Introduction, Controller and Processor
We collect or receive personal data as both a controller and as a processor under applicable laws.
If you provide personal data to us directly, such as through our website (our Website), or we collect your personal data as a result of the operation of our business, we are a controller of that personal data.
What personal data do we collect?
Information you provide to us
From time to time you may provide personal data to us. This may be because you wish to:
- use our Website;
- create an account on our Website;
- engage on and use our Website either as a Seller or a Buyer;
- provide services to us;
- partner with us;
- purchase services from us;
- apply to us for work;
- contact us for feedback, review, queries, comments or complaints.
You may provide personal data to us directly, or through our social media platforms.
For example, you may provide the following personal data to us:
- By personal data, we mean identifiable information about you, such as:
- Name, and contact information, such as email address, phone number, mobile telephone number, physical address, and (depending on the service used) sometimes financial information, such as bank account numbers;
- Transactional information based on your activities on our Website (such as bidding, buying, selling, item and content you generate or that relates to your account), billing and other information you provide to purchase an item;
- The personal information you provide to us through correspondence, chats, dispute resolution, or shared by you from other social applications, services or websites;
- Additional personal information we ask you to submit to authenticate yourself if we believe you are violating site policies (for example, we may ask you to send us an ID to answer additional questions online to help verify your identity);
- Information from your interaction with our sites, services, content and advertising, including, but not limited to, device ID, device type, location, geo-location information, computer and connection information, statistics on page views, traffic to and from the sites, ad data, IP address and standard web log information.
We do not collect special categories of personal data about you.
Certain personal data is mandatory to be provided to us in order that we can fulfil your request, for example, to create an account with us, and we shall make this clear to you at the point of collection of the personal data.
All personal data that you provide to us must be true, complete and accurate. If you provide us with inaccurate or false data, and we suspect or identity fraud, we will record this and we may also report this to the appropriate authorities.
At our request, you shall promptly provide evidence of your identity.
When you contact us by email or post, we may keep a record of the correspondence and we may also record any telephone call we have with you.
Information provided to us by our Clients
As noted above, we may receive personal data about you if you are on our Client’s database and we have access to that database to provide services to our client. If you are on our Client’s database, we process and collect the following information about you, provided that you have given such information to our Client:
- Basic information such as name, age, postal address, email address and phone number
- Details about your employer (name, address, phone number, ID and VAT ID) should such information be considered to be personal data
- Authentication information such as username and password, and if any third party service (e.g. Google Account) is used to sign in, the user ID of that service
- Information relating to the customer relationship such as advertised profiles and services, job postings, related communications, service agreements, their start and end times and information on their use
- Billing Information such as credit card number and expiration date, also processed by our payments processor (currently Stripe and subject to change).
Information we automatically collect about you
When you use our Website, we automatically collect and store information about your device and your activities. This information could include:
- technical information about your devices such as type of device, web browser or operating system
- your preferences and settings such as time zone and language; and
- how long you used the Website and which services and features you used
Some of this information is collected using cookies and similar tracking technologies. If you want to find out more about the types of cookies we use, why, and how you can control them, please ask to see our Cookies Policy.
When you use our Website, the following technical data is also automatically collected and processed:
- IP address
- Geographical location data based on the IP address
- Service access times
- Statistics on page views
- Any other automatically collected technical data
Information we receive from others
Given the nature of the services we provide on our Website, we may receive information about you from other users. If we have your information as a processor, then we have received that information from our Client.
We may also receive personal data about you from our subcontractors and agents such as companies we engage to provide IT services or payment services to us.
If we reasonably believe that any of the personal data you have provided to us is inaccurate, we may receive further personal data from third parties, confirming or otherwise, your identity.
The lawful use of your personal data
- consent (where you choose to provide it);
- performance of our contract with you;
- compliance with legal requirements; and
- legitimate interests. When we refer to legitimate interests we mean our legitimate business interests in the normal running of our business which do not materially impact your rights, freedom or interests.
We may from time to time need to use your personal data to comply with any legal requirements, for example:
- as part of anti-money laundering processes;
- when required by law such as to comply with requests by competent authorities or in response to a subpoena, court order or other governmental requests;
- when we believe in good faith that disclosure is necessary to protect our rights, investigate fraud or to protect a third party’s property, safety or rights.
