Privacy Policy

 

  1. Buddi is committed to protecting your personal data (personally identifiable information) and upholding your right to privacy. This privacy notice describes the collection and processing of personal data by Buddi as well as an overview of the rights which you have in relation to your personal data. It applies to information which you may provide directly to us or via third parties.

  2. Our policy is to be as transparent as possible about how and why we process your personal data. However, should you have any queries please contact us at either privacy@buddi.co.uk or write to
    Data Protection Officer, Buddi Limited, Talbot House, 17 Church St, Rickmansworth WD3 1DE, UK.

  3. Buddi is registered with the UK Information Commissioner’s Office as a Data Controller (Reg No. Z9274127) and has in place a comprehensive Data Protection Policy.

  4. What information do we collect?

    We use different methods for collecting your personal data, including:

    Direct interactions:

    by your signing up to or purchasing one of our products and/or services, corresponding directly with us via any method, or downloading a Buddi App. We collect and process information provided when you when you fill out forms on our website, or use our web portals or Apps. This may include information provided during completion of surveys and other online tools, entering a competition or promotion and if you report a problem with our Solution.

    Automated technologies:

    As you interact with a Buddi website or App, we may automatically collect technical data about your equipment, browsing actions and patterns, traffic data, location data, weblogs and the resources that you access.

  5. How do we use your information?

    We shall only use your personal data when the law allows us to do so.

    When you set up your Buddi product we may ask for personal information to personalise your profile and to identify you. We process information gathered from your Buddi products to provide the service which you, or someone on your behalf, have contracted us to supply.

    We may also analyse information to see what is most effective about our solution to help us identify whether it is functioning correctly, ways to improve it and to make it more effective.

    We may also collect information for other purposes, which we would describe to you at the point when we collect the information. This applies to all personal data collected, which might include some of the following:

    · The performance of a contract we are about to enter, or have entered into, with you

    · Enabling suppliers or service providers to carry out certain functions

    1. To comply with applicable law

    · Where you have consented to our collection and use

    Please note that in instances where we refer to ‘performance of a contract’ this may include performance of a contract which been entered into via a third-party. In such circumstances we are either relying upon our legitimate interests or expect the third-party has suitable authority for us to carry out such activity.

  6. How long do we hold this information?

    As per the Information Commissioner’s Office guidelines, we retain personal data no longer than is necessary for the purpose we obtained it for. With that in mind, Buddi will retain any information held on an individual for a maximum of 10 years after that individual has ceased use of a Buddi product unless any contract entered into states otherwise. At that point, the information will be destroyed according to the then-current data destruction policy.

  7. Will we disclose your information to, or share it with, other organisations?

    We will not share personally identifiable information (information that contains a personal identifier like your name, address or email address).

    Buddi is dedicated to maintaining the privacy and integrity of your personal data. As such, we have policies and procedures and other safeguards to help protect your personal data from improper use and disclosure.

    We follow a Minimum Necessary Access Policy so any required disclosure of your identifiable information is minimised.

    How much personal data is used or disclosed without your written permission will vary depending, for example, on the intended purpose of the use or disclosure.

    The following categories describe different ways that we use your personal data within Buddi and disclose your personal data to persons and entities outside of Buddi. We have not listed every use or disclosure within the categories below, but all permitted uses and disclosures will fall within one of the following categories. In addition, there are some uses and disclosures that may require your specific authorisation.

    1. Disclosure at your request:

      We may disclose information when requested by you. This disclosure at your request may require written authorisation by you.

    2. Payment:

      We protect the security of your information with encryption. We do not share customer details with any third parties other than those details required by third parties for the purposes of processing payments.

    3. Operations:

      We may use and disclose your personal data for our internal operations, which include administration, planning and various activities that assess and improve the quality and cost effectiveness of the service that we deliver to you. Examples are using information about you to improve quality of the service, monitor customer satisfaction and internal training.

    4. Reminders and notifications:

      We may use and disclose your personal data to contact you as a reminder to interact with, or complete tasks relating to your use of a Buddi product.

    5. Business associates:

      There are some services provided in our organisation through contracts with business associates. Examples of business associates include accounting services, monitoring services, server hosting and email delivery. We may disclose your personal data to our business associates so that they can perform the job we have asked them to do. To protect your personal data, we require our business associates to sign a contract or written agreement stating that they will appropriately safeguard your personal data.

