We are committed to protecting and respecting your privacy and personal data, and will only collect and use personal data in ways that are described here and that are consistent with our obligations — and your rights — under applicable law relating to the protection of personal data.
References to “you” or “your” are to you as an individual using our site or otherwise contacting us (whether on behalf of yourself, or another individual or organization).
While some of our applications and services are intended to be used by children (under 18 years old), we do not expect to collect the personal data of any children through our site, nor through other activities outside of those applications and services. If you are aware that any personal data of anyone under 18 has been shared with us outside of those applications and services, please contact us at [email protected].
Information about us
Our site is owned and operated by Hackworth Ltd (“Hackworth”, “we”, “us”, or “our”), a company registered in England and Wales with company number 11552429, and whose registered office is at 71-75 Shelton Street, London, England, WC2H 9JQ. We are the controller and are responsible for this site.
We collect, use, and are responsible for certain personal data about you. When we do so, we are subject to the UK General Data Protection Regulation (“UK GDPR”). We are also subject to the EU General Data Protection Regulation (“EU GDPR”) in relation to our wider operations in the European Economic Area (“EEA”).
We are registered as data controllers in England and Wales, and our UK Information Commissioner’s Office (“ICO”) registration number is ZB375975.
Our contact details
What personal data we collect about you
Personal data or personal information means any information about you that enables you to be identified personally.
Personal data covers obvious information such as your name and contact details, but it also covers less obvious information such as identification numbers, electronic location data, and other online identifiers that can be linked with such information in order to identify you. It does not include data where the identity has been removed (anonymous data).
Our site is used to market our products and services. When you interact with us through our site, we may therefore collect, use, store, and transfer the following kinds of personal data:
Identity Data includes your name(s), job title, and employer.
Contact Data includes your work address, email address, telephone numbers, and social media usernames.
Technical Data includes your Internet Protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our site.
Profile Data includes data about your interests, preferences, feedback, and survey responses.
Usage Data includes information about how you use our site.
Marketing and Communications Data includes your preferences in receiving marketing from us, and your communication preferences.
Special Category Data includes information about your race or ethnicity, health, hobbies, religious or political beliefs, sex life, sexual orientation, political opinions, trade union membership, and genetic and biometric data.
We do not ask you for any Special Category Data, nor do we ask you for any information about criminal convictions and offenses. You should never provide Special Category Data to us. However, if you do choose to provide such types of personal data when you interact with us, you are giving us your explicit consent to process such data about you to the extent permitted by the UK and/or EU data protection regime (as applicable).
If you know that you have either intentionally or unintentionally provided Special Category Data to us, please contact us at [email protected] so that we may securely erase it.
If you fail to provide personal data
Where we need to collect personal data by law, or under the terms of a contract we have with you, or pursuant to a service that we have been asked to supply to you (for example, in connection with your use of our applications or services), and you fail to provide that data when requested, we may not be able to perform the applicable contract or service. In this case, we may need to cancel any arrangement you have with us, but we will notify you before we do so.
How we collect your personal data
We use different methods to collect data from and about you, including through:
Third parties or publicly available sources: we may receive personal data about you from various third parties and public sources, including analytics providers, technical and payment services, and Companies House.
Purposes for processing personal data
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason, and that reason is compatible with the original purpose.
When we process your personal data, we will do so according to the following lawful bases. (Note that we may process your personal data on more than one such basis, depending on the specific purpose for which we are using your personal data.)
Contract: we use this lawful basis where we need to provide services or information to you in order to perform the contract we are about to enter, or have entered, with you.
Legal obligation: we use this lawful basis where we have a legal or regulatory obligation we must comply with.
Legitimate interests: we use this lawful basis where it is necessary for our legitimate interests (or those of a third party), and your interests and fundamental rights do not override those interests.
Consent: in all other cases, we rely on consent as a lawful basis for processing your personal data.
We may send you marketing communications by email, instant message, push notification, text message, or telephone. We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising. We will only send you marketing communications where you have opted into receiving such communications by explicitly giving your consent via a web form, while registering for one of our products or services, participating in a survey, providing your contact details to us at a trade show or in a meeting, or similar marketing-related activities.
We may use your Identity, Contact, Technical, Usage, and Profile Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which of our business offerings may be relevant to you.
Opting out of marketing
You can ask us to stop sending you marketing messages at any time.
Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of a product/service purchase, product/service experience, or other transactions.
If you choose to object to marketing communications, unsubscribe, or otherwise withdraw your consent, this will not make our processing of your personal data before you withdrew your consent unlawful.
Automated decision making
Automated decisions are made by technological means, mostly based on algorithms subject to predefined criteria. Such automated decision-making, taken solely by technological means without any human intervention, may have legal or similarly significant effects on you.
We do not make any automated decisions using your personal data.
How we may share your personal data
We may share your personal data with certain third parties as set out below. We require all third parties to respect the security of your personal data, and to treat it in accordance with the law.
Service providers (data processors)
We use third party service providers as data processors. Data processors act on behalf of, and only on the instructions of, a data controller. (We are the data controller in this situation.) For example, we use Google Cloud EMEA Limited for email services, and when you send email to us, Google Cloud EMEA Limited are the data processor for any personal data you share with us in that email.
