This Policy sets out the comprehensive measures that Human Technology take to ensure the online safety, security and privacy of our users’ data. This policy covers website privacy, data protection and management of ‘cookies’ wherever or if they may exist within our online presence.
Human Technology Limited understands that your privacy is important to you and that you care about how your information is used and shared online. We respect and value the privacy of everyone who visits Our Websites and uses Our Products, and will only collect and use information in ways that are useful to you and in a manner consistent with your rights and Our obligations under the law.
The General Data Protection Regulation (GDPR) of 2018 defines “personal data” as any information relating to an identified or identifiable natural person (a data subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
This document sets out the policies and procedures that are followed by the Company when dealing with personal data. The procedures and principles set out herein will be followed at all times by our Company, its employees, agents, contractors, or other parties working on behalf of the Company.
The Company is committed to the spirit and letter of the data protection laws, and places high importance on the correct, lawful, and fair handling of all personal data, respecting the legal rights, privacy, and trust of all individuals with whom it deals.
These Policies apply to Our use of any and all data collected by us in relation to your use of Our Site and / or Products.
Please read these Privacy and Data Protection Policies carefully and ensure that you understand them. You will be required to read and actively agree to these Policies when signing up for an Account.
If you do not accept and agree with any or all of the Policies contained in this document, please stop using Our Site and / or Our Products immediately.
The Data Protection Principles and Our Policies in this regard.
This Policy aims to ensure compliance with the GDPR. The Regulation sets out the following principles with which any party handling personal data must comply. All personal data processed by Our Company will be:
• Processed lawfully, fairly, and in a transparent manner in relation to the data subject;
• Collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
• Adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed;
• Accurate and, where necessary, kept up to date; every reasonable step will be taken to ensure that personal data that is inaccurate, having regard to the purposes for which they are processed, is erased or rectified without delay;
• Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed;
• Personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes for scientific research purposes, to improve product efficiency, which will be subject to implementation of the appropriate technical and organisational measures required by the Regulation in order to safeguard the rights and freedoms of the data subject;
• Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical measures.
Lawful, Fair, and Transparent Data Processing
The Company seeks to ensure that personal data is processed lawfully, fairly, and transparently, without adversely affecting your rights as a data subject. The processing of your personal data shall be lawful, because you have expressly given your consent to the processing of your personal data for the purposes necessary in performance of a contract to which you are a party, i.e. your agreement to use any of Our Products or Our Sites for mutual direct or indirect benefits for both parties.
Customers and end users of Our Products thereby warrant, that by the use of any of these products, that they agree to processing and secure storage of their data necessary for the performance of the products or websites that they use.
Processed for Specified, Explicit and Legitimate Purposes
The Company collects and processes the personal data set out within this Policy document. This may include personal data received directly from data subjects. For example, contact details used when a data subject communicates with us; and data that may be received from third parties, for example, where a customer or appropriate professional is in a commercial or employment relationship with the data subject.
The Company only processes personal data for the specific purposes set out within this Policy, or for other purposes expressly permitted by the Regulation. The purposes for which we process personal data will be informed to data subjects at the time that their personal data is collected, where it is collected directly from them, or as soon as possible (not more than one calendar month) after collection where it is obtained from a third party.
Adequate, Relevant and Limited Data Processing
The Company will only collect and process personal data for and to the extent necessary for the specific purpose(s) informed to data subjects as above.
Accuracy of Data and Keeping Data Updated
The Company shall ensure that all personal data collected and processed is kept accurate and up-to-date wherever reasonably possible. Where any inaccurate or out-of-date data is found, all reasonable steps will be taken without delay to amend or erase that data, as appropriate.
The Company shall not keep personal data for any longer than is necessary in light of the purposes for which that data was originally collected and processed. When the data is no longer required, all reasonable steps will be taken to erase it without delay, notwithstanding sanitized data backups as specifically covered in 9.3 below.
