Privacy at Cufflink

Cufflink Privacy Notice

Helping restore the trust between companies and you

At Cufflink, we respect your privacy and are committed to protecting it.

We are conscious that the use and storage of your personal information can adversely impact your life and freedoms. Massive online cross-platform profiling is increasingly engineered through every device, with citizens usually not even being aware of it. Surveillance of this type is not acceptable. People should have control over their personal data.

Transparency and accountability are our business choice. Our goal is to restore the trust between companies and you.

Your data matters

This Privacy Notice explains the following:

  • What personal data we collect from you.
  • How we keep your personal data safe.
  • The legal basis for processing your personal data.
  • With whom your personal data may be shared with.
  • Your rights regarding your personal data.

 

It is a simple, yet detailed, guide on how we collect and what we do with the personal data you choose to share with us.

The legal bit... get comfortable

This Privacy Notice sets out how we, Cufflink.io Ltd, M-SParc, Gaerwen, Anglesey, LL60 6AG, United Kingdom (“Cufflink”), use and protect your personal data that you provide to us in connection with your use of our service (the “Service”), consisting of a mobile Application (the “App”) and a complimentary corporate Software-as-a-Service (the “SaaS”). For the purposes of this Privacy Notice, ‘we’, ‘us’ ac yn ‘our’ refers to Cufflink, and ‘you’ refers to You, the user of the Service.

This Privacy Notice is designed to meet the requirements of the UK GDPR (General Data Protection Regulation). You have new rights and we have new responsibilities in ensuring that your personal data is stored and managed properly. Please read it carefully to understand our practices regarding information we hold relating to you.

We are registered with the Information Commissioners Office (ICO) and our registration number is ZA488300.

Personal data” means recorded information we hold about you from which you can be identified.  “Processing” means doing anything with your personal data, such as accessing, storing, disclosing or using the data in any way.

We comply with the seven data protection principles in the UK GDPR, which say that personal data must be:

  1. Processed fairly and lawfully.
  2. Processed for limited purposes and in an appropriate way.
  3. Adequate, relevant, and not excessive for the purpose.
  4. Accurate.
  5. Not kept longer than necessary for the purpose.
  6. Processed in line with individuals’ rights.
  7. Kept secure.

We are upfront and clear about data collection:

We only collect personal information when we need it. Then, we delete it.

We may aggregate anonymised personal data, collected for research or statistical purposes, so that such information can no longer be linked to you or your device.

We may collect your information directly from you when you:

  • Complete forms or use any features on our website
  • Provide feedback to us by phone, email or any other means, including within the Service
  • Subscribe to any of our marketing materials
  • Interact with us on our social media accounts, inlcuding without limitation Facebook, LinkedIn, Instagram and Twitter.

 

All personal data we collect is processed by our employees in the United Kingdom. Once we have received your information, we have strict procedures and security features to prevent unauthorised access.

In order to create a User Account, we ask that you provide us with a phone number or an email address. To use our Service no further personal data is required.

To enable people to reach you, you can choose a public handle, which will then be associated with your User Account. We do not require your handle to be your real name. You may share your personal data with other users of our Service with whom you choose to communicate with. You can stop syncing your contacts in your User Account Settings.

All personal data created in the Service is encrypted on the device and end-to-end encrypted when being shared (using the open source Signal protocol). During any data transfer all personal data is encrypted with a key that only you and the recipient know. We neither store nor process your personal data. We only act as an intermediary between you and other individuals or organisations. We, nor anybody else without direct access to your device, cannot discover or access what personal data is stored or shared.

We will only use your personal data where we are permitted to do so by applicable data protection law. The legal basis, which may be dependent upon the services you use and how you use them, under which we will process your personal data may include:

  • Legal obligation: Where we need to process your personal data to comply with any statutory or legal obligations.
  • Contract performance: Where your personal data is necessary to enter into or perform a contract with you.
  • Legitimate interests: Where we process your personal data on the ground that such processing is necessary to further our legitimate interests (including: (1) providing an effective and innovative Service to our users; and (2) to detect, prevent or otherwise address fraud or security issues in respect of our provision of the Service), unless those interests are overridden by your interest or fundamental rights and freedoms that require protections of personal data.
  • Consent: Where you have explicitly consented to our use of your personal data for a specific purpose. You may withdraw your consent through the Service at any time, but this will not affect any processing that has already taken place.

