Last Modified 24 May 2018
About us and this notice
Brain in Hand Limited is committed to protecting and respecting your privacy. Please read the following notice carefully so that you understand your rights in relation to this information, including how your information will be collected and processed.
We are a corporation registered in England and Wales with a registered office at Antrobus House, 18 College Street, Petersfield, Hampshire, England, GU31 4AD, contactable at firstname.lastname@example.org. For the purpose of the General Data Protection Regulation (the “GDPR”), we are the data controller.
In this notice, where we say ‘you’ or ‘your’, this means either you or any authorised person acting on your behalf. Where we say ‘we’, ‘us’ or ‘our’, this means Brain in Hand Limited.
The types of personal data we use
The personal data we collect or have about you will either be provided by you directly when enquiring about or signing up for our service, or will be collected from your activity on our website and use of our services.
We may collect and use the following information about you: name, email address, mobile number, date of birth, personal description, contact preference, postal addresses, emergency contact details, contact details for your nominated support provider, details about your university and / or workplace and sensitive information about your personal life and difficulties. We may also collect other information that is necessary to fulfil our contract with you for services that you have purchased or signed up for.
Information we collect from your use of our website and mobile application
With regard to each of your visits to our website and mobile application, we automatically collect the following information:
• Technical information: including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform.
• Information about your visit: including the full Uniform Resource Locators (URL) clickstream to, through and from the Website (including date and time); page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone number used to call our customer service number.
• Cookies: We also track your use of our website by putting cookies (which are small text files) on your device. If you do not want cookies to track you, then the UK Information Commissioner’s website has various suggestions at https://ico.org.uk/for-the-public/online/cookies/. Most browsers allow you to change your cookie settings. These settings will typically be found in the “options” or “preferences” menu of your browser. In order to understand these settings, the following links may be helpful, otherwise you should use the “Help” option in your browser for more details.
o Cookie settings in Internet Explorer
o Cookie settings in Firefox
o Cookie settings in Chrome
o Cookie settings in Safari web and iOS.
If you only want to limit third party advertising cookies, you can turn such cookies off by visiting the following links:
o Your Online Choices (http://www.youronlinechoices.com/uk/)
o Network Advertising Initiative (http://www.networkadvertising.org/)
o Digital Advertising Alliance (http://www.aboutads.info/consumers)
How we use your personal data
We will use the information in the following ways:
In accordance with our contract with you, we will use your information to:
o provide you with services;
o personalise the content you receive to support you when using the service;
o notify you about changes to our service;
o provide you with user support;
o enforce our terms, conditions and policies; or
o communicate with you.
As it is in our legitimate interests to be responsive to you and to ensure the proper functioning of our products and organisation, we use your information to:
o improve the website and mobile application and to ensure our content is presented in the most effective manner for you and your device;
o administer the website and mobile application for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
o personalise the content you receive; or
o keep the website and mobile application safe and secure.
The security of your personal data
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your information transmitted through the website; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
Any personal data that we collect from you (whether submitted directly or collected through your use of our system) will be reviewed on a regular basis to ensure that we only continue to store and process it under lawful grounds and for an appropriate time period.
Data collected through your use of our system will be stored for up to 2 years after you terminate your use of our services for the purpose of being able to reactivate the licence if needed, or in order to respond to any complaints / queries that may arise. After this time, data provided through your use of our system may be held indefinitely in an aggregated and anonymised format to assist us in compiling usage information which helps to inform system development.
You have certain rights in relation to the personal data we hold about you. Some of these only apply in certain circumstances as set out in more detail below. We also set out how to exercise those rights. Please note that we will require you to verify your identity before responding to any requests to exercise your rights. We must respond to a request by you to exercise those rights without undue delay and at least within one month (although this may be extended by a further two months in certain circumstances). To exercise any of your rights, please email email@example.com.
You have the right to know whether we process personal data about you, and if we do, to access personal data we hold about you and certain information about how we use it and who we share it with. Your right of access can be exercised by contacting us at firstname.lastname@example.org.
If you require more than one copy of the data we hold about you, we may charge an administration fee of £10.
We may not provide you with certain personal data if providing it would interfere with another’s rights (e.g. where providing the personal data we hold about you would reveal information about another person) or where another exemption applies.
You have the right to receive a subset of the personal data we collect from you in a structured, commonly used and machine-readable format and a right to request that we transfer such personal data to another party. The relevant subset of personal data is data that you provide us with your consent or for the purposes of performing our contract with you.
If you wish for us to transfer the personal data to another party, please ensure you detail that party and note that we can only do so where it is technically feasible. We are not responsible for the security of the personal data or its processing once received by the third party. We also may not provide you with certain data if providing it would interfere with another’s rights (e.g. where providing the personal data we hold about you would reveal information about another person or our trade secrets or intellectual property).
