f Privacy Policy | Amiqus

Privacy Policy

All Policies

Our approach

We value your data privacy

Whether you're streaming a movie on your smartphone or buying groceries from your web browser, your personal information - from your email address to your credit card details - is being held and processed by more and more companies and organisations online. This means we can all enjoy faster, more convenient and cost-effective services, but it also means your information can be vulnerable to theft or misuse.

When it comes to online services and transactions, there is no such thing as a foolproof cyber security plan, but the risk of data loss or theft can be significantly reduced through the diligent implementation of risk-based business practices; including investing in suitable staff training and IT infrastructure, as well as submitting to regular independent IT and data protection audits. Not every company, however, has the same level of cyber security in place, which is why the UK Data Protection Act 2018 which implemented the EU General Data Protection Regulation (GDPR),gave individuals new and enhanced rights over how their personal information is used, as well as new responsibilities to the companies handling your  data.

At Amiqus, we provide software as a service and so we must adhere to strict rules about how we collect, handle and store your personal information. Our team has chosen to make privacy a core value of our business practice and, therefore, upholding your privacy and protecting your personal data will always be our priority.

Definitions

When reading our Amiqus privacy policy, it may be useful to note that the law differentiates between a data controller, an organisation that determines the purposes and means by which your personal data is processed, and a data processor, an organisation that processes data on behalf of the controller.

Amiqus acts as the data controller of some of your personal information if you are:

  • A client
  • An employee
  • A visitor to our website

Amiqus acts as the data processor of some of your personal information if you are:

  • Subject to an Amiqus ID check

When subject to an Amiqus ID check, your professional service adviser - the company or firm requesting the check - is the data controller of your personal information and you should therefore refer to their company privacy policies first.

If you have any questions about the Amiqus privacy policy you are welcome to contact our Data Protection Officer at dpo@amiqus.co, or if you'd like further information about your data rights, the Information Commissioner's Office provides excellent information.

Who we are

In this policy 'Amiqus', 'we', 'us' or 'our' refers to:

  • Amiqus Resolution Ltd
  • Company Registration Number: SC511150
  • Data Protection Registration Number: ZA136760

We are an award-winning tech for good company selling software as a service and you can learn more about our team and our values on our website. Privacy is one of our core business values and we take protecting your data very seriously, so if you have any concerns about how we use your data, do not hesitate to contact us at the details below.

Your rights

Under UK data protection law, you have certain rights regarding how any company or organisation holds personally identifying information about you. Personally identifying information is defined as any information that could potentially identify you as an individual, directly or indirectly by reference to an identifier such as a name, email address, national insurance number or details associated with a bank account.

Below we have set out some of the most relevant rights you have in relation to engaging with our business, but, if you would like further information, we recommend consulting the impartial Information Commissioner's Office.

Right of access

You have the right to ask us for copies of your personal information. This right always applies. There are some exemptions, which means you may not always receive all the information we process. You can read more about this right here.

Right of rectification

You have the right to ask us to rectify information you think is inaccurate, for example, your email address or other personally identifying information. You also have the right to ask us to complete information you think is incomplete. This right always applies. You can read more about this right here.

Right of erasure

You have the right to ask us to erase your personal information in certain circumstances. You can read more about this right here.

Right to restriction of processing

You have the right to ask us to restrict the processing of your information in certain circumstances. You can read more about this right here.

Right of data portability

If we are processing your personally identifying information (i) based on your consent, or in order to enter into or carry out a contract with you and (ii) the processing is being done by automated means, you have the right to ask us to provide that information to you or another service provider in a machine-readable format. You can read more about this right here.

Right to object to data processing

You have the right to object to your personal data being processed if we are doing this on the lawful basis of legitimate interests. In these circumstances, we will consider your request in relation to our legitimate reasons for continuing to process your information. You have an absolute right to object to direct marketing. If you wish to opt-out of receiving marketing materials from us, please contact us at any time.

Please note that exceptions apply to a number of these rights and not all rights will be applicable in all circumstances, but we will always respond to any request related to your rights within a month. If we are unable to do so, we will inform you of the reasons for the delay. You are not required to pay any charge for exercising your rights.

If you have specific questions, or wish to exercise any of these rights please contact us using the contact details below..

How to contact us

If you have any questions about this privacy policy or wish to exercise your rights please contact us by email, by post or by phone. We look forward to hearing from you.

