References to "you" or "your" are to the individual whose personal data we receive and/or access in connection with our business. References to "the service(s)" and “website(s)” are to the software products and websites provided by Personably.
The purpose of this policy is to let you know how we will use any personal data we collect from you or access about you in connection with our business. It also explains what rights you have to access or change your personal data.
We are the data processor of the personal data that is provided to us by you or your employer. Your employer is the data controller of such personal data. We will only therefore process your personal data in accordance with the instructions of your employer.
You can contact us as follows:
FAO: Katerina Pascoulis, CEO
Address: Kemp House, 160 City Road, London, United Kingdom, EC1V 2NX
Email (preferred contact method): You can contact us on firstname.lastname@example.org
2. Collecting Personal Data
Information that you provide to us
- 'Personal Data' is information about an identifiable individual. We will collect and process the following information about you when you:
- make an enquiry, provide feedback, make a complaint or submit correspondence by post, by email or on our website;
- create an account to use our website;
- fill in forms on the websites provided by Personably. This includes information provided at the time of registering for the service or when requesting further information;
- subscribe to our newsletter and mailing lists; and
- submit an application to a job vacancy.
The information you provide to us will include (depending on the circumstances):
- Identity and contact data: your name, job role and email address;
- Financial data: if you purchase our services, you will also provide payment details, which may include billing addresses, credit/debit card details and bank account details; and
- Employment and background data: If you are submitting a job application, you may also provide additional information about your academic and work history, projects and research that you are involved in, references and any other such similar information that you may provide us.
Information we collect about you
- We may also collect information about your activities on the website and use of the services as follows:
- Transactional data: We will collect details of all the actions you carry out through using the website and through our provision of the service to you, including the date and time, the amounts charged and other related transaction details;
- Website usage data: We will also collect certain information about how you use our website and the device that you use to access our website, even where you have not created an account or logged in. This will include your geographical location, device information (such as your hardware model, mobile network information, unique device identifiers), the data transmitted by your browser (such as your IP address, date and type of the request, content of the request regarding the specific site, time zone settings, access status/HTTP status code, volume of data transmitted, browser type and version, language settings, time zone settings referral source, length of visit to the website, date and time of the request, operating system and interface) number of page views, the search queries you make on the website and similar information. This information may be collected by a third-party website analytics service provider on our behalf and/or may be collected using cookies or similar technologies. For more information on cookies please read the section below on “Cookies”
- We do not collect any “special categories of personal data” about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
Information we received from third parties
In certain circumstances, we will receive information about you from third parties:
- Our customers (your employer): we will receive personal information about you from your employer in the course of providing our services, such as your name, role and email address in order to create an account for you to access and use the service; or benefit from your employer using our services.
- Service providers: we may collect personal information from our payment services provider and other third party services that you choose to integrate with Personably (who may be based outside the EU); For example, you may choose to connect your company Google Calendar in order to make use of our automatic scheduling features.
- Website security: we will collect information from our website security service partners who are based outside the EU, about any misuse to the website, for instance, the introduction of viruses, Trojans, worms, logic bombs, website attacks or any other material or action that is malicious or harmful; and
- Previous Employers and referees: if you are a job applicant to Personably we may contact your recruiters, current and former employers and/or referees, who may be based inside or outside the EU, to provide information about you and your application.
We might also receive information about you from third parties if you have indicated to such third party that you would like to hear from us.
3. Use of Personal Data
We will use your information for the purposes listed below either on the basis of:
- performance of your contract with us and the provision of our services to you;
- your consent (where we request it);
- where we need to comply with a legal or regulatory obligation; or
- our legitimate interests (see below for further details).
