- Service security – technical measures taken to protect Your information.
- Financial information – the handling of credit card payments.
- Confidential information – how private information is used and how it can’t and won’t be used, including Your rights.
- Information about Your access and use of the Service – what “meta” information is collected and how it can and can’t be used.
NIP will only use this information lawfully, in accordance with (i) the General Data Protection Regulation (‘GDPR‘) EU Regulation 2016/679, (ii) the European Union (Withdrawal) Act 2018, which transposed GDPR into UK law (‘UK GDPR‘), (iii) the California Consumer Privacy Act (‘CCPA‘) – together the ‘Data Protection Laws‘ – and (iv) NIP‘s Privacy Impact Assessment and Data Protection Standard Operating Procedure (‘Data Protection SOP‘, which You are entitled to request details about, but where You accept that NIP may provide only extracts that it in its sole discretion deems relevant and appropriate to disclose, i.e. to protect information about NIP‘s business and other customers).
1. Service security
a. Data storage and transmission
All Data and Personal Data is stored securely on cloud servers managed by NIP – more information is available on request.
The Websites through which the Service is provided have SSL/TLS Certificates, so all Data and Personal Data transferred between You and the Service is encrypted. However, You are responsible for ensuring that Your browser supports the encryption security used in connection with the Service.
b. Service access
Access to the Service is only possible with a valid Login and NIP has implemented several additional defensive measures:
- Any attempt to navigate directly to a page when not logged-in results in the login screen being presented.
- Failed login attempts are logged – along with the originating IP address – to a file on the server, which is regularly monitored.
- To mitigate against the risk of malicious attempts to guess a valid Login, the Service deliberately uses ambiguous error messages, regardless of whether the username or password is incorrect (or both).
c. Password security
All passwords associated with Logins are hashed, not known to NIP, and cannot be retrieved by NIP.
a. What are cookies?
A cookie is a small simple file that is sent along with pages of this website and stored on the device(s) You use to access the Service and the Website. The information stored therein may be returned to our servers or to the servers of the relevant third parties during a subsequent visit.
Each cookie expires after a certain period of time, depending on what it is used by NIP for, i.e.:
- To authenticate Your identity, such as confirming whether You are currently logged-in to the Service.
- To improve the Service, by measuring Your usage and tracking referral data.
In more detail, the specific types of cookie are as follows:
– Technical or functional cookies
Some cookies ensure that certain parts of the website work properly and that your user preferences remain known. By placing functional cookies, we make it easier for you to visit our website. This way, you do not need to repeatedly enter the same information when visiting our website and, for example, the items remain in your shopping cart until you have paid. We may place these cookies without your consent.
– Statistics cookies
We use statistics cookies to optimize the website experience for our users. With these statistics cookies we get insights in the usage of our website. We ask your permission to place statistics cookies.
– Marketing/Tracking cookies
Marketing/Tracking cookies are cookies, or any other form of local storage, used to create user profiles to display advertising or to track the user on this website or across several websites for similar marketing purposes.
– Social media
On our website, we have included content from LinkedIn to promote web pages (e.g. “like”, “pin”) or share (e.g. “tweet”) on social networks like LinkedIn. This content is embedded with code derived from LinkedIn and places cookies. This content might store and process certain information for personalized advertising.
Please read the privacy statement of these social networks. LinkedIn is located in the United States.
b. What are scripts?
A script is a piece of program code that is used to make our website function properly and interactively. This code is executed on our server or on your device.
c. What is a web beacon?
A web beacon (or a pixel tag) is a small, invisible piece of text or image on a website that is used to monitor traffic on a website. In order to do this, various data about you is stored using web beacons.
d. Placed cookies
– Manage your consent settings
f. Enabling/disabling and deleting cookies
You can use your internet browser to automatically or manually delete cookies. You can also specify that certain cookies may not be placed. Another option is to change the settings of your internet browser so that you receive a message each time a cookie is placed. For more information about these options, please refer to the instructions in the Help section of your browser.
Please note that our website may not work properly if all cookies are disabled. If you do delete the cookies in your browser, they will be placed again after your consent when you visit our website again.
2. Financial information
3. Confidential Information
Further to the Data Protection Laws, both of The Parties will take all steps as shall from time to time be necessary to protect the Confidential Information of the other.
