Privacy Policy

TeamHaven is a product that is used by companies to manage the field activity of their employees and collect data digitally. Our customers will typically upload data about each of their employees and that data might contain personal information. Our customers may also collect personal or business-sensitive data.

Although we have no control over what personal information our customers choose to upload, we understand that we must treat all personal information with the utmost respect.

To that end, this policy explains how we protect and use personal information.

Definitions

  1. "TeamHaven Ltd" and "We" refer to the company, TeamHaven Ltd.

  2. "TeamHaven" refers to the Software as a Service product sold by TeamHaven Ltd.

  3. "TeamHaven Mobile" refers to the TeamHaven Mobile application for iOS and Android.

  4. "Customer" refers to a customer of TeamHaven Ltd.

  5. "Customer Data" refers to data uploaded into TeamHaven by a Customer, including data collected using TeamHaven on behalf of a Customer.

  6. "Individual" refers to a person employed by or affiliated with a Customer.

  7. "Data Subject" refers to an individual who may give personal information to the data controller.

  8. "Personal Information" refers to Customer Data that contains personal, private or confidential information about an Individual.

  9. "Personal Data" means any information relating to an identified or identifiable person (‘data subject’); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a username, name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person.

  10. "Controller" means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

  11. "Processor" means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller. The data processor is TeamHaven Ltd.

  12. "Processing" means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

  13. "Filing System" means any structured set of personal data which are accessible according to specific criteria, whether centralised, decentralised or dispersed on a functional or geographical basis.

  14. "Third Party" means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

  15. "Consent" of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

Data Protection and Security

TeamHaven has implemented and is currently certified under the following two ISO standards:

  • ISO 9001 Quality Management Systems
  • ISO 27001 Information Security Management

These are audited and renewed annually. All TeamHaven staff are trained and re-trained yearly.

To ensure the highest level of security of Customer Data, TeamHaven has adopted the following:

  • UK Data Protection Act 2018
  • UK GDPR (from 1st January 2021 in accordance with the European Union Withdrawal Agreement Act 2020)

TeamHaven will continually observe any changes made to the legalisation and best industry practices and will apply changes as necessary.

Data Processing and Sub-Processors

TeamHaven processes data under the authority of the controller. TeamHaven uses Microsoft Azure Cloud services for its technical infrastructure and such data is stored there.

Microsoft Azure North Europe-Ireland, registered address: Takeda Ireland Ltd (Grange Castle), New Nangor Road, Grange, Dublin 22, Co. Dublin, Ireland. Primary server is located in the Netherlands (Azure West Europe Region). For more information please visit:

TeamHaven also provides technical support and it may be necessary to store Personal Data on TeamHaven Employees' computers temporarily. For more details please see below regarding information we may collect and how we use it.

Information collected

  1. The information provided when filling out the Contact/Support Request form. This information may include: username, first name, last name, email address, telephone number, company name and company type.

  2. The information provided when corresponding with an employee of TeamHaven by email, phone and meeting. This information could include: username, email address, first name, last name, company name, company type as well as any details discussed during contact.

  3. TeamHaven Mobile may collect your geographical location when starting and completing visits.

  4. We collect the date and time an Individual last used the TeamHaven Mobile app, the version of the TeamHaven app being used, the public IP address and the mobile platform used to log in.

  5. Customers may upload Personal Information about Individuals. The Personal Information could include username, first name, last name, home address, telephone, email address and SMS information. Customers may also upload other personal data. It is the controller's responsibility to adhere to the data processing principles.

  6. Depending on the Data Controller’s settings within TeamHaven, TeamHaven may store a success rating against an Individual’s Personal Information. This is used to help the Data Controller assign the right Individuals to the right Calls within TeamHaven.

  7. TeamHaven uses cookies on the TeamHaven website. These are session cookies required for the correct functionality of the website. For more information, please read the Managing Cookies policy.

How we use Personal Information and Data

  1. Contact details obtained from our Contact/Support Request form will be used by TeamHaven Ltd solely for the purpose of contacting the individual regarding their request.

  2. From time to time we may use Personal Information contained in Customer Data to obtain the email addresses of Individuals to inform them of TeamHaven-specific events such as downtime and system upgrades.

  3. We may use your postal address to determine the geographical location of your home address.

  4. We may use the geographical location of your home address to facilitate accurate route planning and to determine your proximity to store locations.

