Appraisd Ltd

United Kingdom

We retain personal data for as long as necessary for the relevant activity for which it was provided or collected. This will be for as long as we provide access to the website or services to you, your account with us remains open or any period set out in any relevant contract you have with us. However, we may keep some data after your account is closed or you cease using the services for the purposes set out below. After your account has been closed, we usually delete personal data, however we may retain personal data where reasonably necessary to comply with our legal obligations (including law enforcement requests), to meet regulatory requirements, maintain security, prevent fraud and abuse, resolve disputes, enforce our Terms and Conditions, or fulfil your request to “unsubscribe” from further messages from us. We may retain de-personalised information after your account has been closed. Please note: After you have closed your account or deleted information from your account, any information you have shared with others will remain visible. We do not control data that other users may have copied from the website or services.

You can make a request for deletion or rectification of data by writing to us at the contact address given at the end of this Privacy Policy. We will respond to such queries within 30 days and deal with requests we receive from you, in accordance with the provisions of Data Protection Law. Additionally at the termination of a contract the following clauses apply. 13. Termination The Company may terminate this Agreement or the provision of any Services provided pursuant to this Agreement with immediate effect by giving written notice to the Customer if: (i) the Customer has used or permitted the use of the Services otherwise than in accordance with this Agreement; or (ii) the Company is prohibited under the laws of England or otherwise from providing the Services. Either party may terminate this Agreement with immediate effect on giving written notice to the other party if: (i) the other party commits a material breach of any term of the Agreement and (if such a breach is remediable) the breaching party fails to remedy that breach within 30 (thirty) days of being notified in writing of the breach; (ii) the other party suspends or ceases, or threatens to suspend or cease, to carry on all or a substantial part of its business; and/or (iii) the other party is unable to pay its debts or enters into compulsory or voluntary liquidation (other than for the purpose of effecting a reconstruction or amalgamation in such manner that the Company resulting from such reconstruction or amalgamation shall be bound by and assume the Company's obligations hereunder); (iv) the other party compounds with or convenes a meeting of its creditors or has a receiver, manager or similar official appointed in respect of its assets; or (v) the other party has an administrator appointed or documents are filed with the court for the appointment of an administrator or notice is given of an intention to appoint an administrator by such party or its directors or by a qualifying floating charge holder (as defined in the Insolvency Act 1986, paragraph 14 schedule B1); or (vi) any similar event occurs under the law of any other jurisdiction in respect of that party. Data will be retained in back ups for 35 days after initial deletion.

United Kingdom

Data is hosted with Microsoft Azure in the UK unless otherwise agreed with your account manager.

Azure

yes

Account administrators have the power to delete data from an account at any time. This will result in the full removal from our back ups within 35 days. Additionally data subjects have the right, in certain circumstances, to request erase of their personal data “right to be forgotten”. Where such a request is made, unless there is an exemption under section 4, personal data should be erased without undue delay if: • the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; • the data subject withdraws their consent to the processing of their personal data and consent was the basis on which the personal data were processed and there is no other legal basis for the processing; • the data subject objects to the processing of their personal data on the basis of our performance of a task carried out in the public interest or in the exercise of official authority vested in us, or on the basis of our legitimate interests which override the data subject’s interests or fundamental rights and freedoms, unless we either can show compelling legitimate grounds for the processing which override those interests, rights and freedoms, or we are processing the data for the establishment, exercise or defence of legal claims; • the data subject objects to the processing of their personal data for direct marketing purposes; • the personal data have been unlawfully processed; • the personal data have to be erased for compliance with a legal obligation to which we are subject; or • the personal data have been collected in relation to the offer of e-commerce or other online services. Inform the employer of the reasons for not taking action if data is not deleted. In addition to the exemptions in section 4, we can also refuse to erase the personal data to the extent processing is necessary: • for exercising the right of freedom of expression and information; • for compliance with a legal obligation which requires processing by law and to which we are subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in us; • for reasons of public interest in the area of public health; • for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes in so far as the right to erasure is likely to render impossible or seriously impair the achievement of the objectives of that processing; or • for the establishment, exercise or defence of legal claims.

no

2021-08-17

yes

Azure AD, Okta, OneLogin, any SAML2.0

yes

no

support@appraisd.com

yes

yes

no

no

Email sending with Sparkpost, Azure hosting, Twilio video conferencing

no