The Company shall ensure that all personal data collected and processed is kept secure and protected against unauthorised or unlawful processing and against accidental loss, destruction or damage. Further details of the data protection and organisational measures which shall be taken are provided in section 6 below.
The Company shall keep written internal records of all personal data collection, holding, and processing, which shall incorporate the following information:
• The name and details of the Company, its data protection officer, and any applicable third-party data controllers;
• The purposes for which the Company processes personal data;
• Details of the categories of personal data collected, held, and processed by the Company; and the categories of data subject to which that personal data relates;
• Details (and categories) of any third parties that will receive personal data from the Company;
• Details of any transfers of personal data to non-EEA countries including all mechanisms and security safeguards;
• Details of how long personal data will be retained by the Company; and
• Detailed descriptions of all technical and organisational measures taken by the Company to ensure the security of personal data.
Privacy Impact Assessments
The Company shall carry out Privacy Impact Assessments when and as required under the Regulation. Privacy Impact Assessments shall be overseen by the Company’s data protection officer and shall address the following areas of importance:
• The purpose(s) for which personal data is being processed and the processing operations to be carried out on that data;
• Details of the legitimate interests being pursued by the Company;
• An assessment of the necessity and proportionality of the data processing with respect to the purpose(s) for which it is being processed;
• An assessment of the risks posed to individual data subjects; and
• Details of the measures in place to minimise and handle risks including safeguards, data security, and other measures and mechanisms to ensure the protection of personal data, sufficient to demonstrate compliance with the Regulation.
The Rights of Data Subjects
The Regulation sets out the following rights applicable to data subjects, which will be adhered to by The Company, its employees, agents, contractors, or other parties working on behalf of the Company. The following individuals’ rights are taken into account variously within sections of this document:
• The right to be informed;
• The right of access;
• The right to rectification;
• The right to erasure (also known as the ‘right to be forgotten’) notwithstanding sanitized data backups as specifically covered in 9.3 below;
• The right to restrict processing (by opting not to use any of Our Sites or Our Products)
• The right to data portability;
• The right to object;
• Rights with respect to automated decision-making and profiling. These rights may also form part of a user’s contractual relationship with an employer or appropriate professional, where certain of Our Products are used within a commercial or (potential) employment context.
Keeping Data Subjects Informed
The Company hereby provides mandatory information for data subjects immediately below:
• Details of the Company Data Protection Officer firstname.lastname@example.org
• The purpose(s) for which the personal data is being collected is hereby stated as: Enabling the use of Our Websites and Our Products in order that a data subject may be offered a service that is ultimately directly or indirectly useful to them and Us.
• It is in the legitimate interests of The Company’s customers and data subjects that we process data in order that a data subject may be offered a service that is ultimately directly or indirectly useful to them and / or us, and in some cases the data subject’s employer or appropriate professional third party.
• Where the personal data is not obtained directly from the data subject, the categories of personal data collected and processed is the indexing of sanitised strings of words and metadata from a user’s messaging or email service.
• Where the personal data is to be transferred to one or more third parties, details of those parties can be made available by any user emailing email@example.com and the relevant information can be supplied on request to that user.
• Where the personal data is to be transferred to a third party that is located outside of the European Economic Area (the “EEA), please see 6.2 below.
• Data will be held for the length of time of a user’s account whilst it remains open and / or undeleted, notwithstanding sanitised data backups as discussed in 9.3 below.
Details of the data subject’s rights under the Regulation
• Your right to withdraw your consent to the Company’s processing of your personal data at any time may depend upon the nature of the product in question, and whether or not that product is being used within a commercial, or (potential) employment context. Please see 9.2 and 9.4 below in particular.
