Privacy and data protection policies
Last modified: 24 thJune, 2016
Welcome to Clock Software
Thank you for using our software, subscriptions or support!
Definitions
For brevity only, we will call our software, subscriptions and support products (“Products”). Products will mean each or all of them.
We (“we”, “us”, “our”) are Clock Software Ltd., with a registered office 27 Redcliffe Gardens, London, SW109BH, United Kingdom and with company number: 08008667.
We are a provider of reservation systems and software (“Software”).
If you are a holder of an account or an end-user agreement for the use of our software, you are an “Operator” for the purposes of present Privacy and data protection policies (“Policy”).
If you use our software to book rooms/units in the property of an Operator, or to access Open public features provided by an Operator, or if your personal data is recorded and processed by an Operator using our Products, you are a “Consumer” for the purposes of the present Policy.
If you use our Software to process information on behalf of an Operator, you are a “User” for the purposes of present Policy.
“Technology partner” shall be any third party system provider, whose systems are interfaced with our Software. Such systems shall be directly related with the usual operations of the software and shall include, but shall not be limited to, OTA interfaces, Channel managers, payment processing gateway providers, metasearch bookings managers, interfaces to electronic door locking systems, etc.
“Open public features” shall be features of the Software, designed to interact with and be used directly by the Consumers. Such features shall include but shall not be limited to Web reservation systems or Guest self-service features.
If you access, view and download information, fill in forms or access restricted sections on our web sites, excluding logging to our Software, you are a “Visitor”.
This Policy contains definitions provided in the General Terms and Conditions (“General terms”), available at Clock’s web site www.clock-software.com (“Website”). Present Policy is an integral part of the General terms. By accepting the General terms you are also accepting the Policy and vice versa.
By using our Products and by browsing our websites you accept and agree to the present Policy.
Data storage, access and protection
Property, storage, access and control over data processed by the Software
Property and usage of data
Data records, stored and processed by our Software shall be a property of the Operator.
We shall not be entitled, without your prior explicit written approval, to:
- provide access to, transmit, disclose or provide a copy of your data to any 3rd party;
- use your data for any purposes different from those related with the usual operation of the software.
That shall only exclude the transmission of transactional data to systems of Technology partners, included in your subscription. By using components of our Software, transmitting data to such Technology partner systems, you agree that:
- data received by the system of the respective Technology partner shall be subject of Technology partner’s data protection, storage and privacy policy;
- we shall be released from any responsibility in relation with the storage, protection and privacy of such data.
Access to data
All data records in the databases are protected with credentials and all data transmission between user machines and our servers is encrypted. We make our best efforts to protect any data stored on our servers from unauthorised interventions by any third parties.
We encrypt any data, stored on our servers or other technical means, so that it is only readable through the graphical user interface (“GUI”) or the application programming interface (“API”) and only after a successful submission of valid credentials - eg. username, password, PIN, multi-factor authentication, API secret key, etc. Open public features may not require Consumers to submit of credentials in order to visualise data intended for public visualisation.
Operators shall be entitled to access their accounts for the duration of their subscription. If you are an Operator, planning to discontinue your Subscription with us and willing to retain some archive of your data, you shall undertake all appropriate actions to retain data from your account prior to the termination of your Subscription, for example by:
- Downloading CSV report exports, available in the Software;
- Using the API to retrieve all relevant historical data and store it in your own data format and storage. Please note that API may require a separate Subscription fee.
Please note that you shall not be able to receive a copy the database with your original data records upon the termination of your Subscription.
You shall remain entitled to re-activate your Subscription at any moment within 12 months subsequent to the moment when you have discontinued your subscription and thus regain access to your data for the duration of the new Subscription.
Occasionally, in relation to the Support we provide to Operators, we may gain access to Operator’s data upon online assistance invitation provided by the Operator or one of its Users. In such case we shall discontinue such access as soon as the need to acquire it has disappeared and shall destroy any data records or information collected.
Storage, backup and access to your account
If not explicitly otherwise noted, we shall store your data on servers under our control (“Our servers”), hosted by Amazon Web Services (“AWS”). You may like to read AWS Terms of use, Privacy Policy and AWS Customer agreement at their web site: https://aws.amazon.com/.
We shall be entitled to create backup copies of the data in order to ensure data recovery in case of technical problems.
We shall store your data for the entire duration of your subscription and for the subsequent period of 12 months. After the expiration of that term we shall be entitled (but not obliged) to destroy your data. On your request and against an additional fee we can store your data beyond that term. However, you shall only be entitled to access your data for the duration of an active Subscription.
Occasionally, we may provide to you Software, installable on hardware controlled by an Operator, User, Technology partner or Consumer (“Remote hardware”), such as servers, computers, mini-computers, smartphones, tablets or other technical means. We have no control over data stored on Remote hardware.
Protection from data loss and unauthorised access by third parties
We shall perform our best efforts to prevent any data loss or unauthorised access from 3rd parties. However, by using our software you accept and agree that such are possible besides our efforts as a result of, but not limited to, technical malfunction, programming error, or hacker attack.