    6. Threat to health or safety:

      We may use and disclose your personal data when necessary to prevent a serious threat to your health and safety or the health and safety of the public or another person. Any disclosure, however, would only be to someone able to help prevent the threat.

    7. As required by law:

      Certain laws permit or require certain use and disclosures of personal data for example, for public health activities, health oversight activities and law enforcement. In these instances, Buddi will only use or disclose your personal data to the extent the law requires.

    8. For research and publicity purposes:

      We may use personal data for internal and external research and publicity purposes. This may include publishing aggregate anonymised information about our users in the context of providing public health information and conducting academic research.

    9. Transfer of business assets:

      If Buddi or substantially all of its assets are acquired by a third-party, personal data held about our customers may be one of the transferred assets.

  8. Where your personal data is stored

    All information and data you provide to us is stored on secure servers with trusted third-party suppliers located within the European Economic Area. Our suppliers also comply with the European Union Data Protection Directive which sets out a number of data protection requirements that apply when personal data is being processed.

    All passwords are stored in encrypted form and all sensitive traffic is transmitted securely via secure methods. However, it may be possible that your data is transferred to, and stored at, a destination outside the EEA by or to staff who work for one of our suppliers. Such staff may be engaged in, among other things the provision of support services. By submitting your personal data, you agree to this transfer, storing or processing.

    Unfortunately, despite these measures, the transmission of information via the internet is never completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted and any transmission is at your own risk. Once we have received your information, we will use strict procedures to try to prevent unauthorised access in accordance with our Data Protection Policy and responsibilities as a registered Data Controller in the UK.

  9. What are my rights regarding my personal data?

    You have certain rights with respect to your personal data. If we do not agree to a request by you with respect to privacy or your personal data, please contact the Data Protection Officer.

    Right to be informed:

    You have the right to receive details of a privacy notice which is concise, transparent, intelligible and easily accessible, free of charge, written in clear and plain language. Depending on which product or service you use, more than one privacy notice may apply. You have the right to request an accounting from us of certain disclosures made by us. We will generally provide you with your accounting within 30 days of your request. In addition, we will notify you as required by law if there has been a breach of the security of your personal data.

    Right of Access:

    You have the right to inspect the personal information maintained by us. Normally, we will provide you with access within 30 days of your request. We may charge a fee for doing this.

    Right to rectification:

    You have the right to request that we amend your written personal data. For instance, you can request that we correct an incorrect date of birth in your records. We will generally amend your information within 30 days of your request and will notify you when we have amended your information. We can deny your request in certain circumstances, such as when we believe that your information is accurate and complete.

    Right to erasure:

    You have the right to ask that we delete all personal data that Buddi has collected on you. You may make this request via email to the Data Protection Officer. We will comply with this request unless there is a lawful reason for not doing so.

    Right to restrict processing:

    You have the right to request in writing that we do not disclose certain information about you. We do not have to agree to any restriction that you request. To request a restriction, please contact the Data Protection Officer. You have the right to request in writing that we restrict the way in which we communicate information, such as ceasing to send email, SMS messages or instant messages to notify or remind you about aspects of the Buddi product and associated service. We will make reasonable efforts to accommodate your request.

    Right to data portability:

    You have the right to request your personal information so that you can reuse it for your own purpose or for a different service. Data shall be provided in a commonly used, machine-readable format, and sent directly to another controller if requested, and where this is possible.

    Right to object:

    You may withdraw consent to the processing of your personal data at any time, or object to the processing of your personal data.

    Under current data protection legislation there are exemptions to these individual rights where it is determined that the restriction is a necessary and proportionate measure, for example to safeguard the prevention, investigation, detection or prosecution of criminal offences.

  10. What do I do if I have a concerns or complaint?

    If you believe that any of your rights with respect to your personal data have been violated by us, our employees or agents, please communicate with the Buddi Data Protection Officer via privacy@buddi.co.uk

  11. Amending this Notice

    We reserve the right to revise this notice and to make the revised notice effective for all individuals for which data is processed.

    Questions relating to revisions to this Privacy Notice may be addressed to the Data Protection Officer. The Privacy Notice will be promptly revised if there is a material change to a policy described herein.

  12. Contact details

    All queries should be addressed to:

    The Data Protection Officer, Buddi Limited, Talbot House, 17 Church Street, Rickmansworth, Hertfordshire WD3 1DE, United Kingdom.

    Email: privacy@buddi.co.uk

    Effective Date: This Privacy Notice is effective as of 8th June 2018.