Visitor Privacy
Find information on Visitor Privacy, data collection, and exercising your rights.
We are the Egress Software Technologies Group. More information about our group can be found at www.egress.com/about. For us privacy is not just about our software. It is about the experience that we give our customers, prospects, users, employees and visitors however they engage with us.
Egress Software Technologies Limited (we, us and our) based in the United Kingdom will hold your personal data for and on behalf of itself and its group companies. This policy sets out how the information that you give us and our group companies, or that we obtain from other sources, or learn about you from your visits to our group premises.
On this page you can find details of how we use the data that you provide to us when you visit, what we do with it and where it is stored.
If you have any questions we would be happy to answer them. Just get in touch at DPO@egress.com.
This policy was last updated on 12 April 2024.
The information we collect and how we get it
We collect information about you in a number of ways. We may combine the information that we receive from these various sources with other information that we collect or receive. We set out further below how we use this information.
Security
The security and confidentiality of your personal information is very important to us. We have implemented commercially reasonable technical and organizational safeguards to appropriately protect your personal information against accidental, unauthorized, or unlawful access, use, loss, destruction or damage. The measures that we utilize are administrative--[such as the training of employees on privacy and information security-related activities], technical--[such as pseudonymization or encryption techniques, and network firewalls], and physical--[such as locks and video surveillance].
We limit access to your personal information to those employees, agents, contractors and other third-parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
Still, no system can be guaranteed to be 100% secure. If you have questions about the security of your personal information, or if you have reason to believe that the personal information that we hold about you is no longer secure, please contact us immediately as described in this Privacy Notice.
|
From |
How we obtain or receive it |
Examples of the types of information |
|---|---|---|
|
You |
- filling out electronic or paper visitor records to use or our corporate landlords - correspondence prior to your visit - use of visitor access cards (if provided and available) |
- Personal contact information - Photograph (in some of our premises) - Landlord visitor records and books - Your affirmation to certain statements (e.g. those stating that you do not have relevant health conditions on the date of your visit) |
|
CCTV |
- Group owned CCTV systems - Landlord owned CCTV systems |
- Visual images without audio |
How we use the data that we collect
|
What we use it for |
Our reasons |
Our lawful basis |
Information type |
|---|---|---|---|
|
Manage and track, and ensure the security of, your visit to our premises |
We have a legitimate interest in maintaining the physical security of our group’s premises and personnel in accordance with industry practice and applicable health regulations and guidance. |
Legitimate interests |
Personal contact information, visual images |
|
Conduct investigations and respond to enquiries |
We may use the information that we collect about visitors to our premises where necessary or appropriate in order to conduct investigations or respond to enquiries (including to comply with legal or regulatory obligations). These enquiries may include responding to relevant health authorities (e.g. in respect of track, test and trace programmes where applicable). |
Legitimate interests, Legal Obligation |
Personal contact information, visual images |
|
Manage, track and develop our relationship with you |
We may use information gained from your visit or a record of your visit as part of the information that we retain and refer to in the management of our relationship with you or your business. This may include storage of information on our CRM platform or other relevant internal systems. The uses of that information are set out in our Service Privacy Policy and Website Privacy Policy. |
Legitimate interests |
Personal contact information, visual images |
|
Exercising our rights |
We may need to process certain information (including personal data) in order to exercise or enforce our rights under this and any other relevant policies. |
Legitimate interests, Legal obligation |
Personal contact information, visual images |
|
Responding to and actioning any request by you in exercising your legal rights in relation to your personal data |
Processing may be required to provide confirmation of information to you (e.g. if you make a data subject access or data portability request) or in order to action a request that you make (e.g. correction, deletion, erasure or restriction). |
Legitimate Interests, Legal Obligation |
Personal contact information, visual images |
|
Contacting you in response to track, test or trace type activity |
We may need to contact you in the event that an incident occurs at our premises that means that you could have potentially been impacted by it. We will use the personal contact information that we maintain in order to let you know so that you can take appropriate steps or precautions. |
Legal obligation |
Personal contact information |
Who we may share your information with and sending information outside the country you are located in
To operate our group effectively we use shared systems, resources and sub-processors and so the information that we collect may be transferred, shared and processed within our group and to and by these third-parties. This may involve the storage, transfer and processing of this information outside the UK, the EEA, the United States or the country where you are located. Where this happens, we will ensure that any such transfer or processing is subject to appropriate legal and technical safeguards.
Any third party sub-processors are only authorised to use your personal information as necessary to provide the services to us that we request from them have contracts in place to maintain at least the same data privacy and security obligations we adhere to.
Electronic registration: Where we use an electronic visitor system, we use a third party – Teem Technologies, Inc.. Teem, Inc. is based in the United States and more information about it can be found at https://www.teem.com/privacy/ and at www.egress.com/legal/subcontractors.
CCTV: Where we use an in-house CCTV system, we use a third party, Nest Labs, Inc.. Nest is based in the United States and more information about it can be found at https://nest.com/uk/legal/privacy-policy-for-nest-web-sites/.
Health authorities: to the extent required by relevant laws or regulations, we may share limited personal contact information with relevant health authorities or other bodies involved in track, test and trace activity to enable them to contact you through such programmes in the event of any incident at our premises or involving our personnel that you may have come into contact with.
