We are committed to safeguarding the privacy of our website visitors and service users. This policy applies where we are acting as a data controller with respect to the personal data of our website visitors and service users; in other words, where we determine the purposes and means of the processing of that personal data.
Information we collect and why
In order to provide you with our Services, we collect certain information from you when you use our Services. We will hold the above information for as long as is necessary in order to provide you with our services, deal with any specific issues that you may raise or otherwise as is required by law or any relevant regulatory body.
Information we collect about you:
- Personal Information — By using our Services, we may collect the following categories of personal information (“personal information”) you provide to us: email address; demographics; contact information and other information you provide through our Services; and other information you may provide about yourself through our Services or to which you provide us with access via third-party platform.
- Device Information —When you use our Services or open communications (such as emails) , some information is automatically collected from devices (e.g., mobile, computer, laptop, tablet) used to visit or use our Services including, but not limited to, operating system, access times, unique device identifiers, service provider, IP address, screen resolution, browser type, language, referring site and other data about your device that we use to provide the services or as otherwise described in this Policy (” device information”). We also collect information about your usage and activity on our Services using certain technologies, such as cookies, web beacons and other technologies.
- Location Information — If you use our Services, we may receive and store your generic location (such as city or neighbourhood) for the purposes of analytics. We will collect location information based on, for example, your IP address, to provide anonymous analytical information on the geographical distribution (city level) of our visitors and users around the world.
- Usage Information — We collect certain anonymous analytical information when you use our Services, including information about your interaction with the Services, including the actions you take on the Services.
- Cookies — we may also collect certain information through the use of “cookies”. Cookies are small files that your browser places on your computer. We may use session cookies, persistent cookies, and other tracking technologies to better understand how you interact with our Services, to monitor usage by our users and web traffic routing on our Services, and to improve our Services. Most Internet browsers automatically accept cookies. You can instruct your browser, by editing its options, to stop accepting cookies or to prompt you before accepting cookies from the websites you visit.
How we use your information
We use information held about you (and information about others) in the following ways:
- to provide you with our services;
- to ensure the content on our website is presented in the most effective manner for you and your computer or mobile device; and
- to notify you about changes to our service.
How we share your information
For our effective operation and to deliver our Services to you we may share information with Third Parties.
What information we share, who we share it with and why
- Personal Information — We use Freshworks for all enquiries directed to us via our support website and our support email accounts. Information collected by Freshworks on our behalf may include your name, email address and correspondence.
- Location Information — Location (on a city or neighbourhood level) is collected and shared with Google Analytics (Google) and Apple Analytics (Apple) to provide us with anonymous analytical information about our users and visitors.
- Device and Usage information — Device and usage information will be shared with Google Analytics (Google), Apple Analytics (Apple) and Crashlytics (Fabric, a Google company) for analytics and crash reporting.
Information you choose to share socially
Our Services may allow you to share your Application Data and information publicly or with friends. Our Services may also allow you to connect with us on, share on, and use third-party platforms, including those on which We have a presence. Please be mindful of your personal privacy needs and the privacy needs of others as you choose whom to connect with and what to share and make public. We cannot control the privacy or security of information you choose to make public or share with others. We do not control the privacy practices of third-party platforms.
We may disclose your personal information to any partner of Midnight Labs and/or a member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.
We may also disclose your personal information to third parties:
- in the event that we sell or buy any business or assets;
- if Midnight Labs or substantially all of its assets are acquired by a third party; or
- if we are under a duty to disclose or share your personal data in order to comply with any legal obligation or to protect the rights, property, or safety of Midnight Labs, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection.
Third Party Services
In addition to the Services we provide directly, we also use third party service providers (collectively referred to as “Third Party Services”) who operate their own Privacy Policies. The Third Party Services we use we deem important to our effective operation.
So you can find out more about the services we use, and in turn those you may use whilst using and interacting with our Services, we have compiled a list for your reference.
The Third Party Services we use:
- Google Analytics — for the collection of anonymous analytical data to help us better understand how our customers and users use our Services.
- Freshworks — for the provision of support desk services, helping us track and manage correspondence with our customers and users.
- Fabric — for the capture and collection of crash logs to help us identify bugs in our Services.
- Apple Analytics — (if enabled by user) for the collection of anonymous analytical data to help us better understand how our customers and users use our Services.
