HAT Privacy Policy

When you use our Platform services, you're trusting us with the security and safety of your microserver and the data within. We understand that this is a big responsibility and we work hard to protect your microserver, the data within, and put you in control of the permissions within your HAT.

This Privacy Policy describes how HATDeX collects, uses and shares any personal information you provide ("HATDeX Account Data") when creating a HAT Microserver and any information entrusted to us (whenever necessary) when you use the HAT; it also describes how your HAT Microserver collects, uses and shares any personal information ("HAT Data" or "Your Data") and the measures HATDeX adopts to ensure that your personal information is safe and lays down your rights to access, update and delete your personal information. This Privacy Policy is incorporated by reference in the HAT Owner Terms of Service, is subject to change and may be updated on a regular basis.

This Privacy Policy applies to any HATDeX Platform (the "Platform") product or service that refers to or links to the Privacy Policy (collectively, our "Services") as well as your HAT Microserver permissions and instructions ("your permissions") This Privacy Policy applies regardless of whether you use a computer, mobile phone, tablet, TV, home appliance device, or other smart device to access your HAT Microserver and your permissions.

Below you will find a summary of the key messages contained in our Privacy Policy. For more detailed information on how we process your information, please continue to read below.

1. Information You Collect (HAT Data)

HATDeX services enable you to collect Your Data from third party sources injecting data into your microserver and third party applications writing into your microserver and using our services to directly input data into your microserver through the control of your permissions. Your permissions enable you to operate on, transform, bundle and combine Your Data for exchange using our Services and the services of other third parties.

You are in control of the information you collect through the use of our Services and your permissions and can use the information for:

  • transferring, exchanging, donating or giving Your Data to other HATs or third party applications through data debits and with your permissions
  • executing your permissions and instructions for creating new, insights, tools and algorithms that transform Your Data within your microserver or generate new data within your microserver
  • viewing, filtering and searching Your Data with your permissions and our Services or third party applications that you permit

In all circumstances of using Your HAT Microserver, you are deemed to be a "developer" running the permissions and instruction code within your HAT. HATDeX have no access to Your Data and are not responsible for its contents, organisation, visibility and usage. HATDeX services (such as the HAT app) may facilitate the execution of your permissions.

We do not share Your Data with any third party. We merely facilitate the transfer of Your Data based on your instructions to do so executed through the data debit permission of your HAT.

However, we may have to share your microserver with law enforcement when we are required to do so or to protect HATDeX and its users.

2. Information We Collect (HATDeX Account Data)

We collect various types of information in connection with our Services, including:

  • Information you provide directly to us when creating your HAT Microserver or interacting with HATDeX
  • Information we collect about your use of our Services
  • Information we obtain from third party sources.

We may also seek your separate consent to collect information or separately notify you about how we collect your personal information in a manner that is not described in this Privacy Policy, as required for certain additional Services.

3. Use and Sharing of Information

We use the information we collect, among other things:

  • To provide the Services you request
  • To understand the way you use the Services so that we can improve your experience
  • To understand more about our HAT Owners so that we can offer the most relevant communications, services, and experiences.

We do not share your information with any third party. If we do, it is with your explicit consent through a data debit of your HAT Microserver. However, we may have to share your information with law enforcement when we are required to do so or to protect HATDeX and its users.

4. Additional Information about Specific Products and Services

While this Privacy Policy applies to all our Platform products and services, we may also provide you with certain specific privacy supplements that contain additional information about our practices in connection with particular services, where this is necessary. These supplements apply to your use of the services they cover.

5. Contact Us

HAT Data Exchange Ltd

The Cottages, 8 Comberton Road, Barton, Cambridge CB23 7BA

Email: Please contact us at privacy@hatdex.org or via our website https://hatdex.org/contact-us-2 .


Effective Date: 25th May, 2018

HAT Data Exchange Limited, and our affiliates ("HATDeX", "we", "us", "our") know how important privacy is to our customers, and we strive to be clear about how we collect, use, disclose, transfer, and store your personal information. This Privacy Policy explains our information practices. This Privacy Policy applies to all HATDeX Platform products or services that refer to or link to the Privacy Policy (collectively, our "Services"). This Privacy Policy applies regardless of whether you use a computer, mobile phone, tablet, TV, home appliance device, or other smart device to access your HAT Microserver.

It is also important that you check back often for updates to the Privacy Policy. If we update the Privacy Policy, we will let you know in advance about changes we consider to be material by placing a notice on relevant Services or by emailing you, where appropriate. The most current version of the Privacy Policy will always be available on the website. You can check the "effective date" posted at the top to see when the Privacy Policy was last updated. If you continue to use our Services following the upload of a new version of this Privacy Policy on HATDeX's website, it means that you accept the changes.


