< Back home

Privacy Policy

Introduction {#introduction}

This is the privacy notice of EverKnock Ltd, which tells you how we collect
personal information and what you should expect us to do with it. It applies
to all of our public-facing and customer-facing activities.

We are committed to protecting your privacy and the confidentiality of your
personal information. Our policy is not just an exercise in complying with the
law, but a continuation of our respect for you: in this document we have tried
to find an appropriate balance between technicalities and keeping our practices
clear, easy to understand and easily accessible.

Please read this document carefully to ensure you are well informed about the
way we process personal data, and feel free to contact us if you
think this document is unclear or if you have any concerns.

Our contact details {#contact}

In this document, the terms "we", "us" and "our" refer to EverKnock Ltd, a
limited company registered in England and Wales under company number 12633808.

Our registered office is at: International House, 24 Holborn Viaduct, London,
England, EC1A 2BN.

To contact us about a privacy-related matter, you may:

In the terminology of the relevant legislation, EverKnock Ltd is the "Data
Controller" for the personal information we process.

Definitions {#definitions}

The term "personal information" or "personal data" means any identifiable
information about you, such as (by way of example) your name, address,
e-mail address or telephone number.

In the context of the law and this notice, "process" means collect, store,
transfer, use or otherwise act on information.

The term "anonymised" refers to data that is processed in a way that cannot
identify you or any other person. The term "pseudonymous" refers to the
process of substituting your identity so that additional information is needed
to identify you; the process is reversible, but only by the person who holds
the right information.

Unless the context clearly indicates otherwise, throughout this document, terms
in the singular form shall include the plural (and vice versa) and any gender
form shall include all others. General words shall not be given a restrictive
interpretation by reason of being preceded or followed by words indicating a
particular class of acts, matters or things.

Your rights under data protection law {#your-rights}

Our policy is designed to comply with the Data Protection Act 2018 (DPA),
accordingly incorporating the EU General Data Protection Regulation (GDPR).

The law requires us to tell you about your rights and our obligations to you in
regard to the processing and control of your personal data:

The right to be informed
: You have the right to be informed about how and why we process your personal
data. In this privacy notice we set out the different kinds of personal data
that we may collect, use, store and transfer; and the lawful basis under
which we process this information.

The right of access
: You have the right to ask us to confirm whether your personal data is being
processed and to request a copy of the personal data we hold about you.

The right to rectification
: You have the right to ask us to rectify or complete information you think is
inaccurate or incomplete.

The right to erasure (or the right to be forgotten)
: You have the right to ask us to erase personal data we hold about you when
there is no longer a compelling reason for us to continue to hold it.

The right to restrict processing
: You have the right to limit the way we use your personal data, rather than
asking us to erase it, if you are concerned about the accuracy of the data
or about how it is being used.

The right to data portability
: You have the right to request a copy of personal data that you have provided
to us and which we hold electronically in an electronic, machine-readable
format; and you may reuse that copy for your own purposes.

Rights in relation to automated decision-making and profiling
: You have the right to object to profiling and to request human involvement
in decisions we make about you.

The right to prevent direct marketing
: You have the right to ask us not to use your data for direct marketing
purposes, including profiling.

The right to object to the use of your data
: You have the right to object to the way in which we process your personal
data, for example if you think we have used your data in a way that you
didn't reasonably expect when the data was supplied to us.

The right to raise a concern
: If you are concerned about the way we are handling your information, or if
you think our privacy policy fails to satisfy the law of your jurisdiction,
we would like to hear from you.

The right to complain
: If, after raising a concern with us, you remain dissatisfied about how we
process your personal information, you have a right to lodge a complaint with
the Information Commissioner's Office (ICO):
https://ico.org.uk/make-a-complaint/

Should you require more detailed information about these rights, we request
that you read the information published by the Information Commissioner's
Office at: https://ico.org.uk/your-data-matters/

In addition to any other means we might provide, you always have the option to
exercise any of your data protection rights by contacting us using the contact details above.

Please note that we are entitled to charge a reasonable fee to cover our
administrative expenses if your request is manifestly unfounded, excessive or
repetitive, or if you request further copies of data we have already provided.

When you browse our websites and access our digital services {#browsing}

We record data about your interactions and engagement with our websites and
digital services, including (for example) when you view pages/screens, click
or scroll within an app or website. This type of data is often referred to as
"analytics". It helps us to understand how people use our services. By default,
we anonymise analytics data by aggregating it with data from other visitors.