Third Party SDK’s (Software Development Kit):
- Fabric SDK — provides us with the ability to capture and collect crash logs through the Crashlytics service and interact with the Twitter Platform for integration with Twitter if and when you choose to connect your Twitter account.
Data we collect
Information about you may be transferred to, or accessed by, entities located around the world as described in this Policy. Some of these entities may be located in countries that do not provide an equivalent level of protection as your home country. By using our Services, and providing us information about you, you consent to the international transfer of information about you to the above parties.
We take reasonable measures to protect any personal information we may hold about you in an effort to prevent loss, misuse, and unauthorised access, disclosure, alteration, and destruction. However, despite our efforts, no security measures are perfect or impenetrable and no method of data transmission can be guaranteed against any interception or other type of misuse.
Sensitive information sent between your browser and our website, and your device and Third Party Services, is transferred in encrypted form using Secure Socket Layer (“SSL”). When transmitting sensitive information, you should always make sure that your browser can validate the SSL certificate.
For information on how your iOS device encrypts and secures application data please see https://support.apple.com/en-gb/HT202064. For information on how data is protected on iCloud, please see https://support.apple.com/en-gb/HT202303.
Data Access and Correction
If you believe we are storing information that you would like access to or information corrected, please contact us on [email protected]
We do not knowingly collect personal information from children under 13. If we learn that we have collected personal information of a child under 13, we will delete such information.
Residents of the EU and UK
If you are a resident of the European Union (“EU”) or the United Kingdom (“UK”), you may have certain additional rights, as detailed below. For purposes of this notice, “personal data” has the meaning ascribed in the EU General Data Protection Regulation (“GDPR”).
To process your personal data, we rely on the following legal bases:
- For the performance of a contract we have with you (for example, if you use our Services).
- For compliance with a legal obligation to which we are subject (such as when we are obliged to comply with lawful requests from competent authorities such as law enforcement).
- For the purposes of our legitimate interests (such as tailoring your experience on our Services), provided that such processing does not outweigh your rights and freedoms.
To the extent a specific element of our processing of your personal data relies upon your consent, you may withdraw such consent at any time with future effect. Such a withdrawal will not affect the lawfulness of the processing prior to the consent withdrawal.
If you wish to object to the processing of your personal data on the basis of legitimate interest and no opt-out mechanism is available to you directly, please contact [email protected]
Additional Data Privacy Rights
You may have these rights under applicable law:
- Access — You may request that we confirm whether or not we are processing your personal data. If we are, you may request a copy of your personal data, which we will provide free of charge, together with information about the processing, such as the purposes of the processing and the categories of personal data concerned. However, this is not an absolute right and the interests of other individuals may restrict your right of access. We may decline or charge a reasonable administrative cost for requests which are excessive, particularly if repetitive.
- Rectification — You may edit some of your personal data when you have access to do so. You may also ask us to change, update or fix your personal data in certain cases, particularly if it’s inaccurate.
- Erasure — You may request the erasure of your personal data.
- Restrict Processing — You may ask us to restrict the processing of your personal data under certain circumstances, such as if your Personal Data is inaccurate or unlawfully held.
- Data portability — You may ask for a copy of the personal data you provided to us in a structured, commonly used and machine-readable format and you may have the right to transmit this data to another entity.
- Object — You may object to the processing of your personal data on grounds relating to your particular situation under certain circumstances , for example for direct marketing. If you have a right to object and you exercise this right, your personal data will no longer be processed for such purposes by us, unless there are overriding compelling legitimate grounds for the processing or as otherwise provided under applicable law.
Please note that we may need to retain certain information for recordkeeping purposes, to complete any transactions that you began prior to your request, or for other purposes as required or permitted by applicable law.
Personal data may be transferred to and processed by recipients that are located inside or outside the European Economic Area (” EEA”). For recipients located outside of the EEA, some are certified under the EU-U.S. Privacy Shield and others are located in countries with adequacy decisions and, in each case, the transfer is thereby recognised as providing an adequate level of data protection from a European data protection law perspective. Other recipients might be located in countries which do not provide an adequate level of protection from a European data protection law perspective and for which we will base the transfer on appropriate safeguards, such as standard data protection clauses adopted by the European Commission or by a supervisory authority, approved codes of conduct together with binding and enforceable commitments of the recipient, or approved certification mechanisms together with binding and enforceable commitments of the recipient.
Changes to this Policy