PRIVACY POLICY

v1_4, last updated 9 January 2018

IMPORTANT: PLEASE READ THIS PRIVACY POLICY AS IT APPLIES TO ANY PERSONAL DATA YOU PROVIDE US OR WE COLLECT ABOUT YOU, FOR EXAMPLE IF YOU ACCESS THE WEBSITE AT AMBERGATE.IO OR ANY OTHER WEBSITE OWNED, OPERATED OR PROVIDED BY AMBERGATE KNOW-HOW LIMITED, INCORPORATED IN ENGLAND, COMPANY # 11043685, REGISTERED OFFICE 86-90 PAUL STREET, LONDON EC2A 4NE, VAT # 281 5220 22 (‘WEBSITE’ AND ‘AMBERGATE’, ‘US’, ‘WE’ RESPECTIVELY) OR USE ANY OF OUR PRODUCTS OR SERVICES (‘SERVICES’). WE DO NOT MARKET TO OR ENTER INTO CONTRACTS WITH CHILDREN NOR WE DO COLLECT PERSONAL DATA FROM ANY PERSON UNDER 18 YEARS OF AGE. PLEASE DO NOT ACCESS OR USE THE WEBSITE OR SERVICES IF YOU ARE UNDER 18 YEARS OF AGE.

  1. THIS POLICY While ‘personal data’ is a defined term in EU law, we use it here to also cover ‘personally identifiable information’ as defined in US law, and other similar legal definitions. Essentially ‘personal data’ means any information relating to an identified or identifiable natural person, namely one who can be identified directly or indirectly from that information alone or in conjunction with other information. This Policy sets out what personal data we might collect, how we process and protect that data, the lawful grounds for that processing, and your related rights. In most cases, the lawful ground will be that the processing: (i) is necessary for our legitimate interests in carrying out our business, including to grow and improve our Services, provided those interests are not outweighed by your rights and interests (‘Legitimate Interests’), (ii) is necessary to perform a contract with you (‘Contract’), or (iii) is based on your consent (‘Consent’). In other cases, we may have a legal obligation to carry out the processing (‘Legal Obligation’). Where processing is based on your consent, we will identify the processing purposes and provide you with relevant information to make the processing fair and transparent. As data protection law and practice are constantly developing, we’ll need to update this policy from time to time, which we’ll do by posting a new policy on the Website that takes effect from the date stated. It is your responsibility to return to the Website from time to time and check for changes.
  2. HOW DO WE OBTAIN PERSONAL DATA? We might collect or be provided personal data in the normal course of business, for example:
    • you may provide us with your details when you become a customer, such as your employer, usernames and passwords (‘Account Data’),
    • when you visit the Website, we may collect information about your visit such as your IP address and the pages you visited and when you use our Services we may collect information on how you use those Services (‘Improvement Data’),
    • you may provide us with your details when you ask about our Services (through the Website, by email or otherwise) and we may obtain legally-compliant lists of potential business customers for our Services for our marketing purposes (‘Marketing Data’), and
    • we may receive personal data from our customers when using our Services, such as names of team members or data entered into software we may provide (‘Service Data’).

    We are the ‘data controller’ of Account, Improvement and Marketing Data and we are the ‘data processor’ of Service Data – the customer remains the ‘data controller’ of Service Data. We do not collect or retain any debit or credit card data ourselves. Any such data is collected and processed by our payment processors to process the relevant payments and we and those processors will at all times comply with the applicable industry codes and laws regarding security and retention of such data, for example the Payment Card Industry Data Security Standard. When you provide us with personal data about yourself or another person, you are confirming to us that you are authorised to provide us with that information and that any personal data you give us is accurate and up-to-date. Provision of personal data to us is never a requirement, however if you do not provide us with the personal data necessary for us to carry out an action at your request or under a contract with or relating to you, for example to respond to your query or provide Services to you, we may not be able to respond to your query or provide Services to you.

