Terms & Conditions

Our privacy policy sets out what data we collect and why, how we use your data and your rights when you use Changeover or visit our website.

In this policy we are the data controller, and when we say “we”, “us”, “our”, we mean Changeover.

Legal basis for processing personal data

We collect and process personal data so we can provide you with Changeover, in line with our Terms of service .

We also collect and use personal data for our legitimate business interests. That is, so can run the day-to-day business of Changeover – things like accounting, marketing, legal, security, fraud prevention, product updates and improvements.

And we also collect and use personal data where we need to comply with legal obligations.

What personal data do we collect?

When you visit our website or use Changeover we collect different kinds of personal data, we’ve grouped them together as:

Identity Data: such as your first and last name.

Contact Data: such as your address, email address and phone numbers.

Financial Data: things like payment card, and details of the payments you make to us.

Technical Data: such as internet protocol (IP) address, device, operating system, browser type and version.

Profile Data: such as your Changeover marketing, email, and display preferences, and any feedback or survey responses.

Usage Data: such as the pages you visit, the functions you use, dates and times, page response times, errors, duration of visit.

Location Data: we use an IP lookup service so that we can show pricing in the appropriate currency.

Aggregated Data: We also collect and use statistical data. When data is aggregated and anonymised it can’t reveal anyone’s identity so it’s not considered personal data. For example, we’ll aggregate usage data to look at the proportion of people that use certain features

How do we collect personal data?

Most of the personal information we collect is provided by you, when you sign up to Changeover, fill in forms or talk to us by email.

Technical, usage and location data are provided by your browser or collected automatically when you use Changeover or browse our website.

What we collect and how we use it:

When you sign up to a Changeover

We ask for your identity and contact details so that we can create an account in your name. Typically this is your full name, the company you work for and your email address. We also use this data to personalise your account and send you emails, updates, and other essential information to help you use Changeover.

When you pay for Changeover

We ask for your financial and contact data so we can take your monthly payment, calculate VAT, and send you a corresponding invoice. Typically this is your credit card details, address, and VAT number.

Your full card details are captured by our payment provider, Stripe, they don’t go through our servers. The details we store are the last 4 digits of your card number, expiry date, and name. This is so we can show you which card you pay with, and send you a reminder when your card is about to expire.

When you use Changeover

Your browser automatically shares certain technical information such as which operating system and browser you’re using. We also capture usage information such as which pages you visit, your preferences, and what functions you use. This data helps us understand how Changeover is used, to feed into our design process, and to send you relevant onboarding emails, product updates, tips, and guides. We’ll sometimes use this information to help answer your support questions and diagnose problems.

When you browse our Website

Instead of Google Analytics we use a privacy focused analytics package called Plausible So although we do collect statistics on the use of our website, all the data is anonymised. The only personal data we collect is which website referred you to Changeover, and which page you landed on first, and when. We use this data for conversion rate analysis, to help us understand the effectiveness of our marketing efforts.

When you contact support

When you email us for support we capture your identity and contact details such as your name, email address, and of course anything you tell us in the message. We only use that information to answer your support request.

We capture technical data when you fill in the support form on our website or in the mobile app. It tells us which version of Changeover, what device, browser, and operating system you’re using, so that we can respond to your question more accurately, or diagnose any issue you’re highlighting.

When you arrange a demo

When you book a demo with us we collect your identity, contact information, and profile data. Your identity and contact information are used to send you an email confirmation and link so you can join the demo.

When you book we ask some questions to help us understand how you currently manage time off work. Your answers help us prepare for the session.

Sharing your personal data

To run the back office of Changeover we use some third party software providers, you can view an up to date list of these company processors. We also use professional advisors such as accountants and lawyers, and we deal with tax authorities and regulators.

When we share personal data with any of these it’s either anonymised or encrypted. And we have contracts and data processing agreements in place so that they’ll only use your personal data in line with our instructions.

We’ll also share personal data if it’s to comply with our legal obligations or to protect our rights or intellectual property.

