Privacy Policy

1. Important notice   

This is the Privacy notice of Attollo Group (company number 10681711) whose registered office is Unit 12, Prince Court, Silver Street, Ramsbottom, Bury, Greater Manchester, BL0 9BJ, United Kingdom (“Attollo Group”, “we”, “us” or “our”) and sets out how we collect and process your personal data. This Privacy Notice also provides certain information that is legally required and lists your rights in relation to your personal data.  

This Privacy Notice relates to personal information that identifies “you” meaning customers or potential customers/suppliers/ individuals who browse the website/ individuals outside our organisation with whom Attollo Group Interact.  

We refer to this information throughout the Privacy Notice as “personal data” and paragraph 3 sets out further details of what this includes. Please read this Privacy Notice to understand how Attollo Group may use your personal data.  

If you are an employee, contractor or otherwise engaged in work with us or applying to work with us, a separate privacy notice applies to you instead. This Privacy Notice is not intended for children and we do not knowingly collect personal data relating to children.  

This Privacy Notice may vary from time to time so please check it regularly. This version of our Privacy Notice was published January 2021 and is the most recent version. 

2. How to contact us  

2.1. Data Controller and contact details  

For the purposes of relevant data protection legislation, we are a controller of your personal data and as a controller we use the personal data we hold about you in accordance with this Privacy Notice.  

If you wish to correct your personal data held by us or to opt out at any time from receiving marketing correspondence from us or to alter your marketing preferences please contact marketing@thisisattollo.com

If you need to contact us in connection with our use or processing of your personal data, or gain access to it then out contact details are as follows: 

  • Email address: marketing@thisisattollo.com 
  • Contact number: +44 (0) 1952 288 365
  • Postal address: Unit 12, Prince Court, Silver Street, Ramsbottom, Bury, Greater Manchester, BL0 9BJ, United Kingdom  
  • Our representative: Rebecca Hill.  

2.2. Data Protection Officer  

We have appointed a Data Protection Officer who is responsible for overseeing questions in relation to this Privacy Notice. If you have any questions about this Privacy Notice, including any requests to exercise your legal rights, pleas contact the Data Protection Officer using the details set our below:  

Our full details are:  

  • Attollo Group (Company number: 10681711) 
  • Data Protection Officer: Mark Stokes  
  • Email Address: dataprotectionofficer@thisisattollo.com 
  • Postal Address: Unit 12, Prince Court, Silver Street, Ramsbottom, Bury, Greater Manchester, BL0 9BJ, United Kingdom 

3. Categories of personal data we collect  

3.1. The categories of personal data about you that we may collect, use, store, share and transfer are: 

Individual Data  

  • This includes personal data which relates to your identity, such as your first name, middle name, last name, username or similar identifier, job title and your contact details such as your billing address, delivery address, fax address, email address and telephone numbers; 

Advertising Data  

  • This includes personal data which relates to your advertising preferences, such as information about your preferences in receiving marketing materials from us and our third parties and your communication preferences as well as your personal interests; 

Information Technology Data 

  • This includes person data which relates to your use of our website, such as your internet protocol (IP) address, login data, traffic data, weblogs and other communication data, browser type and version, time zones settings and location, browser plug-in types and versions, operating systems and platform and other technology on the devices you use to access our website; 

Economic and Financial Data  

  • This includes personal data which relates to your finances, such as your bank account and payment card details and information which we collect from you for the purposes of the prevention of fraud; 

Sales Data  

  • This includes personal data which relates to the transactions you have conducted with us, such as details about payments to and from you, details of subscriptions to our services or publications and other details of products and services you have purchased from us;

Audio and Visual Data  

  • This includes personal data which is gathered using our CCTV or other recording systems in the form of images, video footage and sound recordings that is taken at any of our locations or otherwise by us for promotional purposes; 

Health Data  

  • This includes personal data which is gathered for health and safety purposed including any accident report or claim; 

Market Research Data  

  • This includes personal data which is gathered for purposes of market research.  

We may also create Personal Data about you, for example, if you contact us by telephone to make a complaint, for example about our services or products, then we may make a written record of key details of the conversation so that we can take steps to address the complaint.  

  •  3.2. We also obtain and use certain aggregated data such as statistical or demographic data for any purpose (“Aggregated Data”). Aggregated Data may be derived from your personal data but does not directly or indirectly reveal your identify. For example,  we may aggregate your Information Technology Data to calculate the percentage of users accessing a specific feature on our website. However, if we re-combine or re-connect Aggregated Data with your personal Data so that it can be directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this Privacy Notice.  
  • 3.3. In addition, we may obtain special categories of your data (“Special Categories of Data”), and this Privacy Notice specifically sets out how we may process these types of personal data. The Special Categories of Data are: (i) personal data revealing racial or ethnic origin, political opinions, religions or philosophical beliefs, or trade union membership; and (ii) the processing of generic data, biometric data for the purposes of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sec life or sexual orientation.  

