is an “adequacy decision” (which complies with the Data Protection Act 2018) with respect to the data protection laws of the country to which it is transferred, (b) there are appropriate safeguards in place providing enforceable rights and effective legal remedies are available for individuals, compliant with UK GDPR; or (c) where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield, which requires them to provide similar protection to personal data shared between the UK / Europe and the US; or (c) we have entered into a suitable data processing agreement with the third party situated in that country to ensure the adequate protection of your data. In all cases, transfers outside of the UK will be protected by appropriate safeguards.

How long will your personal information be kept for

If you have made an enquiry, called in or otherwise engaged with our sales team, registered for an event, or we have obtained your personal information from a third-party or publicly available source we will keep your personal information (Identity and Contact Data) for up to 36 months from the point at which you last have contact with us. After this time, this information will be anonymised so as to be no longer be personal to you and/or it will be deleted.

If you have provided personal information to us as part of our performance of a contract with you or a client that you represent, we will normally keep your personal information (Identity, Contact and Transaction Data) for up to 6 years from completion of the relevant project except where the limitation period in the contract is a longer period of time, in which case we will keep this personal information for that longer period of time. After this time it will be anonymised so as to be no longer personal to you and/or deleted.

If you have supplied personal information for marketing purposes (through registering for a newsletter for example) and you notify us that you no longer wish to receive these communications, we will only retain the personal information required to ensure that this request is complied with (typically email address).

If you have supplied your information while checking in at our offices this (and the associated information about when you were there) will be kept for a period of one month before being deleted.

Personal information supplied as part of a contract signature process will kept in line with the contract retention period, typically seven years from end of service provision.

If you have supplied personal information in signing up to be a usability tester it will be kept only for as long as is necessary to facilitate the project in question, unless you have asked to be contacted in future about additional testing opportunities. In the case of having registered for future contact, your details will be retained until such point as you notify us that you no longer wish to be registered for this service.

If you have supplied personal information in applying for a vacancy it will be kept for 6 months after the end of the recruitment process for that role unless you have asked to be contacted in future about other such vacancies. In the case of having registered for future contact, your details will be retained until such point as you notify us otherwise.

How you can update your personal information

If at any point you believe the information we hold about you is incorrect you can request to see this information and have it corrected, restricted or deleted by emailing us at privacy@boxuk.com. An unsubscribe option is additionally included in every marketing email you receive.

Your right to a copy of your personal information (“subject access request”)

You may request us to provide you with any personal information we hold about you; provision of such information will be subject to

  • your request not being unfounded or excessive, in which case a charge may apply; and
  • the supply of appropriate evidence of your identity (for this purpose, we will usually accept a photocopy of your passport certified by a solicitor or bank plus an original copy of a utility bill showing your current address).

We may withhold personal information that you request to the extent permitted by law.

Your right to erasure of your personal information

In certain circumstances you have the right to have personal data we hold about you erased. This will be done without undue delay. These circumstances include the following: it is no longer necessary for us to hold personal data in relation to the purposes for which it was originally collected or otherwise processed; you withdraw your consent to any processing that requires consent; the processing is for direct marketing purposes; or the personal data has been unlawfully processed.

However, there are certain general exclusions of the right to erasure, including where processing is necessary: for exercising the right of freedom of expression and information; for compliance with a legal or regulatory obligation; or for establishing, exercising or defending legal claims.

Your right to restrict processing of your personal information

In certain circumstances you have the right for the processing of your personal data to be restricted. This is the case where: you do not think that the personal data we hold about you is accurate; your data is being processed unlawfully, but you do not want your data to be erased; it is no longer necessary for us to hold your personal data for the purposes of our processing, but you still require that personal data in relation to a legal claim; or you have objected to processing, and are waiting for that objection to be verified.

Where processing has been restricted for one of these reasons, we may continue to store your personal data. However, we will only process it for other reasons: with your consent; in relation to a legal claim; for the protection of the rights of another natural or legal person; or for reasons of important public interest.