• You have a right to complain to the Information Commissioner’s Office (the ‘supervisory authority’ under the Regulation);
• Depending upon the product in question, there may be legal or contractual requirements or obligations necessitating the collection and processing of personal data. In the instance of any product that is being used within a commercial or (potential) employment context, the consequences of failing to provide such data may have an impact upon your relationship with a (potential) employer or an appropriate professional. In such cases, the data protection and privacy policies of those third parties take precedence over the policies provided by The Company, and consequently you should satisfy yourself regarding arrangements made between you and any / all of those applicable third parties.
• The company hereby states that automated decision-making regarding personality profiling may take place using your personal data. These decisions are arrived at by algorithms, which index responses to questionnaires and the sanitised content of messages. Within a professional, commercial or (potential) employment context, such decisions may have an impact upon your relationship with a (potential) employer or an appropriate professional. In such cases, the data protection and privacy policies of those third parties take precedence over the policies provided by The Company, and you should satisfy yourself regarding arrangements made between you and any / all of those applicable third parties.
Data Subject Access
As a data subject, you may make a subject access request (“SAR”) at any time to find out more about the personal data which the Company holds about you. The Company will respond to SARs within one month of receipt, or up to two months in the case of complex and/or numerous requests. If longer than one month is required, you will be informed of the need for the extension.
All subject access requests received must be forwarded by email to firstname.lastname@example.org. The Company does not charge a fee for the handling of normal SARs, however repeated or duplicate requests may incur a fee, which will not exceed GBP £10.00 per request instance.
Rectification of Personal Data
If you, as a data subject, inform the Company that personal data held by the Company is inaccurate or incomplete, requesting that it be rectified, the personal data in question shall be rectified, and you will be informed of that rectification, within one month of receipt of the initial notice; this can be extended by up to two months in the case of complex requests, and in such cases, you will be informed of the need for the extension.
In the event that any affected personal data has been disclosed to third parties, those parties shall be duly informed of any rectification of that personal data.
Erasure of Personal Data
You may request that the Company erases the personal data that it holds about you in the following circumstances:
• It is no longer necessary for the Company to hold that personal data with respect to the purpose for which it was originally collected or processed;
• You wish to withdraw your consent to the Company holding and processing your personal data (notwithstanding 9.4 below);
• You object to the Company holding and processing your personal data and there is no overriding legitimate interest to allow the Company to continue doing so;
• If you feel that your personal data has been processed unlawfully;
• If your personal data needs to be erased in order for the Company to comply with a particular legal obligation;
• Unless the Company has reasonable grounds to refuse to erase personal data, all requests for erasure shall be complied with, and you will be informed of the erasure, within one month of receipt of your request; this can be extended by up to two months in the case of complex requests, and in such cases, you will be informed of the need for the extension.
• In the event that any personal data that is to be erased in response to a data subject request has been disclosed to third parties, those parties shall be informed of the erasure (unless it is impossible or would require disproportionate effort to do so).
Restriction of Personal Data Processing
You may request that the Company ceases processing the personal data it holds about you. If you make such a request, the Company shall retain only the amount of personal data pertaining to you that is necessary to ensure that no further processing of your personal data takes place.
In the event that any affected personal data has been disclosed to third parties, those parties shall be informed of the applicable restrictions on processing it (unless it is impossible or would require disproportionate effort to do so).
Where you have given your consent to the Company to process your personal data, you have the legal right under the Regulation to receive a copy of your personal data and to use it for other purposes (namely transmitting it to other data controllers, e.g. other organisations). Whilst the Company has no objections to providing the data to you, aside from a name and email address, the remainder of anything kept on the system would be an unintelligible string of entirely meaningless symbolic code, and in any case that code is further encrypted.
To facilitate the right of data portability, the Company shall make available all applicable personal data to you in the following format:
• Printed A4 paper documents.
Should you wish to receive pages full of meaningless, encrypted characters printed on hard copy A4 paper, please contact the data controller via email: email@example.com, with your postal address and this will be made available to you by a traditional parcel postal service.
If requested by a data subject, personal data may be sent directly to another data controller in the same fashion. All requests for copies of personal data shall be complied with within one month of your request; this can be extended by up to two months in the case of complex requests; in such cases you will be informed of the need for the extension.
