Data Privacy Policy In compliance with the General Data Protection Regulation (GDPR)

1. Introduction and Overview

MIC My Inventory Clerk ('we', 'us', 'our', or 'the Company') is committed to protecting and respecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website www.myinventoryclerk.co.uk and use our inventory management services.

This Privacy Policy has been developed in accordance with the General Data Protection Regulation (EU) 2016/679 ('GDPR'), the UK GDPR, the Data Protection Act 2018, and other applicable data protection legislation. As a data controller, we take our responsibilities seriously and have implemented comprehensive measures to ensure that your personal data is processed lawfully, fairly, and transparently.

Please read this Privacy Policy carefully to understand our views and practices regarding your personal data and how we will treat it. By accessing or using our website and services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use our website or services.

1.1 Purpose and Scope

This Privacy Policy applies to all personal data processed by MIC My Inventory Clerk through our website, mobile applications, software platforms, and any related services, sales, marketing, or events (collectively, the 'Services'). The policy covers:

•       Personal data collected directly from you as a user, customer, or visitor

•       Personal data collected automatically through your use of our Services

•       Personal data received from third-party sources

•       Personal data processed on behalf of our business clients

•       Special categories of personal data where applicable

1.2 Important Definitions

Personal Data: Any information relating to an identified or identifiable natural person ('data subject'). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

Processing: Any operation or set of operations performed on personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.

Data Controller: The natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. MIC My Inventory Clerk acts as a data controller for personal data collected through our Services.

Data Processor: A natural or legal person, public authority, agency, or other body which processes personal data on behalf of the data controller. We engage certain data processors to assist in providing our Services.

2. Data Controller Information

MIC My Inventory Clerk is the data controller responsible for your personal data collected through our website and Services. Our contact details are as follows:

Company Name: MIC My Inventory Clerk : Website: www.myinventoryclerk.co.uk : Contact Email: info@myinventoryclerk.co.uk

2.1 Data Protection Officer

We have appointed a Data Protection Officer (DPO) to oversee compliance with data protection laws and to handle inquiries regarding our processing of personal data. You can contact our DPO at:

Contact Email: info@myinventoryclerk.co.uk : Position: Data Protection Officer

The DPO is responsible for monitoring our internal compliance, informing and advising on data protection obligations, providing advice regarding Data Protection Impact Assessments (DPIAs), and acting as a contact point for data subjects and supervisory authorities.

3. Types of Personal Data We Collect

We collect various categories of personal data depending on how you interact with our Services. The following sections provide detailed information about the types of data we collect, the purposes for collection, and the legal bases for processing.

3.1 Identity and Contact Data

This category includes information that identifies you or allows us to contact you:

•       First name and last name

•       Email address

•       Telephone number (mobile and/or landline)

•       Business name and company registration details

•       Job title and professional role

•       Postal address (billing, location and/or shipping)

•       Username and password for account access

3.2 Financial and Transaction Data

When you make purchases or subscribe to our Services, we collect:

•       Payment card information (processed securely through our payment service providers)

•       Bank account details for direct debit payments

•       Billing address and invoicing information

•       Transaction history and purchase records

•       VAT registration number (where applicable)

•       Subscription details including plan type, renewal dates, and payment status

3.3 Technical and Usage Data

We automatically collect technical information when you access our Services:

•       IP address and geolocation data

•       Browser type and version

•       Operating system and device information

•       Screen resolution and display settings

•       Time zone settings and locale preferences

•       Cookies and similar tracking technologies (see Section 11)

•       Pages visited and navigation paths

•       Time and date of visits

•       Referring website addresses

•       Search terms used to reach our website

3.4 Service Usage and Inventory Date

When using our inventory management Services, we collect:

•       Inventory records and product information you upload

•       Stock levels, locations, and movement data

•       Supplier and customer information entered into the system

•       Order and shipment tracking information

•       Reports generated and exported from the system

•       Integration data from third-party platforms and applications

•       User preferences and system configuration settings

3.5 Communications and Marketing Data

Information related to our communications with you:

•       Email correspondence and support ticket history

•       Live chat transcripts and customer service interactions

•       Phone call recordings (where permitted and with notice)

•       Survey responses and feedback forms

•       Marketing preferences and communication consents

•       Newsletter subscription status

•       Event attendance and webinar participation records

3.6 Special Categories of Personal Data

We do not generally collect special categories of personal data (also known as sensitive personal data) such as information about your race, ethnicity, religious beliefs, political opinions, trade union membership, genetic data, biometric data, health data, or sexual orientation. However, in limited circumstances where such data is necessary for specific legal obligations or with your explicit consent, we will process it in accordance with the heightened protections required under GDPR Article 9. Any such processing will be documented in a separate addendum to this Privacy Policy or in specific consent forms.