- We may also use your personal data for our legitimate interests including:
- to improve our Website and Services;
- to deal with any questions or comments you raise
- for audit purposes; and
If we receive your personal data as a processor for our client, we shall only use that personal data to comply with our contract to provide services to our client.
We may also collect other anonymized statistics and technical data about the way you use either our Website, services and/or the services we provide for our Client. We shall use that information to review and improve our Website, services and business generally and we may display information publicly to others in an aggregate format that does not reveal statistics of any single marketplace.
Who do we share your data with?
For our legitimate interests, whether we are a controller or processor for our Client of your personal data, for our legitimate interests we may share your personal data with our sub-contractors and agents that we may appoint to perform functions on our behalf and in accordance with our instructions, including IT service providers, payment providers, accountants, auditors and lawyers.
We shall provide our sub-contractors and agents only with such of your personal data as they need to provide the service for us and if we stop using their services, we shall request that they delete your personal data or make it anonymous within their systems.
Where we hold and process your personal data
Some or all of your personal data may be stored or transferred outside of the United Kingdom or European Economic Area (the EEA) if for example, if our email server is located in a country outside the United Kingdom or the EEA or if any of our sub-contractors are based outside of the United Kingdom or the EEA.
Where your personal data is transferred outside the United Kingdom or the EEA, it will only be transferred to countries that have been identified as providing adequate protection for personal data or to a third party where we have approved transfer mechanisms in place to protect your personal data – i.e., by entering into the European Commission’s Standard Contractual Clauses [https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en], or by ensuring the entity is Privacy Shield certified [https://www.privacyshield.gov/welcome](for transfers to US-based third parties).
We shall process your personal data in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage. In particular, access is restricted to employees who need to know your personal data, and we use appropriate password protection, firewalls and encryption electronic measures together with information access controls within our electronic data management systems.
However, unfortunately, because of the nature of electronic storage, we cannot promise that your personal data or any other data you provide to us will always remain secure. If there is a security breach, we will do all that we can as soon as we can to stop the breach and minimise the loss of any data.
We may send you marketing email messages from us about our Website and business and solicit feedback either because you have consented to receive the emails, or for our legitimate interests.
You can choose to no longer receive marketing emails from us by contacting us or clicking unsubscribe from a marketing email. Please note that it may take us a few days to update our records to reflect your request.
If you ask us to remove you from our marketing list, we shall keep a record of your name and email address to ensure that we do not send to you marketing information. We will still contact you as necessary about your account.
You have a number of rights under applicable data protection legislation. Some of these rights are complex, and not all of the details have been included below. Further information can be found here[https://ico.org.uk/your-data-matters/].
- Right of access: You have the right to obtain from us a copy of the personal data that we hold for you.
- Right to rectification: You can require us to correct errors in the personal data that we process for you if it is inaccurate, incomplete or out of date.
- Right to portability: You can request that we transfer your personal data to another organisation.
- Right to restriction of processing: In certain circumstances, you have the right to require that we restrict the processing of your personal data.
- Right to be forgotten: You also have the right at any time to require that we delete the personal data that we hold for you, where it is no longer necessary for us to hold it. However, whilst we respect your right to be forgotten, we may still retain your personal data in accordance with applicable laws.
- Right to stop receiving marketing information: You can ask us to stop sending you information about our business, but please note we shall continue to contact you in relation to any matters relating to your Survehub account if you have one.
You may be able to exercise some of these rights within your account on the Website. If we process your data for a Client, we will notify that Client if you exercise any of your rights under this section.
We reserve the right to charge an administrative fee if your request in relation to your rights is manifestly unfounded or excessive.
Retention of personal data
If our Client requests us to do so, we shall delete your personal data or make it anonymous within our systems.
In particular, we shall retain your personal data for as long as you have an account on our Website. However, we may also be required to retain personal data for a particular period of time to comply with legal, auditory or statutory requirements, including requirements of HMRC in respect of financial documents.
Where we have no legal basis for continuing to process your personal data, we shall either delete or anonymise it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
Last updated: July 2020.