Privacy Policy
Introduction
Beyond Encryption Ltd (“We” / “Us”) are committed to respecting your privacy and the confidentiality of your personal data, usage data and communications content.
This Privacy Policy, together with our ‘Acceptable Use Policy and End User Licence Agreement, all found on our “Website” www.beyondencryption.com, and any other documents referred to therein, sets out the basis on which any personal data We collect from you, or that you provide to Us, will be processed by Us. Please read the following carefully to understand our views and practices regarding your personal data and how We will treat it. By visiting the “Website” you are accepting and consenting to the practices described in this policy.
References in this notice to "Data Protection Law" mean (as applicable) the Data Protection Act 2018, including the Data Protection Privacy and Electronic Communication addition to this policy (Jan 2021). the UK General Data Protection Regulation (Jan 2021) and all related data protection legislation having effect in the United Kingdom from time to time.
References in this notice to "Personal Data or "Information" include "Sensitive Personal Data" and "Special Categories of Data" (as defined in Our “Data Protection Policy” where applicable).
For the purposes of data protection law, Beyond Encryption Limited (company number 08814096), having its registered office at 1 Gloster Court, Fareham, Hants, PO15 5SH (ICO Registration ZA038105)
General Information.
This Privacy Policy sets out our current data processing practices including types of information we hold, the reasons for holding this information and the time the information is held. If you have any queries or concerns regarding these practices, please contact the Quality and Compliance Manager at Beyond Encryption.
In processing your data, we will always comply with our obligations under Data Protection Law. Although you control the release of your information, We may disclose information if required to do so by law or in the good faith belief that such disclosure is reasonably necessary to comply with legal process, enforce our Terms and Conditions or protect the rights, property or safety of Beyond Encryption, its users, or the public.
By submitting your personal information to us you are confirming that all the details provided by you are up to date and accurate at that time. Any changes to your personal information should be updated in your account by contacting salessupport@beyondencryption.com.
The Information Collected.
Information we collect from you.
When you create an account with us and use our service, we gather and use the following information about you:
- Registration/Identification: When you register for any of our products, we may collect personal identification information (such as your name, mobile number, date of birth postal and email addresses) which is used only to verify your identity and secure your communication. We will also collect electronic identification data such as IP address and cookies. We will also ask you for information regarding the technology required to use the service.
- Marketing: On occasion, we may also ask you for other personal information in connection with surveys or other promotional offers running on our site but your participation in these features is purely voluntary.
If you work for one of our Suppliers, Introducer Affiliates or Partnership Resellers, or other Business Partners, we may collect your contact details, such as name, email address, work address and phone number.
Information we collect about you:
While on our site, we automatically log certain information about how you're using our site. This information may include the URL that you came from (source data), your IP address and the pages you visit while on our site.
When you use our site, one of our applications or access a file sent using our service, the following data about these processes is stored in a database (for technical, support, account recovery and statistical purposes):
- Name of file accessed;
- Date and time of access;
- Senders and recipients email address;
- Information of subject line of the email sent;
- Volume of data transferred;
- Browser type;
- Requesting domain and country of origin of requesting domain;
- Mobile numbers;
- Date of birth;
- Message security questions and answers;
- Notification whether a file was successfully accessed;
- Recipient's mobile number, if messages are secured by SMS.
Information we collect from third parties.
We may engage the services of third-party analytic providers to track and analyse usage and volume statistical information from our users and visitors to our site. We may also place a pixel, termed a tracking pixel, on pages on our site, or those of our partners. This enables us to record in our server logs that a specific user ID has visited a particular page. This data allows us to analyse and determine our User’s behavioural characteristics, which helps us to optimise our site.
We may also use third parties to provide services in connection with sales on our site, such as payment service providers and credit reference agencies and we may receive information about you from them.
What do we process your information for?
If you are a customer our primary purpose in collecting information is to provide you with a safe, efficient, personalised experience. We collect and use personal data relating to you as permitted or necessary to:
- provide the best possible service, delivering relevant content to you when you are on our website and providing a more efficient, customised and seamless experience when using our service;
- verify your identity;
- secure your communications;
- reference your purchase and delivery history, invoice you and manage your account with us;
- provide you with customer support, particularly in the area of account recovery;
- inform you about service updates, faults and changes to our terms of use and privacy policy;
- request feedback or participation in online surveys;
- measure, customise and improve the service based on customer and site analytics;
- send you information about our secure email service;
- notify you about changes to our email service;
- organise and carry out other marketing and promotional campaigns and offers about our service;
- protect both your and our interests, including to enforce our Acceptable Use Policy.
