Privacy Policy
Last updated: April 3, 2025
1. Introduction
CompanyTrack ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our business intelligence platform, visit our website (https://companytrack.com), and utilize related services (collectively, the "Services").
We encourage you to read this Privacy Policy carefully. By using our Services, you acknowledge you have read and understood this Privacy Policy.
2. Definitions
In this Privacy Policy:
- "CompanyTrack," "We," "Us," "Our" refers to Team Dimensions Ltd (Company No. 08348964), trading as CompanyTrack, located at 10 York Rd, London, SE1 7ND, United Kingdom. We are the Data Controller of your Personal Data unless otherwise specified.
- "You," "Your" means you, the individual using our Services.
- "Personal Data" means any information relating to an identified or identifiable natural person ('Data Subject').
- "Processing" means any operation or set of operations performed on Personal Data, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
- "Data Controller" means the natural or legal person which, alone or jointly with others, determines the purposes and means of the processing of Personal Data.
- "Services" refers to the CompanyTrack business intelligence platform, our website, and related services.
This Privacy Policy governs CompanyTrack and its online Services. We are not responsible for the privacy practices of any third-party websites we may link to.
3. Who We Are and What We Do
CompanyTrack provides a business intelligence platform designed to help businesses analyse market trends, track competitors, understand industry dynamics, and make informed decisions. To provide these Services effectively, we need to collect and process certain information, including Personal Data.
4. Types of Personal Data We Collect
We collect various types of Personal Data, which we have grouped as follows:
- Identity Data: Includes first name, last name, username or similar identifier, title.
- Contact Data: Includes email address, company address, billing address, telephone numbers.
- Financial Data: Includes payment card details (processed securely by our third-party payment processors; we do not store full card numbers) and bank account details for payment processing.
- Transactional Data: Includes details about payments to and from you, details of products and services you have purchased or subscribed to from us.
- Technical Data: Includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our Services.
- Profile Data: Includes your username and password (stored securely), company details, job title, usage preferences, feedback, survey responses, and communications preferences.
- Usage Data: Includes information about how you use our website, platform, and Services, such as navigation paths, feature usage, performance data, and usage statistics.
- Communications Data: Includes records of your communications with us, such as support requests, feedback, or other inquiries.
- Marketing and Communications Data: Includes your preferences in receiving marketing from us and your communication preferences.
- Google User Data (if applicable): If you choose to sign in using Google OAuth, we collect your name, email address, and profile picture (if available) from your Google account.
Personal Data We Do Not Collect:
We do not intentionally collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). We also do not collect information about criminal convictions and offences.
Our Services are not intended for children, and we do not knowingly collect data relating to individuals under the age of 16.
5. How We Collect Your Personal Data
We use different methods to collect data from and about you, including through:
- Direct Interactions: You may give us your Identity, Contact, Financial, Profile, and Communications Data by filling in forms, creating an account, subscribing to our Services, making purchases, requesting support, providing feedback, or corresponding with us by post, phone, email, or otherwise.
- Automated Technologies or Interactions: As you interact with our Services, we will automatically collect Technical and Usage Data about your equipment, browsing actions, and patterns. We collect this data by using cookies, server logs, and other similar technologies. Please see our Cookie section (Section 13) for further details.
- Google OAuth: If you choose to register or log in using your Google account, we collect Identity, Contact, and Profile Data (specifically name, email, profile picture) directly from Google as authorized by you during the OAuth process.
- Third Parties or Publicly Available Sources: We may occasionally receive Technical Data from analytics providers like Google Analytics, or Identity and Contact data from publicly available sources if relevant to providing or improving our Services (though our primary collection methods are direct and automated).