Your right to object to processing of your personal information

You may object to us processing your personal data on grounds relating to your particular situation, unless our legal basis for the processing is that it is necessary for: the performance of a task carried out in the public interest, or in the exercise of any official authority vested in us; or the purposes of our legitimate interests or those of a third party.

If you make an objection, we will stop processing your personal information unless we are able to: demonstrate compelling legitimate grounds for the processing, and that these legitimate grounds override your interests, rights and freedoms; or the processing is in relation to a legal claim.

Your right to make a complaint

If you think that our processing of your personal data infringes data protection laws, you have the right to lodge a complaint at any time to the Information Commissioner’s Office the UK regulator for data protection issues (www.ico.org.uk).

We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance at privacy@boxuk.com and we assure you that your concerns will be promptly and properly investigated.

Cookies

Use of cookies

Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site. The table below explains the cookies we use and why.

 

Cookie

 

Category

 

Name

 

Expiry

 

Purpose

ActiveCampaign Targeting or advertising ac_subscriber Session This cookie allows us to identify a user if they have started their journey via Active Campaign link i.e by clicking a link in an email.
Google Analytics Performance  _ga

_gat

_gid

2 years

Session

Session

These cookies are used to collect information about how visitors use our website. We use the information to compile reports and to help us improve the website. The cookies collect information in an anonymous form, including the number of visitors to the website, where visitors have come to the website from and the pages they visited.
Hotjar Performance _hjAbsoluteSessionInProgress

_hjSession

_hjFirstSeen

_hjIncludedInSessionSample

_hjSessionUser

_hjIncludedInPageviewSample

30 mins

30 mins

Session

30 mins

365 days

30 mins

These cookies are used to collect information about how visitors use our website. We use the information to compile reports and to help us improve the website. The cookies collect information on how users engage with various elements of the page and what they click on.
Lead Forensics Performance _lfuuid Persistent
10 years
The _lfuuid cookie allows a website to track visitor behaviour on the sites on which the cookie is installed. Tracking is performed anonymously until a user identifies themself by submitting a form.
Parsely Performance _parsely_session

_parsely_visitor

365 days

365 days

These cookies are used to track how individual content pieces are performing.

Opting out of cookies

In using the Box UK website, you are consenting to the use of cookies. You are of course able to change your cookie settings within your browser at any time.

If you do not know what cookies are, or how to control or delete them, we recommend you visit www.aboutcookies.org or www.allaboutcookies.org for guidance.

To opt out of being tracked by Google Analytics across all websites visit http://tools.google.com/dlpage/gaoptout.

Copyright

Images, text, software, documentation, electronic text and image files, audio and video files and clips, and other materials on the Box UK website are protected by copyright laws and may be covered by other restrictions as well. Box UK retains all rights, including copyright, in data, image, text, and any other information contained in these files. Box UK expressly prohibits the copying of any protected materials on this website, except for the purposes of fair use as defined in copyright laws and as defined below.

Fair use of copyrighted material includes the use of protected materials for non-commercial educational purposes, such as teaching, scholarship, research, commentary and news reporting. Unless otherwise noted, users who wish to download or print text, audio, video, image and other files from the Box UK website for such uses are welcome to do so with our express permission. Users must cite the author and source of this material as they would material from any printed work; the citation should include the URL https://www.boxuk.com. By downloading, printing, or otherwise using text, audio, video, image and other files from this website, whether accessed directly from this website or via other sites or mechanisms, users agree that they will limit their use of such files to fair use and will not violate Box UK’s or any other party’s proprietary rights.

Unauthorised publication or exploitation of Box UK’s files is specifically prohibited. Anyone wishing to use any of these files or images for commercial use, publication, or any purpose other than fair use as defined by law, must request and receive prior permission from Box UK.

Linking

Box UK’s website may occasionally link to other sites that we deem relevant to our users. We are not responsible for the accuracy or reliability of the content on third party websites, nor do we necessarily endorse the sites and their content.