Privacy and Cookies Policy

How we use your personal information

Introduction

This policy is for people whose personal information we use as part of Tessian’s business.  We will update and amend it from time to time, so please check back to make sure you have read the most recent version.  The policy was last updated November 2018.

Please read this notice carefully to understand how we use your personal information and, importantly, your rights.  

Who we are

We are Tessian Limited (Tessianweusour).  We are a company registered in England and Wales with company number 08358482 and registered office at 3 Finsbury Avenue, London, EC2M 2PA.  We are registered with the Information Commissioner’s Office with registration number ZA036200.

Tessian provides a machine intelligent email security platform and related services.  As well as handling personal information on behalf of our clients, we use personal information to improve our services.  We also collect the personal information of people we work with and people who visit our website.

People who use our website

What personal information do we collect?

When you visit our website we collect the following information about your computer or device  –

  • The Internet Protocol (IP) address used to connect to the Internet.
  • Browser type (including version and plugins).
  • Operating system and platform.  

We also collect the following information about your visit –

  • The full Uniform Resource Locators (URL), clickstream to, through and from our website (including date and time).
  • Products you viewed or searched for.
  • Page response times.
  • Download errors.
  • Length of visits to certain pages.
  • Page interaction information (such as scrolling, clicks, and mouse-overs).
  • Methods used to browse away from the page.

(Please also see the Cookies section of this notice below).

If you complete one of our webforms we will collect your name, contact information and any other personal information you provide.

How do we use your personal information?

We collect and temporarily log IP addresses just as part of the routine operation of our website.  We do not use them for any other purpose. We collect information about your computer or device and visit to our website to optimise your visit and improve our services.

If you contact us through the website, we will use your name, contact information and any other personal information to respond to your query and provide you with any requested services.

Legal ground for our use of your personal information

Our legal ground for using the personal information we collect via our website is that doing so is necessary for the purposes of the legitimate interests of our business.  We will always consider your rights and privacy before using your personal information for the purposes of our business. Where your rights or privacy override our business interests, we will not use your personal information.

Separately from our solely commercial business purposes, we will also use your personal information where we have a legal obligation to do so.  For example, if a regulator or official authority asks us for your personal information. In very limited situations we may also use your personal information to exercise our legal rights (including in relation to legal proceedings).

Sharing your personal information

We use IT and hosting providers to support our website.  These organisations are processors that handle your personal information on our behalf.  We have agreements in place so that these organisations only handle your personal information as we have instructed them to.  They are not able to make any further use of your personal information (except where required by law).

The processors we use include –

  • Heroku – to deploy, operate and apply security controls to our website.
  • Hubspot – to capture data via webforms.
  • Drift – to provide livechat services.
  • Hotjar which shows which pages people are viewing on our website.

If we collect information for one purpose and then intend to use it for a different purpose, we will seek your consent to do so and/or inform you where necessary or appropriate.

 

Transferring information outside the European Economic Area

Some of our service providers are based outside of the European Economic Area (EEA).  When we send your personal information outside the EEA to a country or sector not recognised as providing appropriate protections, we either ensure that the General Data Protection Regulation (GDPR) applies to the personal information outside the EEA or we will put in place appropriate contracts approved by the EU or other safeguards to ensure your rights are protected.  Details of these safeguards are available on request.

Cookies and analytics

We use cookies to ensure that you get the most out of our website.  Cookies are small amounts of information in the form of text files which we store on the device you use to access our website. Cookies allow us to monitor your use of our website so that we can make improvements to your experience when you browse and simplify your use of our website.  

If you do not wish for cookies to be installed on your device, you can change the settings of your browser or device to reject some cookies.  For more information about how to reject cookies using your internet browser settings, please consult the “Help” section of your internet browser (or alternatively visit www.aboutcookies.org).  Please note that, if you do set your Internet browser to reject cookies, you may not be able to access all of the functions of the Site and your experience may be less satisfying.

The name of the cookies used by the Site and the purposes for which these cookies are used are as follows:

Drift

We use Drift to analyse how website visitors interact with our website.  We use this information to identify trends and help us improve our website.

The cookies collect information in an anonymous form, including information about the geographical location of anybody who starts a “live chat” on the website, and which pages they visited.

HotJar

We use HotJar to analyse how website visitors interact with our website.  We use this information to identify trends and help us improve our website.

