Privacy Policy
Last updated on 23 August 2025
1. Introduction
ACT Compliance Ltd (trading as ACT360), (“ACT360,” “we,” “us,” or “our”), is committed to protecting and respecting your privacy. This Privacy Policy (together with our Terms of Use and any other documents referred to on it) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed.
For the purpose of the Data Protection Act 2018 (“the Act”), ACT Compliance Ltd is the data controller. Our nominated representative for the purpose of the Act and Data Protection Officer is Ebin Lazar. Please note that while we are the data controller for information provided on our marketing website, your organisation acts as the data controller for any resident or patient data entered into the ACT360 application, and we act as the data processor. Where your organisation acts as the data controller, ACT360 processes data strictly in accordance with its instructions and applicable data processing agreements.
[This is a template. You must review and adapt this content to accurately reflect your data processing activities and consult with a legal professional to ensure full compliance with GDPR.]
2. Data We Collect & Lawful Basis for Processing
We collect and process the following data based on the lawful bases specified below to provide and improve our services:
1. Personal Data
Examples: Name, email, role
Lawful Basis: Legitimate Interest
Purpose: Account setup, notifications, support
2. Audit & Event Data
Examples: Audit answers, action plans
Lawful Basis: Contractual Obligation
Purpose: Service delivery, reporting
3. Usage & Cookie Data
Examples: Browser settings, visit logs
Lawful Basis: Consent & Legitimate Interest
Purpose: UX optimization, analytics
Personal Data (Lawful Basis: Legitimate Interest): Personally identifiable information, such as your name, email address, and role, that you voluntarily give to us when you register or are invited to the app. We process this data to create and manage your account, send notifications, and provide support.
Audit & Event Data (Lawful Basis: Contractual Obligation): All information you enter while creating or performing audits and logging events. This is processed to deliver the core service you have subscribed to.
Usage Data & Cookies (Lawful Basis: Consent & Legitimate Interest): To provide core functionality and a better user experience, we use essential cookies and your browser's local storage to save application settings and your consent status. We may also collect details of your visits to our website, including traffic and location data, for analytical purposes to improve our service.
3. Use of Your Information
Having accurate information about you permits us to provide you with a smooth, efficient, and customized experience. Specifically, we use information collected about you via the Application to:
Create and manage your account.
To carry out our obligations arising from any contracts entered into between you and us.
To allow you to participate in interactive features of our service when you choose to do so.
Generate anonymized analytics and reports based on audit data to improve our services.
To notify you about important changes to our service.
4. Disclosure & International Transfers
We are transparent about the third-party services we use. Some data may be stored or processed in the United States via Google Firebase and Stripe. We rely on Standard Contractual Clauses approved by the European Commission to safeguard these transfers. We regularly review our third-party providers to ensure continued compliance with international data transfer regulations. We may disclose your personal data to:
Google Firebase: Our primary backend infrastructure provider (US-based), used for database (Firestore), authentication (Firebase Auth), and file storage (Firebase Storage).
Stripe: Our payment processing partner (US-based) for handling subscriptions. We do not store any of your credit card details on our servers.
Brevo (formerly Sendinblue): Our SMTP relay service (EU-based) for sending transactional emails, such as invitations.
We may also disclose your personal data if required by law, to enforce our terms, or in the event of a business sale or merger.
5. Data Storage, Security & Retention
We use administrative, technical, and physical security measures to help protect your personal information. Your data is stored on secure servers provided by Google Firebase.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk.
Retention Periods: We retain audit and event data for up to 7 years to support your inspection readiness and historical reporting needs. Personal account data is retained for the duration of your active subscription and deleted within 90 days of account closure. We periodically review stored data and anonymize or delete records that are no longer necessary for operational or legal purposes.
6. Your Rights & Automated Decision-Making
Under the Data Protection Act, you have the right to access, rectify, or erase your personal data, object to processing, and lodge a complaint with a supervisory authority. You can exercise these rights by contacting us.
AI and Automated Decision-Making: ACT360 uses AI to generate audit insights and compliance suggestions. These are advisory only and do not constitute automated decision-making with legal or otherwise significant effects on individuals under GDPR. All AI-generated insights are designed to support—not replace—professional judgment and regulatory decision-making.
7. Changes to Our Privacy Policy
Any changes we may make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by email.
8. Contact Us
Questions, comments, and requests regarding this privacy policy are welcomed. Please refer to our contact us page to get in touch with us or email us at support@act360.co.uk
Privacy Policy v1.3 — Last Updated: 23 August 2025