Privacy Policy
1. Introduction
Rebasoft Limited (“Rebasoft”, “we”, “us”, or “our”) is committed to protecting personal data and maintaining the highest standards of privacy and data protection.
This Privacy Policy explains how we collect, use, disclose, and protect personal data in accordance with:
UK General Data Protection Regulation (UK GDPR)
Data Protection Act 2018
Privacy and Electronic Communications Regulations (PECR)
2. Scope
This Policy applies to:
Website visitors
Customers and prospective customers
Partners, resellers, and suppliers
Users of Rebasoft products and services
Individuals who interact with us
3. Roles (Controller and Processor)
Rebasoft acts as:
Data Controller for its own business operations
Data Processor when processing data on behalf of customers
Where Rebasoft acts as a Processor, processing is governed by the Data Processing Addendum (DPA).
4. How We Collect Personal Data
We collect personal data:
Directly from you:
Website forms, enquiries, demo requests
Contracts and agreements
Communications and correspondence
Automatically:
Website usage data (cookies, analytics, logs)
From third parties:
Partners and resellers
Public sources
Credit reference and fraud prevention agencies (where applicable)
All third-party data is obtained lawfully and fairly.
5. Types of Personal Data
We may process the following categories:
Identity data (name, job title, organisation)
Contact data (email, telephone, address)
Account and transaction data
Communication data
Technical and usage data (IP address, device, logs)
Rebasoft does not intentionally process special category data unless:
Explicitly required, and
Lawfully provided
6. Purposes and Lawful Bases
| Purpose | Lawful Basis |
|---|---|
| Service delivery | Contract |
| Account management | Contract / Legal obligation |
| Customer support | Contract / Legitimate interests |
| Compliance | Legal obligation |
| Security & fraud prevention | Legitimate interests / Legal obligation |
| Marketing | Legitimate interests / Consent |
| Analytics & service improvement | Legitimate interests |
Where we rely on legitimate interests, we:
Conduct a Legitimate Interests Assessment (LIA)
Balance our interests against your rights
Make this assessment available upon request
7. Marketing
We may send marketing communications where permitted by law.
You may opt out at any time
We comply with PECR
We do not sell personal data
Opt-out requests: legal@rebasoft.net
8. Sharing Personal Data
We may share personal data with:
Trusted service providers (subprocessors)
Partners and resellers
Professional advisers (legal, financial, audit)
Regulators, authorities, or law enforcement where required
All recipients are subject to appropriate contractual and confidentiality obligations.
9. International Transfers
Where personal data is transferred outside the UK:
UK International Data Transfer Agreement (IDTA)
Adequacy decisions
Standard Contractual Clauses (SCCs)
All transfers are:
Risk assessed
Subject to appropriate safeguards
Aligned with ICO guidance
10. Data Retention
We retain personal data only for as long as necessary.
Typical retention periods include:
Customer data: contract duration + up to 7 years
Marketing data: until consent is withdrawn or an objection is received.
Support data: based on operational and legal requirements
Retention periods are:
Regularly reviewed
Based on legal, regulatory, and business requirements
11. Your Rights
Under UK GDPR, you have the right to:
Access your personal data
Rectify inaccurate data
Request erasure
Restrict processing
Object to processing
Data portability
Withdraw consent at any time
To exercise your rights:
Email: legal@rebasoft.net
We will respond within one month in accordance with UK GDPR.
12. Complaints
You have the right to lodge a complaint with:
Information Commissioner’s Office (ICO)
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Website: https://www.ico.org.uk
We encourage you to contact us first so we can resolve your concern.
13. Automated Decision-Making
Rebasoft does not carry out automated decision-making or profiling that produces legal or similarly significant effects.
14. Security of Personal Data
We implement appropriate technical and organisational measures, including:
Encryption (TLS 1.2/1.3, AES-256)
Role-based access control (RBAC)
Audit logging and monitoring
Secure architecture and system design
Security measures are:
Regularly reviewed
Aligned with industry best practice
15. Cookies and Tracking
See our Cookie Policy for full details.
No non-essential cookies are placed without consent
Consent can be withdrawn at any time
16. Data Protection Officer (DPO)
Rebasoft has appointed a Data Protection Officer to oversee compliance.
Contact: legal@rebasoft.net
17. ICO Registration
Rebasoft Limited is registered with the UK Information Commissioner’s Office (ICO).
ICO REGISTRATION NUMBER: ZC148577
18. Updates to This Policy
We may update this Policy periodically.
Where changes are material:
We will provide reasonable notice
Notice may be given via:
Website publication
19. Contact
For all privacy-related enquiries:
Email: legal@rebasoft.net
20. Related Documents
Cookie Policy: www.rebasoft.net/cookie-policy
Data Processing Addendum: www.rebasoft.net/data-processing-addendum
Subprocessors: www.rebasoft.net/subprocessors
Security Overview: www.rebasoft.net/security