People use of the Inspirometer system varies considerably. Users may access the system from one or more of the perspectives outlined below, each of which has different data and privacy needs:
- Users seeking general information on our service from our website
- Users who have been invited to a meeting for which feedback is enabled
- Users who use the Inspirometer App to provide meeting feedback
- Users who want to gather data on the meetings they attend
- Users who organize meetings for which feedback is enabled
- Users who organize feedback on other aspects of their work
- Users who organize a group of people in categories 3 to 6 above
- People who have a relationship with Inspirometer outside of the above
This document spells out, for each of these roles: the information that Inspirometer collects; how we use that information; how long we retain it; and the users rights to be forgotten. We also cover how we protect the users information and other matters concerning data privacy. Feel free to click on the links above to understand the privacy approach which applies to your particular use of Inspirometer’s system and resources.
The following privacy statement defines our undertaking in respect of individual users of our web-based services. We are committed to protecting user privacy. Inspirometer uses information we collect to operate, maintain and provide the user with the features and functionality of the Inspirometer service, and to improve that service by means of: analysing use; diagnosing service or technical issues; maintaining security; and developing new functionality.
Only authorised employees within Inspirometer use information collected from users (except in cases where users have elected to share their data either by linking their account, or by using an account provided by their own organisation, in which case information may also be used according to policies set by that organisation).
Parliament has created specific offences for unauthorised actions against computer systems and data. We will investigate any such actions with a view to prosecuting and/or taking civil proceedings to recover damages against those responsible.
Type 1: Users seeking general information on our service from our website
Type 2: Users who have been invited to a meeting for which feedback is enabled
Type 3: Users who use the Inspirometer App to provide meeting feedback
Type 4: Users who want to gather data on the meetings they attend
Type 5: Users who organize meetings for which feedback is enabled
Type 6: Users who organize feedback on other aspects of their work
Type 7: Users who organize a group of people in categories 3 to 6 above
Type 8: People who have a relationship with Inspirometer outside of the above
Any of the web-based information we collect may be used in one of the following ways:
- To personalise people’s experience in respect of the performance analyses they can access
- To update performance data based on the Tags to which they respond
- To send email alerts concerning people’s use of our service.
Information we receive in this way, whether public or private, will not be sold, exchanged, transferred, or given to any other company for any reason whatsoever, without your consent, other than for the express purpose of delivering and improving the purchased product or service requested.
In respect of Personally Identifiable information for the purposes of: Staff Administration; Advertising, Marketing and Public Relations; Operational Support; Accounts and Records; and Research. This information is used purely for the purposes of conducting and developing Inspirometer’s business, and is not made available to other organisations except in situations where its release is appropriate to comply with the law, enforce our site policies, or protect ours or others rights, property, or safety.
We are registered under the Data Protection Act 1998 and have given all appropriate notifications to the Information Commissioner. Client records are regarded as confidential and therefore will not be divulged to any third party, other than those organisations which deliver our services on our behalf, or if legally required to do so to the appropriate authorities.
Clients have the right to request sight of, and copies of any and all Client Records we keep, on the proviso that we are given reasonable notice of such a request. They are also able to share their data with other parties within our web-based service, should they choose. Clients are requested to retain copies of any literature issued in relation to the provision of our services.
How do we protect your information?
We implement a variety of security measures to maintain the safety of personal information held in our web-based services, such as when people place an order or enter, submit, or access their personal information. We offer the use of a secure server.
All supplied sensitive/credit information is transmitted via Secure Socket Layer (SSL) technology and then encrypted into our database only to be accessible by those authorised with special access rights to such systems, and are required to keep the information confidential.
Cookies are small files that a site or its service provider transfers to people’s computer’s hard drive through their Web browser (if they allow) that enables the sites or service providers’ systems to recognise their browser and capture and remember certain information.
Do we disclose any information to outside parties?
We do not sell, trade, or otherwise transfer to outside parties personally identifiable information. This does not include trusted third parties who assist us in operating our website, conducting our business, or servicing our users, so long as those parties agree to keep this information confidential.
We may also release your information when we believe release is appropriate to comply with the law, enforce our site policies, or protect ours or others rights, property, or safety.
Third party links
Occasionally, at our discretion, we may include or offer third party products or services on our website. These third party sites have separate and independent privacy policies. We therefore have no responsibility or liability for the content and activities of these linked sites. Nonetheless, we seek to protect the integrity of our site and welcome any feedback about these sites.
California Online Privacy Protection Act Compliance
Because we value people’s privacy we have taken the necessary precautions to be in compliance with the California Online Privacy Protection Act. We therefore will not distribute personal information to outside parties without the owner’s consent. All users of our site may make any changes to their information at any time by logging into their control panel and going to the ‘Manage your account’ page.
Childrens Online Privacy Protection Act Compliance
We are in compliance with the requirements of COPPA (Children’s Online Privacy Protection Act), we do not collect any information from anyone under 13 years of age. Our website, products and services are all directed to people who are at least 13 years old or older.
Users are able to amend or delete their Personally Identifiable Information (PII) from within their own account, with the exception of their email address which is required to administer the account. On closure of their account, users can request immediate deletion of all of their Personal Information, including their email address, and this will be completed within 7 working days.
Where user a user has requested deletion of their PII data, and that data is shared with a parent organisation, and is material to the continued operational statistics of that organisation (for instance in regard to the performance of a role or service provided by the organisation) such data will be stripped of its PII component and retained only until its utility is no longer required, or for a maximum of 12 years.
For users whose accounts have been set up by a parent organization, requests in respect of deleting PII should be made to the parent organization in the first instance. In the event that personal requests come to Inspirometer directly, we will assist the relevant parent organisation, through appropriate technical and organizational measures, insofar as possible, to fulfill its obligations to respond to requests for Data Subjects seeking to exercise their rights under applicable law.
Where the parent organization has set up accounts and permissions on behalf of their users, it is their responsibility to ensure that those users are fully aware of the appropriate terms and conditions, and of their responsibilities in ensuring GDPR for themselves and their colleagues – particularly in respect of password security and their responsibilities in accessing data pertaining to other users.
Wherever practical, we will assist parent organisations who have established accounts on behalf of their staff to ensure their compliance (and to demonstrate their compliance) with their obligations under applicable law. Where appropriate this will include the support of client sponsored penetration testing.