Privacy Notice

CMap Software Limited (CMAP, we, us, our) is a SaaS business providing professional services companies with cloud software which helps them to win more work and deliver it more profitably. Processing customer information is a fundamental part of the service we provide, and we take the privacy of the personal data you entrust us with very seriously.  

This privacy notice explains how we collect, use, and protect your personal data, whether you are a customer, website visitor, or other user of our services. It also outlines your rights under relevant data protection law.

CMap Software Ltd is a registered company in England No. 09732010 at Alderley Park, Congleton Road, Macclesfield, Cheshire, United Kingdom SK10 4TG.

Application of this privacy notice

This Privacy Notice applies to our practices in relation to the collection, storage, usage and disclosure of data that relates to identified or identifiable individuals, who:

• are visitors of our website (Website) www.cmap.io, which is owned and controlled by CMap.  

• Interact with us in relation to our services via our sales and marketing channels (e.g. events, webinars)

This Privacy Notice does NOT apply to the personal data which we collect, use and process on your behalf in the CMap application and any third party applications or software that integrate with the services through it, or any other third party products, services or businesses.

If you are a CMap customer and have any questions about the way in which we collect, use, and protect the personal data of users of the CMAP application and the personal data which they may process on it, please see our Data Processing Agreement.

If you are someone who doesn’t have a relationship with CMAP, but believe that a CMAP subscriber has entered your personal data into our websites or services, you will need to contact that entity for any questions you have about your personal data (including where you want to access, correct, amend, or request that the user delete, your personal data). We do not have access to logs of this.

Data Collection

When you visit our website or interact with us in other ways we collect personal data about in a number of different ways. Where we do this, we will be acting as controller of this personal data. These ways of collecting personal data can be broadly categorised as follows:

Data provided to us directly: When you visit or interact with our website, or engage with our sales and marketing teams in calls, email exchanges or similar during the course of our direct marketing activities we might ask you (or you may provide us with) for your personal data. For example, if you wish to sign up on our website for a demo or requested other information we would need your contact information or other incidental information to allow us to understand your use case, respond to any questions you may have, offer you support and/or to set you up with a demo account. We may also record phone calls or online meetings with our sales and marketing team or support/customer success team for the purpose of tracking, analysing in order for us to make improvements to our services.  

Data Automatically Collected: When you visit or interact with our website and certain other marketing materials we send to you we may collect or record certain technical data about you automatically such as:  

• IP address and device type

• address of the web page visited before using the website or services,  

• browser type, settings and plugins  

• language preferences

We also collect information when you navigate through our websites, including which pages you’ve looked at and which links you’ve clicked. Some of this is done through the use of our own cookies and other tracking technology and some via the use of third-party services. If you want to find out more about the types of technology we use, why, and how to control you can find it in our Cookie Policy.

For more details about how we use these technologies, please refer to our Cookie Policy.

Data received from Third Parties: We may receive personal data from third parties, if for example, you have attended webinars or other events which have been organised by other organisations. We also make use of information which is available publicly or otherwise has a right to share personal data with us, for example, social media sites such as LinkedIn. We use this information to supplement the personal data we already hold about you, in order to better inform, personalise and improve our services, to validate the personal data you provide and to offer you services which we believe will be of interest to you.

Where we collect personal data we will only process it:

• to perform a contract with you, or

• where we have legitimate interests to process the personal data which are not overridden by your rights, or

• in accordance with a legal obligation, or 

• where we have your consent.

If we don’t collect your personal data, we may be unable to provide you with all our services, and some functions and features on our websites may not be available to you. 

The personal data we may collect will included:

Full name, company name, job title, telephone, email, social media links (LinkedIn etc).

How we use personal data

In the context of the personal data which this Privacy Notice relates to, we use it in connection with managing our relationship with customers, potential customers and other interested stakeholders through marketing campaign updates, direct marketing activities, servicing newsletter sign-ups and demo requests, responding to enquiries for information or support, and soliciting and receiving feedback.

The information is either needed to fulfil your request, to carry out business development activities & direct marketing campaigns, or to enable us to provide you with a more personalised service. You don't have to disclose any of this information to browse our sites.

Our marketing

We process your personal data to provide you with information about our software or services that you have requested or are expecting. We may send information to you when you have not directly requested it, this only occurs when we have identified you as being of potential interest to the services we offer. In any circumstance, our interests do not override your rights and you are free to unsubscribe from our marketing and also have your data deleted.

As our software is only sold and used business-to-business, we are governed by specific legislation in regard to direct marketing activities.  They are the Privacy and Electronic Communications (EC Directive) Regulations 2003 (UK), CAN-SPAM (USA) and European Directive 2002/58/EC (EU), commonly known as the "e-privacy Directive".

If you would like to change the way you hear from us or no longer wish to receive direct marketing communications from us then use the contact form on our Contact Us page, reply directly to any marketing emails you have received, click "unsubscribe", or inform us during any telephone conversations.

