Updated on: 19 May, 2020
References to “Dataswift”, “we”, “us” or “our” are references to Dataswift Limited and references to “you” and “your” are references to the individual who is the owner of a PDA.
If you need help to understand how PDAs work, including the use of data debits and data plugs, then please refer to the [PDA User Guide] which is available at [https://resources.dataswift.io/contents/120e6d3f-0eca-4f30-abe4-e5ba2d05a069 ]. You can also get more information about PDAs here: (https://resources.dataswift.io/contents/aa510da1-4af9-463c-8fb7-da46fd24be81).
As a result of your use of a PDA or any Services, we will obtain the following information which will include personal data (i.e. information that can identify you directly (e.g. by name) or indirectly (e.g. by personal characteristics or an IP address)):
(a) Account Data – we obtain limited information about you when your PDA is first issued, such as your name and email address. Your email address is linked to your PDA. We will obtain additional information about you if you interact with us for any reason. We call this “Account Data”.
(b) Metadata – we will collect information about your device (if you are using a HAT App) and your use of our Services. This will include:
We call all of the above information “Metadata” and it may be capable of identifying you personally. We may anonymise Metadata to produce aggregated information about how our Services are used and to identify and understand behavioural trends.
(c) HAT Data – once your PDA is ready for use, you decide what data goes into and out of your “HAT Database”. Your HAT Database is a database within your PDA that is used to store text based data. The term “HAT Data” refers to (i) any data that is stored in your HAT Database and (ii) any data that you bring into your PDA (such as photos), but excludes File Storage System Data (see below). You are in control of how your HAT Data is used. You can allow third parties to transfer data into your HAT Database, or you may transfer data into your HAT database yourself. You decide the types of personal data that go into your HAT database and the purposes for which that data is used. For example, you decide whether to:
(d) File Storage System Data – unless put into a text based format, files cannot be stored in the HAT Database. They must be stored in a separate storage system that is part of the PDA and which we call the “File Storage System”. This File Storage System is provided by Amazon Web Services and managed by Dataswift. When you bring non-text based data into your PDA, this non-text data will get stored in the File Storage System – we call this data “File Storage System Data”. You are in control of how your File Storage System Data is used. You can allow third parties to transfer data into your File Storage System, or you can transfer data into your File Storage System yourself. You decide the types of data, including personal data, that go into your File Storage System and the purposes for which that data is used. For example, you decide whether to:
The person who is primarily responsible for complying with data protection law in respect of the processing* of personal data is called a “controller”. Who the controller is depends on the type of personal data that is being processed and the purpose for that processing:
(a) Account Data and Metadata – we use this data for some or all of the following purposes:
(a) Account Data and Metadata – we may disclose any of these types of data internally within our business (e.g. to our teams in customer services, legal, finance, marketing and sales) for any of the purposes described in section 3 above. We may also disclose this data to third parties:
(b) HAT Data and File Storage System Data – if you instruct us to do so, we will facilitate the sharing of your HAT Data and File Storage System Data to a third party. This may happen, for example, in connection with a data debit that you authorise or in relation to data exported via an application. We will not disclose your HAT Data or File Storage System without your prior consent (unless we are required to comply with law or respond to compulsory legal process such as a search warrant or court order, in which case we will use reasonable efforts to give you notice before making any disclosure unless we are prohibited from doing so by law). We will stop any disclosures if you withdraw your consent. If your PDA is administered by a Dataswift partner, they will have access to your personal data to register your PDA but will not have access to your HAT Data or File Storage System Data.
