This policy is active as of 24 May 2018. Read about our recent GDPR updates here.
At Ally Labs Limited, we are committed to protecting and respecting your privacy and personal data. We respect and value the privacy of everyone who uses our website, allycares.com (“Our Website”) and will only collect and use personal data is the ways described here. Please read this Privacy Statement for Ally Labs’ Website (“Privacy Statement”) carefully and ensure that you understand it.
In this Policy, the following terms have the following meanings:
- “We / Our / Us” means Ally Labs Limited, a UK limited company registered at Companies House in England under company number 09864498, whose registered address is 24 Holborn Viaduct, London, United Kingdom, EC1A 2BN;
- “Personal Data” means any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier. Specifically, it means any personal data given to Us via Our Website. This definition shall, where applicable, incorporate the definitions provided in the EU Regulation 2016/679 – the General Data Protection Regulation (“GDPR”);
- “You / Your” means an individual, data subject who has chosen to be registered to use Our Products.
1. Information About Us
1.1. We own and operate Our Website.
1.3. As an England based company, our Data Protection Authority is the Information Commissioner’s Office (ICO). ICO can be contacted by phone locally at 0303-123-1113, internationally at +44-1625-545-700 or via email at firstname.lastname@example.org
2. Policy Coverage
3. Your Rights as a Data Subject
3.1. As a data subject you have the following rights under the GDPR:
3.1.1. A right to know what personal data We collect and process;
3.1.2. A right to know the reasons We process your personal data;
3.1.3. A right to know whether We will give your personal data to any other organizations;
3.1.4. A right of access to a copy of the your personal data we collect;
3.1.5. A right to object to our processing of your personal data;
3.1.6. A right to object to automated decision making based on your personal data;
3.1.7. A right to rectify inaccurate personal data we have about you;
3.1.8. A right to ask us to delete any of your personal data we hold;
3.2. If you have any concerns or complaints on how we process your data or simply want to execute the rights listed above, please contact email@example.com or use the detailed forms provided by your Account access or Our Website here. This is outlined in greater details in Section 9.
3.3. For further information regarding your rights under the GDPR, please contact the Information Commissioner’s Office.
4. Data We Collect
4.1. The personal data we collect will vary based on how you use Our Website. We may collect any of the following data:
4.1.1. Full Name;
4.1.2. Contact information including email address, telephone numbers and home address;
4.1.3. Technical information about devices you interact with including serial number, software versions, sensor status, Wi-Fi connectivity and network details, browser type, browser version, operating system version and platform.
4.1.4. Technical information about a User’s visit to digital platforms, including IP address, cookies and similar technology (see Section 11 below), page access, date and time accessed, page interaction information (such as scrolling, clicks, and mouse-overs) and errors encountered.
4.1.5. Contact, support and feedback submissions with support staff.
5. How We Use Your Data
5.1. Your data is only processed for the reasons in which it was initially collected. We only process your personal data under a lawful basis, either because it is a necessary requirement of a contract we hold with you, because we have your consent, because we have a legitimate interest or because we are compelled to by an authoritative legal body. We may process your data for the following reasons:
5.1.1. Fulfilling the services provided by Our Website;
5.1.2. Personalizing Our Website to provide better services for you;
5.1.3. Improving our services to provide a better version of Our Website;
5.1.4. Replying to contact or support messages from you;
5.1.5. Sending you email and other communications you have requested (you may unsubscribe from any email communications at any time via the ‘unsubscribe’ button)
5.1.6. Analyzing how Our Website is being used so we can improve is and your user experience with it.
5.1.7. With your permission and/or where permitted by law, We may also use your data for marketing purposes which may include contacting you by email telephone, text message or post with information, news and offers on Our Website. We will not, however, send you any unsolicited marketing or spam and will take all reasonable steps to ensure that We fully protect your rights and comply with Our obligations under the GDPR and the Privacy and Electronic Communications (EC Directive) Regulations 2003.
5.1.8. Third parties (including Google Analytics, Mixpanel) whose content appears in Our Website may use third party Cookies, as detailed in Section 11. Please refer to Section 11 for more information on controlling Cookies.
5.1.9 You have the right to withdraw your consent to Us using your personal data at any time, and to request that We delete it.