We also record technical data associated with requests by your device or web
browser to our servers. This type of data is often referred to as "logs" and
"metrics". It helps us to understand the technical performance of our services,
to diagnose and resolve technical issues, and to respond to security incidents.
Log data may include personally identifiable information such as your IP
address, geographical location, or details of the device you are using; metrics
are anonymised by aggregation.

We process analytics, logs and metrics on the basis of our legitimate interest
in making informed decisions to improve the quality, user experience,
performance and security of our services; and indirectly on the basis that this
benefits you, our customer/user.

As part of our analytics gathering, we observe patterns of navigation around
our services by assigning a unique, pseudonymous identifier to your device and
using this identifier to connect sequences of related interactions. The data we
collect is then anonymised by aggregating it with data from other visitors. When
we ask for your consent to store analytics "cookies" on your device,
this is for the purpose of storing these pseudonymous identifiers.

We would like to observe your patterns of navigation over a period of time,
across multiple browsing sessions and potentially across multiple devices, on
the basis of our legitimate interest in making more informed decisions about
product improvements. If you object to "tracking", you may enable the "Do Not Track" (DNT) feature of your web
browser or you may withdraw your consent for storing cookies. When cookies are
enabled and DNT is turned on, we set the analytics cookies to expire at the end
of your session, which means we cannot connect your browsing sessions.

Because logs and tracking data might reveal information about the way you were
using our services at a particular time, a person knowing the context of your
activities may be able to relate this information to you personally. You should
be aware of this if you request assistance from our technical support team, as
they may inspect the logs and analytics to diagnose the issue, in order to
provide the support you have requested.

We use the following third-party providers to process analytics, logs and
metrics on our behalf, but we do not permit them to use your data in any way
other than as instructed by us and as described in this document:

When you communicate with us {#communicating}

When you contact us, we collect the data you have given us in order to reply
with the information you need. This includes personal data, such as your name
and contact details.

We may store requests and replies on the basis of our legitimate interests in
using the context of previous communications to provide a higher quality
service to you; or for the purpose of establishing, exercising or defending
legal claims.

When you have expressed an intent to do business with us, for example by
requesting a quote, we may follow up with you in the context of entering into a contract.

If you contact us with a complaint, and if your complaint reasonably requires
us to contact some other person, we may decide (at our sole discretion) to give
to that person some of the information contained in your complaint, on the
basis that this is necessary to respond to your complaint.

We may compile anonymised statistics regarding our communications to assess the
level of service we provide.

When there is a contract or agreement between us {#contractual}

When you buy a product or service from us, create an account on one of our
digital services, or otherwise agree to our terms and conditions, a contract is
formed between you and us. We collect the information we need to establish and
carry out that legal contract. This usually includes personal information such
as (by way of example) your name and contact details, plus any other data you
supply us in the course of fulfilling our obligations under the contract.

We may also use the information you supply as part of a verification procedure,
for security and fraud prevention purposes, and to ensure we are not recording
inaccurate information.

We will continue to process your information until the contract between us ends
or is terminated. We will also retain information related to contractual
obligations after the termination of the contract, as is necessary for the
proper record-keeping and administration of our business; for the purpose of
establishing, exercising or defending legal claims; and to enable use to comply
with legal obligations such as keeping financial records.

Where we need to collect personal data by law, or under the terms of a contract
we have with you, and you fail to provide that data when requested, this may
limit our ability to perform our obligations. In that case, we may have to stop
providing a service to you. If so, we will notify you of this at the time.

It is important that the personal data we hold about you is accurate and
current. Please keep us informed if the personal data you have supplied us
changes. If you fail to keep your data updated, or ask us to remove data, this
may limit our ability to perform our obligations.

As a registered user of our digital services {#registered-users}

We may use your contact details to uniquely identify you when you log in, and
thereby maintain the security of your account; and to send you routine customer
service messages as part of your use of the services.

We may also use the information you supply as part of a verification procedure,
for security and fraud prevention purposes, and to ensure we are not recording
inaccurate information.

When you sign in to our services using a third-party login service, such as
"Sign in with Google" or "Sign in with Apple", the third party sends us your
basic profile details. We import your name, contact details and localization
preferences for the purpose of setting up and maintaining your account with us.
You should consult the third party's privacy policy to learn whether and how
they use information about your use of our services:

When you are logged into our services, we would like to record your pattern of
interactions, so that we can personalise your experience and on the basis of
our legitimate interest in making more informed decisions about product
improvements. This is often referred to as "tracking". We respect that you may
not want to be tracked in this way, and therefore offer a setting that allows
you to opt out of tracking. When you have opted out, we still collect anonymous
analytics, but we do not connect these to your user account.

We would like to use your tracking data to send you personalised messages and
in-app announcements to promote features and encourage you to engage with our
services. We may do this using a "soft opt-in", which means providing the
opportunity to refuse such messages when you first sign up for the service, and
providing a simple opportunity to opt out of further messages in every message
we send.

Regarding content in our digital services {#content}

Some of our digital services may allow you to post information with a view to
that information being stored and shared with other people, such as populating
a profile or using a messaging facility. We only use this information for this
purpose. However, before you post it, you should satisfy yourself as to how the
recipients of this information might use it, as we have no control over the
data once it has been shared in this way.

Because users are responsible for the content they post, we will consider any
reasonable complaint, balancing your right to complain against the right of the
person who posted the content that offends you. If we feel it is justified or
if we believe the law requires us to do so, we may remove content during or
following investigation.

Information we obtain from third parties {#third-party-sources}

When you enter data into our services, we may cross-reference this data with
these third-party sources, on the basis of your legitimate interest in
convenience of populating more complete information:

We will indicate that we intend to cross-reference data with a third party by
displaying an attribution such as (for example) "Powered by Google". If you
do not consent to sharing your data with that provider, you should not enter
your data where the attribution is displayed. If you do choose to share your
data with the third party, their use of your information is subject to their
own privacy policy, referenced above.

Where technically feasible, we will endeavour to obfuscate any personally
identifiable information from the third-party provider and/or we will provide
an alternative way to enter data that does not involve sharing personally
identifiable information with a third party.

When you make a payment to us {#make-payment}

When you supply your payment details to make a payment to us, you are actually
supplying these directly to one of our trusted payment service providers, whose
use of your information is subject to their own privacy policy, referenced
here. Your payment details are never shared with us.

To assist in combating fraud, we may share information with credit reference
agencies, so far as it relates to clients or customers who instruct their bank
or card issuer to cancel payment to us without having first provided an
acceptable reason to us and given us the opportunity to refund their money.

Marketing messages from us {#marketing}

With your consent, we would like to be able to contact you with marketing
messages about products and services that are similar to those you have bought,
or negotiated to buy, from us in the past. We may do this using a "soft
opt-in", which means providing the opportunity to refuse such marketing when we
first collect your contact details, and providing a simple opportunity to opt
out of further marketing in every message we send.

If you have made information about your work and contact details publicly
available, for example on your organisation's website, then we may use this
information to analyse whether any of our products and services would be
beneficial to you. If so, we may contact you about the relevant products or
services, on the basis of our legitimate interest in marketing to you and doing
business with you.

Employment with us {#employment}

If you apply to work with us, we collect information about you that we need to
process your application, including your name and contact details; details of
your qualifications, skills and experience; and details needed to verify your
entitlement to work. We need to do this to fulfil our legal obligations as an
employer and to permit effective management of our business, whether you apply
for a position as an employee or as an independent contractor, and whether you
apply directly to us or via an agency.

If we employ you, either as an employee or independent contractor, we collect
information about you and your work from time to time throughout the period of
employment or engagement, as necessary to meet our obligations under the
contract, to ensure you are meeting your obligations under the contract, to
ensure we are complying with our legal obligations, and to permit effective
management of our business. This will include the details we need to remunerate
you and our assessment of your performance and conduct.

The employment-related information we collect may include some special
categories of personal data, such as information about health or medical
conditions. This is necessary to enable us to carry out legal obligations such
as making reasonable adjustments for disabilities of for the purpose of equal
opportunities monitoring.

Employment-related information will be used only for purposes directly relevant
to your job application and/or employment. It will be retained while
processing your application and for three years thereafter; and during your
employment with us and for six years thereafter; on the basis of our legitimate
interest in the proper record-keeping and administration of our business.

Employment information is not shared unless you explicitly request us to
provide a reference in regard to your employment with us.