If you are a user of our Mailock services, we may also use your email address and meta data relating to your emails sent using our services to generate and maintain an identity confidence score (an Assure Score) which is then associated with your email address by Mailock. We may continue to maintain the Assure Score associated with your email address even after you have cancelled your account with us. We may share the Assure Score with third party service providers when you apply for services from them, in order to assist those service providers to verify your identity and make it easier for you to apply for such services seamlessly. See further below for information on who we share personal data with.
If you are a Supplier, Reseller, Introducer Affiliate or other Business Partner:
- to contact you to transact business with your firm or company, including paying you commission or collecting payments due from you, placing orders with you and managing our account with you or your account with us.
Whether you are a Customer, Suppler, Reseller, Introducer Affiliate, or other business partner:
- to keep financial and other records relating to our business and our dealings with you and to comply with our regulatory and legal obligations.
If you have purchased our Services as part of a promotion or discounted rate with a Channel Partner, Network, Partner Reseller or an Affiliate, we may share, your usage data of our Services only, upon request from the relevant organisation.
What are the Legal Grounds for processing your information?
By accepting our terms and conditions in this policy, our End User License Agreement and Acceptable Use Policy, we are processing your data on the following legal grounds:
- you have consented to the processing for the purposes stated above (this may apply where you have applied to register with us and have agreed to receive emails about our promotions and product changes or newsletters);
- if you are a customer, because it is necessary for the performance of the contract between you and us. This includes where you have instructed us to take some pre-contractual steps prior to us formalising the contract.
- the processing is necessary for us to comply with our legal obligations, such as our obligations to keep accounting records and tax records.
- the processing is necessary for us to pursue our legitimate interests, having regard to your rights and freedoms. Processing that is carried out on this legal ground includes providing the Mailock encrypted email service, verifying your identity, creating an Assure Score, securing your communications, enabling us to recover and verify your account, improving our products and services and promoting our business.
Statutory/Contractual Requirement
You may choose not to provide accurate or complete personal data. In such instances you may not be able to use all the functionalities of our website; where we ask for consent and you chose not to provide it, or you block, disable or delete cookies, we may not be able to provide you with the information or service requested.
How long do we keep your personal information?
We only keep your information for so long as it is reasonably necessary. When setting our data retention periods, we consider the amount, nature, and sensitivity of the information we hold, the potential risk of harm from unauthorised use or disclosure of the information and the purposes for which we process the information (including whether we can achieve those purposes by other means). We also consider our other legal obligations to keep or securely dispose of personal information.
We retain your information for the following periods of time:
- If you are a customer and cancel your account with us your payment details are removed 10 days after the subscription is cancelled. Your business and contact details will be retained in case there are any future claims or queries.
- All email messages are set with an expiry date which depending on the type of account is normally 365 days after the message is sent. On expiry, the message data we store will be moved to our secure archive store where it will remain, encrypted, for 10 years after which time it will be permanently deleted. We are not able to see the content of any message that has been sent, due to the nature of the encryption solution which you have purchased. We do store what is termed the message “meta-data” which will include the email addresses as part of the content of the “To”, “From” and anything that has been written in the subject line of the message.
- If you have signed up to receive emails from us, we keep your information until you indicate that you no longer want to hear from us.
- If you are a supplier then we keep your information whilst you (or your employer) remain a supplier, and for a reasonable period after that time in case we are likely to contact you again in the future.
If we need to keep your information e.g., if requested by any regulatory authority for a longer period, then we will notify you of the reason and grounds for doing so.
Where we store your information.
We will do everything possible to ensure that the data that we collect from you will be stored at a destination inside the European Economic Area ("EEA"). If there is ever a requirement to transfer your information outside the EEA, this will only be done after obtaining your agreement and we will make sure your data is protected in a manner that is consistent with how your information will be protected by us. In all cases we will ensure that any transfer of your information is compliant with Data Protection Law.
By submitting your personal data, you agree to this storing or processing. We will take all reasonable steps to ensure that your data is treated securely and in accordance with this Privacy Policy.
Information Sharing and Disclosure.
We do not give, rent, lend, or sell individual information to any third party for marketing purposes.
Furthermore, we will not disclose any information about individual users, except as described below:
The Beyond Encryption Group: We may disclose information with any member of our group, which means our subsidiaries, our ultimate holding company, and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.
