Privacy Policy

Data Controller

Sharp End Partnership Ltd., The Carriage House, Mill Street, Maidstone, Kent, ME15 6YE, United Kingdom (referred to as the ‘Controller’)

Owner contact email: support@io.tt
Data Protection Officer: Aphaia Ltd, dpo@aphaia.co.uk

This Policy applies to the data processing by the Controller’s website and other instances where the Controller is the data controller, including where Users are testing the Controller’s apps and platforms without entering third-party data. It does not apply to the situations where the Controller is the data processor. An additional or different privacy notice may be provided in some cases where the Controller processes personal data.

Types of Data collected

Among the types of Personal Data that our Website collects, by itself or through third parties, there are: first name, last name, email address, Cookies and Usage Data.

When Users sign up to our services, we typically collect the User’s First Name, Last Name, Email Address, Job Title, and Company Name to create an account.

We also gather systems logs and other usage data, including Users’ IP address or domain names of the computers utilised by the Users who use the ControllerOwner’s services, the URI addresses (Uniform Resource Identifier), the time of the request, the method utilised to submit the request to the server, the size of the file received in response, the numerical code indicating the status of the server’s answer (successful outcome, error, etc.), the country of origin, the features of the browser and the operating system utilised by the User, the various time details per visit (e.g., the time spent on each page within the Application) and the details about the path followed within the Application with special reference to the sequence of pages visited, and other parameters about the device operating system and/or the User’s IT environment.

Legal basis of processing

The Controller may process Personal Data relating to Users if one of the following applies:

  • Users have given their consent for one or more specific purposes, such as for allowing non-essential cookies or for direct marketing purposes. In this case, you can always withdraw consent by sending an email to support@io.tt. This will not affect any earlier processing;
  • provision of Data is necessary for the performance of an agreement with the User and/or for any pre-contractual obligations thereof;
  • processing is necessary for compliance with a legal obligation to which the Controller is subject;
  • processing is necessary for the purposes of the legitimate interests pursued by the Controller or by a third party. These legitimate purposes include cybersecurity, traffic analytics, backup and restore, marketing, making- and defence against claims.

Data transfers

Depending on the User’s location, data transfers may involve transferring the User’s Data to a country other than their own. Where such countries include one or more countries outside the EU/EEA, the Controller will rely on an adequacy decision, including EU-US Data Privacy Framework and its UK extension, standard contractual clauses, or another safeguard acceptable by the UK and EU General Data Protection Regulation (GDPR).

Retention time

Personal Data shall be processed and stored for as long as required by the purpose they have been collected for.

Therefore:

  • Personal Data collected for purposes related to the performance of a contract between the Controller and the User shall be retained until such contract has been fully performed.
  • Personal Data collected for the purposes of the Controller’s legitimate interests shall be retained as long as needed to fulfil such purposes. In particular, backups may be held as long as can be reasonably expected, and potential claims-related data may be held up to the end of the limitation period, which is six (6) years.

The Controller may be allowed to retain Personal Data for a longer period whenever the User has given consent to such processing, as long as such consent is not withdrawn. Furthermore, the Controller may be obliged to retain Personal Data for a longer period whenever required to do so for the performance of a legal obligation e.g. in relation to mandatory business record keeping.

The purposes of processing

The Data concerning the User is collected to allow the Controller to provide its Services, as well as for the following purposes: Contacting the User and Analytics. Additional purposes may be contained in the legitimate interests mentioned in this policy.

Detailed information on the processing of Personal Data

Personal Data may be shared with the following types of recipients:

  • Analytics and feedback tools used to generate heatmaps, session recordings, and feedback widgets to better understand overall Users’ behaviour,
  • Tools to prevent fraud and enhance security based on information broadcast by your browser or device,
  • Customer support and communications tools such as live chat providers

The rights of Users

Users may exercise certain rights regarding their Data processed by the Controller by emailing us to support@io.tt

In particular, Users have the right to do the following under the UK and the EU General Data Protection Regulation (GDPR) or relevant UK legislation :

  • Withdraw their consent at any time.

    Users have the right to withdraw consent where they have previously given their consent to the processing of their Personal Data.

  • Object to processing of their Data.

    Users have the right to object to the processing of their Data if the processing is carried out for profiling or direct marketing purposes. Further details are provided in the dedicated section below.

  • Access their Data.

    Users have the right to learn if Data is being processed by the Owner, obtain disclosure regarding certain aspects of the processing and obtain a copy of the Data undergoing processing.

  • Verify and seek rectification.

    Users have the right to verify the accuracy of their Data and ask for it to be updated or corrected.

  • Restrict the processing of their Data.

    Users have the right, under certain circumstances, to restrict the processing of their Data. In this case, the Owner will not process their Data for any purpose other than storing it.

  • Have their Personal Data deleted or otherwise removed.

    Users have the right, under certain circumstances, to obtain the erasure of their Data from the Owner.

  • Receive their Data and have it transferred to another controller.

    Users have the right to receive their Data in a structured, commonly used and machine-readable format and, if technically feasible, to have it transmitted to another controller without any hindrance. This provision is applicable provided that the Data is processed by automated means and that the processing is based on the User’s consent, on a contract which the User is part of or on pre-contractual obligations thereof.

  • Lodge a complaint.

    Users have the right to bring a claim before their competent data protection authority. In the UK, the authority is ico.org.uk.

How to exercise these rights

Apart from contact email mentioned above, any requests to exercise User rights can be directed to the Controller through the contact details provided in this document. These requests can be exercised free of charge and will be addressed by the Controller as early as possible and always within one month.

Changes to this privacy policy

The Controller reserves the right to make changes to this privacy policy at any time by giving notice to its Users on this page.It is strongly recommended to check this page often, referring to the date of the last modification listed at the bottom.