The cookies collect information in an anonymous form about visitors to the website, including what pages they visited, what pages they clicked on and how they scrolled on a page.

Google Analytics

We use Google Analytics to analyse how website visitors interact with our website.  We use this information to identify trends and help us improve our website.

The cookies collect information in an anonymous form about visitors to the site, including what pages they visited, how long they stay on each page for and the number of clicks.

 How long we keep your personal information

We keep IP addresses and information about your visit to our website in a log for six months.  

We keep information you provide to us via webforms for up to seven years after the date of our last interaction with you.

Customers and other individuals we work with

What personal information do we collect?

As part of our business we work with a range of organisations – including customers and suppliers.  We think it is important to respect the privacy of the individuals who work for, with and as part of these organisations.  

We collect and use the following types of personal information from customers and others we work with – 

  • Contact information (for example, address, email address and phone numbers).
  • Basic personal information (for example, name, organisation, job).
  • Login and other relevant details for our customer portal.
  • Details of any contact or correspondence we have had.
  • Financial details (for example, details of any payments we have made to or received from you (or your organisation).
  • Information about how you (or your organisation) use our services.
  • Personal information contained in emails protected by our services

How we collect this information

We will mainly collect this personal information when you (or your organisation) or one of our customers – 

  • Enter into an agreement with us.
  • Enquire about our services.
  • Respond to an enquiry from us.
  • Correspond with us (email, telephone or post).
  • Login to our customer portal.
  • Are referred to us by a third party.
  • Make the information publicly available (for example, on company websites or LinkedIn).
  • Receive services from us.
  • Provide services to us.
  • Send or receive email that are protected by our services.
  • CCTV on our premises collects personal information about all visitors.
  • Via our website (please see People who use our website section of this notice).


What we use your personal information for

We use your information to – 

  • Provide you (or your organisation) or our customers with our services and important information relating to our services.
  • Receive services from you (or your organisation).

  • Ensure our work is well targeted, relevant and effective.
  • Market our services.
  • Analyse and continually improve the services we offer and our website.
  • Keep our accounts, records and databases accurate and relevant.
  • Support and manage our staff.
  • Fulfil our legal obligations (including where required by regulators and official authorities).
  • Exercise our legal rights (including in relation to legal proceedings).


Legal grounds for using your personal information

Where the law requires you to opt in, the legal ground for sending you information about our services will be your consent.  


Sharing your personal information

The processors we use include –

  • Heroku – to deploy, operate and apply security controls to our website.
  • Hubspot – to capture data via webforms.
  • Drift – to provide livechat services.
  • Hotjar which shows which pages people are viewing on our website.

  • A company which is a member of our group.
  • A third party that we work with where necessary for the purposes of granting you access to our website.
  • A third party or affiliate that we work with where necessary for the purposes of delivering our services or services from that third party or affiliate.  
  • A third party in the event of any reorganisation, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings).
  • A selected third party that you consent to our sharing your information with for marketing purposes as we refer to above.

Separately from our solely business purposes, we will also use your personal information where we have a legal obligation to do so.  For example, if a regulator or official authority asks us for your personal information. In very limited situations, we may also use your personal information to exercise our legal rights (including in relation to legal proceedings).


Transferring information outside the European Economic Area


How long we keep your personal information

Applicants

Where people apply for roles with Tessian, it will be necessary for us to use personal information for the recruitment process.  

The types of personal information we collect

If you apply for a job with us, we will collect the following categories of personal information –

  • Personal details (name, title, address, contact details and emergency contact).
  • Email address.
  • Employment history.
  • Education history.
  • Any personal information you provide in CVs, application forms or other correspondence.
  • Any personal information you provide to us during interviews.

We may also collect, store and use the following special categories of more sensitive personal information –

  • Race or ethnicity.
  • Religious or philosophical beliefs.
  • Sexual orientation.
  • Political opinions.
  • Information concerning health (for example, medical conditions, disabilities and health and sickness records).

We carry out background checks on all potential employees.  Onfido carries out these checks.

How we collect personal information

If you apply for a job with us, we collect personal information about you from the following sources –  

  • Directly form you (for example, information provided on CVs, application forms and during interviews).
  • Right to work documents (for example, passports and visas).
  • Recruitment agencies.
  • Referees and former employers.
  • Disclosure and Barring Service in respect of criminal convictions.
  • Publicly available information (for example, company websites and LinkedIn).  
  • CCTV on our premises collects personal information about all visitors.

