Privacy Policy – Codeego Website and Services

This Policy applies to the processing of personal data in the following contexts:

• Use of the Website for informational, marketing and commercial purposes, including enquiries and pre-contractual communications; and
• Where applicable, the creation and administration of user accounts, the purchase of products or services, and access to and use of Codeego products or services made available via the Website (the “Services”).

Certain processing activities relating to the Services may be governed by additional contractual documentation, terms of service or supplemental privacy information provided at the point of purchase or use. In the event of any inconsistency, such documentation shall prevail in respect of the relevant Services.

The data controller responsible for the processing of personal data in connection with the Website and the Services is:

Where third-party service providers are engaged in connection with the Website or the Services, including payment service providers or infrastructure providers, such providers act either as independent data controllers or as processors in accordance with applicable contractual arrangements and data protection law.

Codeego may collect personal data where you voluntarily provide it through your use of the Website, where you create or use an account in connection with the Services, or where you otherwise contact us in a business-to-business context, including by submitting enquiries or requesting information.

The categories of personal data that may be processed in connection with the Website and the Services are limited to the following:

• Identity Data: name, surname, professional role or job title.
• Contact Data: business email address, company name, telephone number (where provided), and the content of any messages, enquiries or communications submitted via the Website or the Services.
• Marketing and Communications Data: marketing preferences, consent records, and correspondence with Codeego.
• Technical Data: internet protocol (IP) address, browser type and version, device and operating system information, and other technical data necessary for the operation, security and administration of the Website and the Services.
• Account Data: user identifiers, login credentials, authentication information and account settings associated with a user account.
• Transactional Data: records of purchases, billing information, invoices, payment status and related transaction identifiers. Payment card details are processed by third-party payment service providers and are not stored by Codeego.
• Usage Data: records relating to access to and use of the Services, including timestamps, feature interaction data, system logs and support-related communications.

The provision of personal data is voluntary. However, where certain personal data is required to create an account, process a purchase, or provide the Services or requested information, failure to provide such data may result in Codeego being unable to do so.

Codeego processes personal data in connection with the Website and the Services for the following purposes:

Website and commercial communications

• to respond to enquiries, requests for information and other communications submitted via the Website;
• to manage pre-contractual discussions and business-to-business commercial communications;
• to provide information relating to Codeego products and services where requested;
• to carry out business-to-business marketing activities, where such processing is permitted by applicable law and, where required, based on consent;
• to operate, maintain and improve the Website, including monitoring its performance, security and usage;

Provision of the Services

• to create, administer and manage user accounts;
• to process purchases, payments and subscriptions and to administer billing and invoicing;
• to provide access to, operate and maintain the Services;
• to provide customer support, service communications and incident management; and
• to enforce applicable terms and conditions and to manage contractual relationships;

Legal and compliance purposes

• to comply with applicable legal, regulatory and compliance obligations.

Codeego processes personal data in connection with the Website and the Services on the basis of one or more of the following lawful grounds under UK data protection law:

• Consent, where this is required under applicable law, including in relation to certain marketing communications;
• Performance of a contract, where processing is necessary to enter into or perform a contract with you, including to create and manage user accounts, process payments and subscriptions, and provide access to the Services;
• Legitimate interests, pursued by Codeego in managing and developing business-to-business relationships, responding to enquiries, operating and improving the Website, and promoting its products and services, except where such interests are overridden by the interests or fundamental rights and freedoms of data subjects; and
• Legal obligations, where processing is necessary for compliance with applicable legal or regulatory requirements.

The valuation outputs and reports generated by the Services are produced through analytical processes that include automated components. These outputs relate to companies, assets or other commercial subject matter, and not to the data subjects whose personal data is processed under this Policy (who are business contacts of Codeego’s customers and prospective customers). Accordingly, the Services do not produce decisions that have legal or similarly significant effects on data subjects within the meaning of Article 22 of the UK GDPR.

