Privacy at Cufflink

Cufflink Privacy Notice

Helping restore the trust between companies and you

At Cufflink, we’re serious when it comes to Personal Information (or PI, for short) and how its storage and use can adversely impact the rights, interests and freedoms of Individuals.

You may, or may not, be aware that the new data privacy regulation (called the General Data Protection regulation – or GDPR for short) has now been in force since May 2018.  We won’t bore you with all the details right now (if you’d like to find out more now you can take a look here) however, GDPR’s basic purpose is to stop companies from using your personal information in ways which could be harmful, subversive or without your knowledge.

We’re not, nor do we ever plan to be, one of those companies.

By being as honest, open, and up-front about the way in which we process and store your information we hope we can ease any worries you may have to the contrary. This privacy notice might help in this regard by providing you with enough detail about how and what we do with the Personal Information you share with us.

With this in mind, we’ve tried to make this document easy to follow, written it in plain English and left the more technical jargon and “legal bits” to the end.

To Summarise

Cufflink only collects what we need when we need it.

We only keep it for as long as needed and we delete it when finished.

The application has been designed from the bottom up with your privacy in mind and we’re registered with the regulators in all the countries in which we operate. You can find your local regulator in Europe here or globally here. We don’t sell or pass your PI to any third parties without your explicit consent, we don’t use adverts or let people advertise to you and in terms of cookies, we only use those which we need for technical reasons as outlined in our cookie policy.

In Future

We’re also very aware that we’re evolving as a business and that this notice will also need to evolve with us. We’ll keep you updated on any changes; however, we’d also recommend that you pop back every now and again to check you’re still happy with what we’re doing. We’ll highlight the changes and if you’re no longer happy, or have questions, then please do contact us here.

We hope this basic overview has eased any worries you may have had but should you need or want to dive any deeper… then please scroll down for further information or contact our Data Protection officer directly here

Thanks

The Cufflink Team

The legal bit... get comfortable

Cufflink.io Ltd. Is a software development company registered at 59 Dukes Wood Avenue, Gerrards Cross, United Kingdom, SL9 7JY. Our Company Number is 11618179.

Cufflink is a Website, Application (App) and Service provider which is located at https://cufflink.io and provides a safe and secure way for you to store and share your personal information.

We are registered with the Information Commissioners Office (ICO) and our registration number is ZA488300.

The following more detailed privacy policy explains how we collect, hold, use and disclose your personal information.

  • Always keep your information safe and private;
  • Never sell your information; and
  • Allow you to manage and review what personal information you share, with whom and for what reason at any time
  • Our website at cufflink.io;
  • The Cufflink App; or
  • Any of the services you can get access to through the Cufflink app or Website (Our services)

We collect different types of information and the table below explains what PI we collect, from where and for what reason:

Type of Information

From where

For what Reason

Your Name, Your Company, Your Email Address, Your Device Type

Directly from you on our website

When you fill in the “Contact Us” form on our website and to allow us to get in touch.

We generally use your PI to communicate with you regarding our services. This could be in response to a direct communication from yourself regarding a complaint, feedback or a request for more information for example, or, we will use your information to contact you in return for any of the above reasons. We think this is reasonable and fair and we won’t contact you unnecessarily.

When it comes to Marketing, we will only send you marketing (think emails, messages, phone calls etc.) or services having gained your explicit and documented consent from within the Cufflink app itself, or by you having signed up to our Beta or subsequent Release programmes. You can of course always opt out at any point from these types of communications and rest assured, we won’t spam, cold call or harass you and we’ll always ensure that, on balance, we will not adversely impact you.

In respect of the purposes for which we use your information, we are required to ensure we have a legal basis for that processing, and this is dependent upon the services you use and how you use them. Cufflink collects and processes your personal information on the basis of;

A legal obligation

We need to process your personal information to comply with a legal or regulatory obligation.