6. How We Use Your Personal Data & Lawful Basis for Processing
We will only use your Personal Data when the law allows us to. Most commonly, we will use your Personal Data in the following circumstances and based on the following lawful bases:
| Purpose/Activity | Type(s) of Data Used | Lawful Basis for Processing |
|---|---|---|
| To register you as a new user and manage your account. | Identity, Contact, Profile, Technical, Google User Data | Performance of a contract with you. |
| To process and deliver your orders/subscriptions, including managing payments. | Identity, Contact, Financial, Transactional | Performance of a contract with you; Necessary for our legitimate interests (to recover debts due to us); Necessary to comply with a legal obligation (financial record keeping). |
| To manage our relationship with you (e.g., service notifications, support requests). | Identity, Contact, Profile, Communications, Transactional | Performance of a contract with you; Necessary for our legitimate interests (to keep records updated and study customer service usage). |
| To provide, maintain, and improve our Services, platform, and website. | Technical, Usage, Profile | Necessary for our legitimate interests (to develop our products/services, ensure platform stability and security, grow our business). |
| To analyse usage patterns and trends to enhance user experience. | Technical, Usage | Necessary for our legitimate interests (to understand how customers use our Services and improve them). |
| To personalize your experience on the platform. | Identity, Profile, Usage, Google User Data | Necessary for our legitimate interests (to provide a relevant user experience). |
| To send marketing communications about our products/services (where permitted). | Identity, Contact, Profile, Marketing and Communications | Consent (where required by law, e.g., for prospective customers) or Necessary for our legitimate interests (to develop our products/services and grow our business, for existing customers). |
| To protect our business and Services against fraud, abuse, and security threats. | Identity, Contact, Technical, Transactional, Usage | Necessary for our legitimate interests (to protect our business, assets, and customers); Necessary to comply with a legal obligation. |
| To comply with legal or regulatory obligations. | Identity, Contact, Financial, Transactional | Necessary to comply with a legal obligation. |
| To respond to your inquiries and communications. | Identity, Contact, Communications | Performance of a contract with you (if related to service); Necessary for our legitimate interests (to respond to user queries). |
Google User Data Usage: Information collected via Google OAuth (name, email, profile picture) is used solely to create and manage your account, authenticate you, personalize your experience (e.g., display name/picture), and communicate with you regarding the Services. We do not access your Gmail content, Google Drive files, contacts, calendar, or other private data from your Google Account unless explicitly stated for a specific feature and consented to by you. All handling of Google user data strictly complies with Google API Services User Data Policy, including the Limited Use requirements.
7. Data Sharing and Disclosure
We do not sell your Personal Data. We may share your Personal Data with the following categories of third parties for the purposes outlined in Section 6:
- Service Providers: Companies that provide services on our behalf, such as cloud hosting (e.g., AWS, Google Cloud), payment processing, data analytics (e.g., Google Analytics), email delivery, customer support tools, and IT services. These providers are contractually bound to protect your data and use it only for the services we request.
- Payment Processors: To securely process your payments. We do not store your full credit card information.
- Professional Advisors: Including lawyers, bankers, auditors, and insurers who provide consultancy, banking, legal, insurance, and accounting services, where necessary.
- Legal Authorities and Regulators: If required by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of CompanyTrack, our users, or others.
- Business Transfers: In connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business by another company. We will take steps to ensure the privacy of your Personal Data is respected in such events.
- With Your Explicit Consent: We may share your information with other third parties when we have your explicit consent to do so.
Sharing of Google User Data: We do not share Google user data obtained via OAuth with third parties, except:
- To provide essential services (e.g., storing user identifiers with our hosting provider for authentication).
- When required to comply with applicable laws or valid legal processes.
- With your explicit consent for specific purposes you authorize.
8. International Data Transfers
Your Personal Data may be processed in countries other than your own, including countries outside the UK and the European Economic Area (EEA), where our service providers may be located.
When we transfer your Personal Data out of the UK/EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- The country has been deemed to provide an adequate level of protection for Personal Data by the UK Government or European Commission.
- We use specific contracts approved for use in the UK or EU which give Personal Data the same protection it has in the UK/EEA (such as the UK International Data Transfer Agreement (IDTA) or Standard Contractual Clauses (SCCs)).
