Last updated 5 June 2024.
Haiper (“us”, “our”, or “we”) is the controller of your personal data collected through our website haiper.ai (“Website”) and our AI application variously made available to you via the Website and third-party application stores that are present on your device or as otherwise integrated with other third party applications or platforms that you use on your device (“Application”).
It is relevant to:
· The staff of our suppliers and potential suppliers
· Job/internship applicants
· Visitors to the Website
· Users of the Application (whether you hold an account with us in your own right, or an employee, contractor or agent of a business that does)
· Data subjects whose personal data is included in any User Content Data
When you supply any personal data to us or where we collect it from you, we have legal obligations towards you in the way we use that data. For ease of reading, we have divided this Privacy Policy into several sections:
Table of Contents
2. What personal data do we collect?
3. How is your personal information collected?
4. How and why do we use and/or share your personal data?
5. For how long do we keep your personal data?
7. International Data Transfers
1. Introduction
This policy (“Privacy Policy”) explains who we are, why and how we process personal data collected through your use of the Website and/or the Application, and where we collect other personal data from and how we use it.
We may collect different types of personal data from you depending on whether, and how, you use the Website and/or the Application, or both. We may also collect your personal data indirectly. Please read this Privacy Policy carefully to understand what personal data may be collected depending on your interactions with us.
Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to make the Application or any Services available to you). In this case, we may have to cancel our contract with you, but we will notify you if this is the case at the time.
If you are the data subject in respect of any personal data we process, this Privacy Policy also explains what rights you have and how to get in touch with us if you need to.
About us
Haiper Limited (UK Company Number: 13515940) is responsible for your personal data.
We take privacy seriously. We have appointed a data privacy manager to oversee how our organisation processes personal data. If you have any questions about this Privacy Policy, please contact them using the details set out below:
· Name of data privacy manager: Claire Tang
· Email address: info@haiper.ai
· Postal address: First Floor Northdown House, 11-21 Northdown Street, London, England, N1 9BN
· Telephone number: 0333 880 8648
You have the right to make a complaint at any time to the Information Commissioner's Office (“ICO”), the UK regulator for data protection issues. You may also have recourse to the relevant data protection regulator in your jurisdiction.
We would, however, appreciate the chance to address your concerns before you approach the ICO or other regulator, so please contact our data privacy manager in the first instance.
Changes to the Privacy Policy and your duty to inform us of changes
It is important that you read this Privacy Policy together with any other privacy notice or fair processing notices that we may provide on the Website and/or the Application, at or around the time that we collect or process personal data about you (for example, fair processing notices that we may display to you at the time that you sign up to receive e-mail updates from us) so that you are fully aware of how and why we are using that data.
We may review Privacy Policy at any time to reflect changes to our business or changes in the law. Where these changes are significant, we will endeavour to let users of the Website and/or the Application know, usually via the email address you provided to us when registering to use the Application.
If you have not provided us with contact details, it is your responsibility to check this Privacy Policy before each use of the Website and/or the Application – for ease of reference the top of this Privacy Policy indicates the date on which it was last updated.
Please contact us if you wish to view historical versions of this Privacy Policy.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
Third party links and platforms
The Website may, from time to time, contain links to and from the websites of advertisers and affiliates. Please note that these websites and any services that may be accessible through them have their own privacy policies and that we do not accept any responsibility or liability for these policies or for any personal data that may be collected through these websites or services.
This notice and disclaimer also applies to circumstances where you download and use the Application on your personal device or where the Application is integrated with third party platforms.
Please check these policies before you submit any personal data to these websites, use these services, or download or use the Application via a third party. Currently, we plan to make the Application available on the Apple AppStore, the Google Play Store, and via Discord.
2. What personal data do we collect?
What is personal data?
Where this Privacy Policy refers to ‘personal data’ it is referring to data about you from which you could be identified – such as your name, your date of birth, your contact details and even your IP address.
By law, all organisations who process your personal data in the UK are obliged to process your personal data in certain ways and to ensure that you are given an appropriate amount of information about how they use it. You also have various rights to seek information from those organisations about how they are using your data, and to prevent them from processing it unlawfully.
For more information about these rights, please see the ‘Your Rights’ section of this Privacy Policy.
What types of data we collect in respect of the Application
The personal data we collect when you register for and use the Application on a personal computer or mobile device may include:
Contact Data which includes your e-mail address and any other contact details you use to register for the Application, provide to us directly, or include in your profile.
