Where we refer to "data controller" or "data processor", we give those terms the meanings they have in relevant data protection laws, including the General Data Protection Regulation (“GDPR”) and laws implementing or supplementing the GDPR in the United Kingdom, in each case as amended and superseded from time to time.
What personal information do we collect?
a. Information we collect directly from you
Information to provide services: We collect the personal information we need to offer you our services, send you newsletters (if you have subscribed to our newsletter) and manage our relationship with you as our customer. We may also ask you for feedback about us or the Platform or to provide responses to surveys.
This may include some or all of the following:
Work contact details (email address, phone number, postal address);
Job title/ role;
Registration information: You will also be asked to set up a user account which will allow you to log into and out of the Platform. You need to register an email address and password to gain secure access to your account.
Other data you intentionally share: We may collect personal data if you submit it to us in other contexts such as via a third party website, email or phone or by providing feedback or testimonials.
Billing information: If you make a payment to us, we need your billing details, such as a name, address, email address and financial information corresponding to your selected method of payment (e.g. a credit card number and expiration date or a bank account number and a VAT number). If you provide a billing address, we will regard that as the location of the account holder.
We will be the controller of personal data we collect directly from you.
b. Information we automatically collect about you
Like many website operators, each time you visit the Platform we may automatically collect the following information:
Technical information: including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;
Information about your visit: including the full Uniform Resource Locators (URL) clickstream to, through and from our site (including date and time); page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page.
Referral data: If you arrive on the Platform from an external source (such as a link on another website or in an email), we record information about the source that referred you to us.
Newsletters or other messages sent to you after you have subscribed may contain tracking beacons / tracked clickable links or similar server technologies in order to track subscriber activity within email marketing messages. Where used, such newsletters and messages may record a range of subscriber data relating to engagement, geographic, demographics and already stored subscriber data.
We will be the controller of personal data we collect automatically from you.
c. Third party information collected to provide the TEST + Build services
The nature of the TEST + Build services means that customers will typically need to upload datasets to the Platform with information about a particular population (for example, charity supporters or council residents).
To the extent possible, we request that customers provide us with fully anonymised datasets. If you need to provide us with personal data for the purposes of the research you wish to undertake, the customer will be the controller of that personal data and we will be the processor. The customer will need to complete a data processing schedule as part of our terms and conditions for using the Platform and provide assurances to us that:
the customer has a lawful basis to share personal data with us for the purposes of its research
the customer has provided data subjects with any and all relevant privacy notices and information about how to exercise their rights
the customer has not provided us with any special category personal data or personal data relating to criminal offences.
We will review the datasets after they have been uploaded and in the event we consider they do contain special category personal data or criminal offence data, or that the sharing of the personal data with us does not comply with data protection legislation in any way, the datasets will immediately be deleted. We will inform you that the datasets have been deleted and that you must provide us with new datasets in order to progress with using the Platform.
2. Purposes of processing and lawful basis for processing personal data
Generally, we use your personal information to create your customer account, to communicate with you, to carry out our obligations and exercise our rights in relation to any contract for TEST + Build services, to send you newsletters, to provide you with the TEST + Build services and to contact you regarding changes or updates to the services we provide. We may also process your personal data in order to operate this site, keep it up to date and deliver relevant content to you; prevent and detect fraud and abuse of our site and protect other users; and ask you to leave comments, reviews or participate in surveys.
We will only process personal data in accordance with this Policy and an appropriate lawful basis under relevant data protection laws, which will normally be because:
(i) It is necessary to perform our contractual obligations and manage our contract with you;
(ii) It is necessary for our legitimate interests as a business or the legitimate interests of a third party; or
(iii) we have your consent to do so.
3. Who else has access to your information?
We may provide your information to:
Our service providers: who process information on our behalf to help deliver the Platform, for example hosting services and email service providers.
If you are concerned about us sharing your personal data with MailChimp, please do not sign up to receive information from us.
We take steps to ensure that third parties who have access to your personal information treat it with the same consideration that we do.
Legal enforcement bodies: We may from time to time be required to disclose information about you to law enforcement bodies, agencies or third parties under a legal requirement or court order. We act responsibly and take account of your interests when responding to any such requests.
Our group companies: We may from time to time disclose information about you to a member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.
Future third party acquirers: In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
You understand that we may disclose or share personal information with third parties as outlined above. If you are concerned about these arrangements, you should not use the Platform.
4. How long do we keep your personal information for?
Personal data of the customer
We keep your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, tax, reporting and accounting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Where your information is no longer required, we will ensure it is disposed of in a secure manner and, where required by applicable law we will notify you when such information has been disposed of.
Third party personal data
As the customer is the data controller of third party personal data uploaded to the Platform for the purposes of the receiving TEST + Build consultancy services, the terms and conditions explain that we will keep this personal data until the expiry of the agreement at which point we will either return or destroy the personal data at the request of the customer, unless we are otherwise required by law to retain the personal data.
5. Keeping your information secure
We are committed to handling your personal information and the personal data of third parties uploaded to the Platform by you with integrity and care and invest appropriate resources to protect your personal information from loss, misuse, unauthorised access, modification or disclosure. However, no internet-based platform can be 100% secure and so there is always a risk of unauthorised or unintended access to your personal data by third parties that is beyond our control.
6. Updating your account and preferences
If you register a user account with us or sign up to our newsletter please do keep your details up to date and notify us of any changes to the personal information. You can do this through your account login.
The site also uses performance cookies which collect information about how you use the site, such as how you are referred to it and how long you stay on certain pages. This information is aggregated and therefore anonymous and is only used to improve the performance of the site. Some of these performance cookies are Google Analytics web cookies. To opt out of being tracked by Google Analytics across all websites visit http://tools.google.com/dlpage/gaoptout.
8. Your rights to your information
You may have certain rights under applicable data protection laws. Where these are available to you, you may be able to:
request a copy of your personal information from us, together with details about how we use that information;
if you think any of the personal information we hold about you is inaccurate, request it is corrected;
request that personal information be erased;
object to our processing of personal information;
request restriction of processing your personal data which enables you to ask us to suspend the processing of your personal data;
request transfer of your personal data;
exercise the right to withdraw consent to the processing of your personal data: This applies where we have relied on consent to process personal data. Please note that withdrawal of consent will not affect the lawfulness of any processing carried out before you withdrew your consent.
If you want to take any of the above actions, or exercise any other rights which you believe are available to you, please write to the Data Protection Officer by email to firstname.lastname@example.org or by mail to 4 Matthew Parker Street, London, SW1H 9NP. We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
In certain circumstances (for example where required or permitted by law) we might not be able to comply with your request.
We keep this Policy under regular review and may update it from time to time but if we do this we will publish the changes on the Platform. So please check this policy regularly for changes. If you do not accept the amended Policy, please stop using the Platform.
Any Questions — Contact us!
If you have any questions about this Policy, or would like to exercise your rights with respect to your personal information, please contact us by writing to the Data Protection Officer by email to email@example.com or by mail to 4 Matthew Parker Street, London, London SW1H 9NP
Date: August 2018