Objections to Personal Data Processing
You have the right to object to the Company processing your personal data based on legitimate interests and processing for scientific and/or historical research and statistical purposes. If you object to the Company processing your personal data based on its legitimate interests, we will cease such processing forthwith.
However, within the context of commercial or (potential) employment situations where Our Products are used by a third party, the consequences of making such an objection may have an impact upon your relationship with a (potential) employer or an appropriate professional.
In such cases, the data protection and privacy policies of those third parties take precedence over the policies provided by The Company, and consequently you should satisfy yourself regarding arrangements made between you and any / all of those applicable third parties.
In the event that the Company uses personal data for the purposes of automated decision-making and those decisions have a legal (or similarly significant effect) upon you, then you have the right to challenge to such decisions under the Regulation, requesting human intervention, expressing your own point of view, and obtaining an explanation of the decision from the Company.
However, this right does not apply if the decision is necessary for the entry into, or performance of, a contract between the Company and the data subject; including in a commercial or (potential) employment context, and particularly where you have given your explicit consent.
As your explicit consent is a pre-requisite of using Our Products or Our Sites, then such human intervention and explanation of decisions becomes redundant. Profiling
As your personal data can be used for profiling purposes, the Company hereby provides clear information explaining the profiling process, and its potential significance and possible consequences to you:
• Data from (in some cases) your responses to a personality ‘questionnaire’ with multiple choice, importance weighted statements is processed.
• Metadata and sanitised indexing of the content of messages is (in some cases) processed and run through an algorithm, in order to assess a personality profile of you.
• Appropriate mathematical and /or statistical procedures are used, and deep learning computing power checks and re-checks these computations millions of times every instance that new data is added.
• Robust technical and organisational measures are in place to minimise the risk of errors and to enable such errors to be easily corrected.
• All personal data processed for profiling purposes is secured and encrypted in order to prevent discriminatory effects arising out of the profiling conclusions output by any system.
• Within a ‘social media’ context, the profiling merely outputs a suggested personality profile for you. You can, of course, choose to ignore this entirely, or decide to approach the world with a new understanding of yourself and strive to improve your interaction with others given this revelatory opportunity. This process is designed to ultimately benefit you and / or those with whom you might interact, for the greater good. The consequences of this are entirely a matter for yourself and those with whom you interact.
• Within a ‘social media’ context, the suggested personality profile can be shared by you, with others whom you specifically nominate, within an online community enabled and driven by the use of Our Products. The sharing process is not automatically reciprocal, and your co-users may reciprocate that profile sharing only when they, likewise, expressly choose to do so with you. The consequences of this are, again, entirely a matter for yourself and those with whom you interact online and / or in person. We hope that it will lead to an online / real life community of people getting along well, resulting in a positive experience for all concerned.
• Within a commercial or (potential) employment context, the suggested personality profile may be seen by others with whom you have a professional or working relationship; E.G. your employer, potential employer, recruitment agency, psychometric tester, lifestyle coach etc. You or they can, of course, choose to ignore this entirely, or you / they might make consequent decisions that could have a direct effect on your working or professional life. The potential outcomes of this are naturally intended to be positive for all concerned.
• If you have any doubts about the positive efficacy of using or referring to your system-created personality profile when interacting with those in your work or professional life, you have the opportunity to discuss this with them before using any of our Products. As you should be reading this potential caveat before agreeing to register to use any of our Products, if you have any concerns, please raise them with any third party before proceeding any further to open an account.
• Please also remember that any third party’s use of our Products within a commercial or (potential) employment context means that their own data protection and privacy policies will take precedence over this one. Consequently, you should satisfy yourself in this regard before proceeding to open an account.
Data Breach Notification
In the highly unlikely event of any personal data breaches, if discovered, must be reported by anyone, either / or Data Subject or Company employee, immediately to the Company’s data protection officer.