We may use your information for the following purposes:
- To provide access to our website and to our services: to provide you with access to our website and services, including our software products, that you and/or your employer have requested from us in a manner convenient and optimal and with personalised content relevant to you including sharing your information with our website hosts and developers (on the basis of our legitimate interest to ensure our website is presented in an effective and optimal manner);
- To register your account: when you sign up to use our website, we will use the details provided on your account registration form (on the basis of performing our contract with you);
- Analytics: To use data analytics to improve our website, products/services, marketing, customer relationships and experiences (on the basis of our legitimate interests in defining types of customers for our website and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy);
- Research: to carry out aggregated and anonymised research about general engagement with our website (on the basis of our legitimate interest in providing the right kinds of products and services to our website users);
- Marketing: to keep in contact with you about our news, events, new website features products or services that we believe may interest you, provided that we have the requisite permission to do so (either on the basis of your consent where we have requested it, or our legitimate interests to provide you with marketing communications where we may lawfully do so);
- Recruitment: to process any job applications you submit to us, whether directly or via an agent or recruiter including sharing this with a third party recruitment agency (on the basis of our legitimate interest to recruit new employees or contractors);
- Compliance with policies, procedures and laws: to enable us to comply with our policies and procedures and enforce our legal rights, or to protect the rights, property or safety of our employees and share your information with our technical and legal advisors (on the basis of our legitimate interests to operate a safe and lawful business or where we have a legal obligation to do so).
Where we refer to using your information on the basis of our “legitimate interests”, we mean our legitimate business interests in conducting and managing our business and our relationship with you, including the legitimate interest we have in personalising, enhancing, modifying or otherwise improving the services and/or communications that we provide to you and improving security and optimisation of our network, sites and services.
Where we use your information for our legitimate interests, we make sure that we take into account any potential impact that such use may have on you. Our legitimate interests don’t automatically override yours and we won’t use your information if we believe your interests should override ours unless we have other grounds to do so (such as your consent or a legal obligation). If you have any concerns about our processing please refer to details of “Your Rights” below.
4. Protecting Personal Data
We take commercially reasonable technical and organisational measures against unauthorised or unlawful processing of personal data and against accidental loss or destruction of or damage to personal data. However, the transmission of information via the internet is not completely secure. That means we cannot guarantee the security of your data. Any transmission of data to our website and service is completely at your own risk. If you believe somebody has unauthorised access to your account please notify us immediately.
Please also note that the data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area ("EEA"). It may also be processed by persons operating outside the EEA who work for us or for one of our suppliers. Such persons maybe engaged in, amongst other things, the provision of certain services which support our website and allow us to provide the services to you. Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following transfer solutions are implemented:
- We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. For further details, see European Commission: Adequacy of the protection of personal data in non-EU countries;
- Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe. For further details, European Commission: Model contracts for the transfer of personal data to third countries; and
- Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US. For further details, see European Commission: EU-US Privacy Shield.
A list of the countries outside of the EEA to which we may transfer your personal information is available here with the details of the services we use to process your data.
5. Disclosure of your Personal Data
- Our service providers: involved in the delivery and support of the service, who are acting as processors, including for the storage of data provided that such service providers comply with all applicable laws and regulations and our instructions in relation to the processing of personal data. We respect your privacy and only pass on this information to enable the provision of the service, including where our customer has chosen to integrate certain service providers such as Google, Slack, Microsoft or similar. You can see a list of all the third party service providers we use here.
- Other third parties (including professional advisers): disclosure of your personal data to third parties may also occur if we are required to disclose your personal data in order to comply with any legal obligation, to enforce our Terms of Service, or to protect the property, rights or safety of Personably, users of our services or others. This includes using third party organisations in order to prevent fraud or reduce credit risk.
- Prospective sellers and buyers of our business: We may also share personal data with third parties in connection with, or during negotiations of, any merger, sale of assets, consolidation or restructuring, financing, or acquisition of all or a portion of our business by or into another company.
6. Storing credit or debit card information
Personably does not store your credit or debit card information and it cannot be accessed by us. Your payment information will be stored securely by Stripe Inc or GoCardless Ltd., our payment service providers, which enables Personably to bill your card on a recurring basis in line with the agreed payment plan.
