Backbeat Software

Privacy policy

Last updated on Monday, 21st May 2018

Introduction

Backbeat Software LLC ("we", "us", "our") is a privacy-focused company. We value your privacy as much as ours, and aim to collect as little information as possible to deliver our services. This privacy policy (“policy”) explains how we collect and use your information. Customers within the European Union have rights under the GDPR, and we extend these rights to all of our customers worldwide.

The policy applies to our websites, software applications, products, and services, collectively referred to as “services”.

This policy covers your use of our services regardless of the domain names, operating systems, platforms, or devices that are used to access them, and regardless of whether the access is in connection with an account or not.

Information we collect

The data we collect about you falls into a few categories:

Identity data

Including your title; first, middle, and last names; username or similar identifiers; and social media identifiers.

Contact data

Including your address, billing address, email address, and phone number.

Profile data

Including your username or similar identifiers, a cryptographically-hashed version of your password, application settings, marketing preferences, feedback, and answers to surveys.

Financial data

Including your payment card information.

Transaction data

Including records of the payments you have made to us, services you have purchased, and money we have refunded to you.

Technical data

Including cookies, IP addresses, browser type and version, operating system, time zone, and location.

Aggregated usage data

Including information about how you use our services.

Usage of your information

In general, we aim to collect and use your information as little as possible. We are committed to providing high quality services that let you retain as much information as you are comfortable with.

Here are the activities we carry out using your information, the categories of information used for each activity, and the lawful basis for the activity.

Registering you for a service

  • Identity data
  • Contact data

We require this information to enter into a contract of services with you.

Sending you transactional messages

  • Profile data
  • Contact data

We require this information so our applications can send you messages relevant to their usage, such as reminders or notifications.

You can specifiy whether these messages are sent or not in the preferences sections of our applications.

Sending you mailing list messages

  • Contact data

When you sign up for one of our mailing lists, we require this information to be able to deliver these messages to you.

You can unsubscribe from these messages at any time, and a link to do so is provided in every email message.

Using analytics to improve our services

  • Technical data
  • Aggregated usage data

We have a legitimate business interest in studying how users interact with our services. This helps us see what aspects of our services work and what aspects don't, improving the experience we deliver to you.

We only collect non-personally identifiable information to accomplish this task. In general, we are looking at overall trends and usage patterns, rather than the behaviours of a single individual.

Running and protecting our applications

  • Technical data
  • Aggregated usage data

Wherever possible, we do not store technical data, such as IP addresses, on our servers, and configure the software we operate to avoid such collection. However, we may require this information to prevent abuse of our services, such as IP address aggregation to detect denial of service attacks.

Invoices and payments

  • Identity data
  • Contact data
  • Transaction data

We require this information to provide invoices for our services.

Handling online payments

  • Identity data
  • Contact data
  • Financial data
  • Transaction data

We use a third party to process financial information when we collect payments from you online. We require this information so they can handle the payment and conduct related activities such as fraud prevention.

We do not store your financial data at any point, but merely collect it and pass it on.

Tax and other financial obligations

  • Identity data
  • Transaction data

We require this information to provide accurate tax and financial reports to Companies House and our shareholders.

Mergers and acquisitions

  • Identity data
  • Contact data
  • Profile data
  • Transaction data
  • Technical data
  • Aggregated usage data

If we are involved in a merger, acquisition by another company, or sale of our business or assets, your information will likely be among the assets transferred.

If this happens, the new owner of the information will be required to uphold existing privacy policies (such as this one).

We will notify you at least 7 days before the execution of any information transfer. At this point, you are free to exercise your rights (detailed below) in removing your information from our services.

Mandatory disclosure

  • Identity data
  • Contact data
  • Profile data
  • Transaction data
  • Technical data
  • Aggregated usage data

We may be required by law to disclose your information in response to a court order, warrant, or a similar request by a judicial body or a government agency, or when we believe in good faith that the disclosure is reasonably necessary to protect our rights or property, that of any third party, or the safety of the general public.

When we disclose this information, we will provide the minimum amount of data required to satisfy the request. Whenever possible and legal, we will notify affected users that we have done so.

Legal claims or disputes

  • Identity data
  • Contact data
  • Profile data
  • Transaction data
  • Technical data
  • Aggregated usage data

We require this information to file, or defend against, a legal claim.

