GDPR Statement

  • Home
  • Communication
  • GDPR

PRIVACY NOTICE

ICENI TECHNOLOGY LIMITED

On this page you'll find details of all the data we hold about users of our software and services.

GDPR Shield

This Privacy Notice is provided by Iceni Technology Limited (‘we‘ or ‘us‘). We are a ‘controller’ for the purposes “Data Protection Laws” that applies to us in the UK. We take your privacy very seriously. We ask that you read this Privacy Notice carefully as it contains important information about our processing and your rights.

How To Contact Us

If you have any questions about this Privacy Notice, how we handle your personal data, or would like to exercise any of your rights, please contact:

Address 36 St. Faiths Lane, Norwich, England, NR1 1NN
Email support@iceni.com

Changes to the privacy notice

The latest version of the Privacy Notice can be found here on our website at https://www.iceni.com/gdpr.htm. We may change this Privacy Notice from time to time. Please visit our website from time to time to see any such changes.
Current version: 7 July 2021

Useful words and phrases

We have listed below certain words and phrases that have particular meanings in the Data Protection Laws and are used throughout this Privacy Notice:

Term Definition
Controller This means any person who determines the purposes for which, and the manner in which, any personal data is processed. In this case we are the controller.
Data Protection Laws This means the laws which govern the handling of personal data. This includes the General Data Protection Regulation (EU) 2016/679, the Data Protection Act 2018 in force in the UK, and further laws and statutory instruments relating to such regulations from time to time.
Data Subject This means the person to whom the personal data relates.
Data Protection Regulator The supervisory authority overseeing compliance with the Data Protection Laws. In the UK, this means the UK Information Commissioner’s Office (“ICO“), which is responsible for implementing, overseeing and enforcing the Data Protection Laws in the UK.
Personal Data This means any information from which a living individual can be identified.  This will include information such as telephone numbers, names, addresses, e-mail addresses, photographs and voice recordings. It will also include expressions of opinion and indications of intentions about data subjects (and their own expressions of opinion/intentions). It will also cover information which on its own does not identify someone but which would identify them if put together with other information which we have or are likely to have in the future.
Processing This covers virtually anything anyone can do with personal data, including:
  • obtaining, recording, retrieving, consulting or holding it;
  • organising, adapting or altering it;
  • disclosing, disseminating or otherwise making it available; and
  • aligning, blocking, erasing or destroying it.
Special Categories of Personal Data This means any information relating to:
  • racial or ethnic origin;
  • political opinions;
  • religious beliefs or beliefs of a similar nature;
  • trade union membership;
  • physical or mental health or condition;
  • sexual life; or
  • genetic data or biometric data to uniquely identify you.

What personal data we collect and what we use if for

We may collect, use, store and transfer different kinds of personal data about you which we have been provided with as follows:

  • General Direct Interactions
    You may give us your personal data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:
    • intend to purchase our products or trial our products: when you attempt to make a purchase or trial our products through our website, we collect information (“Enquirer Information”) from you including your name, email address, and company name.
    • subscribe to our newsletter;
    • complete the end of free trial survey; or
    • give us feedback or contact us.
  • Services Interactions
    Also, depending on the services you use, we will collect different types of data from you which includes personal data:
    • Infix PDF Editor
      • License Record: The data we hold about each license purchased for Infix PDF Editor is:
        • Purchase ID: Either from Cleverbridge or Paddle which are our commerce providers used during purchase;
        • Confirmation URL: Link to purchase information page provided by either Cleverbridge or Paddle;
        • Email Address: As provided during purchase. We need it to send purchase details, subscription renewal and license expiration information. It also helps us locate a purchase when customers need to relocate lost licenses.

        • We do not share any of this information with any other parties unless we are obliged to do so by law.

      • Activation Record: This is the data we hold about each computer on which a license has been activated, and it consists of:
        • Licence: A link to the license record.
        • UUID: A unique ID used to identify a computer on which the license has been activated.
        • Host Name: The user-assigned name of the computer on which the license has been activated. This is to help the user identify machines when managing their licenses via the on-line license management service.
        • Platform: Windows, MacOSX, Linux. This is to help the user identify machines when managing their licenses via our on-line license management service.
        • Version: The version of Infix activated on the machine.
        • Usage Count: The number of times the application has been used on the machine.
        • Last Used: The date the application was last used. This is to help identify machines which no longer need an activated license.