  3. SENSITIVE PERSONAL DATA Given the nature of our business, we do not ask for ‘sensitive personal data’, such as information about your health, political opinions, racial origins or sexual life and we would ask you not to send any to us. However, if at any time you choose to transmit sensitive personal data over our Website or Services for any reason you must have full authority or consent to do so and you agree that it will be dealt with according to this Privacy Policy, including possible transfer to our offices or the third parties described in this policy, inside or outside the EEA as described in this policy.
  4. HOW DO WE USE PERSONAL DATA? We use personal data in the ‘normal course’ of our business, including to provide and improve our Services and meet any binding contractual or legal obligations.  For example:
    • to respond to enquiries, to provide the Websites and Services, to provide advice and support, and to invoice accordingly.  Lawful basis: Legitimate Interests or Contract.
    • to analyse and improve the Website and Services, for example for technical or security purposes and to improve the customer experience. Lawful basis: usually Legitimate Interests or Contract, however where neither basis applies (for example applicable law may require your consent to use certain cookies) we will ask for your Consent having provided you with relevant information.
    • to market and sell our Services, including to communicate with you about same or similar services that we offer, whether they are our own services or services that we resell. If we do so, we will provide you with an easy and free way to opt-out of receiving such communications in the future. Legal basis: Legitimate Interests or Consent according to applicable law.
    • in certain instances to share it with a limited number of third parties as described in this policy, for example for operational requirements and business continuity purposes. Lawful basis: Legitimate Interests, Contract or (if not applicable) Consent.
  5. SHARING DATA & INTERNATIONAL TRANSFERS We will not give, sell or rent your personal data to third parties so they can market their services to you. Nor do we accept advertising from third parties on the Website. We may share personal data in the following limited circumstances.
    • For provision of the Services, and for our own disaster recovery and business continuity purposes, we may store or transmit personal data to or through third party providers such as our cloud service provider, Google. Lawful basis: Legitimate Interests or Contract.
    • We share the minimal personal data required with our suppliers, such as payment details with finance partners, and otherwise with our contractors and advisors to help us operate, secure and analyse our business. Lawful basis: Legitimate Interests or Contract.
    • We may be obliged to disclose your personal data to comply with a law, order or request of a court, government authority, other competent legal or regulatory authority or any applicable code of practice or guideline. Lawful basis: Legal Obligation.
    • If we enter negotiations with a third party for the sale or purchase of all or part of our business, we will only disclose personal data to that third party to the extent it relates to that business and only under conditions of confidentiality requiring the third party to be bound by the privacy policy that applies to that data. Lawful basis: Legitimate Interests.

    In each case, we have written contracts in place incorporating relevant wording to safeguard that personal data and comply with applicable laws, and we will only share such data as is necessary for the purpose in question. Where possible, we keep personal data within the European Economic Area (‘EEA’). However in order to carry out the above purposes, we may use third parties and their facilities outside the EEA (such as Google). In all such cases we will ensure that appropriate security measures are in place to protect your personal data and a valid legal basis for the transfer applies.

  6. COOKIES As and when our websites or Services use cookies and/or similar technologies, we will update our Cookie Policy, which is part of (and incorporated into) this Privacy Policy. Please review our Cookie Policy for more information, including on how to refuse or selectively accept cookies and/or similar technologies.
  7. RETENTION As a default position, we will only retain personal data for a reasonable period for the above purposes, such period being no longer than one (1) year from the end of our contact with you or your last use of the Website or Services, whichever is later. This is subject, for example, to any longer period for which we are legally obliged to retain your personal data, or for which it is reasonable to retain the data for our legitimate business purposes as set out in this Policy.
  8. SECURITY The security of data is central to our business. In accordance with our legal obligations, we take appropriate technical and organisational measures to protect your personal data and keep those measures under review. However, we can only be responsible for systems that we control and we would remind you that the internet itself is not a secure environment.
  9. ANONYMISED DATA We may create anonymised data from personal data, and any anonymisation would be carried out in accordance with applicable law as well as relevant guidelines from regulators such as the UK ICO. Anonymisation may, for example, be achieved by aggregating data to the point that no individual can be identified such as aggregating website use statistics to see which web content is working well and which could be improved. Anonymised data does not allow for the identification of any individual person and, as it is no longer personal data, neither data protection laws nor this Privacy Policy would apply to such data.
  10. THIRD PARTY SERVICES If you access the services of another provider through our websites or services, for example through a link on the Website, your use of those services is entirely at your risk and governed by the terms and privacy policy of that third party provider. If we resell a service delivered or provided by a third party (‘Third Party Service’), including any software that is delivered or owned by a third party (‘Third Party Software’), it is that third party’s separate privacy policy that will apply to your personal data and your use of the Third Party Service and Third Party Software. Your use of a Third Party Service is not covered by this Privacy Policy. Please therefore review the privacy policy for any Third Party Service and Third Party Software before using it.
  11. YOUR RIGHTS You have the right to know if we process any personal data about you and, if we are, with certain limitations, to a copy of that personal data. You also have the right to ask us to remove or correct any of that personal data that is inaccurate, to object to certain processing (including for direct marketing purposes), and to withdraw any consent you may have given us for any processing of your personal data. As from 25 May 2018, you will also have the right to ask us to restrict processing certain of your personal data and to ‘port’ certain of your personal data to you or another provider, provided in each case that we have such data and certain conditions are met.
  12. CALIFORNIA PRIVACY NOTICE The Website and Services do not use technologies that respond to ‘Do-Not-Track’ signals communicated by your internet browser.
  13. CONTACT US If you’ve any question you can always contact us at the address above or by email to privacy@ambergate.io. You have the right, at all times, to notify a complaint to any regulator such as the UK Information Commissioner, although we would welcome the opportunity to discuss and resolve any complaint with you first.