Dataswift Privacy Policy

Updated on: 19 May, 2020

This Privacy Policy applies if you use a Dataswift Personal Data Account (“PDA”) built upon the “Hub of All Things” MicroserverTM (“HAT”) technology. This Privacy Policy also applies to any other HAT-related applications, products and/or services that refer to or link to this Privacy Policy (“Services”).  This Privacy Policy forms part of and is incorporated into the PDA Owner Terms of Service.  Your rights to use your PDA, including ownership of any intellectual property rights in your personal data, are set out in the PDA Owner Terms of Service which is available [here].

References to “Dataswift”, “we”, “us” or “our” are references to Dataswift Limited and references to “you” and “your” are references to the individual who is the owner of a PDA.

If you need help to understand how PDAs work, including the use of data debits and data plugs, then please refer to the [PDA User Guide] which is available at [https://resources.dataswift.io/contents/120e6d3f-0eca-4f30-abe4-e5ba2d05a069 ].  You can also get more information about PDAs here: (https://resources.dataswift.io/contents/aa510da1-4af9-463c-8fb7-da46fd24be81).


1. Data we process about you

As a result of your use of a PDA or any Services, we will obtain the following information which will include personal data (i.e. information that can identify you directly (e.g. by name) or indirectly (e.g. by personal characteristics or an IP address)): 

(a) Account Data – we obtain limited information about you when your PDA is first issued, such as your name and email address.  Your email address is linked to your PDA.  We will obtain additional information about you if you interact with us for any reason.  We call this “Account Data”.

(b) Metadata – we will collect information about your device (if you are using a HAT App) and your use of our Services.  This will include:

  • information about user activity (e.g. we will log interactions between applications and your PDA, which will include your Personal Data Account name and your IP address)
  • information about user interactions and 
  • statistics on the Services offered by Dataswift or third party applications using the Services (e.g. statistics on data exchanges and transfers, as well as data volumes).  

We call all of the above information “Metadata” and it may be capable of identifying you personally.  We may anonymise Metadata to produce aggregated information about how our Services are used and to identify and understand behavioural trends. 

(c) HAT Data – once your PDA is ready for use, you decide what data goes into and out of your “HAT Database”.  Your HAT Database is a database within your PDA that is used to store text based data. The term “HAT Data” refers to (i) any data that is stored in your HAT Database and (ii) any data that you bring into your PDA (such as photos), but excludes File Storage System Data (see below).  You are in control of how your HAT Data is used.  You can allow third parties to transfer data into your HAT Database, or you may transfer data into your HAT database yourself.  You decide the types of personal data that go into your HAT database and the purposes for which that data is used.  For example, you decide whether to:  

  • transfer, exchange, donate or give your HAT Data to other PDAs or to third party applications.  You do this through the use of application data imports/exports or through the use of data debits and data plugs
  • create insights, tools and algorithms that transform your HAT Data within your HAT database, or generate new data within your HAT database
  • view, filter and search your HAT Data, including through the use of third party applications.

(d) File Storage System Data – unless put into a text based format, files cannot be stored in the HAT Database. They must be stored in a separate storage system that is part of the PDA and which we call the “File Storage System”.  This File Storage System is provided by Amazon Web Services and managed by Dataswift.  When you bring non-text based data into your PDA, this non-text data will get stored in the File Storage System – we call this data “File Storage System Data”.  You are in control of how your File Storage System Data is used.  You can allow third parties to transfer data into your File Storage System, or you can transfer data into your File Storage System yourself.  You decide the types of data, including personal data, that go into your File Storage System and the purposes for which that data is used.  For example, you decide whether to:

  • transfer, exchange, donate or give your File Storage System Data to other PDAs or to third party applications.  You do this through the use of application data imports/exports or through the use of data debits and data plugs
  • view, filter and search your File Storage System Data, including through the use of third party applications.

 

2. Who is the controller

The person who is primarily responsible for complying with data protection law in respect of the processing* of personal data is called a “controller”.  Who the controller is depends on the type of personal data that is being processed and the purpose for that processing:

  • Account Data and Metadata – Dataswift Limited is the controller.  Our contact details are set out in the Contact Us section below
  • HAT Data – you are the controller
  • File Storage System Data – you are the controller
  • Data transferred into your PDA by third parties – third parties that import data into your PDA using applications or data plugs (in accordance with your instructions) are controllers of the data when it is being transferred into your PDA.  Once the data is received and stored in your HAT database, you become the controller of that data
  • Data transferred out of your PDA to third parties – third parties that export data from your PDA using applications or data debits (in accordance with your instructions) are controllers of the data when they receive it.  You remain a controller of the data that is stored in your HAT Database.