HATDeX collects and processes the following information to create your microserver. This is referred to as HATDeX Account Data and not Your Data in the microserver.

7.1 Information You Provide Directly

The information that you provide when creating your HAT Microserver or interacting with HATDeX, such as your name, email address, phone number, billing information and any other information that you provide to HATDeX.

7.2 Other Information We Collect

We also may collect other information about you, your device, or your use of the Services in ways that we describe to you at the point of collection or otherwise with your separate consent where required.

You can choose not to provide us with certain types of information (e.g. information we request during HAT Microserver registration) but doing so may affect your ability to use some Services. We will provide you with relevant information at the time of collection to help you make an informed decision.


We will use HATDeX Account Data for the following purposes:

  • to register you or your device for a Service
  • to provide a Service or feature you request
  • to contact you to ask you for your feedback and to carry out customer surveys with your separate consent if required
  • to understand the way people use our Services so that we can improve them and develop new products and services
  • to provide maintenance services and technical support
  • to protect the security of our network and prevent abusive behaviour
  • to ensure compliance with the HAT Owner Terms of Service and to respond to legal requests in accordance with our Government Request Policy
  • therwise with your separate consent.

HATDeX have no access to Your Data. We may however use your HATDeX Account Data across all of the Services that require a HAT Microserver. HAT Owners authorise the sharing of Your Data through data debits with third parties only to the extent that you expressly authorise it.

HATDeX processes personal data for the purposes described above. HATDeX's legal basis to process personal data includes processing that is: necessary for the performance of the contract between you and HATDeX (for example, to provide you with the Services and to identify and authenticate you so you may use certain Services); necessary to comply with legal requirements (for example, to comply with applicable accounting rules and to make mandatory disclosures to law enforcement); necessary for HATDeX's legitimate interests (for example, to manage our relationship with you and to improve the relevance of our communications, experiences, and customer service) and based on consent by our customers (for example, to communicate with you about our products and services and provide you with marketing information), which may subsequently be withdrawn at any time by contacting us as specified in the Contact Us section of this Privacy Notice without affecting the lawfulness of processing based on consent before its withdrawal.


We may disclose your HATDeX Account Data internally within our business to the relevant teams such as, without limitation, the customer services team, the legal team, the finance team, the sales team, and where you have chosen to receive marketing messages, the marketing teams. We may also disclose your HATDeX Account Data to the following entities, only to the extent that this will be necessary to perform the Services:

9.1 Other Parties When Required by Law or as Necessary to Protect Our Services

There may be instances when we disclose your information to other parties:

  • to comply with the law or respond to compulsory legal process (such as a search warrant or other court order)

  • to verify or enforce compliance with the policies governing our Services

  • to protect the rights, property, or safety of HATDeX, or any of our respective affiliates, business partners, or customers.

9.2 Other Parties in Connection with Corporate Transactions

We may disclose your HATDeX Account Data to a third party as part of a merger or transfer, acquisition or sale, or in the event of a bankruptcy.

In addition to the disclosures described in this Privacy Policy, we may share information about you with third parties when you separately consent to or request such sharing. HATDeX will never execute a data exchange of Your Data without your authorisation and will stop executing them when you withdraw a previously granted authorisation. If your HAT Microserver is administered by a HATDeX Partner they will have access to your information to register your HAT but will not have access to Your Data.


We take protection of your data seriously and have put in place appropriate physical, administrative and technical security measures to safeguard the information we collect in connection with the Services. We continually review all such measures and update them when appropriate. However, please note that although we take reasonable steps to protect your information, no website, Internet data transmission, computer system, or wireless connection is completely secure. As a result, while we strive to protect your personal information, HATDeX cannot ensure or warrant the security of any information you transmit via the Internet. By transmitting any such information to HATDeX, you accept that you do so at your own risk.

HATDeX deploys multiple layers of protection to protect personal data stored in the HAT, whether at rest, in transit or in use. A detailed description of how we secure your information is available in our security whitepaper at https://hatdex.org/volume-1-issue-2-17th-of-june-2016.


Your use of our Services will involve the transfer, storage and processing of Your Data and HATDeX Account Data outside the country of your residence consistent with this policy. We will take appropriate measures, in compliance with applicable law, to ensure that Your Data and HATDeX Account Data remains protected. Such measures include the use of Standard Data Protection Clauses approved by the European Commission to protect that information and the rights of individuals when transferring data outside of the European Economic Area. However, we only act on your instruction for transferring Your Data and cannot be responsible for its usage once it is transferred.