        We do not share any of this information with any other parties. License owners have access to all of this information via the on-line license management service.

    • TransPDF Service
      • User Record: If you have registered to use the TransPDF service, we will process the following information about you:
        • Email Address: used to login to the system and for service announcements.
        • First, Last Name: used to personalise on-screen messages and service announcements.
        • Login source: if a user signs-in to the system via a 3rd party account, this records the name of that 3rd party. For example, users of the Proz website can use their Proz credentials to quickly login to TransPDF. In which case Login Source='Proz'.
        • Date Joined: the date at which the user first signed-in to the system.
        • Cat Tool: the name of the CAT tool used by the user (optional). Used to offer formatting advice to users of particular CAT tools.
      • Translation Record: During translation the system records various information:
        • PDF Name: the filename of the PDF being translated
        • Source language: the original language of the PDF
        • Target language: the language into which the PDF is translated.
        • Page Count: the number of pages translated.
        • Date: the date on which the translation occurred.
      • Credit Record: Each time a user purchases credits in order to use the system, the following information is stored:
        • User: a link to the user record
        • Order No: As supplied by commerce provider, Paddle
        • Quantity: the number of credits purchased
        • Remaining: the number of credits remaining to be used
        • Date: the date on which the credits were purchased
      • Cat Tool Usage: Every time a user makes use of the service via an integration with a 3rd part CAT tool provider, the system records the following information:
        • User: a link to the user record
        • PDF Name: the filename of the PDF being translated
        • Date: the date on which the usage occurred
  • Information automatically collected when you use our website
    As you interact with our website, we will automatically collect information about your device, browsing actions and patterns, IP address, time zone and some of the cookies that are installed on your device (“Device Information”). We collect this personal data by using cookies, server logs, web beacons, tags, pixels and other similar technologies. We may also receive information about you if you visit other websites employing our cookies. We do not store this information but some such a location, may be used while you interact with our websites to ensure you get presented with correct information for your region.
  • Cookies, third parties or publicly available sources
    We use analytics cookies to improve the performance of our website and our services, from analytics providers such as Google Analytics who are based outside the United Kingdom and the European Economic Area. If you want to know more about how we use our cookies please check out our Cookies Policy.

How We Keep Your Personal Data Secure

We implement appropriate technical and organisational measures in order to protect your personal data against accidental or unlawful destruction, accidental loss or alteration, unauthorised disclosure or access and any other unlawful forms of processing. We aim to ensure that the level of security and the measures adopted to protect your personal data are appropriate for the risks presented by the nature and use of your personal data.

Why do we process your personal data

We use your personal data for the following purposes listed in this section. We are allowed to do so on certain legal bases (please see section ‘How is processing your data lawful‘ for further detail):

Type of data Why do we need it? Lawful basis for processing
License Records To track when you purchased a license and its current validity as well as the number of users to which it applies (multi-user licenses).
Visit https://www.iceni.com/user_license_login.htm to view your license records. 		To comply with the software licensing agreement we have in place with you and because it is in our legitimate interests.
Activation Records To monitor the number of activations (installations) made with a specific license. This helps us to stop users making multiple activations with only a single-user license for example.
Visit https://www.iceni.com/user_license_login.htm to manage your machine activation records. 		We have a legitimate interest in ensuring that licences are used within the agreed scope of the services.
User Records The TransPDF user record helps to identify a user when logging-in to the TransPDF system.
Your ‘My Account’ page contains a “Delete Account’ button which will remove all your data from the system within 24 hours. 		To provide you with the services you request and because it is in our legitimate interests.
Translation Records
Name of the original document, source and destination languages. 		This data is helpful when estimating throughput, diagnosing problems with the translation process as well as assisting with the calculation of usage charges. Once the PDF has been removed from the system, this data has no direct link to a user or any original PDF. The PDF name is the only connection to the original translation request. It is in our legitimate interest to use this data to ensure the quality of our services.
Credit Records We use this to record chargeable usage of the system. When a refund is requested by a user, this data is needed to identify and verify the specific translation request relevant to the refund. We also use this data to provide monthly and annual usage summaries to users as displayed in their ‘My Account’ page on the TransPDF website. To provide you with the services you request and because it is in our legitimate interests.
Cat Tool Usage We use this data to estimate the popularity of the specific CAT tool integrations we support. Anonymised usage data for a specific tool can be seen by some of the CAT tool vendors we work with. We have a legitimate interest in using this data to inform and/or improve our services.
Email address, first, last name When you purchase a license for Infix PDF Editor or sign-up to use TransPDF your name and email address are stored in a mailing list hosted by mailchimp.com.
The mailing list is used to send announcements of technical & feature upgrades to the relevant product or service. It is also used to inform of the availability of new ‘how-to’ guides related to TransPDF or Infix PDF Editor when we deem that it may be relevant to your purchase/enrolment.
Every email contains highly visible opt-out links which will remove you from the mailing list as well as an explanation from as to why you are receiving the email. 		We have a legitimate interest in informing you of technical changes to the services you should be aware of, and offering you upgrades and other services similar than what you use.