If a personal data breach occurs and that breach is likely to result in a risk to your rights and freedoms (e.g. financial loss, breach of confidentiality, discrimination, reputational damage, or other significant social or economic damage), the data protection officer must ensure that the Information Commissioner’s Office is informed of the breach without delay, and in any event, within 72 hours after having become aware of it.
In the event that a personal data breach is likely to result in a high risk to the rights and freedoms of data subjects, the data protection officer must ensure that all affected data subjects are informed of the breach directly and without undue delay.
Data breach notifications shall include the following information:
• The categories and approximate number of data subjects concerned;
• The categories and approximate number of personal data records concerned;
• The name and contact details of the Company’s data protection officer (or other contact point where more information can be obtained);
• The likely consequences of the breach;
• Details of the measures taken, or proposed to be taken, by the Company to address the breach including, where appropriate, measures to mitigate its possible adverse effects.
1. Definitions and Interpretation
In this document the following terms shall have the assigned meanings:
“Account” Means: An account required to access and/or use certain areas and features of Our Websites and/or any of Our Products.
“Cookie” Means: A small text file placed on your computer or device by Our Site when you visit certain parts of Our Site and/or when you use certain features of Our Site(s). Details of the Cookies used by Our Site are set out in section 12, below.
“Local Storage” Means: Some web applications can store data locally within the user's browser. Before HTML5, application data had to be stored in ‘cookies’, included in every server request. Local Storage is more secure, and data can be stored locally, without affecting website performance.
Details of these files used by Our Site(s) are set out in section 12, below
“Sanitised” Means: The instant system’s self-imposed ignorance of any words within users’ indexed messages, which might have any reference to an identifiable person.
“Our Website(s) or Our Site(s)” Means: Any website published by Human Technology Limited (from which this policy document will be clearly available).
“Our Products” Means: any products offered for use by Human Technology Limited.
“UK and EU Cookie Law” Means: The relevant parts of the Privacy and Electronic Communications (EC Directive) Regulations 2003 as amended in 2004, 2011 and 2015.
“We/Us/Our/ or The Company” Means: Human Technology Limited. A limited company registered in England. Reg no: 10691942, whose registered address is C/O Smith And Williamson, 25 Moorgate, London, United Kingdom, EC2R 6AY.
2. Information About Us
2.1 Our Sites are owned and operated by Human Technology Limited. A limited company registered in England under Reg no: 10691942, whose registered address is C/O Smith And Williamson, 25 Moorgate, London, United Kingdom, EC2R 6AY. Our VAT number is 271862585.
2.2 We are registered with the UK Information Commissioners office. Our registration number is ZA256808
3. Scope – What Do These Policies Cover?
3.2 This policy document does not extend to any websites that may be linked to from Our Site, whether We provide those links or whether they are shared by other users. We have no control over how your data is collected, stored or used by other websites and We advise you to check the privacy policies of any such websites before providing any data to them.
3.3 Minimum age of product / website users. If you are aged under 13 years, you MUST NOT use ANY of our websites nor any of our products. If you are under 13 years old, and you are using any of Our Products or Website(s), please stop using any and all of them immediately; then please email firstname.lastname@example.org stating your name and the email address used for registration, in order that we can delete your account as soon as reasonably possible, without further involvement by you.
3.4 If you do use any of our websites and / or products, you warrant that you are over 13 years old, in accordance with this policy document.
4. What Data Do We Collect?
4.1 Your Name or Nickname provided in the registration field(s).
4.2 Your Job Title.
4.3 Your Business / company name.
4.4 Your email address or a messaging service identifier.
4.5 Textual information from sent (and sometimes received) indexed messages (see 6.4 below).
4.6 Responses to statements and narratives sent by you as a result of undertaking personality questionnaires.
4.7 Metadata collected for the statistical analysis and quality improvement of personality questionnaires; e.g. time taken for you to complete a question, occasions where questions were revisited, time taken to complete a set of questions, etc.