4. The sources from which we obtain your data  

  • 4.1. We obtain your personal data from the following sources:
    • 4.1.1. Directly from you, either in person (at our locations or otherwise, via our website, apps or by telephone. This could include personal data which you provide when you:
      • (a) Download a piece of content; 
      • (b)Register for an event; 
      • (c)Subscribe to our communications; 
      • (d)Request information on our product or services
      • (e)Create an account on our website;  
      • (f)Place an order for our product or services; 
      • (g)Enter into a competition or promotion; and  
      • (h)Complete a survey from us to give us feedback 
    • 4.1.2. Automated technologies, such as CCTV or other recording systems, cookies, sever logs and other similar technologies. We may automatically collect Information Technology Data about your equipment, browsing actions and patterns by using cookies, server logs and other similar technologies. We may also receive Information Technology Data about you if you visit other website or apps employing our cookies. 
    • 4.1.3. Third parties, such as:
      • (a) Analytics providers (such as Google Analytics); 
      • (b) Advertising networks (such as Facebook, LinkedIn and Google Adwords); 
      • (c) Providers or social media platforms (such as Facebook, Twitter, LinkedIn, Instagram and Pinterest) for example where you share our content through social media, for example by liking us on Facebook following or tweeting about us on Twitter.  

5. How we use your personal data & our basis for using it 

  •  5.1. Where we are relying on a basis other than content we may rely on one or more of the following legal bases when processing your personal data. We have set out below the purposes for which we may process your personal data.  

Purpose/Activity Type of Data Lawful basis for processing including basis of legitimate interest  
To register you as a new customer and process your order  Identity  Contact  Marketing and Communications (a)Performance of a contract with you  (b) Necessary for our legitimate interests (the provision of information in relation to our services prior to entering into a contract)  
To process and deliver your order including: Manage payments, fees and charges Collect recover money owed to us Identity  Contact Marketing and communications  Financial  Transactions  Performance of a contract with you  Necessary for our legitimate interests (to recover debts due to us) 
To manage our relationships with you which will include: Notifying you about changes to our terms or privacy policy Asking you to leave a review or take a survey Identity  Contract Marketing and Communications  Profile Performance of a contract with you  Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services) Necessary to comply with a legal obligation   
To enable you to partake in a prize draw, competition or complete a survey Identity  Contact  Marketing and communications  (f) Profile  (g) Usage (a) Performance of a contract with you  (b) Necessary for our legitimate interests (to study how customers use our products/services, to develop them and grow our business) 
To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data).  Identify  Contact  (h) Technical  (b) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of business reorganization or group restructuring exercise (c) Necessary to comply with out legal obligation   
To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you.  Identify  Contact Marketing and Communications  (f) Profile  (g) Usage  (h) Technical (b) Necessary for our legitimate interests (to study how customers use products/services, to develop them, to grow our business and to inform our marketing strategy) 
To use data analytics to improve our website, products/services, marketing, customer relationships and experiences  Usage  Technical  (b) Necessary for our legitimate interest (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy). 
To make suggestions and recommendations to you about goods and services that may be of interest to you  Identify  Contract Profile  Technical  Usage  (b) Necessary for our legitimate interests (to develop our products/services and grow our business) 

Where we may rely on consent  

  • 5.2.1. We would like to use your personal data for a variety of different purposes. For certain of these purposes it is appropriate for us to obtain your prior content. The legal basis of content is only used by us in relation to processing that is entirely voluntary – it is not used for processing that is necessary or obligatory in any way. Where we rely on content, you may at any time withdraw the specific content you give to our processing your personal data by following the opt-out links on any marketing message sent to you or by contacting us at any time. Please contact us using the contact details set out in paragraph 2.  
  • 5.2.2. Please note even if you withdraw consent from us to use your personal data for a particular purpose we may continue to rely on other bases to process your personal data for other purposes.  

6. Disclosures of your personal data 

We may have to share your personal data with parties set out below for the purposes set out in the table in paragraph 5 above.  

  • External Third Parties as set out in the Glossary. 
  • Specific third parties below: 

Name of third-party Service provided Type of personal data processed 
Microsoft Microsoft 365 – email and other productivity services  (a), (b) 
Azure Active Directory Software provider (a), (b), (c), (d) 
Adobe Sign Contract software  (a), (b), (c), (d) 

  • Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this Privacy Notice.  