How is processing your personal data lawful

We are allowed to process your personal data based on the following legal bases for the purposes explained in this Website Privacy Notice:

  • Legitimate Interests – We are permitted to process your personal data if it is based on our ‘legitimate interests’ i.e. we have good, sensible, practical reasons for processing your personal data which is in our interests. To do so, we have considered the impact on your interests and rights, and have placed appropriate safeguards to ensure that the intrusion on your privacy is reduced as much as possible. The table in the previous section “Why do we process your personal data” explains the personal data processed on this basis.

You can object to processing that we carry out on the grounds of legitimate interests. See the section headed “Your Rights” to find out how.

  • Contract – It is necessary for our performance of the contract you have agreed to enter with us. If you do not provide your personal data to us, we will not be able to carry out our obligations under the terms of your contract.
  • Legal obligation – We are subject to legal obligations to process your personal data for the purposes of complying with applicable regulatory rules and to make mandatory disclosures to government bodies and law enforcement agencies.
  • Legal obligation – We are subject to legal obligations to process your personal data for the purposes of complying with applicable regulatory rules and to make mandatory disclosures to government bodies and law enforcement agencies.
  • Consent – Sometimes we want to use your personal data in a way that is entirely optional for you, such as when you give consent for us to place cookies on your device or when you subscribe to our newsletter. On these occasions, we will ask for your consent to use your information. You can withdraw this consent at any time.

Organisations that we may share your data with

We use processors to support our IT systems and operate our website, such as web hosting providers, internal technology providers such as our CRM system, helpdesk system, and IT support providers. Some of these service providers will process your data as part of the services they offer to us. For example, if you choose to use the automatic translation facility, the text content from your PDF is sent to Microsoft Azure Text Translator in USA for translation. We take steps to ensure that our service providers treat your data in accordance with the law, only use it in accordance with our contract with them and keep it secure. If you would like to know the names of our service providers, please contact us (see section “How to Contact Us“).

Your personal data is transferred outside of the UK and the EEA in order for our web hosting and CRM system providers which are located in the US, to provide services to us. Any transfer of your data outside the UK and the EEA will be carried out in accordance with the law to safeguard your privacy rights and give you remedies in the unlikely event of a security breach or to any other similar approved mechanisms.

Retention and deletion of your personal data

We only retain your personal data for as long as we need it to provide you with the services or as required by law. Unless we are required by law to retain your personal data for a longer period, the following categories of personal data will be kept for the following periods and will be securely deleted/ destroyed after the expiry of the retention period:

Data we process How long this will be held for
Infix License record, Activation record Until you ask for it to be removed.
TransPDF user record, CAT tool usage records, Credit charge records Until you ask for your TransPDF account to be removed from the system
Email address, first & last name Until you unsubscribe from our mailing list using one of the unsubscribe links in the last email your received.

Where is your personal data? International transfers of data

License and activation information, as well as all TransPDF user data is stored in a Postgress SQL database in London, UK on a computer hosted by Amazon Web Services..