4.8 Events and / or names and / or contacts from online calendar data.
4.9 Names and / or contact details from your online address book.
4.10 IP address - automatically collected for security and statistical purposes only.
4.11 Web browser type and version (automatically collected).
4.12 Operating system (automatically collected).
4.13 Recording the types of device used to access any of Our Sites and / or Our Products (e.g. Mobile, tablet, desktop etc).
4.15 Your activity on Our Sites via Google Analytics. This is called event tracking and page tracking.
5. How Do We Use Your Data?
5.1 All personal data is stored securely in accordance with the principles of the Data Protection Act 1998 and the General Data Protection Regulation (GDPR) 2018. For more details on security see section 6, below.
5.2 We use your data to provide the best possible products and services to you. This includes:
5.2.1 Providing and managing your Account.
5.2.2 Providing and managing your access to Our Site and/or Our Products.
5.2.3 Personalising and tailoring your experience on Our Site.
5.2.4 Supplying Our Products and services to you.
5.2.5 Personalising and tailoring Our Products and services for you.
5.2.6 Responding to communications from you.
5.2.7 Supplying you with email newsletters, alerts etc, to which you have actively and expressly subscribed. You may unsubscribe or opt-out at any time by finding the option within your account ‘dashboard’, within links found the footers of web pages and at the footers of any emails we may send to you.
5.2.8 Generalized server-side market research analysis (e.g. statistical metadata information about a user’s time spent on site or product, time logged in etc.)
5.2.9 Analyzing your use of Our Site and gathering feedback to enable Us to continually improve Our Site and your user experience.
5.2.10 To create a personality profile in order to assist users of Our Products to understand themselves and other users of Our Products, in order to create harmonious channels of communication between users wherever possible.
5.3 Only with your express permission, subject to opt out at any time, and/or where permitted by law, We may also use your data for marketing purposes which may include contacting you by email and/or post with information, news and offers on Our Products and Our Sites. We will not, however, send you any unsolicited marketing or spam and will take all reasonable steps to ensure that We fully protect your rights and comply with Our obligations under the Data Protection Act 1998 and the Privacy and Electronic Communications (EC Directive) Regulations 2003, as amended in 2004, 2011 and 2015; and the GDPR of 2018.
5.4 Advertisers whose content appears on Our Site may engage in what is known as “behavioural advertising” – advertising which is tailored to your preferences, based on your activity. Your activity is monitored using ‘local storage’ as detailed below in section 12. You can control and limit your data used in this way by adjusting your web browser’s privacy settings. Please note that We do not control the activities of such advertisers, nor the information they collect and use. Limiting the use of your data in this way will not remove the advertising, but it will make it less relevant to your interests and activities on Our Site.
6. How and Where Do We Store Your Data?
6.1 We only keep your data for as long as We need to in order to use it as described above in section 5, and/or for as long as We have your permission to keep it.
6.2 Some or all of your data may be stored or transferred outside of the European Economic Area (“the EEA”) (The EEA consists of all EU member states, plus Norway, Iceland and Liechtenstein). You are deemed to accept and agree to this by using Our Site and submitting information to Us. If We do store or transfer data outside the EEA, We will take all reasonable steps to ensure that your data is treated as safely and securely as it would be within the EEA and under the Data Protection Act 1998. Such steps may include, but not be limited to, the use of legally binding contractual terms between Us and any third parties We engage and the use of the EU-approved Model Contractual Arrangements.
6.3 Data security is of great importance to Us, and to protect your data We have put in place suitable physical, electronic and managerial procedures to safeguard and secure data collected through Our Site and/or Our Products.
6.4 Steps We take to secure and protect your data include:
6.4.1 Sanitisation of any indexed content of your messages. This means the instant system’s self-imposed ignorance of any words within users’ indexed messages, which might have any reference to an identifiable person mentioned within an e-mail address thread or indeed within the body of any indexed sent email message.
