At Groovy Gecko, we understand that we have a responsibility to protect and respect your privacy and look after your personal data. This Privacy Notice sets out your rights under the new laws after 25th May 2018. This Privacy Notice explains what personal data we collect, how we use your personal data, reasons we may need to disclose your personal data to others and how we store your personal data securely. For clarity, Groovy Gecko may be both data controller and data processor for your personal data under certain circumstances. In addition, if there are any sub-processors in the chain for processing data – for example, if we resell a cloud platform – then Groovy Gecko will be your point of contact for all queries in this regard. This policy is subject to change without notice, so please check our website on a regular basis for any further changes.
Who are we?
Groovy Gecko Limited (company number 03955205) is a provider and reseller of cloud services, hosting services, Software as a Service (SaaS), consulting and professional webcasting services.
Privacy queries should be addressed by registered mail to our registered office:-
The General Data Protection Officer
Groovy Gecko Limited
31 – 35 Pitfield Street
or by email to ‘gdpr @ groovygecko . com’
How the law protects you
Data protection laws state that we are only able to process personal data if we have valid reasons to do so.
How do we collect personal data from you?
We receive information about you from you when you use our website, applications and platforms, complete forms on our website, if you contact us by phone, email, live-chat or otherwise in respect of any of our products and services or during the purchasing of any such product. Additionally we also collect information from you when you sign up, enter a competition, promotion or survey or when you inform us of any other matter.
If you provide us with personal data about a third party, you warrant that you have obtained the express consent from the third party for the disclosure and use of their personal data.
Your personal data may be automatically collected when you use our services, including but not limited to, your IP address, device-specific information, server logs, device event information, location information and unique application numbers.
What type of data do we collect from you?
The personal data that we may collect from you includes your name, address, email address, phone numbers, payment information and IP addresses. We may also keep details of your visits to our site including, but not limited to traffic data, location data, weblogs and other communication data. We also retain records of your queries and correspondence, in the event you contact us.
Please be aware that any video, image, or other content posted, uploaded or otherwise made available by you onto our website, whether published content or not, is not subject to our Privacy Notice.
We merely process such data on your behalf and you are responsible for any applicable legal requirements in respect of your content.
How do we use your data?
We use information about you in the following ways:
- To process orders that you have submitted to us;
- To provide you with products and services;
- To comply with our contractual obligations we have with you;
- To help us identify you and any accounts you hold with us;
- To enable us to review, develop and improve the website and services;
- To provide customer care, including responding to your requests if you contact us with a query;
- To administer accounts, process payments and keep track of billing and payments;
- To detect fraud and to make sure what you have told us is correct;
- To carry out marketing and statistical analysis;
- To review job applications;
- To notify you about changes to our website and services;
- To provide you with information about products or services that you request from us or which we feel may interest you, where you have consented to be contacted for such purposes; and
- respond to any feedback you send us, if you’ve asked us to.
We will never rent or sell your personal information to anyone.
We will keep your personal data for the duration of the period you are a customer of Groovy Gecko. We shall retain your data only for as long as necessary in accordance with applicable laws.
To meet our regulatory responsibilities we may keep your data for up to 7 years. We may not be able to delete your data before this time due to our legal and/or accountancy obligations. We may also keep it for research or statistical purposes. We assure you that your personal data shall only be used for these purposes stated herein.
Who has access to your personal data?
Only Groovy Gecko employees (and only those employee that need it to provide you with services and/or internal processing) will have access to your data. When we use 3rd parties, for example, a mailing-list service provider or resell a platform, we may share your data with 3rd party on the basis below.
For the avoidance of doubt, we do not and never shall sell your personal data to third parties for marketing or advertising purposes.
We work closely with a number of third parties (including business parties, service providers and fraud protection services) and we may receive information from them about you. These third parties may collect information about you including, but not limited to, your IP address, device-specific information, server logs, device event information, location information, and unique application numbers. We use their features within our website or on their platforms that we may resell, however, in some instances, they may be acting as data controller and they will have their own privacy policies, which we can provide on request.
We may pass your personal data to third parties for the provision of services on our behalf (for example processing your payment or having access to a hosted cloud platform). However, we will only ever share information about you that is necessary to provide the service and we have specific contracts in place, which ensure your personal data is secure and will not be used for any marketing purposes.
We may share your information if we are acquired by a third party and therefore your data will be deemed an asset of the business. In these circumstances, we may disclose your personal data to the prospective buyer of our business, subject to both parties entering into appropriate confidentiality undertakings. Similarly, we may share your personal data if we are under a duty to disclose data in order to comply with any legal obligation or to protect the rights, property, or safety of Groovy Gecko, our employees, customers, or others. This includes but is not limited to exchanging information with other companies and organisations for the purposes of fraud protection, credit risk reduction and dispute policies. However, we will take steps with the aim of ensuring that your privacy rights continue to be protected.
Integrations with 3rd party platforms and Social Media sites
On occasion, our clients ask us to develop functionality on our platforms, applications and/or websites to ensure that user experiences are seamless but that absolute security is maintained. It is a legal requirement of integrating with these platforms that we are transparent about the specific nature of the integration and the data that we have access to, uses, store etc.