We do occasionally use and share aggregated, anonymised data in the normal course of operating our business e.g. to show trends or benchmark the general use of Changeover, but none of this contains personally identifiable information.

International transfers

Because Changeover can be accessed anywhere in the world, and we use 3rd party vendors in different countries around the world, your data will inevitably be transferred to, and processed outside of your country of residence, where data protection rules are different. This includes transfers of data to countries outside the European Economic Area (EEA), Switzerland or the UK.

Your personal data will only be transferred to a country that the European Commission or the UK Data Commissioner has determined provides an adequate level of protection or, where the 3rd party vendor is bound by standard contractual clauses according to conditions provided by the European Commission.

Protecting your data

You’ll create your own password to sign into Changeover. Please choose a strong password, it’s your responsibility to keep it safe and confidential, do not share it with anyone else.

All data is encrypted via SSL/TLS when it’s moving between our servers and your browser.

We’ve put in place appropriate security measures and policies to prevent your data from being lost, altered, used, disclosed, or accessed without authorisation.

We also limit access to your personal data to those people who ‘need to know’. All of our employees and suppliers are subject to confidentiality and can only process data on our instruction.

In the unlikely event of a personal data breach we have a data breach policy to follow and will notify you and any regulators in line with our legal requirements.

How long do we keep personal data?

To work out how long we keep different categories of data, we consider why we hold it, how sensitive it is, how long the law says we need to keep it for, and what the risks are.

We keep most of your data for as long as you’re using Changeover – when you cancel your account, your data is deleted.
If there’s no payment or activity on a Changeover account for 18 months, we consider that dormant and will delete the account and all its data, just as if you’d canceled.

After your account is closed the only personal data we retain is for accounting and legal purposes, which we’re required to keep for 6 years. In some circumstances, like complaints and litigation, we’re allowed to retain your personal data for longer.

When you contact us for support, that conversation is retained for 12 months. We have a background process that automatically deletes conversations when they hit 12 months old.

Your rights

You have the right under data protection law to:

  • Access the personal data we hold on you
  • Rectify inaccurate data
  • Erase/ delete your personal data.
  • Restrict the processing of your personal data.

Get a copy of your personal data in a structured, commonly used machine readable format.

Most of these rights can be exercised by signing into your Changeover account and updating your information and preferences, or taking a backup.

If there’s something you can’t do in Changeover, or you need assistance exercising these rights, please contact our support team. To discuss personal data we might need proof of identity, it’s purely for security, so that we know we’re dealing with the correct person.

Marketing

We send onboarding emails, product updates, tips, and guides. We don’t want to blanket send these to everyone or send anything irrelevant to you. So we use your Identity, contact, technical, usage and profile data to form a view on what’s appropriate to send.

You can opt out any time by clicking the “unsubscribe” link at the bottom of any marketing email, or from your preferences in Changeover itself. You’ll still receive transactional emails from Changeover, and for billing and any support questions.

Links to other websites

We do link to other websites, particularly in the blog. If you follow any of these links, bear in mind they’ll have their own privacy policies different from ours. It’s your responsibility to check these policies and make sure you’re in agreement with them.

Cookies

We use cookies to distinguish you from other users of Changeover. So we can deliver you the correct information when you browse our website and use Changeover. They also allow us to improve our website and Changeover. Our cookie policy explains more about how we use cookies.

Age of users

Changeover and our website isn’t intended for use by people under the age of 16.

Feedback and complaints

Please contact us directly if you have any concerns about our use of personal data. If you’re unhappy with our response you can escalate to your local data protection supervisory authority.

The Information Commissioner’s Office, or

For EU residents submit a request to our EU Data Representative Glen Stovold.

Changes and questions

We keep this privacy policy under regular review. We’ll publish any changes on this page and if they’re significant we’ll let you know by email.

If you have any questions, comments or requests regarding our privacy practices, this privacy policy or your rights, please get in touch by emailing us at hello@changeover.co.uk we’re always happy to discuss and improve things based on feedback.