Third Party Service Providers: We may employ the services of third parties to aid us in certain aspects of our operations (such as site analytics, distribution of service announcements, marketing material or Newsletters, user surveys and payment service providers). Depending on the services performed, some of these providers may be provided with user information.
These contractors would be subject to appropriate due diligence focussing on their data processing and data storage management. Any contractor who does not meet the highest standard of data management, including access controls and location of data during their processing of your data will not be approved. When third parties are approved appropriate data protection/sharing and confidentiality agreements are agreed in advance, which limit their use and disclosure of all information they obtain through their relationship with us, consistent with this policy.
Unless you, as a user object we may share your Assure Score with third party service providers to assist such third-party service providers to verify your identity by reference to your email address but only on their request and they be required to inform you of this prior to requesting your Assure Score from us. See above for more information about the purpose of Assure Scores.
If you have purchased our Services as part of a promotion or discounted rate with a Channel Partner, Network, Partner Reseller or an Affiliate, we may share, your usage data of our Services only, upon request from the relevant organisation.
Recipients of the secure emails that you send: When you send a secure email using us, your email address, name and the subject line of your email will be shared with your chosen recipient via our services. The content of your email will be encrypted until your intended recipient has either signed-in to their Mailock account and, optionally, answered either a challenge set by you or used an SMS code to verify the sender’s identity. Only then will the content of the email, including attachments be shared with the recipient. It is also possible for your intended recipient to read your secure message by simply answering the challenge you have set without registering for or signing into a Mailock account.
Unipass Identity: Users of Mailock will be given the option to sign in with their Unipass Identity. If the Trust Unipass option is enabled, an automatic check to see if the recipient holds a Unipass Identity that has been linked to a Mailock account occurs during the sending of all secure email messages. This information will be revealed to the sender of the message so that the appropriate level of challenge can be applied to the email. This ensures the correct and secure handling of the message.
Legal Requests: Beyond Encryption may disclose your personally identifiable information to protect the rights and property of Beyond Encryption as well as to comply with any applicable law or valid legal process. This includes, but is not limited to:
- requests by government agencies: we will disclose any information we have in our possession to law enforcement or government officials in response to any inquiry or investigation or if in our sole discretion, we believe it is necessary or appropriate in connection with any investigation or activity that is or may be illegal or may expose us or you to legal liability.
- Disclosures we are legally required or entitled to make under any enactment, rule of law or by the order of the court. If Beyond Encryption sells any business or assets to a third party, we may disclose your personal information to the prospective purchaser.
Security.
Beyond Encryption and its processes are certificated to ISO 27001:2013 International Information Security standard and is committed to protecting your personal information. All information that you provide to us is stored on our secure Microsoft Azure hosted Cloud servers. Access to any personalised area of the site is password-protected for your privacy and security. While we do everything reasonable to protect your personal information Beyond Encryption cannot ensure or warrant the security of any information you transmit to us, and you do so at your own risk.
You are responsible for maintaining the secrecy of your passwords and/or any account information. If your personal information changes, or you need to update your password, you should promptly update your individual account information by logging into the website and updating your account details.
Browser Communications Encryption.
We employ SSL certificates with Extended Validation. This is currently the most secure certificate available. With this certificate more modern browsers are able to use 256-bit encryption and for older browsers it ensures that 128-bit encryption is possible. Click on the lock icon in your browser's status bar to learn more.
Information Security and Firewalls.
Our operational IT security infrastructure is protected by firewalls and malware detection software which meets Cyber Essential Plus requirements.
Data.
All your data is securely stored in Microsoft Azure Cloud Storage facilities. Further information on Microsoft’s Cloud Security infrastructure can be found at https://learn.microsoft.com/en-us/azure/security/.
Network Intrusion Detection Systems.
Network-based IDS (intrusion detection system) provides 24x7 network monitoring and alerts security personnel to any external attacks on the network.
Use of Cookies.
Cookies are small files that contain a string of characters (text) that are sent to your browser from a website’s server. The cookie may contain a unique identifier, but it does not contain personally identifiable information such as your name or email address. The browser stores the cookie on your computer’s hard drive, and this may be accessed next time you visit the site.
The Beyond Encryption website uses cookies to improve user experience. By using our website, you consent to all cookies in accordance with this policy. You can accept the notice which removes the banner, but cookies are saved regardless. You are unable to sign in to Mailock if cookies have been disabled.