Data Protection Team
Amiqus Resolution Ltd
3rd floor, Citypoint,
65 Haymarket Terrace,
Edinburgh,
EH12 5HD

0131 5139757
dpo@amiqus.co

Please note that our Data Protection Officer is RGDP LLP who can be contacted at info@rgdp.co.uk

Our role as a data controller

We act as a data controller, determining the purpose and means of how some of your personally identifiable information is collected, processed and stored in the circumstances listed below. All personally identifiable information is used and held in accordance with our privacy and security policies.

  • For visitors to Amiqus websites

    Amiqus will collect usage data such as IP address, length of visit and referral source, you cannot be identified from this information and it is only used to assist us in providing an effective service.

  • For Amiqus clients: the registered users of Amiqus ID

    Amiqus will collect account data such as name and email address, with the source of this data being you for the purpose of operating our website, providing our services and maintaining back-ups of our databases and communication with you. The legal basis for this processing is primarily for the performance of any contract between yourself and Amiqus or taking steps at your request to enter into such a contract.

  • For Amiqus job applicants

    Amiqus will collect personal information including but not limited to name, address, date of birth, professional qualifications and pre employment checks. Additionally, sensitive information including but not limited to marital status, nationality and gender will also be collected. We do this to comply with our legal obligations with regards to hiring and in line with the GDPR legal bases of consent and/or contract.

  • For Amiqus employment referees

    Amiqus will collect information such as your name, company, your position held and relationship to the applicant. Additionally, we will ask for a contact number/ email address in relation to your role as voluntary referee throughout the application process. Confirming certain details of an applicant's employment history with their consent is an essential part of our due diligence before offering a contract of employment.

  • For Amiqus employees

    Amiqus will collect personally identifiable information and unique identifiers such as NI number, as well as sensitive and special category of personal information in compliance with legal requirements. We use this information for the administration of your employment contract, career progression and well-being.

Our role as a data processor

We act as a data processor on behalf of professional service firms, our clients.

If you have been asked to undergo an Amiqus ID check, your professional service adviser - the company or firm requesting you undertake the check - is the data controller of your personal information and you should therefore refer to their company privacy policies first. We use all personally identifying information in accordance with this privacy policy and the Data Processing Statement presented to you prior to uploading your information.

Keeping your information safe

Handling your personal information with respect and transparency is an essential part of upholding your data privacy. At Amiqus, we therefore work to exceed the minimum requirements set by the UK government's cyber security accreditation scheme Cyber Essentials Plus; we are voluntarily certified by Alcumus ISOQAR to the ISO 27001:2013 standard and we are a member of Cisp, the National Cyber Security Centre cyber threat-sharing platform, which provides ongoing analysis, reporting and monitoring of online activity at national level.

When you provide us with personally identifying information, we take steps to ensure that appropriate cybersecurity and organisational controls are in place to protect it. These include:

Data encryption

We use SHA-256 encryption throughout all verification steps. This means that any data input to our systems for verification is securely sent and received. Data is also encrypted at rest when on our servers.

Access controls

Access to user data is tightly restricted to only the authorised requesting firm with enforced password standards, activity reporting and account throttling. All passwords are hashed using SHA-512 with over 10,000 rounds, and a 32-byte salt of random data.

Please note that you are responsible for keeping any password which enables you to access Amiqus ID confidential and we recommend that you use the added security of two-factor authentication when accessing any Amiqus ID account.

Monitoring

All of our web traffic is encrypted over TLS /SSL and protected by Certificate Pinning to prevent man in the middle attacks. Our security team monitor and carry out daily automated vulnerability scanning across all of our systems and infrastructure.

Third parties

We use a number of carefully selected third parties to help provide our services to you. We expect these third parties to uphold security policies that adhere to the same requirements we ourselves impose and we do not sell your data to third parties.

If we are requested to share sensitive information by law enforcement, we will do so in accordance with our obligations under UK law.

Security policies

Amiqus has developed a set of security policies for our team and partners. Further information about these security policies can be made available upon request.

Keeping your information up-to-date

We want to ensure all personally identifying information is kept accurate and up-to-date. Should your details change, please do not hesitate to contact us using the contact details above.

Changes to this policy

As our business changes and grows, we reserve the right to update this privacy policy to reflect our most current business practices.

Review of this policy

This privacy policy was last amended on 7th October 2019.

How to complain

Please report any complaint to Amiqus Data Protection Team using the contact details above and we will work to resolve any question or concern that you wish to raise about our use of your information within a reasonable time period.

If we are unable to resolve your complaint, you may contact the Information Commissioner's Office or by telephone at: 0303 123 1113.