  5. In order to obtain the geographical location of your home address, we may send it to Google Maps for Business. If we do, then we will not include any information apart from your address (no name, phone number, email address etc.).

  6. TeamHaven Mobile collects your geographical location so that we can determine whether you are/were close to a store location when you started and/or completed a store visit.

  7. Usernames that are assigned to TeamHaven users are contained in the Mobile application log and if the end user raises a support ticket the event log may be required to provide additional assistance. Usernames obtained this way will only be used to assist with the enquiry and will not be shared or used in other ways.

  8. Personal data may be captured during data collection and this temporary information is stored on device memory when TeamHaven Mobile is being used. If the end user raises a support ticket the temporary database may be required to provide additional assistance. Any personal data obtained this way will only be used to assist with the enquiry and will not be shared or used in other ways.

Data Retention

We retain personal information for as long as it is needed to fulfil our contractual obligation with our customer. It is the data controller's responsibility to maintain accurate and up-to-date information. Once personal data has been marked for deletion it will first be archived for a period of 90 days in order to provide restoration possibilities. After 90 days the data is purged from the database (permanently deleted). Purging the data can happen sooner on customer request.

Rights of the data subjects

Right to be informed

the Controller shall, at the time when personal data are obtained, provide the data subject with information on how the processing is:

  • Lawful
  • Fair
  • Transparent

Lawful Processing

TeamHaven processes customer data as outlined in Article 6 of the GDPR. Processing is necessary for the performance of this contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.

Fair Processing

It is the data controller's responsibility to explain the purpose of the data being processed, how long it is retained and who it may be shared with.

Transparency

The controller shall take appropriate measures to provide any information about processing to the data subject in a concise, transparent, intelligible and easily accessible form, using clear and plain language. The information shall be provided in writing, or by other means, including, where appropriate, by electronic means. When requested by the data subject, the information may be provided orally, provided that the identity of the data subject is proven by other means.

Right of access

As Article 15 of GDPR outlines, the controller will ensure data subjects are able to request access to their personal data, know where information is stored, how long it is retained and for what purpose it is stored. TeamHaven will comply with all access requests made by data subjects that are assigned to the customer account.

Information to be provided

Where personal data relating to a data subject are collected from the data subject, the controller shall, at the time when personal data are obtained, provide the data subject with all of the following information:

  • the identity and the contact details of the controller and, where applicable, of the controller’s representative;
  • the contact details of the data protection officer, where applicable;
  • the purposes of the processing for which the personal data are intended as well as the legal basis for the processing;
  • where the processing is based on the controller, the legitimate interests pursued by the controller or by a third party;
  • the recipients or categories of recipients of the personal data, if any;
  • where applicable, the fact that the controller intends to transfer personal data to a third country or international organisation
  • the period for which the personal data will be stored, or if that is not possible, the criteria used to determine that period;
  • the existence of the right to request from the controller access to and rectification or erasure of personal data or restriction of processing concerning the data subject or to object to processing as well as the right to data portability;
  • the existence of the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal;
  • the right to lodge a complaint with a supervisory authority;

Where personal data have not been obtained from the data subject, the controller shall provide the data subject with the the identity and the contact details of the controller and, where applicable, of the controller’s representative.

The Controller shall, at the time when personal data are obtained, provide the data subject with information on all of the following:

  1. Right to rectification
  2. Right to erasure
  3. Right to object
  4. Right to restriction of processing
  5. Right of access
  6. Right to data portability

Notification of breach

  • The processor shall notify the controller without undue delay after becoming aware of a personal data breach.
  • The processor shall notify the ICO without undue delay up to maximum of 72 hours delay after becoming aware of a personal data breach if it is likely to result in a high risk to the rights and freedoms of natural persons or data subjects.
  • Describe the nature of the personal data breach including where possible, the categories and approximate number of data subjects concerned and the categories and approximate number of personal data records concerned;
  • Communicate the name and contact details of the data protection officer or other contact point where more information can be obtained;
  • Describe the likely consequences of the personal data breach;
  • Describe the measures taken or proposed to be taken by the controller to address the personal data breach, including, where appropriate, measures to mitigate its possible adverse effects.

When the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, the controller shall communicate the personal data breach to the data subject without undue delay.

Policy Last Updated: 20/09/2024

TeamHaven Data Protection Liaison contact details: email: dpo@teamhaven.com phone: +44 (0) 1249561050