Skip to main content

Privacy Policy

In May, we’ll begin using The Education Company, Vision33 and Sage (all processing within the EEA) to support secure payments made on Widgit Online.

  1. Important information and who we are

    References to "we", "us", "our", "Widgit" and "Widgit Software" are to "Widgit Software Ltd". References to "Widgit Online", "our website", "this website", "the website" or "the service" are to "widgitonline.com". References to "personal data" or "personal details" are to any information about an individual from which they can be identified.

    You should be at least 18 years old to create an account on Widgit Online. If you have a group account then you are responsible for the privacy and activity of users on your account.

    You should read this privacy policy so that you understand how and why we use your data.

    We have appointed a data privacy manager who can respond to questions about this privacy policy and to any requests to exercise your legal rights. To contact the data privacy manager, email privacy@widgit.com or write to:

    Privacy
    Widgit Software (Widgit Online)
    1st Floor
    Bishops House
    Artemis Drive
    Tachbrook Park
    Warwick
    CV34 6UD, UK

    For EEA Residents: You can contact us using the details above or via our EU representative by emailing eurep@widgit.com, telephoning +46 850516408 or writing to:

    DPO
    Olof Palmes Gata 29
    4th Floor
    111 12
    Stockholm
    Sweden

    This privacy policy was last updated on 11th October 2023.

  2. What personal data we collect and how

    The personal data we collect via the website may include:

    • Any personal details you knowingly provide us with through forms and our email, such as name and email address.
    • Your preferences and use of email updates, recorded by emails we send you (if you select to receive email updates on news, products and offers).
    • Your IP address; this is a string of numbers unique to your computer that is recorded by our web server when you request any page or component on the website. This information is used to monitor usage of the website and to help with technical support issues.
    • Data recorded by the Website which allows us to recognise you and your preferred settings; this saves you from re-entering information on return visits to the site. Such data is recorded locally on your computer through the use of cookies. Most browsers can be programmed to reject or warn you before downloading cookies; information regarding this may be found in your browser's 'help' facility.

  3. What we do with your personal data

    • We'll only use your personal data in relation to providing the Widgit Online service and only when the law allows us to.
    • We won't share your personal data with anyone you're not expecting us to.
    • We won't send you any marketing emails that you haven't consented to, and you can opt out at any time.

    Any personal data we collect will be used in accordance with the UK General Data Protection Regulation in addition to all applicable law concerning the processing of personal data and privacy. If you have opted to be kept informed of any of our products or services, we will use your email address in order to send you that information. In such a case you will always be offered the option to opt in/out of further communication.

    We will only use your personal data when we have a lawful basis for doing so. Typically, we will only use your personal data for the following reasons:

    • To provide the Widgit Online service under the terms and conditions of use.
    • Where it's necessary for our legitimate interests or those of a third party, and where your interests and fundamental rights do not override those interests.
    • Where we need to comply with a legal or regulatory obligation.

    We have categorised the data (including personal data) that we use as follows:

    • Identity - display name and username.
    • Technical - your IP address, login credentials and the data sent by your browser, such as its type and version and your device's operating system.
    • Activity - information about how you use the website
    • Contact - email address and telephone number.
    • Communication - details of your communication preferences, such as whether or not you have consented to receive marketing information.
    • Financial - your payment details.
    • Transaction - details about payments to and from you and details of products and services you have purchased from us.

    We have categorised the purposes we use the data for as follows:

    Purpose Category of data Lawful basis for processing, including legitimate interest
    Registration - when you create an account Identity, Technical, Contact, Communication Contractual
    Order processing - when you purchase a subscription. This includes the ongoing management of payments and fees Identity, Technical, Contact, Communication, Financial, Transaction Contractual, Legitimate Interest (e.g. to recover a debt)
    Logging In - when you or your users log in Identity, Technical Contractual
    Communication - when we need to inform you about things like changes to our terms or privacy policy Identity, Contact, Communication Contractual, Legal Obligation, Legitimate Interest (e.g. to keep our records up to date and accurate)
    Support - when we provide technical support, or need to let you know about technical issues with the website Identity, Technical, Contact, Communication Contractual, Legal Obligation, Legitimate Interest (e.g. provision of services and security)
    Analytics - when we use statistics and analysis to help us improve the website Technical, Activity Legitimate Interest (e.g. to learn how customers use the website so that we can improve and develop our services, and to inform our marketing strategy)
    Marketing - when we suggest products or services that may be of interest to you Identity, Contact, Communication Legitimate Interest (e.g. to develop our products and services and grow our business)

    If we need to use your personal data for another purpose, we will try to ensure that it's compatible with the purposes described here. If it isn't completely compatible then we will notify you, explaining the legal basis for the new purpose.

  4. Sharing personal data

    We may need to share your personal data with one or more third parties (our "sub-processors"). We require third parties to respect the security of your personal data and to treat it with accordance to all applicable law. We do not allow third parties to use your personal data for their own purposes. We only permit third parties to process your personal data in accordance with our instructions and for the purposes we specify.