We do not allow our third-party data processors to use your personal data for their own purposes, and only permit them to process your personal data for specified purposes, and in accordance with our instructions. Wherever possible, we choose data processors who process your data only in the UK or EU. (Where this is not possible, see the section on international transfers.)
We routinely review the terms of service and security posture of our third party data processors to ensure they meet our standards and expectations for processing your personal data.
We maintain a list of our third-party data processors here. We will update this list from time to time as our processing activities change.
Occasionally, we may indirectly share your personal data when we have engaged with professional advisors, including, but not limited to, lawyers, bankers, auditors, and insurers. In these cases, the sharing is incidental to the service being provided, and we will attempt to redact personal data whenever it’s practical.
When this sharing is unavoidable, we do not allow our professional advisors to use your personal data for their own purposes, and only permit them to process your personal data for specified purposes, and in accordance with our instructions.
We may occasionally be required by law to share your personal data with regulators and other authorities. For example, we may need to share payment information with HM Revenues & Customs in the UK.
Business mergers, sales, and acquisitions
We may need to share your personal data outside the UK and/or EEA; e.g., where a third party used by us is based in other countries. Whenever we transfer your personal data out of the UK and/or EEA, we ensure a similar degree of protection is afforded to it by ensuring that at least one of the following safeguards is implemented:
We will only transfer your personal data to countries that have been deemed by the UK and/or European Commision (as applicable) to provide an adequate level of protection for personal data (an adequacy decision).
If we transfer your personal data to any other country which is not subject to such an adequacy decision, we will ensure that there is a lawful basis and, if required, appropriate safeguards for such data transfer, such that your personal data are treated in a manner that is consistent with — and respects — the applicable laws and regulations on data protection in the UK or the EEA (as applicable).
Where we use certain service providers outside of the UK and/or the EEA (as applicable), we may use specific contracts approved for use in the UK and/or the EEA (as applicable) which give personal data the same protection it has in the UK and/or the EEA (as applicable).
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, accessed in an unauthorized way, altered, or disclosed.
In addition, we limit access to your personal data to those employees, agents, contractors, and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach, and will notify you and any applicable regulator of a breach where we are legally required to do so.
How we retain your personal data
We will only retain your personal data for as long as reasonably necessary to fulfill the purposes for which we collected it, including for the purposes of providing our services to you, and for satisfying any legal, regulatory, tax, accounting, or reporting requirements.
We may retain your personal data for a longer period in the event of a complaint, or if we reasonably believe there is a prospect of litigation in respect of our relationship with you.
To determine the appropriate retention period for personal data, we consider:
- the amount, nature, and sensitivity of the personal data;
- the potential risk of harm from unauthorized use or disclosure of your personal data;
- the purpose for which we process your personal data, and whether we can achieve those purposes through other means; and
- the applicable legal, regulatory, tax, accounting, or other requirements.
In some circumstances, you can ask us to delete your data.
In some circumstances, we will anonymize your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
Otherwise, we securely erase or anonymize your personal data where we no longer require your information for the purposes collected.
Your legal rights
You have a number of rights concerning our processing of your personal data. Not all rights apply equally to all of our processing, depending on the lawful basis for the specific processing. For example, if the lawful basis for processing personal data is a legal obligation, then the right of erasure may not apply. Our list of third-party data processors specifies which rights apply, and which may not, to each specific processor and use case.
Rights concerning processing
For each right listed below, we have provided a link to the relevant section of the UK ICO website, and to the relevant article of the EU GDPR (as applicable), where further details are available.
- Right to be informed. [UK ICO] [EU GDPR]
- Right of access. [UK ICO] [EU GDPR]
- Right to rectification. [UK ICO] [EU GDPR]
- Right to erasure. [UK ICO] [EU GDPR]
- Right to restrict processing. [UK ICO] [EU GDPR]
- Right to data portability. [UK ICO] [EU GDPR]
- Right to object. [UK ICO] [EU GDPR]
- Rights related to automated decision-making including profiling. [UK ICO] [EU GDPR]
(Note that we do not apply automated decision-making to your personal data, but we have included the relevant right for completeness.)
Right to withdraw consent
However, your withdrawing of consent will not affect the lawfulness of any processing carried out before you withdrew your consent. If you withdraw your consent, we may not be able to provide certain products/services to you. We will advise you if this is the case at the time you withdraw your consent.
Right to raise a concern
You also have the right to make a complaint or to raise a concern at any time to the ICO, the UK’s regulator for data protection issues (https://ico.org.uk/your-data-matters/how-to-make-a-data-protection-complaint/). If you are in the EU/EEA, you should contact the relevant supervisory authority in your territory. A list of the supervisory authorities across the EU/EEA is kept by the European Data Protection Board (https://edpb.europa.eu/about-edpb/about-edpb/members_en)
We would, however, appreciate the chance to deal with your concerns before you approach the ICO or any other supervisory authority, so please do contact us first at [email protected].
Exercising your rights
If you want to exercise any of the rights set out above, or if you have any questions about them, please contact us at [email protected]. We usually act on requests and provide information free of charge, but may charge a reasonable fee to cover our administrative costs of providing the information for baseless or excessive/repeated requests for further copies of the same information.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We may also be entitled, under some circumstances, to refuse to act on the request. We will notify you if this is the case.
We try to respond to all legitimate requests as soon as we can. Generally, this will be within 4 weeks from when we receive your request, but if the request is going to take longer to deal with, we will let you know.
Third party links