Codeego may disclose personal data processed in connection with the Website and the Services to the following categories of recipients:

• third-party service providers engaged by Codeego in connection with the Website or the Services, including providers of hosting, information technology, analytics, communication and payment processing services, who act either as processors on Codeego’s behalf or as independent data controllers, as applicable, and who process personal data in accordance with applicable contractual arrangements and data protection law; and
• competent public authorities, regulators or law enforcement bodies, where disclosure is required by applicable law or a valid legal request.

Codeego does not sell, rent or otherwise commercially exploit personal data processed in connection with the Website or the Services.

The categories of third-party service providers currently engaged by Codeego include providers of cloud infrastructure and hosting, payment processing, email and business communications, analytics, and customer support tooling. A current list of named sub-processors is available at www.codeego.com/sub-processors.

Personal data will be retained only for as long as is necessary to fulfil the purposes for which it is processed, as described in this Policy, including the duration of any pre-contractual, commercial or contractual relationship, and thereafter for such periods as are required or permitted under applicable legal, accounting or regulatory obligations. Where processing is based on consent, personal data will be retained until such consent is withdrawn, unless a longer retention period is required by law.

Personal data relating to user accounts, Services usage and transactions will be retained for the duration of the contractual relationship and thereafter in accordance with applicable statutory retention requirements and limitation periods.

By way of indication: account and contractual data is retained for the duration of the contractual relationship and for six (6) years thereafter, in line with UK statutory limitation periods; transactional and billing records are retained for six (6) years from the end of the relevant accounting period to meet UK tax and accounting obligations; marketing preferences and consent records are retained until consent is withdrawn or the contact has been inactive for twenty-four (24) consecutive months; and support communications are retained for twenty-four (24) months from resolution of the relevant matter.

Where personal data is transferred outside the United Kingdom or the European Economic Area, Codeego ensures that such transfers are subject to appropriate safeguards in accordance with applicable data protection laws, including, where relevant, adequacy regulations and the use of standard contractual clauses or other approved transfer mechanisms.

Codeego implements appropriate technical and organisational measures designed to protect personal data processed in connection with the Website and the Services against unauthorised or unlawful processing and against accidental loss, destruction or damage.

While no system can guarantee absolute security, Codeego regularly reviews and updates its security measures taking into account technological developments, risk assessments and applicable regulatory requirements.

The technical and organisational measures applied by Codeego include encryption of data in transit using TLS, encryption of data at rest, role-based access controls and audited authentication, network segmentation and logging, and continuous security monitoring. Source code submitted to the Services is processed in isolated environments under a zero-trust access model further described on the Codeego website.

Subject to applicable data protection law, you have the right to request access to your personal data and to request rectification, erasure or restriction of processing, or to object to the processing of your personal data. Where processing is based on consent, you also have the right to withdraw that consent at any time, without affecting the lawfulness of processing carried out prior to withdrawal.

Where applicable, you also have the right to request the portability of your personal data.

Requests to exercise your rights may be submitted by contacting Codeego’s Data Protection Officer at dpo@codeego.com.

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the United Kingdom supervisory authority for data protection matters.

Please note that certain rights may be limited where personal data is required to perform a contract or to comply with applicable legal obligations.

The Website and the Services are intended for use by business users and are not directed at children. Codeego does not knowingly collect personal data relating to children in connection with the Website or the Services.

The Website and the Services may contain links to third-party websites or online resources provided for convenience or informational purposes. Codeego has no control over, and accepts no responsibility for, the content, availability, security or privacy practices of such third-party websites or resources.

Any personal data collected by third-party websites or resources will be processed in accordance with their own privacy policies and terms, and not this Policy.

Codeego may update this Policy from time to time to reflect changes in legal, regulatory or operational requirements relating to the Website or the Services. Any updates will be published on the Website, and the most current version of this Policy will always be made available there.

If you have any questions regarding this Policy or the processing of personal data by Codeego in connection with the Website or the Services, you may contact Codeego’s Data Protection Officer at dpo@codeego.com.