Beyond Encryption Ltd (“We” / “Us”) are committed to respecting your privacy and the confidentiality of your personal data, usage data and communications content.
References in this notice to "Data Protection Law" mean (as applicable) the Data Protection Act 2018, including the Data Protection Privacy and Electronic Communication addition to this policy (Jan 2021). the UK General Data Protection Regulation (Jan 2021) and all related data protection legislation having effect in the United Kingdom from time to time.
References in this notice to "Personal Data or "Information" include "Sensitive Personal Data" and "Special Categories of Data" (as defined in Our “Data Protection Policy” where applicable).
For the purposes of data protection law, Beyond Encryption Limited (company number 08814096), having its registered office at 1 Gloster Court, Fareham, Hants, PO15 5SH (ICO Registration ZA038105)
In processing your data, we will always comply with our obligations under Data Protection Law. Although you control the release of your information, We may disclose information if required to do so by law or in the good faith belief that such disclosure is reasonably necessary to comply with legal process, enforce our Terms and Conditions or protect the rights, property or safety of Beyond Encryption, its users, or the public.
By submitting your personal information to us you are confirming that all the details provided by you are up to date and accurate at that time. Any changes to your personal information should be updated in your account by contacting firstname.lastname@example.org.
The Information Collected.
Information we collect from you.
When you create an account with us and use our service, we gather and use the following information about you:
- Registration/Identification: When you register for any of our products, we may collect personal identification information (such as your name, mobile number, date of birth postal and email addresses) which is used only to verify your identity and secure your communication. We will also collect electronic identification data such as IP address and cookies. We will also ask you for information regarding the technology required to use the service.
- Marketing: On occasion, we may also ask you for other personal information in connection with surveys or other promotional offers running on our site but your participation in these features is purely voluntary.
If you work for one of our Suppliers, Introducer Affiliates or Partnership Resellers, or other Business Partners, we may collect your contact details, such as name, email address, work address and phone number.
Information we collect about you:
While on our site, we automatically log certain information about how you're using our site. This information may include the URL that you came from (source data), your IP address and the pages you visit while on our site.
When you use our site, one of our applications or access a file sent using our service, the following data about these processes is stored in a database (for technical, support, account recovery and statistical purposes):
- Name of file accessed;
- Date and time of access;
- Senders and recipients email address;
- Information of subject line of the email sent;
- Volume of data transferred;
- Browser type;
- Requesting domain and country of origin of requesting domain;
- Mobile numbers;
- Date of birth;
- Message security questions and answers;
- Notification whether a file was successfully accessed;
- Recipient's mobile number, if messages are secured by SMS.
Information we collect from third parties.
We may engage the services of third-party analytic providers to track and analyse usage and volume statistical information from our users and visitors to our site. We may also place a pixel, termed a tracking pixel, on pages on our site, or those of our partners. This enables us to record in our server logs that a specific user ID has visited a particular page. This data allows us to analyse and determine our User’s behavioural characteristics, which helps us to optimise our site.
We may also use third parties to provide services in connection with sales on our site, such as payment service providers and credit reference agencies and we may receive information about you from them.
What do we process your information for?
If you are a customer our primary purpose in collecting information is to provide you with a safe, efficient, personalised experience. We collect and use personal data relating to you as permitted or necessary to:
- provide the best possible service, delivering relevant content to you when you are on our website and providing a more efficient, customised and seamless experience when using our service;
- verify your identity;
- secure your communications;
- reference your purchase and delivery history, invoice you and manage your account with us;
- provide you with customer support, particularly in the area of account recovery;
- request feedback or participation in online surveys;
- measure, customise and improve the service based on customer and site analytics;
- send you information about our secure email service;
- notify you about changes to our email service;
- organise and carry out other marketing and promotional campaigns and offers about our service;
- protect both your and our interests, including to enforce our Acceptable Use Policy.
If you are a Supplier, Reseller, Introducer Affiliate or other Business Partner:
- to contact you to transact business with your firm or company, including paying you commission or collecting payments due from you, placing orders with you and managing our account with you or your account with us.
Whether you are a Customer, Suppler, Reseller, Introducer Affiliate, or other business partner:
- to keep financial and other records relating to our business and our dealings with you and to comply with our regulatory and legal obligations.
If you have purchased our Services as part of a promotion or discounted rate with a Channel Partner, Network, Partner Reseller or an Affiliate, we may share, your usage data of our Services only, upon request from the relevant organisation.
What are the Legal Grounds for processing your information?
By accepting our terms and conditions in this policy, our End User License Agreement and Acceptable Use Policy, we are processing your data on the following legal grounds:
- you have consented to the processing for the purposes stated above (this may apply where you have applied to register with us and have agreed to receive emails about our promotions and product changes or newsletters);
- if you are a customer, because it is necessary for the performance of the contract between you and us. This includes where you have instructed us to take some pre-contractual steps prior to us formalising the contract.
