Who are we?
Shadowcat Systems Limited is a software consultancy specialising in open source languages and projects. Shadowcat is based in Lancaster, UK, and is a company registered in England and Wales. Shadowcat operates worldwide usually via electronic communication. Shadowcat primarily works with businesses and only very occasionally with individuals such as sole traders.
Shadowcat Systems Limited is registered with the Information Commissioner’s Office (ICO) as a Data Controller for the processing of Personal Data (A8272029).
What do we collect?
Shadowcat Systems collects only the minimal level of data needed for standard legal processing of financial transactions and data related to contracts, usually between organisations (B2B). Occasionally, due to the nature of email addresses in organisations, we will collect an email address that identifies an individual in that organisation.
Shadowcat also collect social media identification only where:
* It is freely available in the public realm;
* They have been granted specific right to use.
* This ‘availability’, or ‘right to use’ may be from one of the following reasons:
A promotional component of an organisation that we have received;
* An actively shared identification method where it is clear that consent is given to use such;
* A consented method of contact by being freely presented as such by the individual, or in response to an opt-in form that was clearly selected;
* Another lawful method of use identified in Article 6 of the GDPR.
How do we use it?
Information collected by Shadowcat is only used for the standard organisational practices of the company. For the most part this is merely to facilitate communication. At some times we will use information to inform current or previous business customers of any changes within the organisation or to contact them regarding changes to their organisation that is in the public domain.
Shadowcat do not collect information for:
* Any automated processing;
* Unsolicited direct marketing except under consent (Article 6(a)) or legitimate business interest (Article 6(f));
* Automated profiling;
* To share with a 3rd Party.
Shadowcat use a number of methods to ensure that they manage data in a responsible manner. We use a combination of private networks, secure access, logging, monitoring and detection on our services. Shadowcat staff are constantly keeping aware of security changes, best practices and threats and act in a responsible and appropriate manner.
Sharing/Disclosure with 3rd Parties
Shadowcat Systems does not share any personal information with third parties for the purposes of processing or automated profiling. Shadowcat Systems does not share lists or other data for the purposes of direct marketing. Only information necessary for legal processing is shared with our accountants of Meiring Accountants of Hornby.
The rights of any individual whose name, or other data, may be collected in the course of our normal business activities, listed above, will be honoured at all time. You can contact us regarding the exercise, or information relating to, you rights at any time using the information in ‘contact us’ below. These rights include (but may not be limited to):
* Transparency: We will let you know what data we have collected;
* Collection: We will let you know, to the best of ability, where the data was collected from;
* Access: We will let you access the data as long as it does not conflict any other person’s rights, the right to legal processing (Article 6(c)), the rights determined by a private contract (Article 6(b));
* Changes: If you think any of the data we hold is incorrect we will correct such information on your request;
* Deletion: Except where it is required under Article 6(b) and 6(c) we will honour your right to be forgotten and to delete information that you do not wish us to hold;
* Restriction of Processing: You have the right to restrict any processing that you believe is being performed except those required under Article 6(b) and 6(c);
* Communication: We will attempt to keep you apprised of any of your above rights, and to carry out your data rights requests except where the cost of such an action outweighs the data stored or the risk. This does not affect your statutory rights but allows a financial limit to be set so that we cannot be disproportionately affected by any request following the guidance of Recital 13. We will keep you informed of any decisions made and our reasoning and give you the right to submit a reasonable objection to any decision;
* Portability: Wherever possible we will allow you your right to move the data we have on you to another location except where it is commercial data which we have legally obtained and may retain or delete. This does not affect any of your rights;
* Profiling: You have the right to refuse any profiling of data we hold about you;
* Automated Decisions: You have the right to refuse any automated decisions based on information we have on you. You have the right to request decisions are made by a natural person.
3rd Party Sites and Hosted Services
Shadowcat Systems uses a number of third party sites to store information. However very few of them are used to store personally identifiable information.
* Email: Shadowcat maintains its own hosted email service in the UK, the data is not shared.
* IRC: Shadowcat maintains its own hosted IRC systems in the UK, the data is not shared.
* Git: Shadowcat maintains its own hosted Git repositories in the UK, the data is only shared amongst Shadowcat staff. Staff may log in via ssh from any location worldwide but the data is maintained in the UK.
* Virtual Machines (development): Shadowcat maintains its own hosted VMs, the data is only shared amongst Shadowcat staff. Staff may log in via ssh from any location worldwide but the data is maintained in the UK.
* Slack: Shadowcat Systems is a member of a number of Slack teams but does not use Slack for its own purposes so does not share 3rd party information but may be in receipt to information shared to it by a 3rd party. See: https://slack.com/gdpr.
* Google: Shadowcat is an enterprise GSuite customer and therefore uses secure team drives and user management for the storage of cloud data. This data is secured under EU safe Harbour agreements and request is made to store all data in secure locations for full compliance with the EU GDPR. See: https://cloud.google.com/security/gdpr/.
* Github: Shadowcat is a member of a number of community and private Github repositories but does not share personal information on these systems. See: https://blog.github.com/2018-04-19-updates-to-our-privacy-statement-and-terms-of-service/
* Trello: Shadowcat is a member of a number of community and private Trello boards but does not share personal information on these systems. See: https://help.trello.com/article/1118-trello-and-gdpr-our-commitment-to-data-privacy
* Xero: Shadowcat Systems uses Xero for financial transactions. Old information is automatically removed in accordance with UK financial law. See: https://www.xero.com/uk/campaigns/xero-and-gdpr/
* Meiring Accountants: Shadowcat Systems uses Meiring Accountants for all its business accounts processing. Only information required by UK company law is transmitted or shared. See: http://www.meiringaccountants.co.uk/
Shadowcat Systems does not collect information on individuals except in the context of direct business to business relationships. As part of our commitment to changing policies we will be instigating a removal of information policy whereby customers who have passed any legal boundary for the retention of data will be removed from our systems unless they are also a current customer or have specifically requested that we keep their information.
A contacts database may contain data for a period longer than standard legal processing but this is stored in a separate location to any email, business details or other forms of communication. Contacts databases will be regularly purged of old information.
The rights of any data subject will be upheld in accordance with the above statements.
Shadowcat Systems does not hold data in any international location except where identified in the above 3rd party list. These will be regularly maintained in accordance with the Data Retention policy.
How to Contact Us
You can contact Shadowcat Systems on Data Protection by writing to:
Shadowcat Systems Limited
By telephone on (0)1524 64544
By email at firstname.lastname@example.org using the subject line “Data Protection Enquiry”
How to make a complaint
If you are unhappy with how your Personal Data is processed by Shadowcat Systems Limited, you have the right to complain to us using the contact address above. If you remain unhappy, following our response to your complaint, you have the right to lodge a further compliant with our Supervisory Authority, The Information Commissioner’s Office (ICO).
The ICO’s address is:
Information Commissioner’s Office
You can also contact them by telephone on 01625 545 745 or via their website at www.ico.org.uk.
Version 1.2 : 19th May 2021