This Privacy Notice explains how PeltierGroup uses personal data in connection with LibraryVault. LibraryVault is operated by PeltierGroup.
Privacy contact: privacy@peltiergroup.co.uk
Support contact: support@peltiergroup.co.uk
Security contact: security@peltiergroup.co.uk
Business details:
PeltierGroup
[insert legal company name if known]
[insert registered address or business address if known]
[insert company number if applicable]
Personal data we may collect
Depending on how you use LibraryVault, we may collect:
- name;
- email address;
- organisation or company name;
- job title or role;
- account login details;
- billing, order, subscription or invoice information;
- support messages and contact form messages;
- product usage information;
- IP address, device, browser and security log information;
- files, notes, messages, records, images or content you upload or submit;
- AI prompts, inputs and outputs where an AI-powered feature is used.
LibraryVault may also process more sensitive information where this is necessary for the product. This may include health, wellness, lifestyle, staff, employee, audit, checklist, signature, incident, operational or compliance records, depending on how the product is used.
Why we use personal data
We use personal data to:
- provide and operate LibraryVault;
- create and manage accounts;
- respond to enquiries and support requests;
- process payments, orders, subscriptions and invoices;
- provide dashboards, reports, downloads or product features;
- provide AI-powered outputs where AI features are used;
- maintain security and prevent misuse;
- monitor, troubleshoot and improve the service;
- manage customer relationships;
- comply with legal, tax, accounting and regulatory obligations;
- handle data requests, complaints, disputes and security incidents;
- send service messages and, where permitted, marketing communications.
Our lawful bases
Depending on the situation, we may rely on:
- Contract: where processing is needed to provide the product, account, subscription, service or support.
- Legitimate interests: where processing is needed to operate, secure, improve and manage our business and services.
- Consent: where we ask for permission, such as optional marketing, optional cookies or certain optional features.
- Legal obligation: where we need to keep or use information for legal, tax, accounting or regulatory reasons.
- Explicit consent: where required for health, wellness or other special category information.
AI-powered features
Some PeltierGroup products may use AI-powered features.
Where you submit information into an AI feature, your input may be sent to our AI service providers to generate a response.
AI outputs may be inaccurate, incomplete or unsuitable for your situation. You should review outputs before relying on them.
More information is available in our AI Usage Notice.
Who we share personal data with
We may share personal data with trusted providers who help us operate LibraryVault, including providers for:
- hosting and infrastructure;
- databases and storage;
- authentication;
- payment processing;
- subscriptions and app stores;
- email delivery;
- customer support;
- analytics, where used;
- AI processing, where used;
- logging, monitoring and security;
- professional advice, legal, accounting or compliance support.
We do not sell personal data.
Business customer data
Where a business customer uses LibraryVault to manage information about its staff, users, customers or operations, that business customer may be the controller of that data and PeltierGroup may act as processor.
Where we act as processor, we process personal data on the business customer's instructions and in line with our agreement with them.
If you are an employee, staff member or end-user of one of our business customers, you may need to contact that organisation directly to exercise your rights.
International transfers
Some providers may process personal data outside the UK.
Where this happens, we will use appropriate safeguards where required, such as data processing terms, transfer safeguards or equivalent protections.
How long we keep personal data
We keep personal data only for as long as necessary for the reason it was collected.
As a general guide:
- website enquiries may be kept for up to 24 months after the last contact;
- support messages may be kept for up to 3 years;
- account data is kept while the account is active and for a reasonable period after closure;
- billing, order and invoice records may be kept for up to 6 years for tax and accounting purposes;
- security logs are kept for a limited period needed for security, monitoring and investigation;
- customer-uploaded data is kept for the duration of the customer account or contract unless a different period is agreed;
- backup copies may remain for a limited period until overwritten or deleted in line with our backup process.
Some data may be kept for longer where required for legal, tax, accounting, regulatory, dispute or security reasons.
Cookies and similar technologies
We may use cookies, local storage, session storage, mobile app storage or similar technologies to operate LibraryVault.
Strictly necessary technologies are used for security, login, checkout, fraud prevention, account access and core service functions.
Preference technologies may remember choices such as display settings or saved interface options.
Analytics technologies may help us understand how websites or products are used. Where required, we will ask for consent before using optional analytics.
Marketing technologies, such as advertising pixels or retargeting tools, will only be used where enabled and where consent is obtained if required.
Your rights
You may have the right to:
- ask for a copy of your personal data;
- ask us to correct inaccurate data;
- ask us to delete your data;
- ask us to restrict how we use your data;
- object to certain uses of your data;
- ask for your data in a portable format;
- withdraw consent where we rely on consent;
- complain about how we use your data.
Data access and export requests
You can request a copy or export of your personal data by contacting:
privacy@peltiergroup.co.uk
Please include:
- your full name;
- the email address linked to your account, purchase or enquiry;
- the product your request relates to;
- the information you want us to provide.
We may need to confirm your identity before providing data. This helps us make sure we do not disclose your information to the wrong person.
Where the request relates to data controlled by one of our business customers, we may need to refer your request to that customer.
Data deletion requests
You can ask us to delete your personal data by contacting:
privacy@peltiergroup.co.uk
Please include:
- your full name;
- the email address linked to your account, purchase or enquiry;
- the product your request relates to;
- what you want deleted.
We may need to confirm your identity before deleting data. Once verified, an authorised administrator will review and action the request.
Deletion may not always be possible where we need to keep certain information for legal, tax, accounting, security, dispute or regulatory reasons.
Where we cannot delete everything, we will explain what we need to keep and why.
Where the request relates to data controlled by one of our business customers, we may need to refer your request to that customer.
Identity checks
Before actioning an access, export, correction or deletion request, we may ask you for information to confirm your identity.
We will only ask for information that is reasonable and proportionate. For example, we may ask you to confirm your account email address, recent order number, organisation name, support ticket reference or other details linked to your account.
We will not ask for formal identity documents unless we reasonably need them.
Response times
We aim to respond to data rights requests without undue delay and within one calendar month.
If a request is complex or you make multiple requests, we may extend the response period where the law allows. If we need to extend the time, we will tell you.
Privacy complaints
If you are unhappy with how we use your personal data, you can complain to us at:
privacy@peltiergroup.co.uk
Please include your name, contact details, the product or website your complaint relates to, and a short description of your concern.
We will acknowledge your complaint within 30 days.
We will then investigate the issue without undue delay, keep you informed where appropriate, and tell you the outcome.
You also have the right to complain to the UK Information Commissioner's Office.