To provide You with the Service, You grant NIP (and permitted sub-contractors or agents) the rights to:
- Use Personal Data in the creation of Logins for the Purchaser, Administrator and Respondents to access the relevant aspect(s) of the Service;
- Use, copy, transmit, store, and back-up the Data and Personal Data for the purposes of enabling You to access and use the Service;
- Access Personal Data and Data as part of regular management of the Service; and
- Use Personal Data to contact You in connection with Your use of the Service (for the Administrator and Respondents, this will only be by email; the Purchaser may be contacted using other Personal Data they supply should there be an issue with any attempt to make contact with them by email).
However, except as permitted or contemplated hereunder, neither You nor NIP (and permitted sub-contractors or agents) shall at any time, for any reason whatsoever, disclose to any third party (or permit the disclosure of to any third party) the other’s Confidential Information, in whole or part.
This obligation of confidentiality shall not apply to any Confidential Information which shall have come into the public domain without fault on the part of either party or which is disclosed to either party or is known to or recorded by either party prior to it entering into the Agreement.
Otherwise, though, no disclosure shall be made to any third party (other than to permitted sub-contractors or agents) by one party of the other party’s Confidential Information without that other party’s explicit consent, except:
- To any person having a legal right or duty to obtain or require such Confidential Information (e.g. a verified request by law enforcement or other government officials); or
- To any professional adviser, or other third party to whom it is essential that such Confidential Information be disclosed in, or for the purpose of, any legal proceedings or arbitration involving either party to the Agreement, or for normal accounting purposes; or.
- To any person that takes over the business either of the parties to use the Confidential Information on the same basis.
In keeping with Data Protection Laws:
- NIP will inform You within seventy-two (72) hours if we have reason to believe or suspect that any Personal Data or Data has been (or may have been) compromised. NIP will also inform You of the measures taken to remedy the situation and, where applicable, to prevent its recurrence.
- Unless otherwise agreed between The Parties, Personal Data and Data will be retained for a period of twelve (12) months following the completion of an Assessment and then removed and deleted (except as required by law for accountancy purposes).
- You are entitled to request that NIP:
- Grant You access to the Personal Data of Yours that is known to us.
- Confirm to You within 48 hours what Personal Data we hold about You, how it is used, and for what purposes, and optionally provide You with a copy of that data in a convenient format (e.g. CSV).
- Correct, supplement, block or remove Personal Data we hold about You within 48 hours, subject always to:
- There being no overriding regulatory and/or legal and/or contract requirements that prevent us from doing so (and which NIP will inform You of); and
- That NIP may require proof of Your identify for security purposes before proceeding with any request, and the 48 hours for complying with Your request will not commence until NIP is satisfied that Your identity has been verified.
4. Information about Your access and use of the Service
As You access and use the Website and Service, various pieces of “meta” information are collected:
- Information about how You access the Service, including (but not limited to):
- Your originating IP address (from which it may be possible to infer Your geographic location).
- The operating system and browser used.
- Information about Your interaction with the Service, including (but not limited to):
- The source that referred You (e.g. a link on a website or in an email).
- Which pages You access and for how long.
- When You perform actions (such as accessing and submitting an Assessment).
- Information about Your interactions with an Assessment Template in undertaking an Assessment (in particular any scores given, which may be used in conjunction with those from other Respondents to generate unattributable and anonymised summary and benchmarking data, e.g. averages).
To collect this information, NIP may use a combination of (i) third party tracking services that employ cookies and page tags (e.g. Google Analytics), (ii) a web server log file that records each time a device accesses the Website and the Service, and (iii) a management interface to the Service.
NIP (and permitted sub-contractors or agents) uses such information as follows:
- To manage the Service (e.g. your IP address will be included in the password reset email for the Purchaser).
- To better understand our customers’ requirements and usage patterns, such that we can further develop the Service.
- To contribute to aggregate statistics about:
- Use of a particular Assessment Template, either across all Respondents or a specific subset of Respondents as described above (i.e. to produce anonymised summary and benchmarking data, but from which no Respondent or Assessment can be identified).
- The Service – e.g. numbers of users, average time taken to complete an Assessment, etc – which are only indirectly derived from Your use of the Service (along with other users of the Service) and that will never be presented to third parties in a way that can be used to identify You.
5. Contact details
New Information Paradigms
167-169 Great Portland Street