We use cookies for a variety of purposes, including to:
- automatically access your previously stored account information and preferences to deliver a more personalised service.
- provide customer and site analytics so that we can review and optimise the service based on things like usage patterns and audience size.
- initiate security measures such as ‘time out’ when you have been inactive on the site for a period of time
By restricting or blocking cookies this will impact the functionality and your access to our website. Further information can be found at https://www.aboutcookies.org.uk/.
For further details on the cookies, we use and for what purpose, please refer to our Cookie Policy which is available at www.beyondencryption.com/cookie-policy
Consent from Children.
If you are aged 16 or under (or under 13 if you are in the United Kingdom), please get your parent/guardian's permission beforehand whenever you want to consent to us using your personal information. Users under this age are too young to consent.
Your Rights.
Under Data Protection Law you have the following rights:
- the right to access a copy of all information on you we hold in machine readable format, to allow you to transfer and/or store the information if required. This is called a 'Subject Access Request' (SAR). Additional details on how to exercise this right are set out, below;
- the right to be “erased or forgotten” as per UK General Data Protection Regulation (GDPR) and the removal of all data from our active date base and securely stored as per our data retention time limits.
- the right to prevent us processing your information for direct marketing purposes. We will inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent to prevent such processing by contacting us using the details set out at the end of this Privacy Policy;
- the right to object to decisions being made about you by automated means. We do not make automated decisions about you based on your information. We will inform you if your information is subject to automated processing;
- the right to object to us processing your personal information in certain other situations;
- the right, in certain circumstances, to have your information rectified, blocked, erased or destroyed if it is inaccurate; and
- the right, in certain circumstances, to claim compensation for damages caused by us breaching Data Protection Law.
You also have the general right to complain to us (in the first instance) and to the Information Commissioner's Office (if you are not satisfied by our response) if you have any concerns about how we hold and process your information. Our contact details are set out at the end of this privacy policy, below. The Information Commissioner's Office website is https://ico.org.uk/.
For further information on your rights under data protection law and how to exercise them, you can contact Citizens Advice Bureau or the Information Commissioner's Office (https://ico.org.uk/).
Access to Information.
Under Data Protection Law you can exercise your right of access (SAR) by making a written request to receive copies of the information we hold on you. Details of the process can be found in our Subject Access Request policy (SAR). As part of this process, y must send us proof of your identity, or proof of authority if making the request on behalf of someone else, before we can supply the information to you. Requests should be sent to us using the contact details at the end of this policy below. The information will be sent to you in a machine-readable.
If you are requesting copies of documents, you already possess, we may charge our reasonable administrative costs. We will also be allowed to charge you for our reasonable administrative costs in collating and providing you with details of the requested information which we hold about you if your request is clearly unfounded or excessive. In very limited circumstances, we are also entitled to refuse to comply with your request if it is particularly onerous.
Policy Review.
This Policy will be regularly reviewed to incorporate any legislation or regulatory changes. Any changes or updates to the Policy will be published on our website. By accepting this Policy, you confirm your agreement to regularly check the website for updates which are legally binding to you. Some of the provisions contained in this policy may also be superseded by provisions or notices published elsewhere.
Unsubscribing from our Contact List.
If you register with Beyond Encryption or sign up for or buy any of our products or Services from Us, we will send you information about our products and services. This will include communications relevant to the registration or account management process, use of the service and information about service updates, faults or changes to your End User License Agreement, our Privacy Policy or Acceptable Use Policy. This is a legal obligation and opting out of such emails is not possible.
We may also send you Service Messages relating to your purchases of Mailock requesting a review of your purchase.
If you sign up for our newsletter, we process your personal data to send you the newsletter which may include marketing and promotional communications and content. If you would rather not receive these marketing and promotional communications there will be a link at the bottom of each newsletter, which will allow you to unsubscribe, or alternatively you can contact us at salessupport@beyondencryption.com and we will help you.
When you register for any of our Products or licence types, you will select your marketing preferences in your registration journey. You can amend these at any time in your account preferences. lAs indicated above we still have a legal obligation to contact you regarding service, product or policy changes and you will receive these even if you have chosen not to accept any promotional material or our Newsletter.
Deactivating your account.
If you want to change your email address for the delivery of your email subscriptions or unsubscribe contact salessupport@beyondencryption.com. who, subject to your agreed Terms and Conditions, will guide you through this process and advise you of the notice period required for you to cancel. Please refer also to Section 15 - Term and Termination of your End User Licence Agreement.
For all our policies, click here.