We will only use the information that is relevant to the claim, which may not cover all of the above categories.

Automated decision making

We do not use your data to make automated decisions.

Third parties

We share select amounts of your information with third parties to perform certain activities on our behalf. They have no right to use this information beyond what is necessary to perform these activities.

We have signed data processing agreements with each of these parties.

Here are the third parties we share information with, and the activities we use each party for.

Google

  • Using analytics to improve our services

We use Google Analytics to track visitors and usage of our products.

The information we pass on is not personally identifiable. This data is stored in Google Analytics for an amount of time, and will be automatically deleted once this time has passed. We configure Google Analytics to use the lowest possible retention time of collected data.

Mailchimp

  • Sending you mailing list messages

We use Mailchimp to send our email newsletters and other marketing emails.

When signing up to our mailing lists, you must consent to storing your contact information with them.

Mailgun

  • Sending you transactional messages

We use Mailgun to send transactional emails such as reminders, password resets, and notifications.

Your rights

Under the General Data Protection Regulation (GDPR), individuals in the European Union have the following legal rights. We also extend these rights to our other customers worldwide.

The right to be informed

We will inform you how we use your personal data (this privacy policy).

The right of access

You have the right make a 'data subject access request' to obtain a copy of the information we hold about you.

The right to rectification

You have the right to correct personal data about you that is incorrect or missing.

The right to erasure

You have the right to be forgotten, where you may ask us to delete the personal data we store about you, unless we are required to store it for the the lawful bases detailed above.

The right to restrict processing

You have the right to stop us processing your personal data in certain cases.

The right to data portability

You have the right to obtain a copy of the data we store about you in a portable format, allowing you to switch to another service provider.

The right to object

You have the right to object to the processing of your data in certain cases, for example in direct marketing communications.

Rights in relation to automated decision making and profiling

You have the right to know if we have automated processes that make decisions using your personal data.

Cookies

We use a technology known as "cookies" to deliver our services, small text files containing non-personally identifiable data. We give them to your device when you access our services, and your device then sends them back to us to identify itself in subsequent accesses.

Cookies are used in our applications to remember your details and preferences, such as your username or preferred language. In certain applications, they are also used to login without a password after not visiting in a while, i.e. 'Remember me' functionality.

You may delete the cookies we have sent to your device at any time. Doing so will reset any preferences we have remembered about you, and you will be logged out of our services.

Additionally, your device can be configured to reject all cookies. You are free to access our services while doing this, however you should be aware that certain features may not work correctly.

Third party cookies

Third parties may also store cookies on your device for the purposes of carrying out the activities we are requesting of them.

Data retention and deletion

We will only store your information for as long as necessary to fulfil the reason it was collected. Retention policies vary depending on the type of information.

For example, the technical information we collect to protect our applications from abuse will expire within a few days, but the transaction information we collect for handling payments will be kept for many years to ensure compliance with tax law.

In certain deletion request cases, we may anonymise your information to ensure our services continue to work for other users.

Security

We have strict security measures in place to ensure your information is stored securely and not lost, stolen, modified, or accessed by unauthorised agents. Only those who have a legitimate business use are given access to this information, and we have the ability to revoke this access at any time.

We have procedures in place to deal with any breach of data, and will notify you if such a breach occurs.

Our role as a data processor

In general, we are most likely to provide services to you as a "controller", i.e. owning the data we collect.

However, if we host an application on your behalf on our servers, we will act as a "processor" for any data you collect through that application or service.

This relationship will be established when the hosting services are agreed upon.

Children

None of our services are designed for, intended to attract, or directed towards children under the age of 16.

We never knowingly collect any information from children under 16. If you are a child below that age, you may not use any of our services. If we believe that you are under the age of 16, we will prohibit you from using our services.

If you believe we have the personal information of a child under the age of 16, please contact us. The data in question will be reviewed and deleted as appropriate.

Changes to this privacy policy

We may change this privacy policy from time to time. Most changes will be minor and will not affect your rights.

We will notify you if we make substantial changes to this policy that affect your rights.

In general, the applicable version of this policy is the one that is current at the time of you accessing our services.

Contact information

If you have any questions or would like to make a data access request, please contact this address:

privacy@backbeat.tech