5.1.10. We do not keep your personal data for any longer than is necessary in light of the reason(s) for which it was first collected. Once those reasons have been completed, we will only keep personal data where necessary for scientific and historic processing for improving Our Website’s function, to comply with our legal obligations, resolve disputes and enforce our agreements.
6. How and Where We Store Your Data
6.1. We only keep your personal data as long as We need to in order to use it as described above in Section 5, and/or for as long as We have your permission to keep it.
6.2. Our security policy is to store all of your data within the European Economic Area (“the EEA”) (The EEA consists of all EU member states, plus Norway, Iceland, and Liechtenstein). However, some or all of your data may be stored outside of the EEA. If We do store data outside the EEA, We will take all reasonable steps to ensure that your data is treated as safely and securely as it would be within the UK and under the GDPR.
6.3. Data security is very important to Us, and to protect your data We have taken suitable measures to safeguard and secure data collected through Our Products. This includes using TLS (Transport Layer Security) to establish connections between our servers and your browsers/devices and AES128/256 encryption on your stored data at rest.
7. Sharing Your Data
7.1. In certain circumstances, We may be legally required to share certain data held by Us, which may include your personal data, for example, where We are involved in legal proceedings, where We are complying with legal obligations, a court order, or a governmental authority.
7.2. We may sometimes contract with third parties to supply products and services to you on Our behalf. These may include payment processing, delivery of goods, search engine facilities, advertising, marketing, and core services offered by Our Website. In some cases, the third parties may require access to some or all of your data. Where any of your data is required for such a purpose, We will take all reasonable steps to ensure that your data will be handled safely, securely, and in accordance with your rights, Our obligations, and the obligations of the third party under the law.
7.3. We may compile statistics about the use of Our Website including data on usage patterns, user statistics, sales, research programmes and other information. All such data will be anonymised and will not include any personally identifying data, or any anonymised data that can be combined with other data and used to identify you. We may from time to time share such data with third parties such as prospective investors, affiliates, partners, and advertisers. Data will only be shared and used within the bounds of the law.
7.4. We may sometimes use third party data processors that are located outside of the European Economic Area (“the EEA”) (The EEA consists of all EU member states, plus Norway, Iceland, and Liechtenstein). Where We transfer any personal data outside the EEA, We will take all reasonable steps to ensure that your data is treated as safely and securely as it would be within the UK and under the GDPR, including but not limited to the EU-US Privacy Shield, EU Model Contract Clauses, Data Protection Agreements and/or Binding Corporate Rules.
8. If Our Business Changes Hands
8.1 We may, from time to time, expand or reduce Our business and this may involve the sale and/or the transfer of control of all or part of Our business. Any personal data that you have provided will, where it is relevant to any part of Our business that is being transferred, be transferred along with that part and the new owner or newly controlling party will, under the terms of this Privacy Notice, be permitted to use that data only for the same purposes for which it was originally collected by Us.
8.2 In the event that any of your data is to be transferred in such a manner, you will be contacted in advance when possible and informed of the changes. When contacted you will be given the choice to have your data deleted or withheld from the new owner or controller.
9. Controlling Your Data
9.1. In addition to your rights under the GDPR, set out in Section 3, when you submit personal data via Our Website, you may be given options to restrict Our use of your data. In particular, We aim to give you strong controls on Our use of your data for direct marketing purposes (including the ability to opt-out of receiving emails from Us which you may do by unsubscribing using the links provided in Our emails and at the point of providing your details and by managing your Account). Additionally, your Account contains access controls and forms to help restrict Our processing of your data as per the rights outlined in Section 3.
9.2. You may also wish to sign up to one or more of the preference services operating in the UK: The Telephone Preference Service (“the TPS”), the Corporate Telephone Preference Service (“the CTPS”), and the Mailing Preference Service (“the MPS”). These may help to prevent you receiving unsolicited marketing. Please note, however, that these services will not prevent you from receiving marketing communications that you have consented to receiving.
10. How Can You Access Your Data?
10.1 You have the right to ask for a copy of any of your personal data held by Us (where such data is held). Under the GDPR, no fee is payable based on a reasonable request and We will provide any and all information in response to your request free of charge. Please contact Us for more details at firstname.lastname@example.org, or using the contact details or GDPR forms provided in your Account or at our Website here.
11.2. By using Our Website you may also receive certain third party Cookies on your computer or device. Third party Cookies are those placed by websites, services, and/or parties other than Us.
12. Contacting Us