Littoralis Ltd ‘Disc’ Privacy Notice; effective 27/05/2020

This Privacy Notice describes how Littoralis Limited (“Littoralis”) collects, stores, and uses your information when:

You log into the secure Disc website (hereinafter Disc Desktop)
You log into the Disc smartphone app

Background – what is Disc?

Disc is the secure information-sharing system from Littoralis. Disc is accessible via Disc Desktop and the Disc smartphone app.

Disc is licensed to, and managed by, local Business Crime Reduction Partnerships, shopping centres, retailers, police and other organisations that share current awareness information with their ‘members’ (who in some cases may be their employees or contractors). This information may include personal data of persons who are known for or suspected of involvement in low-level crime and anti-social behaviour.

As providers of Disc, Littoralis is a data processor for its clients, who are data controllers. Our clients determine the purposes and means of processing personal data, which data subjects’ personal data will be processed, what data is collected, the lawful basis (or bases) for processing that data, how long it is retained and with whom it may be shared.

While Littoralis makes no decisions regarding whose personal data will be processed, information relating to access and use of Disc is collected by Littoralis. Littoralis is a data controller of this information. Collecting this information helps us to deliver our services effectively and to protect against unauthorised access, and other potential data security threats.

What does this Privacy Notice cover?

This Privacy Notice covers how Littoralis uses the information gathered about you when you use Disc Desktop and/or the Disc smartphone app. Littoralis collects certain types of information, including information that identifies you as an individual.

Information provided by you and information collected automatically

If you have been added to a Disc system as a member (i.e. the local Disc administrator has created an account for you, by adding your email address to their Disc system), then upon logging-in to Disc for the first time you are required to provide the following information:

Contact details: including your name, work address, phone number, job title and the organisation for which you work

Thereafter, each time you log into Disc through either the Disc Desktop or app, the following information is collected automatically and collated with your email address and the information you provided, when you first set up your Disc account:

IP address
(If using the app) whether you have opted to receive push notifications from Disc
The type of device you are using to access Disc (PC, smartphone, etc)
Basic information about your device, including the operating system and web browser used (type and version)
The date, time, and duration of each session
The pages viewed and forms submitted during each session

This information does not include any ‘special category’ data, as defined in data protection law.

How does Littoralis use your personal information?

We use the information that is collected automatically when you use the Disc Desktop or app to:

Assist our clients in monitoring access to their Disc systems
Monitor the performance and use of Disc
Help ensure that the information held in Disc remains safe and secure

We will never use your information for automated decision-making or profiling purposes.

How do we share and disclose your information to third parties?

We will never sell or rent your information to anyone, under any circumstances, nor will it be used for any purpose other than the effective delivery, monitoring and security of the Disc system and related services. We will process your data for our legitimate business interests, and those of our clients.

How long will your personal information be kept?

If you have logged into Disc but have not submitted any reports or other content (excluding Instant Messages, which are automatically deleted after seven days), your information will be retained for a period of 24 months following deletion of your Disc account.

If you have accessed Disc and have submitted reports or other content (excluding Instant Messages), your information will be retained for a minimum of 24 months following deletion of your Disc account. The actual length of time your information will be retained will depend upon the length of time that reports and other content (excluding Instant Messages) which you have submitted are kept by the scheme of which you are/were a member. This ensures that scheme administrators have an audit trail for all content on their Disc systems – including content submitted by members who have subsequently been removed from Disc. Once all reports and other content (excluding Instant Messages) you have submitted are deleted or anonymised (and a period of not less than 24 months has passed since your Disc account was removed), your information will be deleted.

Information regarding access to and usage of the Disc Desktop is collected by means of a ‘session cookie’. This is a small text file which is created when you log in and is stored in your web browser until the browser is closed. For further details about cookies and how they work, please visit this page: https://en.wikipedia.org/wiki/HTTP_cookie

What are Legitimate Interests?

Legitimate Interests means the interests of our company in ensuring the confidentiality, integrity, and availability of our services. It also means the interests our clients have in understanding – and being able to monitor – who has accessed their Disc system and when, as well as who has submitted reports and other information into their Disc systems.

When we process your personal data under the lawful basis of legitimate interests, we will always balance and consider any potential impact the processing would have on you and on your rights under data protection and e-privacy laws. We will never use your information where our interests would be overridden by the impact the processing will have on you, unless we have your prior consent for this, or we are required to do so by law.

Security of your personal information

We take the security of your data extremely seriously and employ appropriate technical and organisational security measures to protect the personal information we hold from unauthorised access, disclosure, or alteration and from destruction, loss, or misuse.

Littoralis adheres to the highest international standards for information security. Our company is certified to ISO 27001:2013.

Your rights

Under current data protection laws, you have the right to:

Request confirmation regarding whether we hold any of your personal information and, if we do, request a copy of it (this is known as making a “data subject access request”)
Require us to rectify or delete information we hold about you that is incorrect
Object to us processing your information
Lodge a complaint with the Information Commissioner’s Office, if you feel that we are processing your personal information unfairly or are doing so contrary to your rights and freedoms

If you would like to submit a subject access request, please contact us using the information provided below. We will not charge you for this, unless you have previously made a request, or the information we hold about you has not changed. Please note that we are required to verify your identity before we can release any information to you.

If you wish to complain to the Information Commissioner’s Office, please visit www.ico.org.uk/concerns

Hyperlinks to other websites

From time to time the Disc Desktop or app may include hyperlinks to other websites that are not under our control (“third-party websites”). Littoralis is not responsible for, and this Privacy Notice does not apply to, any third-party websites.

Contacting us about anything in this Notice

If you wish to contact us about this Privacy Notice, please send a detailed email to dataprotection@littoralis.com. Alternatively, you can write to us at

Littoralis Ltd
Suite 210, 91 Western Road
Brighton
BN1 2LB
United Kingdom

Changes to this Notice

This Notice is kept under review and may be updated from time to time. You can find out when this Notice was last updated at the top of this page. If there are any changes to the way your data is processed, the purpose for which it is processed or the legal basis for doing so, we will contact you to let you know.

© Littoralis™

Registered in England No: 03806211