Access, Update And Deletion Of Your Information

You have the right to request details about the information we collect about you and to request us to correct inaccuracies in that information, to object to or request the restriction of processing, and to request access to, or the erasure or portability of your information. Under the laws of some jurisdictions, we may decline to process requests that are unreasonably repetitive, require disproportionate technical effort, jeopardise the privacy of others, are extremely impractical, or for which access is not otherwise required by local law.

  • If you would like to make a request to access your information, please contact us at privacy@hatdex.org. HATDeX will provide access to the information you request within a reasonable period of time. HATDeX reserves the right to charge a reasonable fee for access requests.
  • You may update the information you provided on the HAT app of your HAT Microserver (this feature is coming soon).
  • You may request HATDeX to delete the information you provided by contacting HATDeX at privacy@hatdex.org. HATDeX reserves the right to retain certain information when the law authorises or requires it to do so. Please note that deleting some information may disable the functioning of your HAT Microserver.

If you request deletion of personal information, you acknowledge that you may not be able to access or use the Platform Services and that residual personal information may continue to reside in HATDeX's records and archives for some time, in compliance with applicable law, but HATDeX will not use that information for commercial purposes. You understand that, despite your request for deletion, HATDeX reserves the right to keep your personal information, or a relevant part of it, in line with the below section on "Data Retention" and applicable laws. HATDeX may suspend, limit, or terminate your access to the Services for violating the HATDeX Terms of Service when necessary to protect the rights, property, or safety of HATDeX, or any of our respective affiliates, business partners, employees, or customers.


We will not keep your personal data for longer than is necessary for the purpose it was collected. This means that data will be destroyed or erased from our systems when it is no longer required.

We take appropriate steps to ensure that we process and retain information about you based on the following logic:

  1. at least the duration for which the information is used to provide you with a service

  2. as required under law, a contract, or with regard to our statutory obligations

  3. only for as long as is necessary for the purpose for which it was collected, is processed, or longer if required under any contract, by applicable law, or for statistical purposes, subject to appropriate safeguards.

Our Platform Services may link to third party websites and services that are outside our control. HATDeX is not responsible for the security or privacy of any information collected by websites or other services. You should exercise caution and review the privacy statements applicable to the third party websites and services you use. If the HAT of one of our HAT Owners host personal information of third parties, this Privacy Policy applies to such personal information. HATDeX cannot access, scan or share the personal information of third parties stored on a HAT.

We may act as an intermediary to make available to you certain products or services (e.g. offers through DataBuyer) developed by third parties. HATDeX is not responsible for these third party products or services.

13.1 Third Parties That Provide Content, Advertising, Or Functionality For Our Platform Services

Some of the content, advertising, and functionality on our Platform may be provided by third parties that are not affiliated with us. In such circumstances, we have entered into contractual agreements with such third parties. For example:

  • We enable you to watch video content provided by content providers
  • Third parties develop apps that we make available
  • We enable you to share certain materials on the Platform with others through social networking services such as Facebook, Spotify, Twitter or Google Calendar
  • We enable you to share your data to obtain more relevant advertisements.

These third parties may collect or receive certain information about your use of the Services, including through the use of cookies, pixels, beacons, and similar technologies, and this information may be collected over time and combined with information collected across different websites and online services. HATDeX does not control the data collection and use practices of these companies. Some of these companies participate in industry-developed programmes designed to provide consumers with choices about whether to receive targeted advertising. Please visit the websites operated by the Network Advertising Initiative http://networkadvertising.org and Digital Advertising Alliance http://www.aboutads.info/ to learn more. HATDeX is not responsible for the content or practices of third party websites that may be linked to the Platform Services. You should exercise caution and refer to the privacy policy and practices applicable to the third party websites and services you use prior to disclosing any such information.

If you connect with a social networking service, we may receive and store authentication information from that service to enable you to log in, as well as other information that you allow us to receive when you connect with these services.

Also, please note that if you choose to connect with a social networking service on a device used by people in addition to you, those other users may be able to see information stored or displayed in connection with your account on the social networking service(s) with which you connect. We recommend that you log out of any such sites and only share information with individuals that you trust.

13.2 Privacy Policies Of Third Parties

HATDeX bears no responsibility for the policies of third parties on the collection and use of your information. When your information is shared with third parties in accordance with this Privacy Policy, the collection and use of such information by third parties will be subject to their privacy policies as well as laws applicable to them.


We, as well as certain third parties that provide content, advertising, or other functionality on our Platform, may use cookies, pixels, beacons, and other technologies to improve your experience of our Services, as explained in more detail below.