6.4.2 Encryption so that any data, where identification of an individual may be necessary, the data cannot be understood without an encryption key.
6.4.3 The encryption key will only be available to individuals who are named, and you will be informed of those names where it is relevant to you. (See 7.2 below).
6.4.4 Use of SSL technology (secure sockets layer) to transmit data (i.e. https as opposed to http).
6.5 Notwithstanding the security measures that We take, it is important to remember that the transmission of data via the internet may not be completely secure and that you are advised to take suitable precautions when transmitting to Us data via the internet.
7. Do We Share Your Data?
7.1 We may share certain data with other companies in Our group. This will never be data that can render a data subject identifiable. The only data that we may share will be untraceable metadata for statistical and / or analytical purposes. In short, on;y statistics for product improvement will be available to others; this includes Our subsidiaries and / or Our developers or data processors.
7.2 The only people other than you, who may be able to see information about you, are those whom you have expressly enabled to do so (i.e in a ‘social media’ context). Other people may be authorised to see your data, for any products or websites used within the context of your employment and / or a professional relationship; for example, your line manager, human resource director, their nominees, or an appropriate professional who may have invited you to use Our Sites or Products. If you are concerned about specific permission levels of data access in specific products, you should enquire by email to: email@example.com
7.3 We may sometimes contract third parties to supply products and services to you on Our behalf. These may include payment processing, search engine facilities, advertising and marketing. In some cases, the third parties may require access to some or all of your data. Where any of your data is required for such a purpose, We will take all reasonable steps to ensure that your data will be handled safely, securely, and in accordance with your rights, Our obligations, and the obligations of the third party under any appropriate law.
7.4 We may compile statistics about the use of Our Site including data on traffic, usage patterns, user numbers, sales and other information. All such data will be sanitised and will not include any personally identifying information. We may from time to time share such data with third parties such as prospective investors, affiliates, partners and advertisers. Data will only be shared and used within the bounds of the law.
7.5 In certain circumstances We may be legally required to share certain data held by Us, which may include your personal information, for example, where We are involved in legal proceedings, where We are complying with the requirements of legislation, a court order, or a governmental authority. We do not require any further consent from you in order to share your data in such circumstances and will comply as required with any legally binding request that is made of Us.
8. What Happens If Our Business Changes Hands?
9. How Can You Control Your Data?
9.1 When you submit information via Our Site or via an interface within one of Our Products, you may be given options to restrict Our use of your data. In particular, We aim to give you strong controls on Our use of your data for direct marketing purposes, including the ability to opt-out of receiving emails from Us which you may do by unsubscribing using the links provided in Our emails and at the point of providing your details and by managing your Account.
9.2 You will have the right to close your account at any time (except in the case of paragraph 9.4 immediately below). If so, all data pertaining to you will be removed as soon as reasonably and practically possible. The only data that may remain stored will be entirely anonymous, aggregated data from responses to questionnaires and / or indexing of messages, neither of which could be traced back to identify any individual.
9.3 Data ‘backups’ are kept securely under the same level of encryption as ‘current’ data; this means that historic data may be kept, where necessary, for a period, encrypted as in 6.4.2 above. As an ongoing process of data eventually being overwritten, this data will disappear entirely. If you are concerned about the time period that this encrypted, historic data will be kept in backup storage, you can email your concerns to firstname.lastname@example.org
9.4 Depending upon the nature of the product you are using, in particular if you are using it within the context of your employment; you may not have the right to close your account nor have data removed whilst you remain in that employment. This depends upon the preferences and wishes of your employer, and one of the following statements in this regard may apply:
9.4.1 You have the right at any time to ask your employer to close your account, and that request cannot be reasonably refused. OR
9.4.2 Whilst you remain in employment with the owner of any of our Products within which you have an account, it is an inherent condition of your terms of employment that your account must remain open, and any associated data retained for at least the duration of that employment.