- the processing is necessary for us to comply with our legal obligations, such as our obligations to keep accounting records and tax records.
- the processing is necessary for providing the Mailock or Unipass Mailock encrypted email service, verifying your identity, securing your communications, and improving our products and services and promoting our business.
You may choose not to provide accurate or complete personal data. In such instances you may not be able to use all the functionalities of our website; where we ask for consent and you chose not to provide it, or you block, disable or delete cookies, we may not be able to provide you with the information or service requested.
How long do we keep your personal information?
We only keep your information for so long as it is reasonably necessary. When setting our data retention periods, we consider the amount, nature, and sensitivity of the information we hold, the potential risk of harm from unauthorised use or disclosure of the information and the purposes for which we process the information (including whether we can achieve those purposes by other means). We also consider our other legal obligations to keep or securely dispose of personal information.
We retain your information for the following periods of time:
- if you are a customer and you have registered to use our service, we will keep your details for as long as you remain a customer, and for six years after you stop being a customer in case of any claims. We are not able to see the content of any message that has been sent, due to the nature of the encryption solution which you have purchased. We do store what is termed the message “meta-data” which will include the content of the “To”, “From” and anything that has been written in the subject line of the message.
- If you have signed up to receive emails from us, we keep your information until you indicate that you no longer want to hear from us;
- if you are a supplier then we keep your information whilst you (or your employer) remain a supplier, and for a reasonable period after that time in case we are likely to contact you again in the future.
If we need to keep your information e.g., if requested by any regulatory authority for a longer period, then we will notify you of the reason and grounds for doing so.
Where we store your information.
We will do everything possible to ensure that the data that we collect from you will be stored at a destination inside the European Economic Area ("EEA"). If there is ever a requirement to transfer your information outside the EEA, this will only be done after obtaining your agreement and we will make sure your data is protected in a manner that is consistent with how your information will be protected by us. In all cases we will ensure that any transfer of your information is compliant with Data Protection Law.
Information Sharing and Disclosure.
We do not give, rent, lend, or sell individual information to any third party for marketing purposes.
Furthermore, we will not disclose any information about individual users, except as described below:
The Beyond Encryption Group: We may disclose information with any member of our group, which means our subsidiaries, our ultimate holding company, and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.
Third Party Service Providers: We may employ the services of third parties to aid us in certain aspects of our operations (such as site analytics, distribution of service announcements, marketing material or Newsletters, user surveys and payment service providers). Depending on the services performed, some of these providers may be provided with user information.
These contractors would be subject to appropriate due diligence focussing on their data processing and data storage management. Any contractor who does not meet the highest standard of data management, including access controls and location of data during their processing of your data will not be approved. When third parties are approved appropriate data protection/sharing and confidentiality agreements are agreed in advance, which limit their use and disclosure of all information they obtain through their relationship with us, consistent with this policy.
Recipients of the secure emails that you send: When you send a secure email using us, your email address, name and the subject line of your email will be shared with your chosen recipient via our services. The content of your email will be encrypted until your intended recipient has either signed-in to their Mailock or Unipass Mailock account and, optionally, answered either a challenge set by you or used an SMS code to verify the sender’s identity. Only then will the content of the email, including attachments be shared with the recipient. It is also possible for your intended recipient to read your secure message by simply answering the challenge you have set without registering for or signing into a Mailock or Unipass Mailock account.
Unipass Identity: Users of Unipass Mailock will be given the option to sign in with their Unipass Identity. An automatic check to see if the recipient holds a Unipass Identity will occur during the sending of all secure email messages. This information will be revealed to the sender of the message so that the appropriate level of challenge can be applied to the email. This ensures the correct and secure handling of the message.
Legal Requests: Beyond Encryption may disclose your personally identifiable information to protect the rights and property of Beyond Encryption as well as to comply with any applicable law or valid legal process. This includes, but is not limited to:
- requests by government agencies: we will disclose any information we have in our possession to law enforcement or government officials in response to any inquiry or investigation or if in our sole discretion, we believe it is necessary or appropriate in connection with any investigation or activity that is or may be illegal or may expose us or you to legal liability.
- Disclosures we are legally required or entitled to make under any enactment, rule of law or by the order of the court. If Beyond Encryption sells any business or assets to a third party, we may disclose your personal information to the prospective purchaser.
Beyond Encryption and its processes are certificated to ISO 27001:2013 International Information Security standard and is committed to protecting your personal information. All information that you provide to us is stored on our secure Microsoft Azure hosted Cloud servers. Access to any personalised area of the site is password-protected for your privacy and security. While we do everything reasonable to protect your personal information Beyond Encryption cannot ensure or warrant the security of any information you transmit to us, and you do so at your own risk.