4. Legal Bases for Processing Personal Data

Under GDPR, we must have a valid legal basis for processing your personal data. We rely on the following legal bases:

4.1 Contractural Necessity

We process your personal data when it is necessary for the performance of a contract to which you are a party, or to take steps at your request prior to entering into a contract. This includes:

•       Creating and managing your account

•       Providing access to our inventory management Services

•       Processing payments and billing

•       Delivering customer support and responding to service requests

•       Fulfilling our contractual obligations under our Terms of Service

4.2 Legitimate Interests

We process personal data when it is necessary for our legitimate interests or the legitimate interests of a third party, provided that such interests are not overridden by your fundamental rights and freedoms. Our legitimate interests include:

•       Operating, maintaining, and improving our website and Services

•       Conducting analytics to understand user behaviour and service performance

•       Personalising user experience and content

•       Detecting, preventing, and addressing fraud, security threats, and technical issues

•       Enforcing our Terms of Service and other legal rights

•       Conducting internal business administration and management

•       Developing new features, products, and services

•       Building and maintaining business relationships

We have conducted Legitimate Interests Assessments (LIAs) to balance our interests against your rights and freedoms. You have the right to object to processing based on legitimate interests by contacting us at info@myinventoryclerk.co.uk.

4.3 Consent

In certain circumstances, we process personal data based on your explicit consent. This includes:

•       Sending marketing communications and promotional materials

•       Using non-essential cookies and tracking technologies

•       Processing special categories of personal data (where applicable)

•       Sharing data with specific third parties for purposes beyond service provision

Where we rely on consent, you have the right to withdraw it at any time without affecting the lawfulness of processing based on consent before its withdrawal. You can withdraw consent by using the unsubscribe mechanism in our communications, adjusting your account settings, or contacting us directly.

4.4 Legal Obligation

We process personal data when necessary to comply with legal obligations to which we are subject. This includes:

•       Complying with tax and accounting requirements

•       Responding to lawful requests from regulatory authorities and law enforcement

•       Maintaining records required by applicable laws

•       Complying with court orders and legal proceedings

•       Meeting anti-money laundering and counter-terrorism obligations

4.5 Vital Interests

In rare circumstances, we may process personal data to protect the vital interests of you or another natural person. This would typically involve emergency situations where processing is necessary to protect life or prevent serious harm.

5.How We Collect Personal Data

We collect personal data through various channels and methods. Understanding how we collect your information helps ensure transparency in our data processing activities.

5.1 Information You Provide Directly

You directly provide us with most of the personal data we process. This occurs when you:

•       Register for an account on our website or platform

•       Subscribe to our Services or purchase a plan

•       Fill out forms on our website, including contact forms, demo requests, or quote requests

•       Contact our customer support team via email, phone, or live chat

•       Subscribe to our newsletters or marketing communications

•       Participate in surveys, questionnaires, or feedback sessions

•       Attend our events, webinars, or training sessions

•       Upload data to our inventory management system

•       Apply for employment or submit a CV/resume

•       Engage with us on social media platforms

5.2 Information Collect Automatically

We automatically collect certain information when you access or use our Services through:

•       Cookies and Similar Technologies: We use cookies, web beacons, pixels, and similar tracking technologies to collect information about your browsing behaviour, preferences, and device characteristics. See Section 11 for detailed information about our cookie practices.

•       Server Logs: Our web servers automatically record information when you access our website, including IP addresses, browser types, access times, and pages viewed.

•       Analytics Tools: We use analytics services such as Google Analytics to collect aggregated usage statistics and performance metrics.

•       Device Information: When you access our Services through a mobile application or device, we may collect device-specific information including hardware model, operating system version, unique device identifiers, and mobile network information.

5.3 Information From Third-Party Sources

We may receive personal data about you from various third-party sources, including:

•       Business Partners: Information from companies we partner with for co-marketing initiatives or integrated services.

•       Social Media Platforms: If you choose to link your account or interact with us through social media, we may receive information from those platforms in accordance with their privacy settings.

•       Data Providers: Legitimate business contact information from professional directories and data enrichment services.

•       Payment Processors: Transaction confirmation and payment status information from our payment service providers.

•       Publicly Available Sources: Information from public registers, company directories, and professional networking sites.

When we receive data from third parties, we ensure that they have the legal right to share your information with us and that our use complies with applicable data protection laws.

6.How We Use Your Personal Data

We use the personal data we collect for various purposes that support the provision of our Services and maintain our business operations. Each use is based on one or more of the legal bases described in Section 4.

6.1 Service Provision and Account Management

We use your personal data to:

•       Create, maintain, and manage your user account

•       Authenticate your identity and manage account security

•       Provide access to our inventory management platform and features

•       Store and process your inventory data and business information

•       Enable integrations with third-party applications and services

•       Customise your user experience based on preferences and settings

•       Generate reports, analytics, and insights from your inventory data

6.2 Payment Processing and Billing

We process financial data to:

•       Process payments for subscriptions and services

•       Issue invoices and receipts

•       Manage subscription renewals and upgrades

•       Handle refunds and payment disputes

•       Maintain financial records for accounting and tax purposes

•       Detect and prevent fraudulent transactions

6.3 Customer Support and Communication

We use your contact information to:

•       Respond to your inquiries and support requests

•       Provide technical assistance and troubleshooting

•       Send service-related notifications and updates

•       Notify you about changes to our Services, policies, or terms

•       Conduct customer satisfaction surveys and collect feedback

•       Manage and track support tickets and customer service interactions

6.4 Marketing and Promotional Activities

With your consent or where permitted by law, we use your data for:

•       Sending newsletters, product updates, and promotional offers

•       Informing you about new features, products, and services

•       Inviting you to events, webinars, and training sessions

•       Conducting targeted marketing campaigns based on your interests

•       Personalising marketing content and recommendations

•       Measuring the effectiveness of our marketing efforts

You can opt out of marketing communications at any time by clicking the 'unsubscribe' link in our emails or by adjusting your communication preferences in your account settings.

6.5 Analytics and Service Improvement

We analyse usage data to:

•       Understand how users interact with our Services

•       Identify patterns and trends in service usage

•       Improve website functionality and user experience

•       Develop new features and enhancements

•       Optimise system performance and reliability

•       Conduct A/B testing and user research

•       Make data-driven decisions about product development

6.6 Security and Fraud Prevention

We process personal data to:

•       Detect and prevent fraud, abuse, and unauthorised access

•       Monitor and investigate security incidents

•       Enforce our Terms of Service and other policies

•       Verify user identity and prevent account takeover

•       Protect our systems, networks, and infrastructure

•       Comply with security and compliance requirements

6.7 Legal Compliance and Regulatory Obligations

We use personal data to:

•       Comply with applicable laws and regulations

•       Respond to legal requests and court orders

•       Maintain records required by tax and accounting laws

•       Cooperate with regulatory authorities and law enforcement

•       Establish, exercise, or defend legal claims

•       Conduct internal audits and compliance assessments

7. Data Sharing and Disclosure

We do not sell your personal data to third parties. However, we may share your personal data with selected third parties in the following circumstances, always ensuring appropriate safeguards are in place.

7.1 Service Providers and Processors

We engage trusted third-party service providers to assist us in delivering our Services. These processors act on our behalf and under our instructions. They include:

•       Cloud Hosting Providers: Companies that host our infrastructure and store data (e.g., Amazon Web Services, Microsoft Azure, Google Cloud Platform)

•       Payment Processors: Financial service providers that process payments securely (e.g., Stripe, PayPal)

•       Email Service Providers: Platforms that deliver our transactional and marketing emails

•       Customer Support Tools: Help desk and ticketing systems for managing customer inquiries

•       Analytics Providers: Services that help us understand usage patterns and improve our Services

•       Marketing Platforms: Tools for email marketing, CRM, and campaign management

•       Security Services: Providers of security monitoring, threat detection, and fraud prevention tools

All service providers are contractually bound by Data Processing Agreements (DPAs) that require them to process data only according to our instructions, maintain appropriate security measures, and comply with GDPR requirements. We conduct due diligence to ensure they meet our data protection standards.

7.2 Business Partners and Integrations

If you choose to integrate our Services with third-party applications (e.g., accounting software, e-commerce platforms, shipping providers), we may share relevant data necessary to enable those integrations. Such sharing occurs only with your explicit authorisation and is governed by the third party's privacy policy as well as ours.

7.3 Legal and Regulatory Authorities

We may disclose personal data to law enforcement, regulatory bodies, courts, or other public authorities when:

•       Required by law, regulation, legal process, or enforceable governmental request

•       Necessary to detect, prevent, or address fraud, security, or technical issues

•       Required to protect against harm to the rights, property, or safety of our company, our users, or the public

•       Necessary to establish, exercise, or defend legal claims

Where possible and legally permissible, we will notify you of such requests unless prohibited by law or where notification could undermine the purpose of the disclosure.

7.4 Corporate Transactions

In the event of a merger, acquisition, reorganisation, sale of assets, bankruptcy, or other corporate transaction, personal data may be transferred to the successor entity. We will notify you of any such change in ownership or control of your personal data and provide you with choices regarding your information where applicable.

7.5 Aggregated and Anonymised Data

We may share aggregated, anonymised, or de-identified data that cannot reasonably be used to identify you. This may include industry benchmarks, usage statistics, or research findings. Such data is not considered personal data under GDPR and is not subject to the restrictions in this Privacy Policy.

8. International Data Transfers

As a UK-based company serving customers internationally, we may transfer personal data to countries outside the United Kingdom and the European Economic Area (EEA). We ensure that all such transfers comply with applicable data protection laws and are protected by appropriate safeguards.

8.1 Transfer Mechanisms

When transferring personal data internationally, we rely on the following legally recognised mechanisms:

•       Adequacy Decisions: Transfers to countries that have been deemed by the UK Information Commissioner's Office (ICO) or European Commission to provide adequate protection for personal data.

•       Standard Contractual Clauses (SCCs): We use the UK International Data Transfer Agreement (IDTA) or EU Standard Contractual Clauses approved by the European Commission to ensure appropriate safeguards for data transfers.

•       Binding Corporate Rules (BCRs): Where applicable, we may rely on BCRs approved by competent data protection authorities.

•       Explicit Consent: In limited circumstances, we may seek your explicit consent for specific international transfers.

8.2 Countries and Regions

Our service providers and infrastructure may be located in various countries, including but not limited to the United States, United Kingdom, European Union member states, and other jurisdictions where our cloud hosting and service providers operate data centres. We have conducted Transfer Impact Assessments (TIAs) to evaluate the risks associated with these transfers and have implemented supplementary measures where necessary.

8.3 Your Rights Regarding International Transfers

You have the right to obtain information about the safeguards we have in place for international data transfers. You can request copies of the relevant transfer mechanisms by contacting our Data Protection Officer at info@myinventoryclerk.co.uk.

9. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including to satisfy legal, accounting, regulatory, or reporting requirements. The retention period varies depending on the type of data and the purpose for which it is processed.

9.1 Retention Periods by Data Category

•       Account Data: Retained for the duration of your active account plus 90 days after account closure, unless longer retention is required for legal or regulatory purposes.

•       Transaction and Financial Records: Retained for a minimum of 7 years from the end of the financial year in which the transaction occurred, in compliance with UK tax and accounting regulations.

•       Marketing Data: Retained until you withdraw consent or opt out of marketing communications, plus up to 3 years to maintain suppression lists and honour opt-out requests.

•       Support Tickets and Communications: Retained for 3 years after the last interaction for quality assurance and training purposes.

•       Analytics and Usage Data: Aggregated analytics data may be retained indefinitely; individual-level data is typically retained for 26 months unless anonymised.

•       Legal Hold Data: Data subject to legal proceedings or regulatory investigations is retained until the matter is fully resolved and all appeal periods have expired.

•       Backup Data: Data in backup systems is retained for up to 90 days for disaster recovery purposes, after which it is securely deleted.

9.2 Deletion and Anonymisation

When personal data is no longer required, we securely delete or anonymise it in accordance with our data retention schedule. Deletion processes include:

•       Permanent removal from active databases and systems

•       Secure deletion from backup systems following their retention cycle

•       Overwriting of data storage media to prevent recovery

•       Physical destruction of hardware containing data when decommissioned

Anonymised data is processed in a manner that makes re-identification impossible, removing all identifiers and ensuring compliance with GDPR recital 26.

10. Your Data Protection Right Under GDPR

As a data subject under GDPR and UK data protection law, you have comprehensive rights regarding your personal data. We are committed to facilitating the exercise of these rights and will respond to your requests without undue delay and within one month of receipt (extendable by two additional months for complex requests).

10.1 Right of Access (Subject Access Request)

You have the right to obtain confirmation as to whether we process your personal data and, if so, to access that data along with the following information:

•       The purposes of the processing

•       The categories of personal data concerned

•       The recipients or categories of recipients to whom data has been or will be disclosed

•       The retention period or criteria used to determine it

•       Information about your rights to rectification, erasure, restriction, and objection

•       The right to lodge a complaint with a supervisory authority

•       Information about the source of the data if not collected directly from you

•       The existence of automated decision-making, including profiling

We will provide a copy of your personal data free of charge. Additional copies may incur a reasonable administrative fee.

10.2 Right to Rectification

You have the right to have inaccurate personal data corrected and incomplete personal data completed. We will notify any third parties with whom we have shared your data of the rectification unless this proves impossible or involves disproportionate effort.

10.3 Right to Erasure ('Right to be Forgotten')

You have the right to request deletion of your personal data when one of the following applies:

•       The data is no longer necessary for the purposes for which it was collected

•       You withdraw consent and there is no other legal basis for processing

•       You object to processing based on legitimate interests and there are no overriding legitimate grounds

•       The data has been unlawfully processed

•       Erasure is required to comply with a legal obligation

This right is not absolute. We may retain data where necessary for compliance with legal obligations, establishment or defence of legal claims, or other lawful purposes specified in GDPR Article 17(3).

10.4 Right to Restriction of Processing

You have the right to request restriction of processing when:

•       You contest the accuracy of the data (restriction applies during verification)

•       Processing is unlawful and you prefer restriction over erasure

•       We no longer need the data but you require it for legal claims

•       You have objected to processing pending verification of legitimate grounds

When processing is restricted, we will store your data but not further process it except with your consent, for legal claims, to protect others' rights, or for important public interests.

10.5 Right to Data Portability

You have the right to receive personal data you provided to us in a structured, commonly used, and machine-readable format (such as CSV or JSON) and to transmit that data to another controller when:

•       Processing is based on consent or contract

•       Processing is carried out by automated means

Where technically feasible, you may request that we transmit your data directly to another controller.

10.6 Right to Object

You have the right to object, on grounds relating to your particular situation, to processing based on:

•       Legitimate Interests: You can object to processing based on our legitimate interests. We will cease processing unless we demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or the processing is necessary for legal claims.

•       Direct Marketing: You have an absolute right to object to processing for direct marketing purposes at any time. We will immediately cease such processing upon receiving your objection.

10.7 Rights Related to Automated Decision-Making and Profiling

You have the right not to be subject to decisions based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. Currently, we do not engage in automated decision-making that produces such effects. If this changes, we will update this Privacy Policy and implement appropriate safeguards, including the right to obtain human intervention, express your point of view, and contest the decision.

10.8 Right to Withdraw Consent

Where processing is based on consent, you have the right to withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing based on consent before its withdrawal. You can withdraw consent by:

•       Adjusting your account preferences

•       Clicking 'unsubscribe' in marketing emails

•       Managing cookie preferences through our cookie banner

•       Contacting us directly at info@myinventoryclerk.co.uk

10.9 How to Exercise Your Rights

To exercise any of these rights, please contact us at:

Contact Email: info@myinventoryclerk.co.uk : Subject Line: Data Subject Rights Request

We may require proof of identity to verify your request and protect your personal data from unauthorised access. We will respond within one month, providing reasons if we cannot comply with your request. There is no charge for exercising your rights unless requests are manifestly unfounded, excessive, or repetitive, in which case we may charge a reasonable fee or refuse the request.

11. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience, analyse usage patterns, and deliver personalised content. This section provides comprehensive information about our use of these technologies in compliance with the UK Privacy and Electronic Communications Regulations (PECR) and GDPR.

11.1 What Are Cookies?

Cookies are small text files placed on your device when you visit a website. They serve various purposes, from remembering your preferences to enabling website functionality. Cookies may be:

•       First-party cookies: Set by myinventoryclerk.co.uk

•       Third-party cookies: Set by external services we use (e.g., analytics providers)

•       Session cookies: Temporary cookies deleted when you close your browser

•       Persistent cookies: Remain on your device for a set period or until manually deleted

11.2 Types of Cookies We Use

•       Strictly Necessary Cookies: Essential for website operation, enabling features like secure login, session management, and access to member areas. These cookies cannot be disabled without severely affecting site functionality. Legal basis: Legitimate interest in providing the service you requested.

•       Functional Cookies: Remember your choices and preferences (e.g., language, region, display settings) to provide enhanced, personalised features. Legal basis: Consent.

•       Analytics and Performance Cookies: Collect information about how visitors use our website, including pages visited, time spent, errors encountered, and traffic sources. This helps us improve website performance and user experience. We use Google Analytics with IP anonymisation enabled. Legal basis: Consent.

•       Marketing and Advertising Cookies: Track your online activity to deliver relevant advertisements and measure campaign effectiveness. These cookies may be set by third-party advertising networks. Legal basis: Consent.

11.3 Other Tracking Technologies

In addition to cookies, we may use:

•       Web Beacons (Pixels): Small graphic images embedded in web pages and emails to track page views, email opens, and user behaviour.

•       Local Storage: HTML5 local storage mechanisms that allow websites to store data locally on your device.

•       SDKs and APIs: Software development kits and application programming interfaces used in our mobile applications to collect usage data.

11.4 Managing Cookie Preferences

You can control and manage cookies through:

•       Cookie Banner: When you first visit our website, a cookie banner allows you to accept or reject non-essential cookies.

•       Browser Settings: Most browsers allow you to refuse or accept cookies, delete existing cookies, and receive warnings before cookies are stored. Consult your browser's help function for specific instructions.

•       Opt-Out Tools: You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on available at tools.google.com/dlpage/gaoptout.

Please note that disabling cookies may affect website functionality and your user experience. Strictly necessary cookies cannot be disabled through our cookie banner but can be blocked through browser settings, though this may prevent you from using our Services.

12. Data Security Measures

We implement comprehensive technical and organisational measures to protect your personal data against unauthorised access, accidental loss, destruction, or damage. Our security framework follows industry best practices and complies with GDPR requirements.

12.1 Technical Security Measures

•       Encryption: All data transmission is encrypted using TLS 1.2 or higher. Personal data at rest is encrypted using AES-256 encryption.

•       Access Controls: Role-based access control (RBAC) ensures personnel access only data necessary for their role. Multi-factor authentication (MFA) is required for all administrative access.

•       Firewalls and Network Security: Advanced firewalls, intrusion detection systems, and network monitoring protect against unauthorised access and cyber threats.

•       Vulnerability Management: Regular security assessments, penetration testing, and vulnerability scans identify and address potential weaknesses.

•       Secure Development: Our development practices include secure coding standards, code reviews, and security testing throughout the development lifecycle.

•       Logging and Monitoring: Comprehensive logging of system access and suspicious activities enables rapid detection and response to security incidents.

12.2 Organisational Security Measures

•       Encryption: All data transmission is encrypted using TLS 1.2 or higher. Personal data at rest is encrypted using AES-256 encryption.

•       Access Controls: Role-based access control (RBAC) ensures personnel access only data necessary for their role. Multi-factor authentication (MFA) is required for all administrative access.

•       Firewalls and Network Security: Advanced firewalls, intrusion detection systems, and network monitoring protect against unauthorised access and cyber threats.

•       Vulnerability Management: Regular security assessments, penetration testing, and vulnerability scans identify and address potential weaknesses.

•       Secure Development: Our development practices include secure coding standards, code reviews, and security testing throughout the development lifecycle.

•       Logging and Monitoring: Comprehensive logging of system access and suspicious activities enables rapid detection and response to security incidents.

•       Staff Training: All employees receive regular data protection and security awareness training, including GDPR principles and security best practices.

•       Confidentiality Agreements: All personnel with access to personal data are bound by strict confidentiality obligations.

•       Incident Response Plan: We maintain a documented incident response plan detailing procedures for identifying, responding to, and recovering from data breaches.

•       Data Protection Impact Assessments (DPIAs): We conduct DPIAs for high-risk processing activities to identify and mitigate privacy risks.

•       Third-Party Security: We conduct due diligence on all service providers and require them to implement appropriate security measures through contractual obligations.