We integrate with the following platforms and list the extent of the user data transacted on each here:-
Where we have created a backed-end integration with Google’s API to facilitate ease of passing data, the following apply.
We transact with the Google API platform using a security ‘token’ which is generated and controlled by the 3rd party platform. Typically, this is an OAuth Token.
Process and uses
- We make an api request to Googles API to return a list of YouTube channel streams (publishing points) that are available for a specific YouTube user.
- We present these streams as a list and the user chooses one of these streams
- We then make an api request to the Google API for the status of the stream and Google API returns an OAuth Token so we are authorised to interact with this data element.
- Our api passed the following data to Google API
- Youtube account name
- Youtube account avatar url
- We receive the following data
- access token
- refresh token
- Data is encrypted in transit.
Store and share
- We store the following data
- youtube account name
- youtube account avatar url
- access token
- refresh token
- Data is encrypted at rest
- We store the data in an encrypted database indefinity until the user or an admin user on the Google Admin Console deletes.
- The data is never shared.
Limitation of use
- The data is not used for any other purpose.
- Retention periods are observed and vary from project to project as per our clients individual request.
In preventing the use or processing of your personal data, it may delay or prevent us from fulfilling our contractual obligations to you. It may also mean that we shall be unable to provide our services or process the cancellation of your service.
You have the right to object to our use of your personal data, or ask us to delete, remove or stop using it if there is no need for us to keep it. This is known as your right to be forgotten. There are legal and accountancy reasons why we will need to keep your data, but please do inform us if you think we are retaining or using your personal data incorrectly.
Our Privacy Notice shall be made clear to you at the point of collection of your personal data.
You have the right to ask us not to process your personal data for marketing purposes. If you choose not to receive marketing communications from us about our products and services, you will have the choice not to choose these by ticking the relevant boxes situated on the pages at sign up.
We will not contact you for marketing purposes unless you have given us your prior consent. You can change your marketing preferences at any time. For example, you could send an email from the email address you no longer wish to receive information to, to ‘gdpr @ groovygecko . com’, with a subject of ‘gdpr – please unsubscribe me’.
Accessing and updating your data
You have the right to access the information we hold about you. Please email your requests to ‘gdpr @ groovygecko . com’ so that we can obtain this information for you.
When information can be withheld
There are some situations when we are allowed to withhold information. Some of these may be connected to the types of information we may hold. For example if the information is about:
- the prevention, detection or investigation of a crime
- national security or the armed forces
- the assessment or collection of tax
- judicial or ministerial appointments
- information sealed under UK State Disclosure contract commitments
- or an employee is subject to The Official Secrets Acts 1911 to 1989
We are not obliged to disclose why we are withholding information but will if possible.
How much it costs
We may charge you for providing the information. The cost is usually no more than £10 but it can be more if the reasonable internal cost to us is high, for example but not limited to:
- certain types of records and whether they are in easy / quick archive access
- a large number of paper records held in an unstructured way
Our cookies policy is available to view at https://www.groovygecko.com/cookies
Links to other sites
Groovy Gecko may provide links to third party sites. Since we do not control those websites, we encourage you to review the privacy policies of these third party sites. Any information that is supplied on these sites will not be within our control and we cannot be responsible for the privacy policies and practices of these.
Where we store your personal data
We follow accepted ISO standards to store and protect the personal data we collect, including the use of encryption if appropriate and possible. These include, where ever possible, to have back-to-back agreements with 3rd parties.
Most information you provide to us is stored on our secured servers within the EEA, however some third party platforms host servers outside of the EEA. From time to time, your information may be transferred to and stored in a country outside the EEA in relation to provision of the services. The laws in these countries may not provide you with the same protection as in the EEA; however, any third party referred to above outside of the EEA has agreed to abide by European levels of data protection in respect of the transfer, processing and storage of any personal data. By providing your data to us, you agree to this transfer and storage. However, we will ensure that reasonable steps are taken to protect your data in accordance with this privacy notice. In addition, we have ensured that, wherever possible, 3rd parties adhere to stringent data processing frameworks such as Privacy Shield https://www.privacyshield.gov/
As the transmission of information via the internet is not completely secure, we cannot guarantee the security of your data transmitted to our site and any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website, you are responsible for keeping the password confidential. We ask you not to share a password with anyone.
We agree to take reasonable measures to protect your data in accordance with applicable laws and in accordance with Groovy Gecko Ltd General Terms and Conditions.
In the event of a data breach, we shall ensure that our obligations under applicable data protection laws are complied with where necessary.
Please e-mail any questions or comments you have about privacy to us at ‘gdpr @ groovygecko . com’
Your right to make a complaint
If you think your data has been misused or that you have grounds to suspect that it hasn’t kept it secure, you should contact us and tell us at email@example.com’
If you’re unhappy with our response or if you need any advice you should contact the Information Commissioner’s Office (ICO).
Telephone: 0303 123 1113
You can also chat online with an advisor.
The ICO can investigate your claim and take action against us or anyone who’s misused personal data.
You can also visit their website for information on how to make a data protection complaint.