Therefore, you shall:
- Undertake all reasonable efforts to protect yourself against consequences from possible data loss, for example by downloading periodically the CSV report exports, available in the Software;
- Undertake all necessary measures to minimise the impact on any third parties (eg. Consumers) in case of a data breach or unauthorised access by 3rd parties;
- Not be entitled to any compensation unless it is a result of gross negligence from us other than reimbursement of the last paid monthly subscription fee.
Obligation to adopt and follow data protection and privacy policies
If you are an Operator, it shall be your sole responsibility to create, update and discontinue User accounts within Software, including their valid credentials. Use only credentials that will ensure maximum protection against unauthorised access. Update the credentials periodically and ensure that they are revealed only to the relevant authorised user. Discontinue the credentials for Users who shall no longer access the Software.
If you are an Operator you undertake to develop, implement, control the application of and periodically update internal data protection and privacy policies in order to assure that no data becoming available through the software shall be disclosed or revealed deliberately or accidentally to unauthorised parties.
You undertake to follow our instructions as well as the prescriptions of any relevant legislation, framework or standard to ensure the protection of the access to the Software and to the data processed and stored by the Software. You shall also continuously undertake all reasonable actions, such as but not limited to implementing virus protection software, network security policies or periodic update of User passwords to, to improve the general system security of your hardware and networks which are in a direct relation with the protection of your data.
Other data protection obligations
As we do not operate the data entry in your account, nor grant access to users, we cannot provide any other guarantees or undertake any further obligations related with the protection of the privacy of your data. If you believe your personal data is misused, you shall approach the Operator for settlement.
Privacy policies
Privacy policy for consumers
If you are a Consumer, an Operator may use our software to collect, record and store certain personal data from you. Such data may include, but is not limited to, your names, address, age, contact or credit card details. Such data may be stored in the database of our software, which database may be stored on Operator’s or on our server. Irrespectively of where the database is stored, the Operator is solely responsible for protecting your data.
Privacy policy for users
If you are a User using our software on behalf of an Operator, the operator may collect, record and store your personal data or may log your activities within the software. Such data may include, but is not limited to, your names, e-mail address, access password, date and time of your inputs or actions with the software. Such data may be stored in the database of our Software, which database may be stored on Operator’s or on our server. Irrespectively of where the database is stored, the operator shall be solely responsible for protecting your personal data or for using the log of your activities.
Privacy policy for operators
If you are an operator, by using our software you may be collecting, recording or storing personal data of Consumers and Users. You shall be treating such data and taking measures to protect it according to your applicable law and according to good practices. By using our Software you agree and accept that you will not provide access to any third parties to the personal data, stored into your database.
You agree and undertake that you are solely responsible for protecting consumer and user data. If our Products do not meet your local data privacy or protection requirements you shall not use them. If your local legislation requires from a software provider like us any formal registration to be performed, permissions to be obtained or data storing procedures to be followed in relation with processing or storing Consumer and/or user personal data, you shall notify us in written where, on our own discretion, in such case we shall be entitled to discontinue your Subscription in case are not able or we think it is not economically reasonable for us to meet any such requirement. If you do not inform us of such, you shall indemnify us, our staff, managers, agents and other dependent parties against any claims, actions and prosecution and shall compensate us for any penalties or costs arisen for us in that relation.
We may collect your personal or company data for the purposes of opening,billing and maintaining your account or end-user agreement. Such data may include, but is not limited to, your names, address, age, company, contact or credit card details. Such data may be stored in the database of our Software. We guarantee that we do not provide access to such data, nor to the records within the database of our software used by you, to any third parties, including our unauthorised employees, subcontractors or affiliates. All data records in the databases are protected with passwords and all data transmission between user machines and our servers are encrypted. We make our best efforts to protect the data stored on our servers from unauthorised interventions by any third parties.
Privacy policy for visitors
By accessing our web site, you accept and agree that:
-
The product descriptions are provided for informational purposes only and may contain incomplete product specifications;
We may use Google Analytics and/or other tracking methods. By agreeing to the use of such tracking methods, you grant us permission to use such tracking methods. - Some of those methods may use small files (“cookies”). A cookie is a small file, which asks permission to be placed on the hard drive of your computer. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences. We use traffic log cookies to identify which pages are being used. This helps us analyse data about webpage traffic and improve our Products in order to tailor them to our users’ needs. We only use this information for statistical analysis purposes. Overall, cookies enable us to monitor how you use our Products and help us improve them. In no way does a cookie give us access to your computer or any information about you, other than the data you choose to share with us. You can choose to accept or decline cookies. Most web browsers automatically accept cookies and you shall modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the products. A relevant Google policy applies towards the use of Google Analytics;
- You may register or we may provide you with login credentials for access to restricted areas of our web site. You shall not provide your login credentials, nor any content from the restricted areas, to any third parties.
Trial versions and demos
Present Policy is not valid towards trial versions or demos of our software. By using a trial version or demos, you agree that any data processed and stored by them shall not be a subject of data or privacy protection and we shall be released from an obligations in that relation. You shall not store any sensitive or real data that may be a subject privacy protection.
Credit card data security and retention
Credit card data storing and retention is a subject of specific regulations, like PCI or your agreement with your payment processor or acquirer. Operators and Users shall collect, process, access and destroy credit card data according to all applicable standards, agreements, guidelines and regulations. You shall follow our PCI DSS guidance (available at our website) and meet your obligations stipulated there.