  1. Automated Translation

    Use of the auto-translation facility causes your PDF to be uploaded to one of our TransPDF servers in Ireland hosted by Amazon Web Services.

    There it is stripped of its text and that text is sent to Microsoft Azure Text Translator in USA for translation.

    The PDF and its translation remains on the TransPDF server for up to 30 days after which time it is purged.

  2. Manual Translation

    Infix uploads your PDF to a TransPDF server in London, UK hosted by Amazon Web Services. See the details for TransPDF Service Users below for a description of the processing and data flow involved.

Your rights

As a European data subject, you have the following legal rights under the Data Protection Laws in relation to your personal data. You can exercise these rights free of charge, by contacting us (please see “How to contact us“). We will respond to any rights that you exercise within a month of receiving the request unless the request is particularly complex, in which case we will respond within three months.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

Please be aware that there are exceptions and exemptions that apply to some of these rights, which we will apply in accordance with the Data Protection Laws.

Your data protection rights What does this mean?
1 Right to be informed You have the right to be provided with clear, transparent and easily understandable information about how we use your personal data and what your rights are. This is why we are providing you this Privacy Notice.
2 Right of access

You have the right to obtain access to your personal data we process and certain other information (similar to that provided in this Privacy Notice).

This is so you are aware and can check that we are using your information in accordance with Data Protection Laws.

You may ask for:

  • A copy of your information;
  • Details of the purpose for which it is being processed;
  • Details of the recipients or classes of recipients to whom it is or could be disclosed, including if they are overseas and what protections they have in place;
  • The period for which it is held (or the criteria which determines this);
  • Any information available about the source of the data; and
  • Whether we carry out any automated decision-making or profiling, and where we do information about the logic involved and the outcome or consequences of that decision or profiling.

To help us find the information, please give us as much information as possible about the type of personal data you would like to see.
3 Right to rectification You are entitled to have your information corrected if it is inaccurate or incomplete. If you would like us to do this, please contact us (see section “How to Contact Us“).
4 Rights to ask us to stop contact you with direct marketing You can ask us to stop contacting you for direct marketing purposes. If you would like to do so, please contact us. Alternatively, you can also click the ‘unsubscribe’ button at the bottom of the email newsletter. It may take up to 7 days for this to take place.
5 Rights in relation to automated decision making These rights are not applicable as we do not carry out any automated decision making.
6 Right to erasure This is also known as the ‘right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your information where:
  • You do not believe that we need your data in order to process it for the purposes set out in this Privacy Notice;
  • If you had given us consent to process your data, you withdraw that consent and we cannot otherwise legally process your data;
  • You object to our processing and we do not have any legitimate interests that mean we can continue to process your data; or
  • Your data has been processed unlawfully or have not been erased when it should have been.
7 Right to restrict processing You have rights to ‘block’ or suppress further use of your information. When processing is restricted we can still store your information, but may not use it further. You may request that we stop processing your personal data temporarily if:
  • You do not think your data is accurate. We will start processing again once we have checked whether or not the data is accurate;
  • The processing is unlawful but you do not want to erase your data;
  • We no longer need the personal data for our processing, but you need the data to establish, exercise or defend legal claims; or
  • You have objected to the processing because you believe that your interests should override [the companies] legitimate interests.
8 Right to data portability You have rights in certain circumstances to obtain and reuse your personal data for your own purposes across different services.
9 Right to object to processing You have the right to object to certain types of processing, including processing based on our legitimate interests and processing for direct marketing.
10 Right to withdraw consent If you have given your consent to anything we do with your personal data, you have the right to withdraw your consent at any time (although if you do so, that does not mean anything we have done with your personal data with your consent up to that point is unlawful.)

Please contact us if you wish to withdraw your consent to anything we do with your personal data.

You may be entitled to compensation for damage caused by contravention of the Data Protection Laws.

Complaints to the regulator

It is important that you ensure you have read this Privacy Notice. If you do not think that we have processed your data in accordance with this Privacy Notice, you should let us know as soon as possible. You also have the right to complain to the Data Protection Regulator located in your country. Information about how to do this is available on each Data Protection Regulator's website.

In the UK, this is the Information Commissioner's Office.