Evide Privacy Policy

Last Updated: 17/06/2026

This Privacy Policy explains how Evide Impact Ltd (“Evide”, “we”, “our”, or “us”) collects, uses, stores and protects personal information in relation to our website and the Evide Software-as-a-Service (SaaS) platform.

1. Who We Are

Evide Impact Ltd is a company registered in Northern Ireland (Company No. NI650789) with a registered office at The Innovation Centre, Bay Road, Londonderry, BT48 7TG.

Evide acts as a data controller for limited personal information relating to customers, license holders, billing contacts and website enquiries.

For personal data processed within the Evide platform on behalf of client organisations, Evide acts as a data processor and processes data solely under the instructions of the client organisation (the data controller).

For questions about this policy or to exercise your data protection rights, contact us at info@evide.org.

2. What Data We Collect

We collect the following personal data from license purchasers, organisation contacts and support contacts for account and service administration purposes:

  • Name
  • Business email address
  • Organisation name
  • Phone number (if provided)
  • Billing information

We may also collect limited technical information relating to website usage, system access, security monitoring and service diagnostics.

Personal data entered into the Evide platform by client organisations remains under the control of the relevant client organisation acting as data controller.

The Evide platform is highly configurable and allows client organisations to define the information they collect and manage. Depending on how the platform is configured, this may include personal information, demographic information, service participation records, assessments, questionnaires, case notes, safeguarding information, uploaded documents and other information relevant to the services being delivered.

Client organisations may also use the platform to collect and process special category personal data as defined under UK GDPR, which may include information relating to health, mental health, disability, racial or ethnic origin, religious or philosophical beliefs, sexual orientation and other protected categories where necessary for service delivery. Where applicable, client organisations may also process criminal offence data through the platform.

Evide does not determine the categories of personal data collected through the platform. Client organisations are responsible for determining what information is collected, identifying the lawful basis for processing and providing appropriate privacy information to data subjects.

3. Legal Basis for Processing

We process your data under the following lawful bases:

  • Contractual necessity – to manage and fulfil license agreements and provide services.
  • Legitimate interests – to maintain customer relationships, provide support, improve platform performance and ensure system security.
  • Legal obligations – including tax, invoicing, regulatory and compliance obligations.

4. How We Use Your Data

We use contact and account information to:

  • Issue invoices and process payments
  • Provide customer support and technical assistance
  • Communicate service updates, maintenance notices, and operational information
  • Manage user accounts and licensing
  • Monitor and maintain platform security and performance
  • Comply with legal and regulatory obligations

5. Data Sharing and Processors

We do not sell personal data or share it for marketing purposes.

We may use carefully selected third-party providers to support our services, including cloud hosting, reporting, authentication, communications, monitoring, backup, and security services.

These providers may include:

  • Microsoft Azure (cloud hosting and infrastructure)
  • Microsoft Power BI (embedded reporting)
  • Authentication and identity providers
  • SMS and email communication providers
  • Monitoring and security service providers

All sub-processors are contractually required to implement appropriate technical and organisational security measures and comply with applicable data protection laws. A list of current sub-processors is available upon request.

6. International Data Transfers

Where personal data is transferred outside the United Kingdom or European Economic Area (EEA), appropriate safeguards are implemented, including Standard Contractual Clauses (SCCs) or UK International Data Transfer Addendums where required.

7. Data Security

Evide implements appropriate technical and organisational measures to protect personal data, including:

  • Role-based access controls
  • Secure authentication procedures
  • Encrypted storage and transmission where appropriate
  • Security monitoring and logging
  • Regular backups and disaster recovery procedures
  • Restricted administrative access
  • Ongoing security and platform maintenance

Platform infrastructure is hosted primarily within Microsoft Azure UK data centres.

8. Data Retention

We retain customer account and contact information for as long as necessary to manage the customer relationship and meet legal, regulatory, tax, and accounting obligations.

Client platform data is retained in accordance with client instructions, contractual agreements, and applicable legal obligations.

Following termination of services, clients may request export or deletion of their data subject to contractual and legal retention requirements.

9. Data Breach Notification

In the event of a personal data breach affecting client data, Evide will notify affected clients without undue delay in accordance with applicable data protection laws and contractual obligations.

10. Your Rights

You may have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Request deletion of personal data where legally permissible
  • Restrict or object to certain processing activities
  • Request data portability where applicable
  • Lodge a complaint with the Information Commissioner’s Office (ICO)

For privacy-related requests, contact us at info@evide.org.

11. Client End-Users’ Data

Client organisations using the Evide platform remain the data controllers for personal data they collect and manage within the system.

Evide acts solely as a data processor and processes personal data only on documented instructions from the relevant client organisation.

Client organisations are responsible for:

  • Determining the purposes and lawful basis for processing personal data
  • Providing privacy information to data subjects
  • Obtaining any necessary consents where required
  • Managing data subject rights requests
  • Ensuring compliance with applicable data protection legislation

Individuals whose data is processed through the platform should direct privacy requests or enquiries to the relevant client organisation.

12. Website Usage and Cookies

Our website may use cookies or similar technologies for functionality, analytics, and security purposes.

Where applicable, users may manage cookie preferences through their browser settings.

13. Changes to This Policy

We may update this Privacy Policy periodically to reflect operational, legal, or regulatory changes.

Any material changes will be published on our website and/or communicated to customers directly where appropriate.