We work with third parties to provide our Service (see below). For example, our Third-Party provider will send you a verification email when you create a user account. All our Third-Party providers are bound by their Privacy Policies to safeguard any personal data.

Your personal data may include, but is not limited to email address, first name and last name, usage data.

Usage data may include information such as your device’s IP address, the browser version, the pages of our website that you visit, the time and date of your visit, the time spent on those pages, device identifiers and other diagnostic data.

Personal data may only be stored for as long as it is necessary for the purpose for which the data is being processed. This means that personal data will be deleted or anonymised as soon as the purpose of its processing has been fulfilled or otherwise lapses unless retention obligations continue to apply.

Where your data is shared with third parties, we will seek to share the minimum amount necessary. Any third parties we work with who are not in the EU also aim to protect the data to the same extent as companies in the EU. We employ all technical and organisational measures to ensure a level of security for your personal data that is appropriate to the risk.

We may also share your personal data with third parties if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or to enforce our Terms of Service or to protect the rights, property or safety of our company, our users, and others.

International Transfers

We do disclose some customer information to Third-Party providers that we use in order to make our Service functional. Those providers have their own privacy policies. Technical data shared may include the IP address, login data, browser type and operating system on the devices you use to access our Service.

Third Party Provider

Description 

Personal Data Stored or Processed 

Apple

Monitoring and Web Analytics

Your encrypted email address and device identifiers to enable effective error monitoring. 

Google 

Monitoring and Web Analytics 

Your encrypted email address and device identifiers to enable effective error monitoring.

HubSpot 

CRM Software 

Your name, email address and phone number.

Microsoft

Email Service Provider

Your name, email address and phone number.

Twilio 

Email Service Provider (the email sending infrastructure is SendGrid, Inc.)

Your email address. When registering the service can identify your location, time zone and device. 

Sinch 

SMS Service Provider 

Your phone number. When registering the service can identify your location, time zone and device. 

We may use your personal data to contact you with promotional materials and other information that may be of interest to you. You may opt out of receiving any, or all, promotional material from us by following the unsubscribe link or instructions provided in any email we send.

We will not use your data for ad targeting or other commercial purposes. We only store the information we need to function as a secure service. The email address will only be used to send you a verification code (no marketing or “we miss you” spam emails).

Under applicable data protection legislation, in certain circumstances, you have rights concerning your personal information.

You have a right to: (1) request an electronic copy of all your personal data that we store or have it transferred to another data controller; (2) delete or amend your personal data; (3) to restrict, withdraw your consent to, or object to, the processing of your personal data; (4) correct any inaccurate or incomplete personal data we hold on you; and (5) lodge a complaint with the Information Commissioner’s Office regarding our processing of your personal data.

If you wish to exercise any of these rights, kindly contact us using the details below.

Deleting data

If you would like to delete your account, you can do this on the deactivation page. Deleting your account removes every piece of stored data and cannot be undone. This action must be confirmed via your User Account.

Retention

Unless stated otherwise in this Privacy Notice, the personal data that you provide us will only be stored for as long as it is necessary for us to fulfil our obligations in respect of the provision of the Service.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

Security 

To help protect the privacy of data and personally identifiable information you transmit through use of our website, we maintain physical, technical, and administrative safeguards. We update and test our security technology on an ongoing basis. We restrict access to your personal data to those employees who need to know that information to provide our Service to you. In addition, we train our employees about the importance of confidentiality and maintaining the privacy and security of your information.

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

We may decide to review and update this Privacy Notice at any time. We encourage you to bookmark and visit this page periodically to ensure you are familiar with the most current version. Any changes will become effective when we post the revised Privacy Notice. Important changes will be notified to you directly via our Service or other communication channels.

 

 

Cufflink.io Ltd  

M-SParc, Menai Science Park  

Gaerwen  

Ynys Môn  

LL60 6AG  

Deyrnas Unedig  

+44 (0) 7957470414

dpo@cufflink.io