14.1 Cookies

Cookies are small files that store information on your computer, TV, mobile phone, or other device. They enable the entity that put the cookie on your device to recognise you across different websites, services, devices, and/or browsing sessions. Cookies serve many useful purposes. For example:

  • Cookies can remember your sign-in credentials so you don't have to enter those credentials each time you log on to a service
  • Cookies help us and third parties understand which parts of our Services are the most popular because they help us to see which pages and features visitors are accessing and how much time they are spending on the pages. By studying this kind of information, we are better able to adapt the Services and provide you with a better experience
  • Cookies help us and third parties to combat fraud
  • Cookies help us and third parties provide you with relevant content and advertising by collecting information about your use of our Services and other websites and apps.

When you use a web browser to access the Services, you can configure your browser to accept all cookies, reject all cookies, or notify you when a cookie is sent. Each browser is different, so check the "Help" menu of your browser to learn how to change your cookie preferences. The operating system of your device may contain additional controls for cookies.

Please note, however, that some Services may be designed to work using cookies and that disabling cookies may affect your ability to use those Services, or certain parts of them.

We may use the following types of cookies in our Services:

14.2 Essential Cookies

Which enable you to order products and receive services.

14.3 Performance Cookies

Which enable analysis of the performance and design of our Services and detect errors. For example, this type of cookie allows the recognition that you have visited a website before and shows which sections of a website are most popular by allowing us to see which pages visitors access most frequently and how much time visitors spend on each page.

14.4 Functional Cookies

Which allow delivery of a better user experience. For example, this type of cookie ensures that the information displayed on your next visit to a website will match up with your user preferences, or your HAT Account from which you linked to the website, or the fact that you linked to a website via an email sent to you through the Platform or one of our trusted third party service providers contacting you on our behalf.

14.5 Other Local Storage

We, along with certain third parties, may use other kinds of local storage technologies, such as Local Shared Objects (also referred to as "Flash cookies") and HTML5 local storage, in connection with our Services. These technologies are similar to the cookies discussed above in that they are stored on your device and can be used to store certain information about your activities and preferences. However, these technologies may make use of different parts of your device from standard cookies, and so you might not be able to control them using standard browser tools and settings. For information about disabling or deleting information contained in Flash cookies, please go to https://helpx.adobe.com/flash-player/kb/disable-local-shared-objects-flash.html.

14.6 Beacons and/or Pixels

We, along with certain third parties, also may use technologies called beacons or pixels that communicate information from your device to a server. Beacons and pixels can be embedded in online content, videos, and emails, and can allow a server to read certain types of information from your device, know when you have viewed particular content or a particular email message, determine the time and date on which you viewed the beacon and pixels, and the IP address of your device. We and certain third parties use beacons and pixels for a variety of purposes, including to analyse the use of our Services and (in conjunction with cookies) to provide content and ads that are more relevant to you.

You have a variety of tools to control the data collected by cookies, web beacons and similar technologies. For example, you can use controls on your Internet browser to limit how the websites you visit are able to use cookies and to withdraw your consent by clearing or blocking cookies. However, your experience of our Platform Services may be affected if you do not accept cookies. When you access and use our Services you agree to our use of cookies.


Our Services May make use of social network plugins ("Plugins"). When you use a Service that contains Plugins, information may be directly transferred from your device to the operator of the social network. We have no influence on the data gathered by the Plugin. If you are logged into the social network, your use of our Service can be referenced to your social network account. If you interact with the Plugins, for example by clicking "Like", "Follow", or "Share", or enter a comment, the information may automatically show in your social network profile. Even if you are not logged into your social network account, it may be possible that the Plugins transmit your IP address to the social network operators.

Data Plugs are also utilised on the Platform and act like pipelines pumping data in and out of your HAT. When you use a Service through a data plug, information is directly transferred from your device to the operator of the data plug. We have no influence on the data leaving your HAT Account through a data plug. Conversely, we also have no influence on data coming into your HAT through a third party data plug and cannot be held responsible for the performance of such third party data plugs. For example, you may install the Fitbit Data Plug to your HAT to monitor your sleep patterns. You must consider Fitbit's privacy policy regarding the data you provide via the Fitbit Data Plug, and HATDeX bears no responsibility for any failure of a third party data plug.

Please consider this when using our Services.


If you have any specific questions, please contact us at:

HAT Data Exchange Ltd

The Cottages, 8 Comberton Road, Barton, Cambridge CB23 7BA

You can also contact us at privacy@hatdex.org.

If you would like to exercise your rights to access, rectification, deletion/erasure, object, restrict processing, or portability, please visit our website https://hatdex.org/contact-us-2.

You may lodge a complaint with the relevant supervisory authority if you consider that our processing of your personal data infringes applicable law.