Data Privacy Policy

The follow outlines how Root-5 Solutions Ltd (Root-5), located at 11 Bon Accord Crescent, Aberdeen AB11 6DE handles your data, be it personal or other information. As far as possible, we’ve used plain English to explain how we respect your privacy and why you should trust us with your data.

Root-5 may modify this policy at any time. If Root-5 determines the changes are materially significant, you will be informed by email. If you continue to use the Products and Services, we will consider you have expressly consented to these changes.

Privacy for Product and Service Users

Your Data

Your data is yours. Root-5 regards all content that you create within your use of our Products and Services (company details, personnel details, customer details, contracts, project data, forms, tasks, user accounts, etc.) as being your private property, controlled and owned wholly by you. Root-5 does not copy or share your content or data with anyone.

Root-5 provides the secure framework within our Products, manage, and monitor its functionality to ensure it works as intended, and within that secure functionality process and make your data available as needed to provide the Service. For Hosted Products and Delivery, we engage necessary subprocessors, as described within this Data Protection Policy, to facilitate the delivery of our Products and Services to you.

On-premises Products (Customer’s Managed Network and Server)
Root-5 is committed to providing solutions for the quality processing of your data. Our Product will be delivered securely to your network server working with your IT team. Thereafter, the Customer is responsible at all times for ensuring they have a Quality Management System (QMS) in place for managing and maintaining the secure environment they will use to host our Product, ensuring it meets all internal and external regulatory requirements pertaining to management and security of their data.

The data you process and manage in our Product should be held and backed-up in the accordance with your QMS. Root-5 will not access, copy, or hold your data except for as described in this Data Privacy Policy.

Information Root-5 Collect

Root-5 collects information relating to you and your use of our Products from a variety of sources which are listed below, along with details of how we use this information.

Information We Collect from You

Registration information. You need to complete documents to create a Licence Agreement with us for the use of our Products. This may collect the names of key contacts for your Agreement with us, their business email address and phone numbers.

Billing information. To make a payment to Root-5, we require that you provide a billing address, including name, address, email address and VAT/Tax number (if applicable). Volume Licence Agreements are paid in advance by bank transfer and instructions will be provided on your invoice. Root-5 do not store or log any of your sensitive banking, debit, or credit card details.

Named User registration. This will be managed by the Customer appointed in-house Administrator. We will on a quarterly basis extract a Named User report to verify Licence holders and this will be provided to the Customer’s in-house Administrator. This information is required by us for the sole purpose of Licence billing purposes and does not include your Named User’s contact information.
We will not contact your Named Users unless you specifically request us to do so, or as required in the provision of technical support by telephone or email. We will not make your Named Users report available to any third parties.

Other data you intentionally share. We may store or collect your personal information or data if you explicitly send it to us for specified purposes. For example, if you give us a customer testimonial or participate in a sponsored marketing event.

Accessing Your Data

Root-5 do not use any third parties in the development or support of our Products. All Product design, enhancements, bug fixes, patches, customer support and Project Services are managed by our inhouse dedicated technical team. At all times Root-5 employees work to the highest ethical standards, and all work undertaken at the request of customers is managed confidentially.

Except where necessary to complete any of the tasks below, your data will not be copied, shared, or stored directly by us.

Implementation. Where we are required to assist by uploading data provided by you to our Product, any data provided to us to complete this task will be deleted upon completion.

Customer Support. This is the most common reason for us to access your data where a Named User has requested assistance to correct data, requires advice or training, to replicate a fault reported in the functionality and general troubleshooting requests.

Project Services. From time to time, you may engage us to perform Project Services and provide us with data required to execute these. On completion, any such data will be returned or, where in electronic format, deleted. Where you may require, for the purposes of exporting or importing data, any integration between our Product and other external applications, this must be agreed in advance and managed securely by both parties. Where such external applications are used, you may be disclosing your data to the individuals responsible for its operation and should ensure you are comfortable with their Privacy Policies. Root-5 cannot take responsibility for any external services it does not own or operate.

Your Responsibilities

Client Network Server. For the security and privacy of your data, it is your responsibility to ensure you have an appropriate QMS in place to manage the environment you will use to deliver our Product to your organizations Named Users. Your QMS should include all aspects of management such as security, connectivity, back up and disaster recovery procedures. We will not be responsible for any network servers belonging to the Customer.

Passwords. For the security and authenticity of your data, it is your responsibility to ensure those employees you grant authorization to access our Product keep their username and password safe, and do not share this information with any other individual. We will not be responsible for any unauthorized access to your data, or falsification of your auditable records, which is caused by unauthorized sharing of individual Named User access details.