Dataswift's legal basis to process your personal data will depend on the purpose for which that data is being processed. In general, we justify the processing of personal data on one or more of the following bases:
(a) your consent – we will process your personal data if you have given us your consent, for example to carry out a data debit or use a data plug, or to allow us to send you emails about our products and services. You may withdraw your consent at any time by contacting us (see section 13 below). If you withdraw your consent it will not affect the lawfulness of any processing that has already taken place based on your consent prior to its withdrawal
(b) contract – the processing is necessary for the performance of the PDA Owner Agreement between you and Dataswift under which you obtained a HAT and receive Services. This legal basis applies, for example, to processing necessary to set up, operate and administer your PDA, provide maintenance and support, identify and authenticate you, and monitor your compliance with your contractual obligations and applicable policies
(c) legitimate interests – the processing is necessary for Dataswift's or a third party’s legitimate interests as long as these interests are not overridden by your privacy rights. This legal basis applies, for example, to processing necessary to better understand our HAT Owners (including profiling and behavioural analytics), and to carry out marketing and communicate with our PDA Owners about our products and services. You can ask us to stop contacting you for marketing purposes or to stop analysing your data for profiling purposes at any time.
(d) compliance with law – the processing is necessary to comply with our legal obligations or legal process (e.g. in connection with law enforcement, or fraud and crime prevention, or where we are required to disclose data under a court order).
Your use of our Services and your PDA may involve the transfer, storage and processing of your HAT Data, your Account Data and Metadata to countries outside the country of your residence. We will comply with applicable law when transferring your personal data. In particular, we will take appropriate measures to ensure any data that is transferred remains protected. Such measures may include the use of Standard Contractual Clauses approved by the European Commission to protect the transfer of personal data to countries outside the EEA (or equivalent measures approved in other jurisdictions, as relevant).
We retain Account Data and Metadata only for as long as necessary for the purpose for which that data was collected and in accordance with applicable law. We will destroy or erase this data from our systems when it is no longer required. As a general rule, we retain this data:
With regard to HAT Data and File Storage System Data, you decide how long to retain such data since you are in control of its deletion. You are free to delete your HAT Data and your File Storage System Data at any time by deleting your PDA. You do this by contacting us by email and requesting us to delete your PDA (see contact details in section 13 below). If you delete your PDA you will be deleting all of your HAT Data and File Storage System Data and there will be no way of reversing such deletion if you change your mind. We recommend you download your HAT Data and File Storage System Data before you delete your PDA. If we are required by law, we may retain certain information even if you delete your PDA. We will notify you if this is the case (unless we are prevented from doing so by law). We may also retain HAT Data and File Storage System Data following deletion of your PDA in our back up system files for a short period until the files are deleted.
We take protection of your HAT Data very seriously and have put in place appropriate physical, administrative and technical security measures to safeguard all the information we collect in connection with the provision of PDAs and Services. We continually review all such measures and update them when appropriate. Dataswift deploys multiple layers of protection to protect personal data stored in the HAT Microserver, whether at rest, in transit or in use.
Please be aware that although we take reasonable steps to protect your information, no website, Internet data transmission, computer system, or wireless connection is completely secure. As a result, while we strive to protect your personal information, Dataswift cannot ensure or warrant the security of any information you transmit via the Internet. By transmitting any such information to Dataswift, you accept that you do so at your own risk.
You have certain rights in relation to Account Data and Metadata that we process about you. These rights are:
If you would like to exercise any of your data subject rights in relation to Account Data and Metadata, please contact us (see section 13 for contact details).
With regard to HAT Data and File Storage System Data, you are the controller of this data, therefore you are able to satisfy all of the above rights yourself. If you are unable to do so then you can contact us and we will try to help you. Please refer to section 7 (above) for an explanation of how you can delete your HAT Data and File Storage .
You must be at least 18 years old to use a PDA or Services. We do not knowingly issue PDAs to children.
Sometimes things go wrong and you may feel unhappy about something we’ve done (or failed to do). You have the right to complain to the UK Information Commissioner’s office (or other appropriate data protection supervisory authority) if you think we have not complied with our data protection obligations – but before you do raise a complaint we’d very much like the opportunity to address your concerns or fix anything that we may have got wrong – so please contact us (details below) and give us a chance to make things right.
If you would like to exercise any of your data subject rights or contact us for any other purpose, you can do so in one of the following ways: