Saxonica: GDPR compliance

On this page:

GDPR compliance

Client data

Saxonica holds and processes data that is required to fulfil contracts, including delivery of upgrade and maintenance services. This consists exclusively of data supplied by the client or the client's representatives. The term "client" here includes anyone applying for a free evaluation license. Such data is held under Article 6 clause 1(b) of the GDPR regulations. Data relating to contracts that have ended is retained indefinitely because of the possibility that claims might arise in the future. Email correspondence with clients is routinely retained in case it is pertinent to the interpretation of the contract or to claims that might arise under the contract.

Data processed in the course of contract fulfilment is handled through a variety of third party data processors including Ecwid, Sage Pay, Paypal, Cardnet, American Express, and Lloyds Bank. Email correspondence is handled through 123-Reg. Where end users place orders or request quotations through third party resellers, information about the end user may be provided to the reseller and vice versa.

Saxonica does not hold or process information relating to credit or debit cards. Saxonica processes card transactions entirely through accredited third parties, who may make use of externally-sourced client information in order to prevent fraud.

Where an individual acts on behalf of a corporate client, Saxonica will make its contact information for that individual available to other representatives of the same corporate client.

Saxonica will not pass information relating to a client to any third party except where this is necessary for contract fulfilment or for compliance with regulations including tax law and accounting practices.

Saxonica will not send unsolicited email (or other communications) to clients except where this is judged necessary to fulfil Saxonica's duty of care to the client, for example by providing notice of defects in the product or of approaching expiry dates.

Licenses

Saxonica retains information about all issued licenses. This data is held under Article 6 clause 1(f) of the GDPR regulations, in pursuit of Saxonica's legitimate interest to prevent fraudulent use of its software. The data is held indefinitely. It is not made available to third parties. The information that is held includes the name and contact details of the person to whom the license was issued.

Public forums

Saxonica maintains public forums and mailing lists to which anyone can subscribe. All information posted to such forums, including user profile data provided by the user, is available to the general public without restriction. Such data is held under Article 6 clause 1(a) of the GDPR regulations: the act of subscribing to the forum provides the necessary consent. Saxonica does not use such information for any purpose other than responding to issues raised in the forum. Saxonica will delete messages from the forums on the explicit request of the user who posted the message, or on request from any other user to whom the message relates. Requests for removal of messages must identify the specific messages to remove. Since messages are available to the general public, Saxonica is not able to trace or delete copies of such messages that might have been made by third parties. Saxonica's public forums are hosted by third party data processors including PlanIo, GitHub, and SourceForge.

Employee data

Saxonica retains and uses records of employee data only to the extent necessary for compliance with United Kingdom employment law. Such data is held and processed under Article 6 clause 1(c) of the GDPR regulations. Employee data is shared with the United Kingdom tax authorities and with the relevant pension providers.

Supplier data

Saxonica retains and uses records of purchases from suppliers and subcontractors, to the extent necessary for the fulfulment of contracts, and to satisfy tax and accounting obligations. This includes banking details provided by suppliers to enable payment. Such data is held under Article 6 clause 1(b) and/or 1(c) of the GDPR regulations.