The i-snapshot Privacy Policy is underpinned by seven principles outlined in the relevant data protection legislation:

1. Lawfulness, fairness and transparency

2. Purpose limitation

3. Data minimisation

4. Accuracy

5. Storage limitation

6. Integrity and confidentiality (security)

7. Accountability

• Data Protection Act 2018

• Privacy and Electronic Communications (EC Directive) Regulations 2003

• The General Data Protection Regulation (GDPR) (EU) 2016/679

In writing: Data Protection, i-snapshot, 3 Startforth Road, Riverside Park, Middlesbrough, TS2 1PT

By email: data.protection@i-snapshot.com

By phone: 01642 939 601

i-snapshot is an enterprise only sales management system, and is only available as part of the whole system and not in isolation and not outside of a corporate contract.

The mobile app is used by applicable employees to record activity for analysis by the reporting engine, this includes employee’s location which records their location in the field when submitting a sales visit using the mobile application. The location is only recorded when a user has initiated an activity submission via the mobile app.

Access to the app and data amongst its employees is controlled and determined by the corporate account holder and is only available as part of the whole system and not in isolation and not outside of a corporate contract.

The data recorded via the app can only be accessed by the corporate account holder and permissioned employees and the users of the app are either employees or contractors and the use of the phone and data is managed through that existing relationship.

"Data Processing Partner" is a term used in data protection legislation to refer to any external data storage platform. The data processing partners utilised by i-snapshot include:

• Microsoft 365

• Amazon Web Services

For a full list of our data processing partners, please request this in writing.

Our data processing partners are required to comply with data protection legislation and provide written assurance of their compliance.

All other data is held on the i-snapshot computer system. We will ensure your data is safe by taking all appropriate technical and organisational measures against its unauthorised or unlawful processing and against its accidental loss, destruction or damage as detailed and maintained in line with ISO 27001.

Our approach, responsibilities, and commitment to information security are set out in our Information Security policy.

Data supplied by the corporate account holder or recorded on their behalf by the applicable employees is solely used within the sales management system, and we will not share any personal data with other individuals or organisations, except in specific circumstances, including:

• When authorised by the corporate account holder.

• If i-snapshot is acquired by another organisation.

• If required by legal authority or to a third party in the context of actual or threatened legal proceedings or if otherwise required to do so by law.

We will retain the data supplied by the corporate account holder or collected on their behalf by applicable employees for the duration of the corporate contract with the corporate account holder.

After termination of this contract, data will be deleted from the sales management system as agreed with the corporate account holder.

Data protection legislation gives you the right to:

• Request in writing and obtain copies of the data held about you by i-snapshot - a statutory fee of £10 is payable prior to the provision of the data.

• Correct or update any such data.

• Request i-snapshot to stop using your data for any purpose where there is no legal requirement for us to do so.

More information about your data protection and privacy rights can be obtained by visiting the Information Commissioner's Office website.

Please contact us if you want to make any changes to the data, we hold on you; how we use it; if you want us to delete it; or if you wish to raise a concern regarding the handling of your data.

You also have the right to lodge a complaint with the Information Commissioner's Office about how we manage your data.

This policy will be reviewed at regular intervals and any changes required by law or organisationally will be made. Changes to the policy will be reflected and noted in the policy wording.

Last Reviewed June 2023