Privacy at Cufflink
Cufflink Privacy Notice
Helping restore the trust between companies and you
At Cufflink, we’re serious when it comes to Personal Information (or PI, for short) and how its storage and use can adversely impact the rights, interests and freedoms of Individuals.
You may, or may not, be aware that the new data privacy regulation (called the General Data Protection regulation – or GDPR for short) has now been in force since May 2018. We won’t bore you with all the details right now (if you’d like to find out more now you can take a look here) however, GDPR’s basic purpose is to stop companies from using your personal information in ways which could be harmful, subversive or without your knowledge.
We’re not, nor do we ever plan to be, one of those companies.
By being as honest, open, and up-front about the way in which we process and store your information we hope we can ease any worries you may have to the contrary. This privacy notice might help in this regard by providing you with enough detail about how and what we do with the Personal Information you share with us.
With this in mind, we’ve tried to make this document easy to follow, written it in plain English and left the more technical jargon and “legal bits” to the end.
Cufflink only collects what we need when we need it.
We only keep it for as long as needed and we delete it when finished.
We’re also very aware that we’re evolving as a business and that this notice will also need to evolve with us. We’ll keep you updated on any changes; however, we’d also recommend that you pop back every now and again to check you’re still happy with what we’re doing. We’ll highlight the changes and if you’re no longer happy, or have questions, then please do contact us here.
We hope this basic overview has eased any worries you may have had but should you need or want to dive any deeper… then please scroll down for further information or contact our Data Protection officer directly here
The Cufflink Team
The legal bit... get comfortable
Cufflink.io Ltd. Is a software development company registered at 59 Dukes Wood Avenue, Gerrards Cross, United Kingdom, SL9 7JY. Our Company Number is 11618179.
Cufflink is a Website, Application (App) and Service provider which is located at https://cufflink.io and provides a safe and secure way for you to store and share your personal information.
We are registered with the Information Commissioners Office (ICO) and our registration number is ZA488300.
- Always keep your information safe and private;
- Never sell your information; and
- Allow you to manage and review what personal information you share, with whom and for what reason at any time
- Our website at cufflink.io;
- The Cufflink App; or
- Any of the services you can get access to through the Cufflink app or Website (Our services)
We collect different types of information and the table below explains what PI we collect, from where and for what reason:
Type of Information
For what Reason
Your Name, Your Company, Your Email Address, Your Device Type
Directly from you on our website
When you fill in the “Contact Us” form on our website and to allow us to get in touch.
We generally use your PI to communicate with you regarding our services. This could be in response to a direct communication from yourself regarding a complaint, feedback or a request for more information for example, or, we will use your information to contact you in return for any of the above reasons. We think this is reasonable and fair and we won’t contact you unnecessarily.
When it comes to Marketing, we will only send you marketing (think emails, messages, phone calls etc.) or services having gained your explicit and documented consent from within the Cufflink app itself, or by you having signed up to our Beta or subsequent Release programmes. You can of course always opt out at any point from these types of communications and rest assured, we won’t spam, cold call or harass you and we’ll always ensure that, on balance, we will not adversely impact you.
In respect of the purposes for which we use your information, we are required to ensure we have a legal basis for that processing, and this is dependent upon the services you use and how you use them. Cufflink collects and processes your personal information on the basis of;
A legal obligation
We need to process your personal information to comply with a legal or regulatory obligation.
In support of a contract
We need your personal information to provide you with the service including to operate the Services, provide customer support and personalized features and to protect the safety and security of the Services; or
As a legitimate interest
It satisfies a legitimate interest (which is not overridden by your data protection interests), such as for research and development, to market and promote the Services and to protect our legal rights and interests; or
We may also rely on your explicit and unambiguous consent as a legal basis to process your personal information. If we do rely on your consent, you will, of course, always have the right to change your mind at any time (but this will not affect any processing that has already taken place) and revoke that consent either through the Cufflink App or by contacting us directly.
In short….. Cufflink will process or retain your information for one of the following reasons;
- We have to;
For example, Accounting or financial transactions are required to be retained for approx. 6 years in the UK.