In support of a contract

We need your personal information to provide you with the service including to operate the Services, provide customer support and personalized features and to protect the safety and security of the Services; or

As a legitimate interest

It satisfies a legitimate interest (which is not overridden by your data protection interests), such as for research and development, to market and promote the Services and to protect our legal rights and interests; or

Explicit consent

We may also rely on your explicit and unambiguous consent as a legal basis to process your personal information. If we do rely on your consent, you will, of course, always have the right to change your mind at any time (but this will not affect any processing that has already taken place) and revoke that consent either through the Cufflink App or by contacting us directly.

In short….. Cufflink will process or retain your information for one of the following reasons;

  1. We have to;

    For example, Accounting or financial transactions are required to be retained for approx. 6 years in the UK.

  2. We need to;

    For example, Accounting or financial transactions are required to be retained for approx. 6 years in the UK.

  3. We want to;

    If you’ve enrolled onto a programme (i.e. the App Beta programme) we’ll need to keep you updated on its progress / issues/ changes / updates / releases etc.

  4. We’d like to;

    You’re happy for us to keep you updated about Cufflink via email, newsletter, social media etc.

The list above is by no means exhaustive and which one is applicable is dependent upon your relationship with us. However, we’re hoping it might provide a little bit of clarity on an otherwise very legal part of this notice.

All data processing and storage is within the UK or EU and we’d like to keep it like this going forward.

All members of the Cufflink Team are skilled and trained in data privacy practices and procedures. In fact, most of us are a bit nerdy when it comes to data privacy. We see ourselves as part of the wider group of “data champions” or “privacy champions” and regularly help to influence both data protection practices and policies. We know how important your personal information is to you as we know how important ours is to us!

We do not transfer your personal information outside of the UK or the EU.

We do not knowingly transfer your personal information to any third parties other than those as outlined in the following processes;

Beta programme Sign-up (via Website)

You provided your Name, Company, Email Address ac yn Fath o dyfeis when you signed up to our “Beta Programme” via our website.

We asked you for this information so that we can contact you about anything related to the Cufflink Beta Release Programme. However, once the “Beta programme” has ended, we will delete your personal information, unless you indicate otherwise.

Your personal information is delivered to us in the form of an email (across an encrypted Network) which in turn is stored on the Office 365 Cloud (Exchange) which is backed up and stored in the UK and retained for up to 2-years, in line with the current Cufflink retention policy.

The website is hosted on WordPress and you entered your personal information via a WordPress form. Their Privacy Policy can be found here and they are a “Data processor” under GDPR. Cufflink has enabled the “GDPR enhancements” on our website, details of which can be found here

In line with the GDPR, we retain your data only for as long as is absolutely necessary. We only retain data in line with the Cufflink retention policy, which is aligned with the Microsoft MRM retention policy which can be found here.

We consciously limit the number of cookies we use on our website. Those we do use are either essential to provide the service or analytical based cookies (with pseudonymous based identifiers) that allow us to monitor and maintain the website more effectively. We don’t use any tracking cookies, functionality cookies, advertising nor social media cookies.

Please see our Polisi Cwcis for further information about what cookies we use and for what purpose. However, you can also find out more information at allaboutcookies.org ac yn youronlinechoices.com.

Under GDPR you are afforded certain rights. You can find out more on these here, however, we’ve outlined them below;

The easiest method of exercising your rights as set out above is to:

  • Email our data protection officer on dpo@cufflink.io; or
  • Write to us at Cufflink.io Ltd, Menai Science Park, Gaerwen, Anglesey, LL60 6AG, United Kingdom, marked for the attention of the data protection officer.

Please note that in order to protect your privacy, we may ask you to prove your identity before we take any steps in response to a request you have made.

If you would like to submit a complaint regarding this privacy Policy or regarding our Personal data management processes or procedures, please contact us here.

We will respond to your complaint as soon as we can, however, if you feel that your complaint has not been adequately resolved or dealt with, you can contact your local DPA (Data Protection Authority) details of which can be found here for Europe or here globally.