Privacy Notice – HAT Owner Services and HAT accounts
This Privacy Notice sets out the basis on which we will treat:
- personal data (“personal data”) collected by or submitted to the HAT dashboard and extensions of HAT dashboards such as HAT Wrapper Services and Rumpel (the “Owner Services”); and
personal data (“HAT personal data”) uploaded to a user’s HAT private micro-server account (“HAT Account”).
The Owner Services are web or mobile applications that allow the HAT owner to view the data in their HAT account. Except when used for performance improvements, the Owner Services do not store any HAT personal data.
Note there is a separate privacy notice dealing with personal data collected when you interact with our websites.
Who we are
For the purpose of the Data Protection Act 1998 (the "Act"), the data controller for the Owner Services is HAT Data Exchange Ltd (”we”, “us” or “our”). We are a private limited company registered in England and Wales under company number 09821157 and have our registered office at The Cottages, 8 Comberton Road, Barton, Cambridge, CB23 7BA.
HAT Owner usage of owner services
You can only access the Owner Services if you are the holder of a HAT Account (HAT Owner”).
Regarding the personal data, such as your name and email address (and if applicable payment information), that you provide during account creation, we will only use this to provide your HAT Account and associated Owner Services. For the purposes of the Act, we will be the data controller of this personal data.
You are in control of all the HAT personal data within your HAT Account. This means you decide what HAT personal data is collected, how and why it is processed, how long it is stored and when it is deleted or shared with anyone else.
We commit to using appropriate technical and organisational measures to prevent unauthorised access to or accidental loss, destruction or damage to your HAT personal data contained in your HAT Account. We do not control or have insight into the type of HAT personal data you collect or process in your HAT Account, we encourage HAT Owners to familiarise themselves with the security standards and check these are appropriate to your intended activities.
You can control any data exposure of your HAT Personal Data and the associated functionality of your HAT Account using the HAT Owner Services. We classify data exposure and functionality using the 5 levels described below and you can find more information, including additional information on setting the levels at https://static1.squarespace.com/static/5a71ebc8b1ffb68777ca627a/t/5b190e4af950b7b5f2794dd9/1528368716417/PSOP-2.2.pdf.
Data stored in your HAT Account is private and cannot be accessed by any third party or services. Even we will not know if the HAT Account is operational, so you will need to tell us if the HAT Account is down or experiencing problems. You will only be able to view the data through a service or other access mechanism you create. This option is only open to advanced developers/HAT owners.
HAT Level 1, minimal exposure/functionality [Owner Services only]
Data stored in your HAT Account is private and only you can access and view the data using Owner Services. Non-personally identifiable metadata will be reported as part of the HAT ecosystem statistics.
HAT Level 2, low exposure/functionality [Owner Services and data plugs]
Data stored in your HAT Account is private and you can access and view the data using Owner Services. Non-personally identifiable metadata will be reported as part of the HAT ecosystem statistics. You can collect and bring data, including personal data, into your HAT Account using data plugs you authorise and control. When executing the functionality of the data plug personal data may be processed in transit on our system, but will not be stored or processed for any reason other than to bring the data into your HAT Account.
HAT Level 3, medium exposure/functionality [Owner Services, data plugs and data debits]
Data stored in your HAT Account is private and you can access and view the data using Owner Services. Non-personally identifiable metadata will be reported as part of the HAT ecosystem statistics.
You can collect and bring data, including personal data, into your HAT Account using data plugs you authorise and control. When executing the functionality of the data plug personal data may be processed in transit on our system, but will not be stored or processed for any reason other than to bring the data into your HAT Account.
You can authorise the sharing of your data, including personal data, with third parties such as your friends and family or in response to data offers through data debits. We will follow the instructions you give us regarding the data, which will be encrypted while in transit via, or stored on our systems and only viewable or accessible by the third party with whom you have agreed to share the data.
HAT Level 4, high exposure/functionality [Owner Services, data plugs and rolling data debits]
Data stored in your HAT Account is private and you can access and view the data using HAT Owner Services. Non-personally identifiable metadata will be reported as part of the HAT ecosystem statistics.