Transfer of rights: We reserve the right to transfer our obligations, rights and permissions in the data that you provide or that we collect to any organisation to which we may transfer our business or assets (including if we, or a relevant part of us or our assets, are proposed to be purchased or acquired by a third party).
Selling your information: We will not, and do not, sell or rent your information to third-parties for: (i) valuable consideration (as defined in the California Consumer Privacy Act) or for their direct marketing purposes; or (ii) monetary consideration for the person to license or sell it to additional persons (as defined in Nevada Senate Bill 220). Your information may be shared with third parties as set out above for our business purposes.
Applicable law: We reserve the right to disclose the data that you provide or that we collect in order to comply with national, EU or Member State law to which we’re subject, including to meet any national security and law enforcement requirements. You can find out more on our approach here.
How long we will keep your information for
|
Type of Data |
How long we will retain it |
|---|---|
|
Electronic personal contact information |
Digital records using Teem are kept for 12 months. |
|
CCTV |
CCTV images are kept for a limited period of time but may be kept for longer for the investigation of an incident, retention of evidence or when competent authorities request us to retain them. |
Your rights as an individual
As an individual you may have certain rights by law in respect of the personal data that we hold about you. These rights may not always apply as your location and the basis on which we are processing your personal data may affect their availability. You can find out more information about them and our Data Protection Officer at https://www.egress.com/legal/your-rights.
If you ever have a complaint relating to the delivery of our services, or our processing of your personal information, you can find details on how to raise this in our Complaints Policy at www.egress.com/legal.
Data Privacy Framework
We participate in the EU-U.S. and Swiss-U.S. Data Privacy Frameworks (DPF) and have self-certified to the U.S. Department of Commerce our adherence to the Principles for all personal information received from countries in the European Economic Area, Switzerland, and the United Kingdom in reliance on the DPF. To learn more about the DPF, visit the website at Program Overview (dataprivacyframework.gov). If there is any conflict between the terms in this Privacy Policy and the DPF Principles, the Principles shall apply where it enables stronger protections.
Under the Data Privacy Framework, we are responsible for the processing of personal information we receive and subsequently transfer to a third party acting for or on our behalf. We are liable for ensuring that the third parties we engage support our DPF commitments. The U.S. Federal Trade Commission has regulatory enforcement authority over our processing of personal information received or transferred pursuant to Data Privacy Framework. We commit to cooperate and comply with the advice of the regulatory authorities to whom you may raise a concern about our processing of personal information about you pursuant to Data Privacy Framework, including to the panel established by the EU authorities and the Swiss FDPIC. This is provided at no cost to you.
If you do not feel that we have resolved your complaint or concern satisfactorily you can contact our U.S. based third-party dispute provider (free or charge) at https://www.privacytrust.com/drs/open. Under certain conditions, more fully described on the Data Privacy Framework website, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.
Changes to this policy
We can change this policy from time to time. You (and, if you are a business, your users) should check the website periodically to make sure that you, or they, have read our most recent policy. When we do make changes, we will change the date at the top of this document.
EU Representative
Egress Software Technologies Limited (a foreign company registered on the Dutch Chamber of Commerce) further identified in the section below is our EU representative.
About us and applicable law
We are the Egress Software Technologies Group. You can find out more details about us at www.egress.com/about and you can contact us at info@egress.com. When contacting us we strongly recommend you don't email us confidential or personal information. If you do, it is at your own risk although the terms of this policy will apply to our use of that information.
|
Where you are resident |
Who we are |
Governing law |
Courts with exclusive jurisdiction |
Special Terms |
|---|---|---|---|---|
|
United States |
Egress Software Technologies, Inc., a Massachusetts corporation. |
State of Delaware (without regard to its conflict of law principles). |
State or federal courts in and for Boston, Massachusetts |
Where applicable, each of us hereby waives its respective rights to a jury trial of any claim or cause of action relating to or arising out of this policy. This waiver is intended to encompass all disputes that may be filed in any court and that relate to the subject matter of this policy (including contract, tort, breach of duty and all other common law and statutory claims). |
|
Canada |
Egress Software Technologies Inc., an Ontario corporation |
Province of Ontario |
Province of Ontario |
N/A |
|
European Union or European Economic Area |
Egress Software Technologies Limited. Office: Herengracht 420, 1017 BZ, The Netherlands |
Dutch Law |
NCC District Court and NCC Court of Appeal Chamber |
All proceedings will be in English. In the event that the NCC District Court and/or the NCC Court of Appeal Chamber are incompetent for any reason, the Courts of Amsterdam, The Netherlands shall have exclusive jurisdiction. |
|
Australia, New Zealand, and Singapore |
Egress Software Technologies Pty Ltd (CAN: 557 428 971). Spaces, 80 Ann Street, Brisbane, Queensland 4000, Australia |
Federal laws of Australia and the State of Queensland |
Brisbane, Queensland, Australia |
N/A |
|
UK and Rest of the World |
Egress Software Technologies Limited. |
England and Wales (except if you're a consumer resident of Northern Ireland or Scotland when you may bring proceedings there) |
Courts of England and Wales (except if you're a consumer resident of Northern Ireland or Scotland and have brought proceedings there when the Northern Irish or Scottish Courts will have jurisdiction). |
N/A |
Glossary
Legitimate Interest means our interest in conducting and managing our business to enable us to give you the best service and experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
Vital interests of the data subject means that the processing is necessary in order to protect your interests, or those of another natural person (e.g. track, test and trace information)