This notice explains how August Collections Ltd ("August", "we", "us") processes personal data when staff members use the August Collections APP ('Clario') and/or Portal. By using the Portal, you confirm you have read and understood this notice.
This notice covers
Your use of the Portal and related systems, including identity management, single sign-on (SSO), multi-factor authentication (MFA), role-based access controls, audit logging, and security monitoring.
Personal data we process
A. Account and identity data
Name, work email address, job title, department, employee ID, and assigned roles/permissions.
B. Authentication and security data
Login credentials, MFA tokens, session details, authentication timestamps, IP addresses, device identifiers, and security events.
C. Portal usage and technical data
Pages accessed, reports viewed/exported, search queries, actions performed, browser type, operating system, and referrer URLs.
D. Support and communications
Help requests, error reports, feedback, and correspondence with our support team.
How we use your data (purposes)
- Authentication and access control: Verify your identity, manage SSO and MFA, enforce role-based permissions.
- Account administration: Create, maintain, and deactivate Portal accounts; assign appropriate access levels.
- Security and fraud protection: Monitor for unauthorized access, detect anomalies, investigate security incidents.
- Portal operation and improvement: Deliver Portal functionality, troubleshoot errors, optimize performance, develop new features.
- Compliance and legal obligations: Meet record-keeping requirements, respond to lawful requests, defend legal claims.
- Business continuity: Backup and disaster recovery, audit trails, change tracking.
Legal bases
- Contract performance: Processing is necessary to provide Portal access as part of your employment.
- Legal obligation: We must process certain data to comply with employment, tax, and security laws.
- Legitimate interests: Network security, fraud prevention, operational efficiency (balanced against your rights).
- Consent: Where required (e.g., optional analytics), we obtain your consent.
Monitoring and audit logging
Access to audit logs is restricted to authorized personnel on a need-to-know basis. Monitoring is proportionate and necessary for security, compliance, and system integrity.
Who we share data with
- Internal teams: IT, HR, security, and compliance functions (as needed for their roles).
- Service providers: Cloud hosting, identity/SSO platforms, security monitoring, backup services (under data processing agreements).
- Professional advisers: Auditors, legal counsel (under confidentiality).
- Authorities: Law enforcement, regulators, tax authorities (when legally required).
International transfers
Portal data may be transferred between the UK, EEA, and US. We use adequacy decisions, Standard Contractual Clauses (SCCs), International Data Transfer Agreement (IDTA), UK Addendum, and the EU-US/Swiss-US Data Privacy Framework to safeguard these transfers.
How long we keep data
- Account data: For the duration of your employment plus 12 months (or longer if required by law).
- Security and audit logs: Typically 12 months or longer for investigations or compliance.
- Support records: Up to 12 months after account closure or issue resolution.
Security
We implement technical and organizational measures to protect your data, including encryption, access controls, regular security assessments, and incident response procedures.
Your rights
Under UK GDPR, you have the right to:
- Access: Request a copy of your personal data.
- Correction: Ask us to correct inaccurate information.
- Deletion: Request erasure (subject to legal retention requirements).
- Objection: Object to processing based on legitimate interests.
- Portability: Receive your data in a structured format.
- Withdraw consent: Where processing relies on consent.
To exercise these rights, contact your HR or IT department.
Changes to this notice
We may update this notice to reflect changes in our practices or legal requirements. Significant changes will be communicated via the Portal or email.