10. Your Right to Withhold Information
You may access certain areas of Our Site without providing any data at all. However, to use all features and functions available on Our Site you may be required to submit or allow for the collection of certain data.
Our sites and / or products do not specifically use ‘cookies’ but rather a technique for identifying browser behavior called ‘Local Storage’ For more information, see section 12 below.
12. How Can You Access Your Data?
You have the legal right to ask for a copy of any of your personal data held by Us, or whomsoever is the data controller for your product, where such data is held. This is normally free of charge, but repeated or duplicate requests may incur a fee, which will not exceed GBP £10.00 per request instance. Please contact Us / the data controller for more details using the contact details shown above.
13. What ‘Cookies’ and / or ‘Local Storage’ Files Do We Use and What For?
13.1 As stated in section above 11 Our Site may place and access certain first party ‘local storage’ files on your computer or device. These are those placed directly by Us and are used only by Us. We use Local Storage to facilitate and improve your experience of Our Site and to provide and improve Our Sites and Products. For more details, please refer to section 5, above, and to section 12.6 below.
13.2 By using Our Site you may receive certain third party Cookies on your computer or device. Third party Cookies are those placed by websites, services, and/or parties other than Us. We use third party Cookies on Our Site for advertising services. For more details, please refer to section 5, above, and to section 12.6 below. These Cookies are not integral to the functioning of Our Site.
13.3 All Local Storage used by and on Our Site(s) are used in accordance with current UK and EU Law.
13.4 Before any Local Storage files are placed on your computer or device, subject to section 12.5 and section 12.8, you will be shown a message requesting your consent to such a procedure. By giving your consent to the placing of these, you are enabling Us to provide the best possible experience and service to you. You may, if you wish, deny consent to the placing of Local Storage files, however certain features of Our Site may not function fully or as intended.
13.5 Certain features of Our Site depend on Local storage files in order to function. UK and EU Law deems these files to be “strictly necessary”. The intention and use of these files are dynamic in nature, and are shown below in section 12.6. This section may well change occasionally, depending upon the data required by the site or product in question. Your consent will not be sought to place these files; however, you may still block these Local Storage files by changing your internet browser’s settings. Please be aware that Our Site(s) and / or Product(s) may not work as intended if you elect to do this. We have taken great care to ensure that your privacy is not at risk by allowing them.
13.6 The following Local Storage files may be placed on your computer or device (to be added later):
Name of File Purpose Strictly Necessary
and the following third party Cookies may be placed on your computer or device:
Name of Cookie Provider Purpose
13.7 Our Site uses analytics services provided by Google Analytics. These Website analytics refer to a set of tools used to collect and analyse usage statistics, enabling Us to better understand how people use Our Site. This, in turn, enables Us to improve Our Site and the services offered through it. You do not have to allow Us to use these third party Cookies, as detailed below, however whilst Our use of them does not pose any risk to your privacy or your safe use of Our Site, it does enable Us to continually improve Our Site, making it a better and more useful experience for you.
13.9 The Google analytics service(s) used by this Website use(s) the following Cookies:
Name of Cookie First / Third Party Provider Purpose
13.10 You can choose to enable or disable Local Storage files in your internet browser. Most internet browsers also enable you to choose whether you wish to disable all such files or only third-party cookies. By default, most internet browsers accept such files, but this setting can be changed. For further details, please consult the help menu in your internet browser or the documentation provided with your device.
13.11 You can choose to delete Local storage files at any time, however you may lose any information that enables you to access Our Site more quickly and efficiently including, but not limited to, login and personalisation settings.
13.12 It is recommended that you keep your internet browser and operating system up-to-date and that you consult the help and guidance provided by the developer of your internet browser and manufacturer of your computer or device if you are unsure about adjusting your privacy settings.
14. Contacting Us
16. Implementation of Policy
This Policy shall be deemed effective as of October 19, 2017 No part of this Policy shall have retroactive effect and shall thus apply only to matters occurring on or after this date.