Device Data
Where you use the Application on a mobile device: the type of mobile device you use, a unique device identifier (for example, your device's IMEI number, the MAC address of the device's wireless network interface, or the mobile phone number used by the device), mobile network information, IP address, your mobile operating system, and the type of mobile browser you use.
Where you use the Application on a personal computer: your IP address, your login data and browser type and version.
Facial Data which includes an image or video containing your face, visible to the extent that it is possible for us to identify you.
Identity Data which includes your name, date of birth, title, marital status, and gender.
Location Data which includes GPS-based location information from your device and/or location information collected at a purely local level (e.g., through Wi-Fi equipment).
Marketing and Communications Data which includes your preferences in receiving marketing from us and our associated third parties.
Profile Data which includes your username (or similar identifier) and password, your interests, preferences, feedback, survey responses, and your personal profile information including Facial Data that you may include in your profile (e.g., as a profile picture).
Application Usage Data which includes information about how you use the Application. For more detailed information on what we collect and why, please see the ‘Automated technologies or interactions’ section below.
User Content Data which includes information about the content you submit to and create through the Application including the written information you provide to the Application via prompts, photographs, videos, Facial Data, and the associated metadata (such as when, where, and by who the User Content Data was created).
We also collect and process personal data obtained from public sources. We call this Other Source Data which could be contained in images or videos, or other Identity Data, that we may collect and/or extract from information about you that is available on the internet.
Other Source Data may be used in a variety of ways but primarily it is to power and develop the Application’s AI model(s). It may be included in generated User Content Data.
For more detailed information about our treatment of Other Source Data, please see the ‘Personal data of non-users’ section below.
What types of data we collect when you visit the Website
The personal data we collect when you browse the Website or contact us may include:
Contact Data which includes your e-mail address and any other contact details you provide to us when you correspond with us.
Technical Data includes internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access the Website.
Website Usage Data includes information about how you peruse and interact with the Website.
Marketing and Communications Data which includes your preferences in receiving marketing from us and our associated third parties when you contact us via the Website about our services.
What types of data we collect when you supply or wish to supply goods or services to us
Identity Data which includes your name, date of birth, title, marital status, and gender.
Contact Data which includes your e-mail address and any other contact details you provide to us when you correspond with us.
CV Data for example your role and qualifications, education history data, your academic qualifications, and your interests as they may appear on a CV or other media.
What types of data we collect when you apply for a job or internship with us
Identity Data which includes your name, date of birth, title, marital status, and gender.
Contact Data which includes your e-mail address and any other contact details you provide to us when you correspond with us.
CV Data for example your role and qualifications, education history data, your academic qualifications, and your interests as they may appear on a CV or other media.
Aggregated Data
We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity.
For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific Website or Application feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy.
Aggregated Data is also used to train the Application’s AI model(s).
Special Category Personal Data
We do not collect any Special Category Personal Data as part of our organisation’s day-to-day activities or as a requirement of the Services.
You may have heard Special Category Personal Data be called ‘sensitive’ data. Special Category Personal Data is subject to enhanced protections under the UK GDPR. We also require your explicit consent to process it.
We may process your Special Category Personal Data in two different contexts:
1. The Application is interactive, so you may choose to provide us with Special Category Personal Data contained in any User Content Data and/or Profile Data. It is entirely your choice.
Special Category Personal Data that may be provided to us by you, and by us to you when you use the Application, includes the following types of personal data:
We do not collect biometric data, as we do not require it to verify you. We do not collect genetic data, as we do not provide any Service that requires that information.
To use a straightforward example, we would only process Special Category Personal Data where you were to upload an image via the Application of you attending a political rally.
Any types of the personal data we collect, as listed in the ‘What personal data do we collect?’ section above, could contain your Special Category Personal Data.
It follows that we may also process personal data about criminality, which is also subject to special protections. However, please note that such content (whether uploaded by you or generated by the Application) would likely breach our Acceptable Use Policy.
Please note that where you provide us with your Special Category Personal Data or generate Special Category Personal Data about someone else: (i) you need their explicit consent and (ii) it is more likely to be in breach of our Acceptable Use Policy. We continually monitor the Application to ensure compliance. Please see more information about content moderation in section ‘Content moderation’ below.
2. The publicly available images and/or videos that the Application’s AI model(s) are trained on may contain Special Category Personal Data.