*When we refer to “processing” in this Privacy Policy we mean anything that can be done with personal data, including collection, holding, retrieving, consulting, using, disclosing, erasing and destruction.


3. Purposes for the processing of data

(a) Account Data and Metadata – we use this data for some or all of the following purposes:

  • to set up, operate and administer your PDA
  • to provide a service or feature you request (including operating and managing data plugs and data debits)
  • to supervise your compliance with policies that apply to the Services, such as the Acceptable Use Policy, and your compliance with the HAT Owner Agreement
  • to contact you to ask for feedback and to carry out market research and customer surveys
  • to provide maintenance and technical support
  • to understand the way you use our Services so that we can improve your experience and offer the most relevant communications, services and experiences
  • to protect the security of our network and prevent abusive behaviour
  • to better understand our PDA owners, which may include analytics and/or carrying out analysisbased on interactions with your PDA and our Services
  • to comply with our obligations under applicable law and to prevent fraud and other prohibited or illegal activities
  • to contact you by email and/or via your HAT App about the operation and use of your PDA and Services.  You should add Dataswift to your contacts to ensure these Service related emails do not go into a spam or junk folder and you should check your HAT App periodically for any notifications
  • with your prior consent, to contact you by any reasonable method, including by email or via your HAT App, with updates and news about your PDA and the Services we provide.  You can unsubscribe at any time
  • otherwise with your separate consent.

(b) HAT Data and File Storage System Data – we do not process your HAT Data or File Storage System Data except to the limited extent required to provide you with your PDA and Services, to comply with applicable law or legal process, or as otherwise specifically set out in this Privacy Policy.  Except as described in this paragraph, all other processing (including access) to your HAT Data and File Storage System Data is controlled by you.


4. Who we share data with and why

(a) Account Data and Metadata – we may disclose any of these types of data internally within our business (e.g. to our teams in customer services, legal, finance, marketing and sales) for any of the purposes described in section 3 above.  We may also disclose this data to third parties:

  • to comply with law or respond to compulsory legal process (such as a search warrant or other court order)
  • to verify or enforce compliance with the policies governing our Services
  • to protect the rights, property, or safety of Dataswift, our affiliates, business partners, or customers
  • where necessary as part of a merger, divestment, restructure, reorganisation, transfer, acquisition or sale, or in the event of a bankruptcy
  • with your consent or at your request
  • for research purposes.

(b) HAT Data and File Storage System Data – if you instruct us to do so, we will facilitate the sharing of your HAT Data and File Storage System Data to a third party.  This may happen, for example, in connection with a data debit that you authorise or in relation to data exported via an application.  We will not disclose your HAT Data or File Storage System without your prior consent (unless we are required to comply with law or respond to compulsory legal process such as a search warrant or court order, in which case we will use reasonable efforts to give you notice before making any disclosure unless we are prohibited from doing so by law).  We will stop any disclosures if you withdraw your consent.  If your PDA is administered by a Dataswift partner, they will have access to your personal data to register your PDA but will not have access to your HAT Data or File Storage System Data.


5. Legal basis for processing

Dataswift's legal basis to process your personal data will depend on the purpose for which that data is being processed.  In general, we justify the processing of personal data on one or more of the following bases:

(a) your consent – we will process your personal data if you have given us your consent, for example to carry out a data debit or use a data plug, or to allow us to send you emails about our products and services.  You may withdraw your consent at any time by contacting us (see section 13 below).  If you withdraw your consent it will not affect the lawfulness of any processing that has already taken place based on your consent prior to its withdrawal

(b) contract – the processing is necessary for the performance of the PDA Owner Agreement between you and Dataswift under which you obtained a HAT and receive Services.  This legal basis applies, for example, to processing necessary to set up, operate and administer your PDA, provide maintenance and support, identify and authenticate you, and monitor your compliance with your contractual obligations and applicable policies

(c) legitimate interests – the processing is necessary for Dataswift's or a third party’s legitimate interests as long as these interests are not overridden by your privacy rights.  This legal basis applies, for example, to processing necessary to better understand our HAT Owners (including profiling and behavioural analytics), and to carry out marketing and communicate with our PDA Owners about our products and services.  You can ask us to stop contacting you for marketing purposes or to stop analysing your data for profiling purposes at any time. 

(d) compliance with law – the processing is necessary to comply with our legal obligations or legal process (e.g. in connection with law enforcement, or fraud and crime prevention, or where we are required to disclose data under a court order).


6. International Transfers 

Your use of our Services and your PDA may involve the transfer, storage and processing of your HAT Data, your Account Data and Metadata to countries outside the country of your residence.  We will comply with applicable law when transferring your personal data.  In particular, we will take appropriate measures to ensure any data that is transferred remains protected.  Such measures may include the use of Standard Contractual Clauses approved by the European Commission to protect the transfer of personal data to countries outside the EEA (or equivalent measures approved in other jurisdictions, as relevant).  