- For transfers to the US, the recipient may be certified under a relevant data privacy framework recognized by the UK/EU authorities.
Please contact us if you want further information on the specific mechanism used by us when transferring your Personal Data out of the UK/EEA.
9. Data Security
We implement appropriate technical and organizational security measures designed to protect your Personal Data from accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These measures include encryption, access controls, firewalls, secure server environments, and regular security assessments.
However, please remember that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.
10. Data Retention
We will only retain your Personal Data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting, or reporting requirements. We may retain your Personal Data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period, we consider the amount, nature, and sensitivity of the data, the potential risk of harm from unauthorized use or disclosure, the purposes for processing, whether we can achieve those purposes through other means, and legal requirements.
Key retention criteria include:
- Account data is typically retained while your account is active and for a period of 3 years afterwards to comply with legal and tax obligations.
- Usage and Technical data may be anonymized or deleted sooner, e.g. 24 months, once no longer needed for analysis or improvement purposes.
- Communications data may be retained as necessary to resolve inquiries or for legal reasons.
11. Your Legal Rights
Under data protection laws (like the UK GDPR), you have rights regarding your Personal Data:
- Right of Access: Request a copy of the Personal Data we hold about you.
- Right to Rectification: Request correction of inaccurate or incomplete Personal Data.
- Right to Erasure ('Right to be Forgotten'): Request deletion of your Personal Data where there's no compelling reason for us to keep processing it.
- Right to Restrict Processing: Request suspension of processing your Personal Data in certain circumstances.
- Right to Data Portability: Request transfer of your Personal Data to you or a third party in a structured, machine-readable format (applies to data processed based on consent or contract).
- Right to Object: Object to processing based on legitimate interests if you believe it impacts your fundamental rights. You have an absolute right to object to processing for direct marketing purposes.
- Right to Withdraw Consent: Withdraw consent at any time where we rely on consent to process your data. This won't affect processing done before withdrawal.
- Revoking Google Access: You can revoke CompanyTrack's access to your Google account at any time by visiting your Google Account Permissions page: https://myaccount.google.com/permissions
12. How to Exercise Your Rights
To exercise any of the rights mentioned above, please contact us using the details in Section 18. We may need to request specific information from you to help us confirm your identity and ensure your right to access your Personal Data (or to exercise any of your other rights). This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it. We try to respond to all legitimate requests within one month.
13. Cookies and Similar Technologies
We use cookies and similar tracking technologies (like web beacons) to track activity on our Services, store certain information, enhance functionality, analyse performance, and improve your experience. You can control cookie preferences through your browser settings. Refusing cookies may impact the functionality of our Services.
14. Marketing Communications
We may use your Identity, Contact, Technical, Usage, and Profile Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services, and offers may be relevant for you (marketing).
You will receive marketing communications from us if you have requested information from us or purchased services from us and you have not opted out of receiving that marketing, or if you have explicitly consented.
You can ask us to stop sending you marketing messages at any time by following the opt-out (unsubscribe) links on any marketing message sent to you or by contacting us directly.
15. If You Choose Not to Provide Personal Data
Where we need to collect Personal Data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with the Services). In this case, we may have to cancel a product or service you have with us, but we will notify you if this is the case at the time. Providing optional data will not affect your core service access.
16. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date at the top. We encourage you to review this Privacy Policy periodically. For significant changes, we may also notify you via email or through the Services.
17. How to Complain
If you have any concerns about our use of your Personal Data, please contact us first using the details below so we can address your concerns.
You also have the right to lodge a complaint with the relevant data protection supervisory authority. In the UK, this is the Information Commissioner's Office (ICO). You can find their contact details and information on how to complain at: https://www.ico.org.uk/concerns/
18. Contact Us
If you have any questions about this Privacy Policy, our data practices, or wish to exercise your rights, please contact us at:
- Email: [email protected]
- Company: Team Dimensions Ltd (Company No. 08348964), trading as CompanyTrack
- Address: 10 York Rd, London, SE1 7ND, United Kingdom