You are responsible for maintaining the secrecy of your passwords and/or any account information. If your personal information changes, or you need to update your password, you should promptly update your individual account information by logging into the website and updating your account details.
Browser Communications Encryption.
We employ SSL certificates with Extended Validation. This is currently the most secure certificate available. With this certificate more modern browsers are able to use 256-bit encryption and for older browsers it ensures that 128-bit encryption is possible. Click on the lock icon in your browser's status bar to learn more.
Information Security and Firewalls.
Our operational IT security infrastructure is protected by firewalls and malware detection software which meets Cyber Essential Plus requirements.
All your data is securely stored in Microsoft Azure Cloud Storage facilities. Further information on Microsoft’s Cloud Security infrastructure can be found at https://docs.microsoft.com/en-us/azure/security.
Network Intrusion Detection Systems.
Network-based IDS (intrusion detection system) provides 24x7 network monitoring and alerts security personnel to any external attacks on the network.
Cookies are small files that contain a string of characters (text) that are sent to your browser from a website’s server. The cookie may contain a unique identifier, but it does not contain personally identifiable information such as your name or email address. The browser stores the cookie on your computer’s hard drive, and this may be accessed next time you visit the site.
- automatically access your previously stored account information and preferences to deliver a more personalised service.
- provide customer and site analytics so that we can review and optimise the service based on things like usage patterns and audience size.
- initiate security measures such as ‘time out’ when you have been inactive on the site for a period of time
By restricting or blocking cookies this will impact the functionality and your access to our website. Further information can be found at https://www.aboutcookies.org.uk/.
Consent from Children.
If you are aged 16 or under (or under 13 if you are in the United Kingdom), please get your parent/guardian's permission beforehand whenever you want to consent to us using your personal information. Users under this age are too young to consent.
Under Data Protection Law you have the following rights:
- the right to access a copy of all information on you we hold in machine readable format, to allow you to transfer and/or store the information if required. This is called a 'Subject Access Request' (SAR). Additional details on how to exercise this right are set out, below;
- the right to be “erased or forgotten” as per UK General Data Protection Regulation (GDPR) and the removal of all data from our active date base and securely stored as per our data retention time limits.
- the right to object to decisions being made about you by automated means. We do not make automated decisions about you based on your information. We will inform you if your information is subject to automated processing;
- the right to object to us processing your personal information in certain other situations;
- the right, in certain circumstances, to have your information rectified, blocked, erased or destroyed if it is inaccurate; and
- the right, in certain circumstances, to claim compensation for damages caused by us breaching Data Protection Law.
Access to Information.
Under Data Protection Law you can exercise your right of access (SAR) by making a written request to receive copies of the information we hold on you. Details of the process can be found in our Subject Access Request policy (SAR). As part of this process, y must send us proof of your identity, or proof of authority if making the request on behalf of someone else, before we can supply the information to you. Requests should be sent to us using the contact details at the end of this policy below. The information will be sent to you in a machine-readable.
If you are requesting copies of documents, you already possess, we may charge our reasonable administrative costs. We will also be allowed to charge you for our reasonable administrative costs in collating and providing you with details of the requested information which we hold about you if your request is clearly unfounded or excessive. In very limited circumstances, we are also entitled to refuse to comply with your request if it is particularly onerous.
This Policy will be regularly reviewed to incorporate any legislation or regulatory changes. Any changes or updates to the Policy will be published on our website. By accepting this Policy, you confirm your agreement to regularly check the website for updates which are legally binding to you. Some of the provisions contained in this policy may also be superseded by provisions or notices published elsewhere.
Unsubscribing from our Contact List.
We may also send you Service Messages relating to your purchases of Mailock requesting a review of your purchase.
If you sign up for our newsletter, we process your personal data to send you the newsletter which may include marketing and promotional communications and content. If you would rather not receive these marketing and promotional communications there will be a link at the bottom of each newsletter, which will allow you to unsubscribe, or alternatively you can contact us at email@example.com and we will help you.
When you register for any of our Products or licence types, you will select your marketing preferences in your registration journey. You can amend these at any time in your account preferences. lAs indicated above we still have a legal obligation to contact you regarding service, product or policy changes and you will receive these even if you have chosen not to accept any promotional material or our Newsletter.
Deactivating your account.
If you want to change your email address for the delivery of your email subscriptions or unsubscribe contact firstname.lastname@example.org. who, subject to your agreed Terms and Conditions, will guide you through this process and advice you of the notice period required for you to cancel. Please refer also to Section 15 - Term and Termination of your End User Licence Agreement.
For all our policies, click here.