When we have a legal obligation {#legal-obligation}

Sometimes, we must process your information in order to comply with a statutory
obligation. For example, we may be required to give information to legal
authorities if they so request or if they have the proper authorisation such as
a search warrant or court order. This may include your personal information.

Cookies and similar technologies {#cookies}

A "cookie" is a small piece of information that is sent from a website and
stored on the visitor's computer or device. Whenever that person visits the
website, the cookie can be viewed by the website. This allows the website to
identify the visitor's device or to remember preferences. For the purposes of
this privacy notice, we will use the term "cookie" to encompass all technical
mechanisms that provide equivalent functionality, including browser cookies,
HTML5 local storage and local storage on mobile devices.

We may use cookies to identify your device when you are logged in, or if you
have asked us to remember you, so that we do not need to repeatedly ask for
your access credentials. These would be erased when you log out.

We may use cookies to identify your device for essential technical purposes,
such as routing your requests to the correct server within our infrastructure
or to help us detect and defeat potential security threats. These cookies would
normally be erased at the end of your session or shortly thereafter, as
strictly necessary for the correct operation of our services.

We may use limited-lifespan cookies to store user interface preferences,
without which it would become extremely difficult for you to use our services,
including (by way of example) localization and accessibility settings and your
consent for the use of cookies for other purposes.

With your consent, we may use cookies to identify your device for the purpose of collecting analytics, as described in the relevant section of this privacy notice.

It may be possible for you to configure your web browser or device to refuse
some or all cookies, or to force cookies to be deleted when you exit the
browser. Please be aware that some combinations of settings may leave you
unable to access some or all of our services, or may degrade performance,
functionality or experience while using them.

Sharing and transferring your personal data {#sharing}

Except as set out in this notice, we do not share, or sell, or disclose to a
third party, any information we collect.

In order to supply our services to you, we may share your personal information
with any member of our group, which means our subsidiaries, our ultimate
holding company and its subsidiaries, as defined in section 1159 of the UK
Companies Act 2006.

In the event that we sell or buy any business or assets, your personal data may
be one of the transferred assets of the sale or purchase.

We work with some trusted third-party providers, whom we have engaged to enable
us to operate our business and provide our services to you. This means they
may be involved in process some of your data on our behalf. We have taken
appropriate steps to ensure that third-party processing is conducted in
accordance with this policy, and that appropriate security measures are in
place to protect your personal information. We do not allow our third-party
providers to use your personal data for their own or other purposes, unless
explicitly stated in this privacy notice.

Where your data is processed {#where}

We are based in the United Kingdom (UK), but your personal data may be
transferred to and processed on computers located outside the UK, including
countries outside the European Union.

We only work with suppliers or partners in territories that ensure an adequate
level of protection for the rights and freedoms of individuals in relation to
the processing of personal data, and we only permit our suppliers to process
data as detailed in this privacy notice.

The nature of the Internet means your data may pass through a number of
countries and third-party servers before it reaches our servers or those of
our suppliers or partners. While we go to considerable effort to protect your
data within the boundaries of our services, please remember that we cannot
control security and privacy beyond these boundaries. In particular, this means
that any communications you send unencrypted, including (by way of example)
e-mails and phone calls, are not secure and may be intercepted, seen or
modified by a third party.

Data retention {#retention}

Except as otherwise indicated in this privacy notice, we retain your data only
for as long as we reasonably need it for the purposes listed, to comply with
other legal obligations, or to support a claim or defence in court.

Review of this privacy policy {#policy-updates}

We may update this privacy notice from time to time as necessary, for example
to accommodate changes in the relevant legislation or to notify you of changes
to the third-party providers we work with.

If you are a customer of one of our products or services, the privacy policy
that applies to you when you use that product or service is the most recent one
you accepted as part of the terms and conditions; otherwise the policy that
applies is the one posted here. We notify registered customers of material
changes to our terms and conditions, incorporating this privacy policy. Please
be assured that we will only process your data for the purposes described in
the policy that was in effect when you supplied the data to us; we will not
change this policy to allow us to process data for other purposes without your
knowledge.

If the lawful basis on which we process your personal information is no longer
relevant then we shall immediately stop processing your data. If the basis
changes then, if required by law, we will notify you of the change and of any
new basis under which we have determined that we can continue to process your
information.

Cookie Policy