Privacy Policy

Overview

This Privacy Policy explains how MAXRES Limited (MAXRES), incorporated in England and Wales, collects, uses, and processes personal data. As both a data controller and data processor, MAXRES collaborates with the Parent Organisations (customers) it serves. This policy details the types of data collected, its usage, and your rights related to personal data. Note that this policy complements but does not override the privacy policies of organisations using MAXRES services.

Objectives

By reading this policy, you will:

Understand what personal data MAXRES collects.
Learn how MAXRES uses and stores personal data.
Be informed about your rights regarding personal data.

Requirements

Users must comply with their own organisation’s privacy policies.
Access to the MAXRES platform with awareness of how data is processed and stored.

Roles

This policy applies to:

Users of MAXRES services.
Parent organisations (customers) using MAXRES Construct.
System Administrators and Compliance Officers.

Policy Details

1. Who We Are

MAXRES Limited acts as both a data controller and data processor, working with the teams and organisations (referred to as Parent Organisations) that use its services.

Last Updated: February 2020

2. Data Controller and Data Processor Roles

What is a Data Controller?

A data controller determines the purposes and means of processing personal data. MAXRES and its customer organisations share this role jointly.

What Makes MAXRES a Data Controller?

MAXRES manages how personal data is stored and used within its applications. For example, organisations storing learner information for reports act as data controllers, and MAXRES, which stores the data and may use it for additional purposes (e.g., web analytics), acts as a joint data controller.

What is a Data Processor?

A data processor processes personal data on behalf of the data controller.

What Makes MAXRES a Data Processor?

MAXRES provides applications that enable customer organisations to upload and retrieve personal data, making it a data processor.

3. Data We Collect

MAXRES collects personal data to improve services and ensure effective use by customer organisations. This includes:

Questions, queries, or feedback provided by users.
Contact information when signing up for email alerts.
IP addresses and web browser details.
Usage data (e.g., pages visited, time spent on activities) through third-party tools like Google Analytics, MailChimp, Stripe, and HotJar.

MAXRES does not collect personally identifiable information (such as names or addresses) through these tools.

4. Purpose of Data Collection

MAXRES collects data to:

Help organisations benefit from its services, including tracking interactions with learning resources.
Improve applications to meet user needs.
Respond to feedback or support requests.
Monitor for potential platform threats.

5. Legal Basis for Processing Personal Data

Contractual Necessity: Storing, processing, and controlling your data is essential to fulfill our contract with your parent organisation.
Legitimate Interest: Personal data is used to improve services and ensure security. For example, email notifications about updates within MAXRES may be sent, though users can opt out at any time.

For concerns or opt-out requests, contact us at privacy@maxres.ai.

6. Data Usage

Data is used internally for service development and shared with customer organisations as needed.
Data may be shared with law enforcement if required by a court in England and Wales.

We will not:

Sell or rent your data to third parties.
Share your data with third parties for marketing purposes.

7. Data Retention

Data is retained as long as an active contract exists with the parent organisation. Once a contract ends, all personal data will be removed within 30 days. Parent organisations can handle Right to Erasure requests from users.

8. Children's Privacy Protection

Our services are not targeted at children under 13, and we do not knowingly collect data from anyone under 13.

9. Data Processing and Storage Locations

MAXRES ensures personal data is safely stored within the European Economic Area (EEA). Some Google Analytics data may be transferred outside the EEA but cannot personally identify users.

10. Your Rights

You have the right to:

Request details about how your data is processed.
Request a copy of your personal data.
Have inaccuracies in your data corrected.
Raise objections about data processing.
Request data erasure or processing restrictions in specific circumstances.

11. Links to Third-Party Websites

MAXRES applications may link to third-party services, each governed by its own privacy policy. Relevant third-party policies include:

Google Privacy Policy
HotJar Privacy Policy
MailChimp Privacy Policy
Stripe Privacy Policy
Crisp Privacy Policy

12. Policy Updates

This policy may be updated periodically. Significant changes to data processing will result in user notifications, typically via email.

13. Contact Us or Make a Complaint

For questions or complaints about your personal data, contact us at privacy@maxres.ai. Certain requests, like Right to Erasure or subject access requests, may require collaboration with your parent organisation and could extend response times.

14. Escalation

If unsatisfied with our response, you can escalate complaints to the Information Commissioner’s Office (ICO):

Email: casework@ico.org.uk
Phone: 0303 123 1113
Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Overview​

Objectives​

Requirements​

Roles​

Policy Details​

1. Who We Are​

2. Data Controller and Data Processor Roles​

What is a Data Controller?​

What Makes MAXRES a Data Controller?​

What is a Data Processor?​

What Makes MAXRES a Data Processor?​

3. Data We Collect​

4. Purpose of Data Collection​

5. Legal Basis for Processing Personal Data​

6. Data Usage​

7. Data Retention​

8. Children's Privacy Protection​

9. Data Processing and Storage Locations​

10. Your Rights​

11. Links to Third-Party Websites​

12. Policy Updates​

13. Contact Us or Make a Complaint​

14. Escalation​