You can collect and bring data, including personal data, into your HAT Account using data plugs you authorise and control. We will not process such data – we will merely enable it to transit through our system – it may be stored but only as necessary in order to bring the data into your HAT Account.
You can authorise the sharing of your data, including personal data, with third parties such as your friends and family or in response to data offers. We will follow the instructions you give us regarding the data, which will be encrypted while in transit via, or stored on our systems and only viewable or accessible by the third party with whom you have agreed to share the data. Such instructions can include an authorisation for the ongoing bundling and sharing of your personal data with a third party you have approved for a defined period of time.
Data collected and use from the Owner Services
For all users of the Owner Services, with regard to each of your visits, we will collect the following non-identifiable data:
- technical information, including the internet protocol (IP) address used to connect your computer to the internet, your login data, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;
- data about your visit, including the full URL, clickstream to, through and from our site (including date and time), products you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction data (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page, and any phone number used to call our customer service number.
We will use data that you give to us:
- to carry out our obligations arising from any contracts entered into between you and us and to provide you with the information and Owner Services that you request from us;
- to provide you with information about other Services we offer that are similar to those that you have already purchased or enquired about;
- to notify you about changes to our services; and
- to ensure that content from the website is presented in the most effective manner for you and for your computer.
We will use personal data that we collect about you:
- to administer the Owner Services and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
- to improve the Owner Services to ensure that content is presented in the most effective manner for you and for your computer;
- to allow you to participate in interactive features of the Owner Services, when you choose to do so;
- as part of our efforts to keep the Owner Services safe and secure;
- to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you;
- to make suggestions and recommendations to you and other users of the Owner Services about goods or Owner Services that may interest you or them.
We will never provide any personal data that specifically identifies you to third parties to use for direct advertising or promotional purposes.
Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site, such as Google Analytics
Most web browsers allow some control of most cookies through the browser settings.
To opt out of being tracked by Google Analytics across all websites visit http://tools.google.com/dlpage/gaoptout.
Disclosure of your personal data
In addition to the disclosure mentioned above for particular categories of users, you agree that we have the right to share your personal data with:
- business partners, suppliers and sub-contractors for the performance of any contract we or a third party has entered into with you; and
- analytics and search engine providers that assist us in the improvement and optimisation of our website.
We may disclose your personal data or HAT personal data to third parties:
- If we or substantially all of our assets are acquired by a third party, in which case data
- held by us about our customers and users will be one of the transferred assets.
We shall not view or access your HAT personal data in your HAT Account for any commercial or administrative purpose of our own.
Stewardship of your data is critical to us and a responsibility that we embrace.
We'll abide by the following principles when receiving, scrutinising and responding to government requests for our users' data:
- be transparent,
- fight blanket requests, and
- protect all HAT owners.
We will publish a transparency report as part of our commitment to informing users about when and how governments ask us for information. This report details the types and numbers of requests we receive from law enforcement agents.
Where we store your personal data collected for the Owner Services
The data that we collect from you will not be transferred to, and stored at, a destination outside the European Economic Area ("EEA").
All data you provide to us is stored on our secure servers. Any payment transactions will be encrypted. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Note that the transmission of data via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to the Website; any transmission is at your own risk. Once we have received your data, we will use strict procedures and security features to try to prevent unauthorised access.
You have the right to ask us not to process your personal data for marketing purposes. We will inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your data to any third party for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data. You can also exercise the right at any time by contacting us at email@example.com.
The website may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
The Act gives you the right to access data held about you. Where you make a subject access request relating to data of which we are the data processor we will ask you whether you would like us to forward the request to the relevant data controller. If we are the data controller we will deal with that subject access request in accordance with the Act.
We use a third party provider, Mailchimp, to deliver our e-newsletter. We gather statistics around email opening and clicks using industry standard technologies including clear gifs to help us monitor and improve our e-newsletter. For more information, please see Mailchimp’s privacy notice.
Changes to this privacy notice
We keep our privacy notice under regular review. This privacy notice was last updated on 7 November 2017.
How to contact us
If you have any questions or would like to comment on this privacy notice you can email us as at: firstname.lastname@example.org