    Some of the third parties that we might share your personal data with are outside the European Economic Area. When this is the case, we use written contracts to ensure that personal data has the same or similar protections that it would have in the European Economic Area.

    This is a list of the third parties ("sub-processors") that we use:

    • Amazon Web Services (EU)
      Widgit Online uses Amazon Web Services to store the documents users create, the images they upload and the databases that hold their account data.

    • CloudFlare (EU/USA)
      Widgit Online uses Cloudflare for content distribution, security and DNS services.

    • PayPal (EU/USA)
      Widgit Online uses PayPal to process payment transactions.
      PayPal’s terms and conditions: https://www.paypal.com/uk/webapps/mpp/ua/legalhub-full

    • MailerSend (EU)
      Widgit Online uses MailerSend to send emails related to user accounts.

    • Mailchimp (USA)
      Widgit Online uses Mailchimp to send emails related to user accounts, marketing and new features of the service.

    • WebPurify (USA)
      Widgit Online uses WebPurify for automated image moderation.

    • Other Sub-Processors
      Widgit Online uses Rollbar and Datadog to monitor use of the service for the sole purposes of maintaining and improving the service.

      • Rollbar (USA)
        The data gathered using Rollbar may include elements of entered text which may constitute personal data. Should this happen, the text will be deleted.
      • Datadog (EU)
        The data gathered using Datadog may include elements of your account data, such as your login name, email address or IP address. Where it is possible and practical to do so, the data gathered using Datadog is anonymised or redacted.

  5. Cookies

    For a list of the cookies we use, see "Cookies". Please note that if you set your browser to disable or reject cookies, parts of the website may not be accessible or function properly.

  6. Security

    We have security measures in place to prevent your personal data from being accidentally lost, disclosed, used or accessed in an unauthorised way. We also limit access to your data to the employees and third parties that need access to it in order to provide the Widgit Online service.

    All Widgit staff with access to your data are subject to a duty of confidence and have been trained in privacy awareness and the handling of personal data.

  7. Data Retention (How long we keep your personal data for)

    It's possible that a subscription might lapse and an account might lay dormant until the subscription is renewed. We do not want you to lose the materials you (and your users if you have a group account) have created, so we will keep a record of your account and materials for a maximum of 2 years after your trial or subscription has lapsed.

    For tax reasons, we are legally required to keep basic information about our customers (including Contact, Identity, Financial and Transaction data as described) for 6 years after they cease being customers.

    In some circumstances you can ask us to delete your personal data (for more information, see 'Your other rights').

    Your right to object

    You have the right to object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and you feel that it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.

    Your other rights

    Subject to circumstances, account holders have rights under data protection laws in relation to their personal data. If you wish to exercise any of the rights described here, please contact us using the details in "Important information and who we are".

    Please note that if you have a group account, we cannot respond to requests from your users regarding their privacy. We will assist you in responding to requests from your users and allowing your users to exercise their rights. If the supervisory authority contacts us in relation to your account, or if we are contacted by anyone in relation to the privacy of a user on your account, we will notify the account holder using the email address that they have provided.

    Request access to your personal data
    You can ask for a copy of the personal data we hold about you to check that we are lawfully processing it.

    Request correction of the personal data that we hold about you
    You can ask us to correct any incomplete or inaccurate data we hold about you, although we may need to verify the accuracy of the new data you provide to us.

    Request erasure of your personal data
    You can ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see "Your right to object"), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with applicable law. Note that we may not always be able to comply with your request of erasure for specific legal reasons which you will be informed of, if applicable, at the time of your request.

    Request restriction of processing of your personal data
    You can ask us to suspend the processing of your personal data:

    1. if you want us to establish the data's accuracy
    2. where our use of the data is unlawful but you do not want us to erase it
    3. where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims
    4. when you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.

    Request the transfer of your personal data to you or to a third party
    You can ask us to provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to information that you initially provided consent for us to use or where we used the information to perform a contract with you.

    Withdraw consent at any time
    If we are relying on consent to process your personal data then you can withdraw that consent at any time. This does not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

  8. Other websites

    This privacy policy only covers this website. Any other websites which may be linked to by our website are subject to their own policy, which may differ from ours.

  9. Cookies

    What are "cookies"?

    Cookies are very small text files that are stored in your browser by the websites you visit.

    Cookies can be used to identify you to a website, to help it remember your preferences or to track your usage of the website so that the people who run it can give you a better service.

    How Widgit Online uses cookies

    The Widgit Online website uses two cookies, which are described below. Both of the cookies that Widgit Online uses are necessary to ensure that the website does the things that you would expect it to do.

    • User Credentials
      ("user_credentials")
      This cookie identifies you to the website so that you don't need to log in every time you visit. If you click the "Stay logged in" option when logging in, this cookie will remain valid for 3 months. If you don't, it will remain valid until the end of the current browsing session.
    • Online Session
      ("_cfduid")
      This cookie identifies your current browsing session to the website so that you can edit documents. It will remain valid until the end of the current browsing session.