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposed and in accordance with our own instructions.  

7. Personal data about other people which you provide to us  

  • 7.1. If you provide personal data to us about someone else (such as one of your directors or employees, or someone with whom you have business dealings) you must ensure that you are entitled to disclose that personal data to use and that, without our taking any further steps, we may collect, use and disclose that personal data as described in this Privacy Notice. 
  • 7.2. You must ensure the individual concerned is aware of the various matters detailed in this Privacy Notice, as those matters relate to that individual, including our identity, how to contact us, the way in which we collect and use personal data and our personal data disclosure practices, that individual’s right to obtain access to the personal data and make complaints about the handling of the personal data, and the consequences if the personal data is not provided.  

8. Accuracy of your personal information  

It is important that the personal data we hold about you is accurate and current and we take all reasonable precautions to ensure that this is the case but we do not undertake to check or verify the accuracy of personal data provided by you. Please keep us informed if your personal data changes during your relationship with us either by logging into your account on the website or by contacting us. We will not be responsible any losses arising from an inaccurate, inauthentic, deficient or incomplete personal data that you provide us with.  

9. International transfers od personal information 

  • 9.1. It is possible that personal data we collect from you may be transferred, stored and/or processed outside the European Economic Area (EEA) (including Australia, New Zealand and USA). It may also be processed by staff operating outside of the EEA who work for us or one of our partners and, accessed by any person that have been given permission to access information by a user. We will take all steps reasonably necessary to ensure data is treated securely.  

10. How long will we store your personal data for 

We will store your personal data the time period which is appropriate for the purpose for which the personal date is used. We keep the length of time that we hold your personal date for under review. These reviews take place annually.  

11. Contractual or stator requirements on you to provide personal data  

  • 11.1. In certain circumstances the provision of personal data by you is a requirement to comply with the law or a contract, or necessary to enter into a contract.   
  • 11.2. It is your choice as to whether you provide us with your personal data necessary to enter into a contract or as part of a contractual requirement. If you do not provide your personal data then the consequences of failing to provide your personal data is that we may not be able to perform to the level you expect under any contract with you. An example of this would be where we are unable to provide you with essential information around the service we offer you or confirmation of event registration as we do not have your full details, or where we cannot perform our contract with you at all because we rely on the personal data you provide in order to do so. Please see our terms and conditions for further details. 

12. Your rights in relation to your personal data 

Under certain circumstances, you have rights under data protection laws in relation to your personal data. These are set out at the end of this privacy notice.  

If you wish to exercise any of these rights, please contact us on dataprivacymanager@thisisattollo.com

  • 12.1. No fee usually required
    • You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in there circumstances.  
  • 12.2. What we may need from you
    • We may need to request specific information from you to help us confirm your identity and ensure your rights to access your personal data (or to exercise any of your other legal rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to you request to speed up our response.  
  • 12.3. Time limit to respond
    • We try to respond to all legitimate requests withing one month. Occasionally it may take us longer if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.  

13. Links to other websites 

  • 13.1. This policy only applies to Attollo Group. If you link to another website from our website, you should remember to read and understand that website’s privacy policy as well. We do not control unconnected third-party websites and are not responsible for any use of your personal data that is made by unconnected third party websites. 

14. Glossary  

  • 14.1. Lawful Basis
    • Legitimate interests: means the interest of our business in conducting and managing our business to enable us to give you the best service/product and the best most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interest. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted by law). You can obtain further information about how we assess out legitimate interests against any potential impact on you in respect of specific activities by contact us. 
    • Comply with a legal or regulatory obligation: means processing your personal data where it is necessary for compliance with a legal or regulatory obligation that we are subject to.  
  • 14.2. Third-parties
    • 14.2.1. External third-parties
      • Service providers acting as processors based both inside and outside of the EU who provide IT and system administrative services  
      • Professional advisers acting as processors including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services.  
      • HM Revenue & Customs, regulators and other authorities based in the United Kingdom who require reporting of processing activities in certain circumstances.
    • 14.2.2. Your legal rights
      • You have the right to:
        • Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.  
        • Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.  
        • Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delate or remove your personal data where you have successfully exercised your right to obtain to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request or erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.  
        • Object to processing of you personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your legal rights and freedoms.  
        • Request restrictions of processing your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios (a) if you want us to establish the data’s accuracy; (b)where are use of the data is unlawful but you do not want us to erase it; (c) where yu need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.  
        • Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structures, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.  
        • Withdraw content at any tie where were are relying on consent to process you personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your content. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.  

Attollo helps organisations get more out of their SharePoint Intranet, making them more efficient