We will only process your data when there is a lawful basis for doing so. The below explains in detail the purpose for the processing along with the lawful basis for this processing activity:

‍

To enable us to operate and provide our services

• Performance of a Contract (where applicable)

Enhance our security measures and detect for illegal activity

• Legal Obligations

• Legitimate Interests

Publicise and market our services to prospects

• Legitimate Interests

• Consent (where applicate)

To improve our content and services to ensure they remain relevant and current

• Legitimate Interests

‍

International Data Transfers

When we share data, it may be transferred to, and processed in, countries other than the country you live in – such as to the United States, where we have a subsidiary company. These countries generally have laws different to those of your home country, but where we disclose personal data to a third party in another country, we put safeguards in place to ensure your personal data remains protected.

For individuals in the United Kingdom (UK) or European Economic Area (EEA), this means that your data may be transferred outside of the UK or EEA. Where this is done, it will only be transferred to countries that have been deemed by the respective data protection authorities as providing adequate protection for its citizens’ personal data, or to a third party where we have approved transfer mechanisms in place to protect your personal data, for example, Standard Contractual Clauses or an International Data Transfer Agreement to safeguard the relevant transfers.

‍

Data Retention

We will only retain your personal data for as long as is reasonably necessary for us to maintain our relationship with you and provide our services. Data will be held for a period which is either defined under legislation or based on our own business needs assessment.  

If you request that we have no further contact with you, we will keep some basic information to avoid sending you unwanted materials in the future in order to comply with your request.

‍

Sharing Personal Data

We will never sell or rent personal data to other organisations.

We may share personal data with third parties when obliged to by law, for purposes of national security, taxation and criminal investigations and in the following circumstances:

• If you have agreed that we may do so.

• When we use other companies to provide services on our behalf, e.g. hosting, IT support, answering customers’ questions about products or services, sending mail and emails, customer analysis, assessment and profiling, when using auditors/advisors or processing credit/debit card payments.

• If we receive a complaint about any content you have posted or transmitted to or from one of our sites, to enforce or apply our Terms & Conditions or if we believe that we need to do so to protect and defend our rights, property or the personal safety or rights of our staff, customers or visitors and for other lawful purposes.

• If we merge with, or are acquired by another organisation to form a new entity, information may be transferred to the new entity and may also be shared with that actual or potential buyer (and its agents and advisors) in connection with the sale / acquisition process.

• We may disclose aggregate statistics about our site visitors, supporters, customers and sales to describe our services and operations to prospective partners, advertisers and other reputable third parties and for other lawful purposes, but these statistics won’t include any personally identifying information.

• If we run an event in partnership with other named organisations your details may need to be shared. We will be very clear what will happen to your data when you register and only share the data required in support of such event.

• We may disclose your data with our subsidiaries and affiliated companies.

‍

How we secure your personal data

We take the security of all the data that we collect, hold and process very seriously. We implement appropriate technical and organisational measures to safeguard your personal data against unauthorised access, loss, or misuse. These include encryption, access controls, and regular security audits. To help demonstrate this commitment our information security systems are accredited to the internationally recognised standards of ISO27001 and the UK’s National Cyber Security Centre’s Cyber Essential Plus.

To find out more about our approach to data security, visit our Data & Security page.

‍

Communications

Marketing

We may contact you with direct marketing communications to demonstrate how our services can support you.  

Service Changes

We may choose to contact you in relation to any changes to our services or terms.

Opting Out

If you would like to opt out to any of our communications, then you can notify us at any point using the contact details below or clicking the “Unsubscribe” link in our emails.

‍

What are your rights?

You can exercise your rights under applicable laws by contacting us using the contact details below.

We may require additional details to confirm your identity before we are able to act on any instructions. We will let you know if this is the case.

Some of your rights include:

• Transparency over how we use your personal information (right to be informed).

• Request a copy of the information we hold about you (right of access).

• Update or amend the information we hold about you if it is wrong (right of rectification).

• Ask us to stop using your information (right to restrict processing).

• Ask us to remove your personal information from our records (right to be 'forgotten').

• Object to the processing of your information for marketing purposes (right to object).

• Obtain and reuse your personal data for your own purposes (right to data portability).

• Not be subject to a decision when it is based on automated processing (automated decision making and profiling).

If you would like to know more about your rights under the data protection law, see the Information Commissioner’s Office website.

‍

Remember, you can change the way you hear from us or withdraw your permission for us to processing your personal data at any time by using the form on our Contact Us page or via the details listed under 'How to contact Us'.

Updates and amendments

We may make updates to this notice over time. The current version will be published on our website and is effective from the published date.

Previous privacy notice

October 2022

‍

If you wish to talk through anything in our privacy notice, find out more about your rights or obtain a copy of the information we hold about you, please contact us via the following methods:

How to contact us

• By telephone:  (UK) +44(0)1625 446 034
• By email: privacy@cmap-software.com

CMap Software HQ - EMEA Enquiries

‍Alderley Park, Congleton Road

Macclesfield, Cheshire

United Kingdom SK10 4TG

Please note that calls may be monitored or recorded.

If you are not satisfied with our response, or believe we are not processing your personal data in accordance with the law; you can contact the Information Commissioner’s Office (ICO):

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Tel: +44 (0) 303 123 1113