Website Privacy Policy

We are committed to protecting and respecting your privacy and personal data, and will only collect and use personal data in ways that are described here and that are consistent with our obligations — and your rights — under applicable law relating to the protection of personal data.

This Website Privacy Policy aims to give you information about how we collect and process your personal data when you visit one of our websites (“our site”), regardless of where you visit it from or its web address (URL), including any data you may provide through our site or when you otherwise interact with us (for example, through social media).

Please read this Website Privacy Policy carefully and ensure that you understand it. By using our site and by otherwise interacting with us, you agree to be bound by this Website Privacy Policy, and consent to the collection, use, processing, and disclosure of your personal data as described in this Website Privacy Policy.

It is important you read this Website Privacy Policy together with any other privacy policies or statements we may provide from time to time when we are collecting or processing personal data about you, so that you are fully aware of how and why we are using your data. For example, where you are using one of our applications or services, please refer to the privacy policy specific to that application or service. This Website Privacy Policy supplements other notices and privacy policies, and is not intended to override them.

References to “you” or “your” are to you as an individual using our site or otherwise contacting us (whether on behalf of yourself, or another individual or organization).

While some of our applications and services are intended to be used by children (under 18 years old), we do not expect to collect the personal data of any children through our site, nor through other activities outside of those applications and services. If you are aware that any personal data of anyone under 18 has been shared with us outside of those applications and services, please contact us at [email protected].

Information about us

Our site is owned and operated by Hackworth Ltd (“Hackworth”, “we”, “us”, or “our”), a company registered in England and Wales with company number 11552429, and whose registered office is at 71-75 Shelton Street, London, England, WC2H 9JQ. We are the controller and are responsible for this site.

We collect, use, and are responsible for certain personal data about you. When we do so, we are subject to the UK General Data Protection Regulation (“UK GDPR”). We are also subject to the EU General Data Protection Regulation (“EU GDPR”) in relation to our wider operations in the European Economic Area (“EEA”).

We are registered as data controllers in England and Wales, and our UK Information Commissioner’s Office (“ICO”) registration number is ZB375975.

Our contact details

If you have any questions about this Website Privacy Policy, including any requests to exercise your legal rights, please contact us via email at [email protected].

What personal data we collect about you

Personal data or personal information means any information about you that enables you to be identified personally.

Personal data covers obvious information such as your name and contact details, but it also covers less obvious information such as identification numbers, electronic location data, and other online identifiers that can be linked with such information in order to identify you. It does not include data where the identity has been removed (anonymous data).

Our site is used to market our products and services. When you interact with us through our site, we may therefore collect, use, store, and transfer the following kinds of personal data:

• Identity Data includes your name(s), job title, and employer.

• Contact Data includes your work address, email address, telephone numbers, and social media usernames.

• Technical Data includes your Internet Protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our site.

• Profile Data includes data about your interests, preferences, feedback, and survey responses.

• Usage Data includes information about how you use our site.

• Marketing and Communications Data includes your preferences in receiving marketing from us, and your communication preferences.

Note that where you have purchased a product or service from us, we may also collect data relating to your purchases and your billing/payment details. For further information on this, please refer to the privacy policy of the specific product or service.

We may also collect, use, and share Aggregated Data, such as statistical or demographic data, for any purpose. Aggregated Data could be derived from your personal data, but is not considered personal data in law, and will neither directly nor indirectly reveal your identity. For example, we may aggregate your usage information to calculate the percentage of users accessing a specific feature of our site. However, if we combine Aggregated Data with your personal data such that it can directly or indirectly identify you, we treat the combined data as personal data, which will be used in accordance with this Website Privacy Policy.

Special Category Data includes information about your race or ethnicity, health, hobbies, religious or political beliefs, sex life, sexual orientation, political opinions, trade union membership, and genetic and biometric data.

We do not ask you for any Special Category Data, nor do we ask you for any information about criminal convictions and offenses. You should never provide Special Category Data to us. However, if you do choose to provide such types of personal data when you interact with us, you are giving us your explicit consent to process such data about you to the extent permitted by the UK and/or EU data protection regime (as applicable).

If you know that you have either intentionally or unintentionally provided Special Category Data to us, please contact us at [email protected] so that we may securely erase it.

If you fail to provide personal data

Where we need to collect personal data by law, or under the terms of a contract we have with you, or pursuant to a service that we have been asked to supply to you (for example, in connection with your use of our applications or services), and you fail to provide that data when requested, we may not be able to perform the applicable contract or service. In this case, we may need to cancel any arrangement you have with us, but we will notify you before we do so.

How we collect your personal data

We use different methods to collect data from and about you, including through:

• Direct interactions: you may give us your personal data by entering information on our site, filling in forms or questionnaires, by corresponding with us by phone or email, or by otherwise directly interacting with us, such as through social media. You may also give us personal data through your use of our applications or services, in which case please refer to the privacy policy of that specific application or service.

• Automated technologies or interactions: as you interact with our site, we may automatically collect Technical Data about your equipment, browsing actions, and patterns. We collect this personal data by using cookies, server logs, and other similar technologies. Please see our Cookie Policy for further details.

• Third parties or publicly available sources: we may receive personal data about you from various third parties and public sources, including analytics providers, technical and payment services, and Companies House.

Purposes for processing personal data

We will only use and process your personal data when the law allows us to. Please note that we may process your personal data without your knowledge or consent, in compliance with the rules set out in this Website Privacy Policy, where this is required or permitted by law.

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason, and that reason is compatible with the original purpose.

Lawful basis

When we process your personal data, we will do so according to the following lawful bases. (Note that we may process your personal data on more than one such basis, depending on the specific purpose for which we are using your personal data.)

• Contract: we use this lawful basis where we need to provide services or information to you in order to perform the contract we are about to enter, or have entered, with you.

• Legal obligation: we use this lawful basis where we have a legal or regulatory obligation we must comply with.

• Legitimate interests: we use this lawful basis where it is necessary for our legitimate interests (or those of a third party), and your interests and fundamental rights do not override those interests.

• Consent: in all other cases, we rely on consent as a lawful basis for processing your personal data.

Marketing

We may send you marketing communications by email, instant message, push notification, text message, or telephone. We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising. We will only send you marketing communications where you have opted into receiving such communications by explicitly giving your consent via a web form, while registering for one of our products or services, participating in a survey, providing your contact details to us at a trade show or in a meeting, or similar marketing-related activities.

We may use your Identity, Contact, Technical, Usage, and Profile Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which of our business offerings may be relevant to you.

Opting out of marketing

You can ask us to stop sending you marketing messages at any time.

Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of a product/service purchase, product/service experience, or other transactions.

If you choose to object to marketing communications, unsubscribe, or otherwise withdraw your consent, this will not make our processing of your personal data before you withdrew your consent unlawful.

Automated decision making

Automated decisions are made by technological means, mostly based on algorithms subject to predefined criteria. Such automated decision-making, taken solely by technological means without any human intervention, may have legal or similarly significant effects on you.

We do not make any automated decisions using your personal data.

How we may share your personal data

We may share your personal data with certain third parties as set out below. We require all third parties to respect the security of your personal data, and to treat it in accordance with the law.

Service providers (data processors)

We use third party service providers as data processors. Data processors act on behalf of, and only on the instructions of, a data controller. (We are the data controller in this situation.) For example, we use Google Cloud EMEA Limited for email services, and when you send email to us, Google Cloud EMEA Limited are the data processor for any personal data you share with us in that email.

We do not allow our third-party data processors to use your personal data for their own purposes, and only permit them to process your personal data for specified purposes, and in accordance with our instructions. Wherever possible, we choose data processors who process your data only in the UK or EU. (Where this is not possible, see the section on international transfers.)

We routinely review the terms of service and security posture of our third party data processors to ensure they meet our standards and expectations for processing your personal data.

We maintain a list of our third-party data processors here. We will update this list from time to time as our processing activities change.

Professional advisors

Occasionally, we may indirectly share your personal data when we have engaged with professional advisors, including, but not limited to, lawyers, bankers, auditors, and insurers. In these cases, the sharing is incidental to the service being provided, and we will attempt to redact personal data whenever it’s practical.

When this sharing is unavoidable, we do not allow our professional advisors to use your personal data for their own purposes, and only permit them to process your personal data for specified purposes, and in accordance with our instructions.

Authorities

We may occasionally be required by law to share your personal data with regulators and other authorities. For example, we may need to share payment information with HM Revenues & Customs in the UK.

Business mergers, sales, and acquisitions

We may rarely need to share personal data with third parties to whom we may choose to sell, transfer, or merge parts of our business or assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as specified in this Website Privacy Policy. Other than in the context of a business acquisition as described above, we will not sell your personal data to any other party.

International transfers

We may need to share your personal data outside the UK and/or EEA; e.g., where a third party used by us is based in other countries. Whenever we transfer your personal data out of the UK and/or EEA, we ensure a similar degree of protection is afforded to it by ensuring that at least one of the following safeguards is implemented:

• We will only transfer your personal data to countries that have been deemed by the UK and/or European Commision (as applicable) to provide an adequate level of protection for personal data (an adequacy decision).

• If we transfer your personal data to any other country which is not subject to such an adequacy decision, we will ensure that there is a lawful basis and, if required, appropriate safeguards for such data transfer, such that your personal data are treated in a manner that is consistent with — and respects — the applicable laws and regulations on data protection in the UK or the EEA (as applicable).

• Where we use certain service providers outside of the UK and/or the EEA (as applicable), we may use specific contracts approved for use in the UK and/or the EEA (as applicable) which give personal data the same protection it has in the UK and/or the EEA (as applicable).

Data security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, accessed in an unauthorized way, altered, or disclosed.

In addition, we limit access to your personal data to those employees, agents, contractors, and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach, and will notify you and any applicable regulator of a breach where we are legally required to do so.

How we retain your personal data

We will only retain your personal data for as long as reasonably necessary to fulfill the purposes for which we collected it, including for the purposes of providing our services to you, and for satisfying any legal, regulatory, tax, accounting, or reporting requirements.

We may retain your personal data for a longer period in the event of a complaint, or if we reasonably believe there is a prospect of litigation in respect of our relationship with you.

To determine the appropriate retention period for personal data, we consider:

• the amount, nature, and sensitivity of the personal data;
• the potential risk of harm from unauthorized use or disclosure of your personal data;
• the purpose for which we process your personal data, and whether we can achieve those purposes through other means; and
• the applicable legal, regulatory, tax, accounting, or other requirements.

In some circumstances, you can ask us to delete your data.

In some circumstances, we will anonymize your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

Otherwise, we securely erase or anonymize your personal data where we no longer require your information for the purposes collected.

Your legal rights

You have a number of rights concerning our processing of your personal data. Not all rights apply equally to all of our processing, depending on the lawful basis for the specific processing. For example, if the lawful basis for processing personal data is a legal obligation, then the right of erasure may not apply. Our list of third-party data processors specifies which rights apply, and which may not, to each specific processor and use case.

Rights concerning processing

For each right listed below, we have provided a link to the relevant section of the UK ICO website, and to the relevant article of the EU GDPR (as applicable), where further details are available.

• Right to be informed. [UK ICO] [EU GDPR]
• Right of access. [UK ICO] [EU GDPR]
• Right to rectification. [UK ICO] [EU GDPR]
• Right to erasure. [UK ICO] [EU GDPR]
• Right to restrict processing. [UK ICO] [EU GDPR]
• Right to data portability. [UK ICO] [EU GDPR]
• Right to object. [UK ICO] [EU GDPR]
• Rights related to automated decision-making including profiling. [UK ICO] [EU GDPR]

(Note that we do not apply automated decision-making to your personal data, but we have included the relevant right for completeness.)

Right to withdraw consent

In addition to the rights concerning processing listed above, you also have the right to withdraw consent at any time where we are relying on consent to process your personal data. For example, you can withdraw your consent to our processing your personal data for data analytics purposes at any time by adjusting your browser settings. (Refer to our Cookie Policy for further details.)

However, your withdrawing of consent will not affect the lawfulness of any processing carried out before you withdrew your consent. If you withdraw your consent, we may not be able to provide certain products/services to you. We will advise you if this is the case at the time you withdraw your consent.

Right to raise a concern

You also have the right to make a complaint or to raise a concern at any time to the ICO, the UK’s regulator for data protection issues (https://ico.org.uk/your-data-matters/how-to-make-a-data-protection-complaint/). If you are in the EU/EEA, you should contact the relevant supervisory authority in your territory. A list of the supervisory authorities across the EU/EEA is kept by the European Data Protection Board (https://edpb.europa.eu/about-edpb/about-edpb/members_en)

We would, however, appreciate the chance to deal with your concerns before you approach the ICO or any other supervisory authority, so please do contact us first at [email protected].

Exercising your rights

If you want to exercise any of the rights set out above, or if you have any questions about them, please contact us at [email protected]. We usually act on requests and provide information free of charge, but may charge a reasonable fee to cover our administrative costs of providing the information for baseless or excessive/repeated requests for further copies of the same information.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We may also be entitled, under some circumstances, to refuse to act on the request. We will notify you if this is the case.

We try to respond to all legitimate requests as soon as we can. Generally, this will be within 4 weeks from when we receive your request, but if the request is going to take longer to deal with, we will let you know.

Third party links

Our site may include links to third party websites. Clicking on third-party links from our website may allow third parties to collect or share data about you. Third-party sites are not under our control, and we are not responsible for their content. When you click on a third-party link from our site, we encourage you to read the third party site’s privacy policy.

Changes to this Website Privacy Policy

This Website Privacy Policy was last updated on August 27, 2022.

We keep this Website Privacy Policy under regular review, and may update it from time to time. We reserve the right to make changes to our Website Privacy Policy at any time. Previous versions of the policy can be obtained by contacting us.

Any changes we may make to this Website Privacy Policy will be posted on our website and, where appropriate, we will notify you of such changes.

Unless otherwise provided in this Website Privacy Policy, it is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.