Likewise, we monitor the data the Application’s AI model(s) are trained on and we have internal policies and procedures in place to minimise exposure to that information. Please see more information about content moderation in section ‘Content moderation’ below.
Children’s personal data
The Website is not intended for individuals under the age of 18 and we do not knowingly collect data relating to children.
You may not create an account for and/or otherwise use the Application if you are under 18.
Further, it is a breach of our Acceptable Use Policy to upload User Content Data that contains data pertaining to individuals under the age of 18 or to otherwise prompt the Application to generate content of such individuals.
If we detect a child’s personal data within the Application, we delete it. We will inform you if this is the case.
Personal data of non-users
If you provide us with images or videos in any User Content Data that contains the personal data of someone other than you, you are responsible for ensuring that you have the relevant person’s or persons’ consent and authorisation to provide us with that personal data. Uploading images and videos about someone else without their permission is a breach of our Acceptable Use Policy.
In respect of Other Source Data, we either (i) have specific arrangements with organisations to access their data (including personal data) under a licence, or (ii) access information that is publicly available on the internet.
The Application’s AI model works in such a way that Other Source Data is retained on our systems and servers, but only to develop the AI so it may produce User Content Data. The AI ‘learns’ from the information (including Other Source Data) publicly available on the internet or under licence, and the model improves with each iteration. It will be analysed by each iteration of the relevant model so long as it is available on the relevant database. Once our model has been updated or changed, any Other Source Data it has retained is deleted.
That said, Other Source Data may be included in any content that is generated by the Application at the request of a user. For the avoidance of doubt, however, the Other Source Data is not directly redistributed to any other party when User Content Data is generated by the Application at a user’s request. The AI generates a likeness of it, because it is using Other Source Data to enhance itself and its abilities. For this reason, Other Source Data may be included in User Content Data – but only in this form.
Not all information we collect from public sources will directly or indirectly enable us to identify you (where we could take reasonable steps to do so). Where it does not, it is not personal data under the UK GDPR (and consequently not Other Source Data) - we can use such data without recourse to you. However, pursuant to ICO guidance, our general practice is to treat all information collected from public sources as Other Source Data.
We have policies, procedures, and in-built algorithms within the application to filter out Other Source Data that would contravene our Acceptable Use Policy or content moderation policies. Please see more information about content moderation in section ‘Content moderation’ below.
If you believe that your personal data is being processed by us as part of any Other Source Data, you may contact us to exercise your data subject rights including your right to access, correct, restrict, delete, or transfer your personal data as detailed in in section ‘Your Rights’ below.
3. How is your personal information collected?
Direct interactions
When you contact us via our contact details on our Website, we may collect, store, and use the personal data that you disclose to us. You may also disclose your personal data when you request marketing materials to be sent to you, or participate in social media interactions with us (outside of the Website).
You may also provide us with personal data when you register for an account to use the Application, use the Application (including where you supply to us User Content Data for the Application to utilise at your request), or contact us via the Application.
Remember, where you provide us with personal data through your use of the Application that is not yours, you are responsible for having the necessary consents and/or notices in place to do so.
Content moderation
We monitor all User Content Data that we process by your use of the Application. This means that, where you provide User Content Data that breaches our Acceptable Use Policy or otherwise contravenes our EULA, it may be removed. Alternatively, it may not be possible for the Application’s AI model(s) to use such User Content Data at all.
Our approach to content moderation combines advanced machine learning algorithms with a vigilant human touch. On the digital front, our algorithms are adept at detecting and blocking not safe for work (“NSFW”) content, including inappropriate text, images, and videos, before they are published. Complementing this, our dedicated team of moderators work in shifts to meticulously monitor User Content Data, ensuring an extra layer of safeguarding against inappropriate material or material that otherwise contravenes our Acceptable Use Policy.
Automated technologies or interactions
We may also collect information about you when you visit and interact with the Website through the use of technology. We do not currently use cookies on the Website.
The following are examples of information we may collect:
· Technical Data;
· Website Usage Data;
· information about links that you click and pages you view via the Website;
· length of visits to certain pages;
· subjects you viewed or searched for;
· page response times;
· records of download errors, broken links, crash reports and/or performance logs;
· page interaction information (such as details of your scrolling, clicks, and mouse-overs) keystroke patterns or rhythms;
· methods used to browse away from the page; and
· the full Uniform Resource Locators clickstream to, through and from our Website (including date and time).