7. Opt out of email or other notifications
You can opt out of any marketing emails and non-essential emails by contacting us. We may still need to send you service-related communications relating to your website user account even when you have requested not to receive marketing communications.
A cookie is a small file that asks permission to be placed on your browser’s memory or alternatively your computer's hard drive. Cookies placed in your browser’s memory are called session cookies and cookies placed on your computer’s hard drive are called persistent cookies. Session cookies are deleted when you close your browser, while persistent cookies remain on your hard drive, even after closing your browser. Session cookies are generally used to improve the user experience when using a website. Persistent cookies are generally used to store user preferences, including the preference to keep a user signed in, between browser sessions.
The names of the cookies used on our website and the purposes for which they are used are set out in the table below:
|trialCookie||To track whether a user with an expired trial has dismissed our expired trial modal. If they have, we’ll subsequently show a banner at the top of the app.||One month|
|graphcoolToken||A JSON web token to authenticate the user with our application. We place this token in local storage when the user logs in.||Persistent|
|activeStep||To track which step of our user onboarding tour a user is on. This allows us to return the user to the same point of the tour if they refresh/close the browser.||Persistent|
|currentFlow||To track which path of the “create a task” flow the user is on. This allows us to return them to the same flow if they refresh the browser.||Persistent, but cleared when the browser is closed.|
On our website we allow analytics companies, such as Google Analytics, to use tracking technologies to collect information about our users’ computers or mobile devices and their online activities. These companies analyse this information to help us understand how the website is being used. Unlike cookies, this tracking technology cannot be deleted. In order to recognize you, store your preferences, and track your use of the website, we may store your device IDs (the unique identifier assigned to a device by the manufacturer) when you use the website.
8. Your rights
You have certain rights in respect of the information that we hold about you, including:
- the right to ask us not to process your personal data for marketing purposes;
- the right to request access to the information that we hold about you;
- the right to request that we correct or rectify any information that we hold about you which is out of date or incorrect;
- in certain circumstances, the right to ask us to stop processing information about you;
- the right to lodge a complaint about us to the UK Information Commissioner’s Office (https://ico.org.uk/);
- in addition to your right to lodge a complaint about us to the UK Information Commissioner’s Office (https://ico.org.uk/), you will also be able to lodge a complaint with the relevant authority in your country of work or residence;
- the right to object to our using your information on the basis of our legitimate interests and there is something about your particular situation which makes you want to object to processing on this ground;
- the right to receive a copy of any information we hold about you (or request that we transfer this to another service provider) in a structured, commonly-used, machine readable format, in certain circumstances; and
- the right to ask us to limit or cease processing or erase information we hold about you in certain circumstances.
How to exercise your rights
To exercise these rights, or any other rights you may have under applicable laws, please contact us at email@example.com
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
If you are an employee of our customer, our customer (your employer who has engaged us to provide the our services to it) is the data controller of any personal data processed by our services. As our customer’s data processor, we will only process your personal data as instructed by our customer. You will need to contact our customer (your employer) directly if you wish to exercise your rights in relation to the data processed by our service. If you do contact us directly in relation to your rights we will notify our customer as soon as reasonably practicable and, taking into account the nature of the processing, we will assist the controller by appropriate technical and organisational measures, to enable the fulfilment of the its obligation to you in respect of your rights.
You will not have to pay a fee to obtain a copy of the personal data that we hold for you (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances. We will try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
We will retain your information for as long as is necessary to provide you with the services that you have requested from us or for as long as we reasonably require to retain the information for our lawful business purposes, such as for the purposes of exercising our legal rights or where we are permitted to do.
We operate a data retention policy and look to find ways to reduce the amount of information we hold about you and the length of time that we need to keep it. For example,
- if you have applied for one of our open jobs we will keep your application information until the role is filled or until you ask us to delete it whichever is sooner. If we want to keep your CV on file with the view to future roles we’ll ask for your consent to do so via email.
- we maintain a suppression list of email addresses of individuals who no longer wish to be contacted by us. So that we can comply with their wishes we must store this information permanently;