7. Data Retention

We retain Account Data and Metadata only for as long as necessary for the purpose for which that data was collected and in accordance with applicable law.  We will destroy or erase this data from our systems when it is no longer required.  As a general rule, we retain this data:

  • for at least the duration for which the data is used in connection with any Services
  • as required under law, a contract, or with regard to our statutory obligations
  • for as long as is necessary for our internal business purposes, for research purposes or statistical  purposes, subject to appropriate safeguards.

With regard to HAT Data and File Storage System Data, you decide how long to retain such data since you are in control of its deletion.  You are free to delete your HAT Data and your File Storage System Data at any time by deleting your PDA.  You do this by contacting us by email and requesting us to delete your PDA (see contact details in section 13 below).  If you delete your PDA you will be deleting all of your HAT Data and File Storage System Data and there will be no way of reversing such deletion if you change your mind.  We recommend you download your HAT Data and File Storage System Data before you delete your PDA.  If we are required by law, we may retain certain information even if you delete your PDA.  We will notify you if this is the case (unless we are prevented from doing so by law).  We may also retain HAT Data and File Storage System Data following deletion of your PDA in our back up system files for a short period until the files are deleted.


8. Keeping your information secure

We take protection of your HAT Data very seriously and have put in place appropriate physical, administrative and technical security measures to safeguard all the information we collect in connection with the provision of PDAs and Services.  We continually review all such measures and update them when appropriate.  Dataswift deploys multiple layers of protection to protect personal data stored in the HAT Microserver, whether at rest, in transit or in use.       

Please be aware that although we take reasonable steps to protect your information, no website, Internet data transmission, computer system, or wireless connection is completely secure.  As a result, while we strive to protect your personal information, Dataswift cannot ensure or warrant the security of any information you transmit via the Internet.  By transmitting any such information to Dataswift, you accept that you do so at your own risk.

9. Your privacy rights

You have certain rights in relation to Account Data and Metadata that we process about you.  These rights are:

  • access – you have the right to obtain access to such personal data 
  • rectification – you have the right to obtain the rectification of inaccurate personal data
  • erasure – you have the right to obtain erasure of personal data in certain circumstances
  • restriction of processing – you have the right to obtain the restriction of processing of your personal data in certain circumstances
  • objection to processing – you have the right to object (in certain circumstances) to the processing of your personal data that is based on our legitimate interests, including profiling.  In particular, you have the right to object at any time to processing of your personal data for direct marketing purposes 
  • data portability – you have the right to receive the personal data concerning you (which you have provided to us) in a structured, commonly used and machine readable format and have the right to share that data with others.

If you would like to exercise any of your data subject rights in relation to Account Data and Metadata, please contact us (see section 13 for contact details).

With regard to HAT Data and File Storage System Data, you are the controller of this data, therefore you are able to satisfy all of the above rights yourself. If you are unable to do so then you can contact us and we will try to help you. Please refer to section 7 (above) for an explanation of how you can delete your HAT Data and File Storage .


10.Children

You must be at least 18 years old to use a PDA or Services.  We do not knowingly issue PDAs to children.


11. Privacy policies of third parties

Dataswift bears no responsibility for the policies of third parties on the collection and use of your HAT Data.  When your HAT Data is shared with third parties in accordance with this Privacy Policy, the collection and use of such HAT Data by third parties will be subject to their privacy policies as well as laws applicable to them.


12. Complaints

Sometimes things go wrong and you may feel unhappy about something we’ve done (or failed to do).  You have the right to complain to the UK Information Commissioner’s office (or other appropriate data protection supervisory authority) if you think we have not complied with our data protection obligations – but before you do raise a complaint we’d very much like the opportunity to address your concerns or fix anything that we may have got wrong – so please contact us (details below) and give us a chance to make things right.

13. Contact details 

If you would like to exercise any of your data subject rights or contact us for any other purpose, you can do so in one of the following ways:


14. Updates to this Privacy Policy

This Privacy Policy is subject to change and may be updated on a regular basis.  It is important that you check back often for updates to this Privacy Policy.  If we update the Privacy Policy, we will let you know in advance about changes we consider to be material by placing a notice on relevant Services or by emailing you, where appropriate.  The most current version of this Privacy Policy will be available on our website.  You can check the "effective date" posted at the top to see when the Privacy Policy was last updated.  If you continue to use your PDA and/or our Services following the upload of a new version of this Privacy Policy on Dataswift's website, it means that you accept the changes.

Stay up to date on the latest from Dataswift

Join our newsletter.
Thank you! You're one step closer to benefitting from the Ethical Data Economy
Oops! Something went wrong while submitting the form.