When you use the Application, we use automated technologies to collect Application Usage Data, which includes:
· your approval or disapproval of content generated by the Application.
Third parties
We obtain Technical Data from third party analytics providers such as Google to monitor and improve our website.
We obtain Other Source Data from third party databases, as described in the ‘Personal data of non-users’ section above.
We may also receive Contact Data and other personal data from Apple, Google, or Discord when you download or utilise the Application.
Interactions with other users
When you use the Application to interact with other users, we will collect both the data that you share as well as data about how you are interacting with other users.
So, for example, if you share your generated User Content Data with others, or post it on a community page, we will collect information about that content, which can include the geolocation, date and time the content was communicated and method of communication, as well as the fact that you shared that content.
We also collect data about community pages and posts that you view, and those that you indicate you like or approve of (such as where you use voting or approval buttons without actually posting a written message in response). Taken together, this often gives us a fairly detailed picture of what users like to talk about and who they like to talk with.
Please always remember that when you share a community page, or post content to it, your User Content Data will be viewable by other users. So not only will we collect information about your posts, but other users will be able to see the information that you have posted as well.
Updating your information
If you want to update the information you have previously given to us, you can do so via the Application or by contacting us.
4. How and why do we use and/or share your personal data?
We may use your personal data for the purposes set out below:
· To provide you, your organisation, or our customers with our Services and maintain them.
· To develop and improve our Services.
· To communicate with you to provide you with technical information about our Services and other relevant content related to your or your organisation’s use of the Services.
· To market the Application and our Services to you, your organisation, and third parties and understand the effectiveness of that advertising.
· To administer and protect our business and the Website.
· To prevent fraud and misuse of our Services.
· To respond to a request from a legal authority.
Please note that only Application Usage Data and Other Source Data is utilised to train the Application’s AI model(s) to improve our Services. We do not use any other type of personal data to train our model(s).
You may opt-out of our use of Application Usage Data to train the Application’s AI model(s) by contacting us. Such an opt-out will not affect the legality of our processing prior to you opting-out.
As stated, you may potentially object to our use of Other Source Data by contacting us.
Our lawful basis for processing your personal data
We will only use your personal data when the law allows us to. For ease, set out below in tabular format are the legal bases on which we rely when we collect your personal data and the types of personal data we collect in respect of each purpose.
|
Activity |
Examples of the personal data we may collect |
Lawful basis for processing |
|
To provide and maintain our Services (including to register you as a user of the Application) to you |
(a) Identity Data (including Facial Data) (b) Device Data (c) Other Source Data (d) Profile Data (e) Location Data (f) User Content Data |
Performance of a contract with you |
|
To provide and maintain our Services (including to register you as a user of the Application) to your organisation |
(a) Identity Data (including Facial Data) (b) Device Data (c) Other Source Data (d) Profile Data (e) Location Data (f) User Content Data |
Necessary for our legitimate interests (to provide our services to your organisation) |
|
To provide and maintain our Services (where your personal data is included in User Content Data, but you are not our customer) to our customers |
(a) Other Source Data (b) User Content Data |
Necessary for our legitimate interests (to provide our services to our customers) |
|
To provide and maintain our Services at any point at which you provide us with Special Category Personal Data that belongs to you |
(a) User Content Data
|
Your explicit consent (obtained when you registered to use the Application) |
|
To develop and improve our Services |
(a) Application Usage Data (b) Other Source Data |
Necessary for our legitimate interests (to develop an advanced AI model, which benefits us commercially) and the legitimate interests of society as a whole (to develop an advanced AI model, a key future technology) |
|
To provide, develop and improve our Services, where Other Source Data contains Special Category Personal Data |
(a) Other Source Data |
Processing relates to personal data which is manifestly made public by you |
|
To receive your organisation’s goods or services |
(a) Identity Data (b) Contact Data (c) CV Data |
Necessary for our legitimate interests (to receive goods or services from suppliers) |
|
To consider your organisation’s offer to supply goods or services to us |
(a) Identity Data (b) Contact Data (c) CV Data |
Necessary for our legitimate interests (to identify potential suppliers to receive goods or services from) |
|
To consider your application for a job or internship with us |
(a) Identity Data (b) Contact Data (c) CV Data |
Necessary for our legitimate interests (to consider job or internship applicants) |
|
To communicate with you to provide you with technical information about our Services and other relevant content related to your use of the Services
|
(a) Identity Data (b) Contact Data (c) Location Data (d) Profile Data (e) Device Data |
Performance of a contract with you |
|
To communicate with you to provide you with technical information about our Services and other relevant content related to your organisation’s use of the Services
|
(a) Identity Data (b) Contact Data (c) Location Data (d) Profile Data (e) Device Data |
Necessary for our legitimate interests (to provide our services to your organisation) |
|
To receive communications from you via the Website |
(a) Identity Data (b) Contact Data |
Necessary for our legitimate interests (to enable users to contact us via the Website) |
|
To market the Application and our Services to you and third parties and understand the effectiveness of that advertising
|
(a) Marketing and Communications Data (b) Identity Data (c) Contact Data (d) Profile Data (e) Location Data (f) Website Usage Data (g) Technical Data (h) Device Data |
Necessary for our legitimate interests (to develop and grow our business, to study how customers use our Services, and to inform our marketing strategy) |
|
To administer and protect our business and the Website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) and to prevent fraud and misuse of our Services |
(a) Identity Data (b) Contact Data (c) Technical Data (d) Device Data (e) Location Data (f) User Content Data (g) Other Source Data (h) Profile Data |
Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise) |
|
To respond to a request from a legal authority
|
(a) Identity Data (b) Contact Data (c) Technical Data (d) Device Data (e) Profile Data (f) Location Data (g) User Content Data (h) Other Source Data (i) Website Usage Data |
Where necessary to comply with a legal obligation |
Marketing and Communications
We may use your personal data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which services and offers may be relevant for you (we call this marketing).
You will receive marketing communications from us if you have requested information from us or used the Application and/or our Services and you have not opted out of receiving that marketing.
We will get your express opt-in consent before we share your personal data with any third party for marketing purposes.
Opting out of marketing
To unsubscribe from marketing emails at any time, please click on the unsubscribe link at the bottom of any marketing email. You may also contact us to opt-out of any marketing emails received from us.
Sharing your personal data
Depending on how and why you provide us with your personal data we may share it in the following ways:
· we may share your personal data with any member of our company group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006;
· with selected third parties to which we sub-contract to provide various services and/or aspects of the functionality of the Website and/or the Application such as where third parties provide functionality like cloud computing services, message boards or image hosting services (see “Service Providers” below); and
· with analytics and search engine providers that assist us in the improvement and optimisation of our Website as described above.
We may also disclose your personal data to third parties in the following events:
· if we were to sell or buy any business or assets, in which case we might disclose your personal data to the prospective seller or buyer of such business or assets as part of that transaction;
· if we or substantially all of our assets are acquired by a third-party, in which case personal data held by us about our customers and contacts will be one of the transferred assets; and/or
· if we are under a duty to disclose or share your personal data in order to comply with any legal obligation (such as to the police or HMRC), or if we are asked to provide your details to a lawful authority in order to aid in the investigation of crime or disorder.
For the avoidance of doubt, we do not share your personal data (including any User Content Data) with private third parties for their own purposes (commercial or otherwise).
The only external data sharing we carry out with private third parties in this context is in respect of anonymised data and aggregated Usage Data (in a form that cannot be reversed).
In simple terms: we do not sell your personal data.
Service Providers (Data Processors)
Our service providers provide us with a variety of administrative, statistical, and technical services. We will only provide service providers with the minimum amount of personal data they need to fulfil the services we request, and we stipulate that they protect this data and do not use it for any other purpose.
We take these relationships seriously and oblige all of our data processors to sign contracts with us that clearly set out their commitment to respecting individual rights, and their commitments to assisting us to help you exercise your rights as a data subject. In line with the UK GDPR, our data processors only process personal data on our instructions.
We do not allow our third-party service providers to use your personal data for their own purposes.
The following is a list of the types of major service providers we use:
· Cloud computing service providers – Alibaba Cloud, Google Cloud.
· IT service providers such as Slack Technologies and Google.
· Payment processors such as Stripe.
· Professional advisers including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services.
· Data monitoring and analysis service providers such as Google.
Change of purpose
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
5. For how long do we keep your personal data?
Data retention is an important part of protecting your personal data. Accordingly, please note the following key points about personal data that are relevant to the Application:
1. When you provide us with User Content Data, it is automatically deleted and not retained on a database used by the Application’s AI model(s) by us after the Application provides you with the User Content Data you requested. Some uploaded User Content Data (such as prompts) remain on your user account, but this information is no longer used by the Application’s AI model(s).