Data Retention Obligations. To meet your legislative and audit obligations, our Product provides you with a full audit trail for all work details recorded and managed. You are responsible for ensuring the necessary agreements are in place with any personnel employed by you where information relating to them must be stored, in electronic or hardcopy format, to meet legal retention requirements.

To Manage our Products and Services

Root-5 may use your account data for these limited, internal only purposes:

Monitoring. As required to ensure our Product functions as it should, it generates and emails a system health check report to us so we can monitor areas of the software you interact with are performing correctly. This report contains generic analytical performance data.

Feedback. As a requirement of our annual ISO audit, we are required to seek customer feedback. Customers are chosen at random, feedback on Products and Services can be anonymous if preferred, and there is no obligation to participate.

New Functionality. To inform you of new features or functionality to the Products or Services.

Who We May Share Your Data With

Safeguarding your data and privacy is extremely important to us. The only time we will disclose or share your personal information or data with a third party is when, in accordance with applicable law, we have given you notice, such as in this Data Protection Policy, it is in your Agreement with us for Products and Services, or we have obtained your express consent.

Change of business ownership or structure. If Root-5 undertake a corporate reorganization, you expressly consent to the transfer of your information to the successor entity within the Root-5 Group so that we can continue to provide services to you. If ownership of our business changes through merger or acquisition, we will notify you of such changes with details of the new owner or successor entity requesting consent for the transfer of your information so that they can continue to provide services to you.

Advertising and Testimonials. We may occasionally ask for your permission to provide your contact details to third parties for referral purposes. We may also ask you to provide a testimonial or your company logo to be inserted on our website customer page. Such permission given for this can be revoked at any time. We will not forward your details to any third parties wishing to contact our customers for their own marketing purposes.

To respond to legal requests. Root-5 may disclose your information as required or permitted by law, or Root-5 believe that disclosure is necessary to protect our rights, protect your safety or the safety of others, and/or to comply with any court order or legal processes served on us.

Data Retention Timeframes

Your data will be stored in our On Product for so long as you have an active rolling Licence Agreement with us. If you wish to cancel this, please refer to the Notice Periods for termination in your Agreement. If you cancel your Agreement with us, the following scenarios and timeframes apply:

Cancelling your Agreement. Upon receipt of the appropriate Written Notice, we will contact you to discuss the de-activation of Named Users and extraction of your data from our Product.
Please plan ahead so we can provide you with appropriate support and appoint a person within your organization to take responsibility for coordinating this with us. All Fees should be paid up to the last day of service and completion of your data extraction has been agreed, and as appropriate to your requirements.

Examples of customer requirements may be:

Data transfer to a new solution provider or in-house bespoke system. We can provide a quote and project services plan for assisting with this.

A data export in a specifically requested format.

Termination of your account. You must confirm to us within 30 days that you are satisfied you have extracted all of your data from our Product and ensured appropriate back-ups have been stored. Once confirmation is received, we will work with your IT team to decommission our Product.

Hosted Products and Delivery
Root-5 is committed to processing and storing your data securely. Due to the commercially sensitive and highly confidential nature of data to be managed by customers in our Products, Root-5 have a Cloud Services Agreement (CSA) in place with Oracle for its hosting and delivery within the UK. This ensures we can develop, manage, support, and run our Products in a highly secure, hosted environment with high performance and availability for customers.

Oracle are the world’s largest database management company. Their security first approach ensures the highest standard of technical and organizational security, designed to protect and secure data and applications for customers.

In addition to our Oracle CSA, we have a Managed Service Provider (MSP) agreement in place with an ISO 27001 and Cyber Essentials Oracle Partner. This provides us with 24/7 support, vulnerability scanning and monitoring for the live and test environments our Products are hosted in.

Our Mobile App is hosted on Microsoft’s Azure cloud platform in Western Europe (Netherlands, Europe), and made available to customers via Apple Store and Google Play.

The data you process and manage in our Products will be held and backed-up in the environment described above. Root-5 will not access, copy, or hold your data except for as described in this Data Privacy Policy.

Information Root-5 Collect

Root-5 collects information relating to you and your use of our Products from a variety of sources which are listed below, along with details of how we use this information.

Information We Collect from You

Registration information. You need to complete Agreement documents to create a Licence Agreement for the use of our Products. This collects the names of key contacts for your account with us, their business email address and phone numbers.

Billing information. To make a payment to Root-5, we require that you provide a billing address, including name, address, email address and VAT/Tax number (if applicable). Monthly subscriptions are paid by Direct Debit, and we will email you the secure link to set this up with our payment processor. We use only Direct Debit payment processors authorized by the FCA and that are GDPR compliant. All payments collected are protected by the Direct Debit Guarantee. Annual Volume Licence Agreements are paid in advance by bank transfer and instructions will be provided on your invoice. Root-5 do not store or log any of your sensitive banking, debit, or credit card details.

Named User registration. This is required to provide us with the names and business contact details of individuals employed by you, and whom you authorize to use our Products and Services. This information is required by us for the sole purpose of granting access rights and passwords to those named individuals, and for Licence billing purposes. We will not contact your Named Users unless you specifically request us to do so, or as required in the provision of technical support by telephone or email. We will not make your Named Users contact information available to any third parties.

Accessing Your Data

Except where necessary to complete any of the tasks below, your data will not be copied, shared, or stored directly by us.

Initial Set Up. Where we are required to assist by uploading data provided by you (such as equipment lists etc.) to your Product account, any data provided to us to complete this task will be deleted upon completion.

Where you may require, for the purposes of exporting or importing data, any integration between our Product and other external applications, this must be agreed in advance and managed securely by both parties. Where such external applications are used, you may be disclosing your data to the individuals responsible for its operation and should ensure you are comfortable with their Privacy Policies. Root-5 cannot take responsibility for any external services it does not own or operate.

Mobile App. Our Mobile App enables the pushing of data in real-time to and from our Product. To function, it will require use of Named Users emails and account passwords for identification purposes.

Your Responsibilities

Passwords. For the security and authenticity of your data, it is your responsibility to ensure your employees keep their password safe, and do not share this information with any other individual. We will not be responsible for any unauthorized access to your data, or falsification of your auditable records, which is caused by unauthorized sharing of individual Named User access details.

Data Retention Obligations. To meet your legislative obligations, our Product provides you with a full audit trail for all work details recorded and managed. You are responsible for ensuring the necessary agreements are in place with any personnel employed by you where information relating to them must be stored, in electronic or hardcopy format, to meet legal retention requirements.

To Manage our Products and Services

Root-5 may use your account data for these limited, internal only purposes:

Monitoring. As required to ensure our Products functions as it should, we monitor areas of the software you interact with are performing correctly. This can include such areas as execution times, back-up completions, data timestamps and generic analytical data.

New Functionality. To inform you of new features or functionality to the Products or Services.

Who We May Share Your Data With

Sub-processors. Third-parties necessary for the delivery of our Products and Services, engaged under appropriate contractual and technical protections to perform their services for us and ensure the security of your personal information and data, as required by law. Subprocessor services required in the delivery of our Products and Services include hosting, mobile application, and payment processors.

Data Retention Timeframes

Your data will be stored in our Products for so long as you have an active subscription account with us under Agreement. If you have an annual/rolling Agreement with us and no longer wish to renew this, please refer to the Notice Periods for termination. If you wish to cancel a monthly subscription, please contact our support team. If you cancel your subscription with us, the following scenarios and timeframes apply:

Cancelling your subscription. Upon receipt of the appropriate Written Notice, we will contact you to discuss the de-activation of Named Users and return of your data. Please plan ahead so we can provide you with appropriate support and appoint a person within your organisation to take responsibility for co-ordinating this with us. You should not cancel your Direct Debit until a timeframe for last day of service and completion of handover has been agreed, and as appropriate to your data handover requirements.

Examples of customer handover requirements may be:

Where you have minimal data stored in our Product:
- a data export,
- hardcopy reports extracted for storage by you.

Data transfer to a new solution provider or in-house bespoke system. We can provide a quote and project plan for this.

A data export in a specifically requested format.

Termination of your account. You must confirm to us within 30 days of handover that you are satisfied all your data has been returned to you. Upon expiry of your subscription, you will not have access to your account with us. Should you find that any data is missing or has been accidentally deleted by you or your new provider during set-up, please contact our support team for assistance to restore any data for you.

Information About Us

The Root-5 Group; Root-5 Ltd (SC243571), Root-5 Solutions Ltd (SC306363) and TRACS Assets Ltd (SC311793), are registered in Scotland, our business address is also our registered address. To contact us in relation to this Data Privacy Policy, please email info@root-5.com.

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Data Privacy Policy

Privacy for Product and Service Users

Information Root-5 Collect

Accessing Your Data

Your Responsibilities

To Manage our Products and Services

Who We May Share Your Data With

Data Retention Timeframes

Information Root-5 Collect

Accessing Your Data

Your Responsibilities

To Manage our Products and Services

Who We May Share Your Data With

Data Retention Timeframes

Information About Us

Get in Touch

Headquarters

Contact Us

Connect

Extras