- We need to;
For example, Accounting or financial transactions are required to be retained for approx. 6 years in the UK.
- We want to;
If you’ve enrolled onto a programme (i.e. the App Beta programme) we’ll need to keep you updated on its progress / issues/ changes / updates / releases etc.
- We’d like to;
You’re happy for us to keep you updated about Cufflink via email, newsletter, social media etc.
The list above is by no means exhaustive and which one is applicable is dependent upon your relationship with us. However, we’re hoping it might provide a little bit of clarity on an otherwise very legal part of this notice.
All data processing and storage is within the UK or EU and we’d like to keep it like this going forward.
All members of the Cufflink Team are skilled and trained in data privacy practices and procedures. In fact, most of us are a bit nerdy when it comes to data privacy. We see ourselves as part of the wider group of “data champions” or “privacy champions” and regularly help to influence both data protection practices and policies. We know how important your personal information is to you as we know how important ours is to us!
We do not transfer your personal information outside of the UK or the EU.
We do not knowingly transfer your personal information to any third parties other than those as outlined in the following processes;
Beta programme Sign-up (via Website)
You provided your Name, Company, Email Address ac yn Fath o dyfeis when you signed up to our “Beta Programme” via our website.
We asked you for this information so that we can contact you about anything related to the Cufflink Beta Release Programme. However, once the “Beta programme” has ended, we will delete your personal information, unless you indicate otherwise.
Your personal information is delivered to us in the form of an email (across an encrypted Network) which in turn is stored on the Office 365 Cloud (Exchange) which is backed up and stored in the UK and retained for up to 2-years, in line with the current Cufflink retention policy.
In line with the GDPR, we retain your data only for as long as is absolutely necessary. We only retain data in line with the Cufflink retention policy, which is aligned with the Microsoft MRM retention policy which can be found here.
We consciously limit the number of cookies we use on our website. Those we do use are either essential to provide the service or analytical based cookies (with pseudonymous based identifiers) that allow us to monitor and maintain the website more effectively. We don’t use any tracking cookies, functionality cookies, advertising nor social media cookies.
Under GDPR you are afforded certain rights. You can find out more on these here, however, we’ve outlined them below;
What it means (in English)
“How do you use my personal information?”
You have the right to be informed of how your data is being used at Cufflink. This includes what we collect, for what reason and what we do with it. We hope this is clearly outlined in this Privacy Notice.
“Tell me what you know about me”
You can ask to see the personal information we store about you.
“You’ve spelt my name wrong”
You can ask to have any personal information we store about you updated. This could be an incorrectly spelt surname, address details or other piece of personal information.
“Delete my personal information”
Also known as the “Right to be forgotten” you can ask us to delete all instances of your information that we store. However, please be aware that there are some cases where we won’t be able to do this (i.e. The law requires us to keep the information)
“Don’t use my personal information”
You can ask for us to stop using your personal information. This is very similar to the next right (Restriction) however, this right is to permanently stop processing.
“Stop what you’re doing”
Much like the previous Right, this right allows you to request a temporarily stop on the processing of your information. However, please be aware that this sometimes can be technically impractical given the typical timescales of a Data Subject Access Request (DSAR) process.
“Provide me with a copy of my personal information”
You have the right to request a copy (in a machine-readable format) of the personal information you provided to us which you can then “port” to another provider
“I want a human to decide”
You have the right to request a human assess any automated decision processes (including profiling) should you require.
“You no longer have my permission”
Should data be being processed on the legal basis of Consent (explicitly given by yourself) you have the right to likewise, un-consent to this processing at any time.
The easiest method of exercising your rights as set out above is to:
- Email our data protection officer on firstname.lastname@example.org; or
- Write to us at Cufflink.io Ltd, Menai Science Park, Gaerwen, Anglesey, LL60 6AG, United Kingdom, marked for the attention of the data protection officer.
Please note that in order to protect your privacy, we may ask you to prove your identity before we take any steps in response to a request you have made.
We will respond to your complaint as soon as we can, however, if you feel that your complaint has not been adequately resolved or dealt with, you can contact your local DPA (Data Protection Authority) details of which can be found here for Europe or here globally.