2. When we provide you with User Content Data generated by the Application at your request, it will be downloaded to your device. It is periodically deleted from our servers: please ensure that you retain the User Content Data that you wish to keep.
3. In terms of your Profile Data and other Identity Data you may provide to us to open an account, we will process any personal data for as long as you hold an account with us (subject to our account deletion procedure described below).
4. Application Usage Data, where you have not opted-out of our use of it, is utilised to train the Application’s AI model for a specific period between iterations of the model(s). Once a new version is released, the previous Application Usage Data is not retained by us.
5. As set out above, Other Source Data is retained for a limited period within our servers and/or systems where it is required by the relevant AI model, except where it is contained in generated User Content Data.
Account deletion
If you delete an account you have with us for use of the Application, we will retain all the personal data submitted to us for 30 days after your account is deleted. During this account deletion grace period, you can still change your mind and retrieve your account via your original profile information.
We may waive this grace period at your request if it is reasonable for us to do so (or otherwise required by law).
Further detail
Where you hold or have held a user account with us to use the Application, we will retain the personal data you provide to us only for as long as required to provide you or others with the services your or they have requested. For example, if you upload Facial Data to your profile, we will process that data until your account is deleted by you or at your request. We do not retain Facial Data for any longer than you ask us to or where we need to provide our services to other users (if, and only if, your Facial Data is contained in Other Source Data). If you provide us with Facial Data in any User Content Data, it is retained only to provide our services to you at your request and for no other purpose.
If your personal data is contained within User Content Data, but you do not hold an account with us and did not directly provide us with that data, such data will be processed as long as the relevant account is not deleted or until you exercise your relevant rights.
We also take steps to minimise the amount of personal data we process after an account is deleted. Whilst, by law, must keep basic information about our users (including Contact Data and some Identity Data – but for the avoidance of doubt not Facial Data) for six years after they cease being users for compliance purposes, only the minimum amount of personal data is retained by us to the extent necessary to comply with these types of obligations.
Where you do not or have not held a user account with us to use the Application, we will retain the personal data you provide to us in line with our internal retention period. To determine this retention period, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting, or other requirements.
We may also retain personal data to satisfy any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation with respect to our relationship with you.
In some circumstances you can ask us to delete your data: see ‘Your Rights’ below for further information.
We may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
Haiper takes the protection of your information very seriously. We are currently seeking to obtain an ISO 270001 certification.
Accordingly, we have put in place technologically and organisationally appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way, altered, or disclosed.
Where you use a password that enables you to access the Application, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
7. International Data Transfers
Please note that some of our service providers may be based outside of the UK. For example, two of our cloud datacentres are based in the US.
These service providers may work for us or for one of our suppliers and may be engaged in, among other things, the fulfilment of your request for information and the provision of our Services to you.
Whenever we transfer your personal data out of the UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
· We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data.
· Where we use certain service providers, we may use specific contracts approved for use in the UK which give personal data the same protection it has in the UK.
By submitting your personal information, you agree to this transfer, storing or processing. If you would like more information about the mechanism via which your personal data is transferred, please contact us.
As a data subject, you have a number of rights in relation to your personal data. Below, we have described the various rights that you have, as well as how you can exercise them.
· Request access to your personal data (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
· Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
· Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
· Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
· Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:
o if you want us to establish the data's accuracy;
o where our use of the data is unlawful but you do not want us to erase it;
o where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or
o you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
· Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
· Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent.
Exercising your rights
Our philosophy around your data subject rights is, broadly speaking, to comply with all legitimate exercises of them. In simple terms:
1. If you request the erasure of your User Content Data, we will delete it, subject to any legal requirement not to do so (e.g., to preserve evidence in a criminal investigation).
2. If your Other Source Data is included in any User Content Data, and you do not consent to that inclusion, we will delete that Other Source Data, subject to any legal requirement not to do so.
When you write to us making a request to exercise your rights, we are entitled to ask you to prove that you are who you say you are. We may ask you to provide copies of relevant ID documents to help us to verify your identity.
It will help us to process your request if you clearly state which right you wish to exercise and, where relevant, why it is that you are exercising it. The clearer and more specific you can be, the faster and more efficiently we can deal with your request. If you do not provide us with sufficient information, then we may delay actioning your request until you have provided us with additional information (and where this is the case, we will tell you).
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
We try to respond to all legitimate requests within one month. Occasionally, it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.