12.3 Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:

•       Notify the ICO within 72 hours of becoming aware of the breach

•       Notify affected individuals without undue delay where the breach is likely to result in a high risk

•       Describe the nature of the breach, likely consequences, and measures taken or proposed

•       Provide contact details of our Data Protection Officer

Despite our security measures, no system is completely secure. While we strive to protect your personal data, we cannot guarantee absolute security. We recommend you maintain the confidentiality of your account credentials and notify us immediately of any unauthorised use.

13. Third-Party Links and Services  

Our website and Services may contain links to third-party websites, plugins, integrations, and applications that are not operated by us. This Privacy Policy applies only to our Services. We are not responsible for the privacy practices of third parties.

13.1 External Links

When you click on links to third-party websites, you will leave our Services and be redirected to external sites. We do not control these websites and are not responsible for their content, privacy policies, or practices. We encourage you to review the privacy policies of any third-party sites you visit.

13.2 Third-Party Integrations

Our Services may integrate with third-party applications and platforms (e.g., accounting software, e-commerce platforms, shipping providers). When you authorise such integrations, you may grant those third parties access to certain data. The use of your data by integrated third parties is governed by their respective privacy policies and terms of service, not this Privacy Policy. We recommend reviewing their policies before authorising integrations.

13.3 Social Media Features

Our Services may include social media features and widgets (e.g., Facebook Like button, Twitter share button). These features may collect your IP address, track which page you're visiting, and set cookies. Social media features are either hosted by a third party or hosted directly on our Services. Your interactions with these features are governed by the privacy policy of the company providing them.

14. Children's Privacy

Our Services are not directed to individuals under the age of 16. We do not knowingly collect personal data from children under 16. If you are under 16, please do not provide any personal data through our Services.

If we become aware that we have collected personal data from a child under 16 without parental consent, we will take steps to delete that information as quickly as possible. If you believe we have collected information from a child under 16, please contact us immediately at Contact Email: info@myinventoryclerk.co.uk

Parents and guardians who wish to review, modify, or delete personal data concerning their children should contact us using the details provided in Section 16.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or operational needs. The current version will always be available on our website with the 'Last Updated' date clearly displayed at the top of this document.

15.1 Material Changes

For material changes that significantly affect how we collect, use, or protect your personal data, we will:

•       Provide prominent notice on our website before the changes take effect

•       Send email notification to registered users at their registered email address

•       Where required, obtain fresh consent for new processing activities

15.2 Your Continued Use

Your continued use of our Services after changes to this Privacy Policy constitutes acceptance of the updated policy, except where changes require fresh consent under applicable law. If you do not agree with the updated policy, you should discontinue use of our Services and contact us to close your account or exercise your data subject rights.

15.3 Version History

We maintain a version history of significant policy changes. You can request previous versions by contacting our Data Protection Officer at info@myinventoryclerk.co.uk.

16. Contact Information

We are committed to resolving any concerns you may have about our processing of your personal data. If you have questions, comments, or complaints regarding this Privacy Policy or our data practices, please contact us using the details below.

16.1 Data Controller Contact Details

Company Name: MIC My Inventory Clerk : Website: www.myinventoryclerk.co.uk : Contact Email: info@myinventoryclerk.co.uk

16.2 Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority, particularly in the EU/EEA member state of your habitual residence, place of work, or place of alleged infringement if you believe our processing of your personal data violates data protection law.

For UK residents, the supervisory authority is:

Information Commissioner's Office (ICO), Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Telephone: 0303 123 1113 : Website: www.ico.org.uk : Email: casework@ico.org.uk

We would appreciate the opportunity to address your concerns before you approach the ICO, so please contact us first.

17. Acknowledgement and Acceptance

By accessing or using the Services provided by MIC My Inventory Clerk, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. You also acknowledge that:

•       You have been provided with clear and comprehensive information about how we collect, use, and protect your personal data

•       You understand your rights under GDPR and how to exercise them

•       You consent to the collection and processing of your personal data as described in this Privacy Policy, where such consent is required

•       You will review this Privacy Policy periodically for updates

•       You understand that if you do not agree with this Privacy Policy, you should not use our Services

This Privacy Policy, together with our Terms of Service and any other legal notices published by us on our Services, constitutes the entire agreement between you and MIC My Inventory Clerk concerning your use of our Services and the processing of your personal data.

* * *

Thank you for trusting MIC My Inventory Clerk with your personal data.

We are committed to protecting your privacy and maintaining the highest standards of data protection.