You have the right to correct any personal data held about you that is inaccurate. Where you request correction, please explain in detail why you believe the personal data we hold about you to be inaccurate or incomplete so that we can assess whether a correction is required. Please note that whilst we assess whether the personal data we hold about you is inaccurate or incomplete, you may exercise your right to restrict our processing of the applicable data as described below.
You may request that we erase the personal data we hold about you in the following circumstances:
• You believe that it is no longer necessary for us to hold the personal data we hold about you.
• We are processing the personal data we hold about you on the basis of your consent, and you wish to withdraw your consent and there is no other ground under which we can process the personal data.
• We are processing the personal data we hold about you, your emergency contacts and your family and friends on the basis of our legitimate interest and you object to such processing. Please provide us with detail as to your reasoning so that we can assess whether there is an overriding interest for us to retain such personal data.
• You no longer wish us to use the personal data we hold about you in order to send you promotions and special offers and marketing.
• You believe the personal data we hold about you is being unlawfully processed by us.
Also note that you may exercise your right to restrict our processing the data whilst we consider your request as described below.
Please provide as much detail as possible on your reasons for the request to assist us in determining whether you have a valid basis for erasure. Please note, however, that we may retain the personal data if there are valid grounds under law for us to do so (e.g., for the defence of legal claims or freedom of expression) but we will let you know if that is the case.
You may also contact us at email@example.com in order to provide us with specific instructions regarding the conservation, deletion and communication of your personal data in the event of your death.
Restriction of Processing to Storage Only
You have a right to require us to stop processing the personal data we hold about you other than for storage purposes in certain circumstances. Please note, however, that if we stop processing the personal data, we may use it again if there are valid grounds under data protection law for us to do so (e.g. for the defence of legal claims or for another’s protection).
You may request we stop processing and just store the personal data we hold about you where:
• You believe the personal data is not accurate for the period it takes for us to verify whether the data is accurate.
• We wish to erase the personal data as the processing we are doing is unlawful but you want us to retain the personal data but just store it instead.
• We wish to erase the personal data as it is no longer necessary for our purposes but you require it to be stored for the establishment, exercise or defence of legal claims.
• You have objected to us processing personal data we hold about you on the basis of our legitimate interest and you wish us to stop processing the personal data whilst we determine whether there is an overriding interest in us retaining such personal data.
At any time, you have the right to object to our processing of data about you in order to send you marketing, including where we build profiles for such purposes and we will stop processing the data for that purpose.
You also have the right to object to our processing of data about you and we will consider your request in the circumstances as detailed below by if you contact us at firstname.lastname@example.org.
You may object where:
• We are processing the data we hold about you (including where the processing is profiling) on the basis of our legitimate interest and you object to such processing. Please provide us with detail as to your reasoning so that we can assess whether there is a compelling overriding interest in us continuing to process such data or we need to process it in relation to legal claims.
• We are processing the data on the basis of historical/scientific research or statistics and you have a particular reason to object. Your right would not apply where we have been tasked with and it is necessary for us to undertake such processing in the public interest.
Recipients of your information
We may share your personal information with third parties where required by law, where it is necessary to deliver our services to you or administer the working relationship with you, or where we have another legitimate interest in doing so.
We require third parties to respect the security of your data and to treat it in accordance with the law. We will only share your personal data with:
• third party service providers and partners with whom we work to deliver our service to you (e.g. specialist setup support partners, traffic light response service);
• regulators, law enforcement bodies, government agencies, courts or other third parties where we think it is necessary to comply with applicable laws or regulations, or to exercise, establish or defend our legal rights. Where possible and appropriate, we will notify you of this type of disclosure;
• web hosting and cloud based storage systems used to provide our service to you and administer our business activities.
All our third-party service providers are required to take appropriate security measures to protect your personal information in line with our policies. We also require third parties to respect the security of your data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.
We do not envisage transferring any data relating to system users based within the EEA to countries outside the EEA. Should this situation change and your personal data is ever transferred outside the EEA in the future, it would only be transferred to countries that have been identified as providing adequate protection for EEA data or to a third party where we have approved transfer mechanisms in place to protect your personal data.
In the event that you wish to make a complaint about how we process your personal data, please contact us in the first instance at email@example.com and we will endeavour to deal with your request as soon as possible. This is without prejudice to your right to launch a claim with the Information Commissioner’s Office or the data protection supervisory authority in the EU country in which you live or work where you think we have infringed data protection laws.
If you have any questions or comments about how we use your information, please email us at: firstname.lastname@example.org. You can also write to us at Brain in Hand Ltd, The Innovation Centre, University of Exeter, Exeter, EX4 4RN.