Why we collect personal information and how we use it

We use and store personal information relating to applicants to decide whether they are suitable for employment with Tessian.  This will involve using personal information to do the following –

  • Assess skills, qualifications, and suitability for a role.
  • Establish right to work.
  • Carry out background and reference checks, where applicable.
  • Communicate with you about the recruitment process.
  • Keep records related to our hiring processes.
  • Comply with legal or regulatory requirements.

Our main legal ground for using your personal information is that it is necessary to take steps at your request to decide whether to enter into a contract of employment.  

Where we use your personal information for reasons other than entering into a contract with you, we will only do so on the legal ground that doing so is necessary for the purposes of the legitimate interests of our business.  We will always consider your rights and privacy before using your personal information for the legitimate interests of our business. Where your rights or privacy override our business interests, we will not use your personal information.

We may also need to use personal information which we have collected as part of the recruitment process to meet legal duties or where it is necessary for the purposes of legal claims.

We will use your special category personal information in the following ways –

  • We will use information about health or disability status to consider whether we need to provide reasonable adjustments.  
  • We will use information about health or disability status, race or national or ethnic origin, religious, philosophical or moral beliefs, or your sexual life or sexual orientation, to ensure meaningful equal opportunity monitoring and reporting.
  • Establish right to work.

Where we use and store special category personal information as part of the recruitment process we do so on the legal grounds that it is either necessary for rights and obligations associated with potential employment or where necessary for a substantial public interest based on the law.  

We may also need to use or store special category personal information which we have collected as part of the recruitment process to meet legal duties or where it is necessary for the purposes of legal claims.  Where we use your special category personal information for our legal obligations our legal ground for doing so is that it is necessary for a substantial public interest based on the law.

If you fail to provide personal information

If an applicant fails to provide information when requested, which is necessary for us to consider an application (such as evidence of qualifications or employment history), we will not be able to process the application successfully.

Who we share personal information with

We disclose personal information to the following organisations which assist us with the recruitment process –

  • Recruitment agencies.
  • Former employers.
  • Onfido.
  • HMRC and other government bodies.
  • Third party service providers who assist us with administering our HR and recruitment. This may include payroll processors, benefits administration providers, and insurance providers.  Any such third parties will only be permitted to use your personal data for specific purposes in accordance with our instructions and not for their own purposes.

Transferring information outside the European Economic Area

Some of our service providers are based outside of the European Economic Area (EEA).  When we send your personal information outside the EEA to a country or sector not recognised as providing appropriate protections, we either ensure that the General Data Protection Regulation (GDPR) applies to the personal information outside the EEA or we will put in place appropriate contracts approved by the EU or other safeguards to ensure your rights are protected.  Details of these safeguards are available on request.

How long we store personal information

We will retain personal information collected for the recruitment process for a period of two years after we have told an applicant our decision about whether or not to appoint them to a role.

We retain personal information for that period so that we can show, in the event of a legal claim, that we have not discriminated against applicants on prohibited grounds and that we have conducted the recruitment exercise in a fair and transparent way.

After this period, where an applicant has not been appointed to a role we will securely destroy personal information.  Where an applicant is appointed to a role, we will add their recruitment information to a file about their employment.

If we wish to retain personal information relating to an applicant on file, on the basis that a further opportunity may arise in future, we will write to the applicant separately, to seek consent to retain personal information for a fixed period on that basis.

Your rights and managing your information

Please be aware that these rights are not always absolute and there may be some situations in which you cannot exercise them or they are not relevant.  To help you understand how they work, we have provided links to the Information Commissioner’s Office’s guidance on each of the rights.

To exercise any of your rights please contact us using the details below.  If you are unhappy about how we have used your personal information or have any questions, please let us know.  If we are not able to resolve your concerns or answer your questions, you have the right to complain to the Information Commissioner's Office.  

Contact

You can contact us using the following –

Tessian Limited

3 Finsbury Avenue

London, EC2M 2PA

+44 (0) 20 8068 5223

[email protected]

www.tessian.com/page/contact-us

You can also contact our Data Protection Officer (DPO) using the following –

Email: [email protected]

Tel: 020 8068 5223

Please note that Tessian is not responsible for any external links.