Privacy policy

Introduction

This is the privacy notice of EverKnock Ltd, which tells you how we collect personal information and what you should expect us to do with it. It applies to all of our public-facing and customer-facing activities.

We are committed to protecting your privacy and the confidentiality of your personal information. Our policy is not just an exercise in complying with the law, but a continuation of our respect for you: in this document we have tried to find an appropriate balance between technicalities and keeping our practices clear, easy to understand and easily accessible.

Please read this document carefully to ensure you are well informed about the way we process personal data, and feel free to contact us if you think this document is unclear or if you have any concerns.

Our contact details

In this document, the terms “we”, “us” and “our” refer to EverKnock Ltd, a limited company registered in England and Wales under company number 12633808.

Our registered office is at: International House, 24 Holborn Viaduct, London, England, EC1A 2BN.

To contact us about a privacy-related matter, you may:

In the terminology of the relevant legislation, EverKnock Ltd is the “Data Controller” for the personal information we process.

Definitions

The term “personal information” or “personal data” means any identifiable information about you, such as (by way of example) your name, address, e-mail address or telephone number.

In the context of the law and this notice, “process” means collect, store, transfer, use or otherwise act on information.

The term “anonymised” refers to data that is processed in a way that cannot identify you or any other person. The term “pseudonymous” refers to the process of substituting your identity so that additional information is needed to identify you; the process is reversible, but only by the person who holds the right information.

Unless the context clearly indicates otherwise, throughout this document, terms in the singular form shall include the plural (and vice versa) and any gender form shall include all others. General words shall not be given a restrictive interpretation by reason of being preceded or followed by words indicating a particular class of acts, matters or things.

Your rights under data protection law

Our policy is designed to comply with the Data Protection Act 2018 (DPA), accordingly incorporating the EU General Data Protection Regulation (GDPR).

The law requires us to tell you about your rights and our obligations to you in regard to the processing and control of your personal data:

The right to be informed
You have the right to be informed about how and why we process your personal data. In this privacy notice we set out the different kinds of personal data that we may collect, use, store and transfer; and the lawful basis under which we process this information.
The right of access
You have the right to ask us to confirm whether your personal data is being processed and to request a copy of the personal data we hold about you.
The right to rectification
You have the right to ask us to rectify or complete information you think is inaccurate or incomplete.
The right to erasure (or the right to be forgotten)
You have the right to ask us to erase personal data we hold about you when there is no longer a compelling reason for us to continue to hold it.
The right to restrict processing
You have the right to limit the way we use your personal data, rather than asking us to erase it, if you are concerned about the accuracy of the data or about how it is being used.
The right to data portability
You have the right to request a copy of personal data that you have provided to us and which we hold electronically in an electronic, machine-readable format; and you may reuse that copy for your own purposes.
Rights in relation to automated decision-making and profiling
You have the right to object to profiling and to request human involvement in decisions we make about you.
The right to prevent direct marketing
You have the right to ask us not to use your data for direct marketing purposes, including profiling.
The right to object to the use of your data
You have the right to object to the way in which we process your personal data, for example if you think we have used your data in a way that you didn’t reasonably expect when the data was supplied to us.
The right to raise a concern
If you are concerned about the way we are handling your information, or if you think our privacy policy fails to satisfy the law of your jurisdiction, we would like to hear from you.
The right to complain
If, after raising a concern with us, you remain dissatisfied about how we process your personal information, you have a right to lodge a complaint with the Information Commissioner’s Office (ICO): https://ico.org.uk/make-a-complaint/

Should you require more detailed information about these rights, we request that you read the information published by the Information Commissioner’s Office at: https://ico.org.uk/your-data-matters/

In addition to any other means we might provide, you always have the option to exercise any of your data protection rights by contacting us using the contact details above.

Please note that we are entitled to charge a reasonable fee to cover our administrative expenses if your request is manifestly unfounded, excessive or repetitive, or if you request further copies of data we have already provided.

When you browse our websites and access our digital services

We record data about your interactions and engagement with our websites and digital services, including (for example) when you view pages/screens, click or scroll within an app or website. This type of data is often referred to as “analytics”. It helps us to understand how people use our services. By default, we anonymise analytics data by aggregating it with data from other visitors.

We also record technical data associated with requests by your device or web browser to our servers. This type of data is often referred to as “logs” and “metrics”. It helps us to understand the technical performance of our services, to diagnose and resolve technical issues, and to respond to security incidents. Log data may include personally identifiable information such as your IP address, geographical location, or details of the device you are using; metrics are anonymised by aggregation.

We process analytics, logs and metrics on the basis of our legitimate interest in making informed decisions to improve the quality, user experience, performance and security of our services; and indirectly on the basis that this benefits you, our customer/user.

As part of our analytics gathering, we observe patterns of navigation around our services by assigning a unique, pseudonymous identifier to your device and using this identifier to connect sequences of related interactions. The data we collect is then anonymised by aggregating it with data from other visitors. When we ask for your consent to store analytics “cookies” on your device, this is for the purpose of storing these pseudonymous identifiers.

We would like to observe your patterns of navigation over a period of time, across multiple browsing sessions and potentially across multiple devices, on the basis of our legitimate interest in making more informed decisions about product improvements. If you object to “tracking”, you may enable the “Do Not Track” (DNT) feature of your web browser or you may withdraw your consent for storing cookies. When cookies are enabled and DNT is turned on, we set the analytics cookies to expire at the end of your session, which means we cannot connect your browsing sessions.

Because logs and tracking data might reveal information about the way you were using our services at a particular time, a person knowing the context of your activities may be able to relate this information to you personally. You should be aware of this if you request assistance from our technical support team, as they may inspect the logs and analytics to diagnose the issue, in order to provide the support you have requested.

We use the following third-party providers to process analytics, logs and metrics on our behalf, but we do not permit them to use your data in any way other than as instructed by us and as described in this document:

When you communicate with us

When you contact us, we collect the data you have given us in order to reply with the information you need. This includes personal data, such as your name and contact details.

We may store requests and replies on the basis of our legitimate interests in using the context of previous communications to provide a higher quality service to you; or for the purpose of establishing, exercising or defending legal claims.

When you have expressed an intent to do business with us, for example by requesting a quote, we may follow up with you in the context of entering into a contract.

If you contact us with a complaint, and if your complaint reasonably requires us to contact some other person, we may decide (at our sole discretion) to give to that person some of the information contained in your complaint, on the basis that this is necessary to respond to your complaint.

We may compile anonymised statistics regarding our communications to assess the level of service we provide.

When there is a contract or agreement between us

When you buy a product or service from us, create an account on one of our digital services, or otherwise agree to our terms and conditions, a contract is formed between you and us. We collect the information we need to establish and carry out that legal contract. This usually includes personal information such as (by way of example) your name and contact details, plus any other data you supply us in the course of fulfilling our obligations under the contract.

We may also use the information you supply as part of a verification procedure, for security and fraud prevention purposes, and to ensure we are not recording inaccurate information.

We will continue to process your information until the contract between us ends or is terminated. We will also retain information related to contractual obligations after the termination of the contract, as is necessary for the proper record-keeping and administration of our business; for the purpose of establishing, exercising or defending legal claims; and to enable use to comply with legal obligations such as keeping financial records.

Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, this may limit our ability to perform our obligations. In that case, we may have to stop providing a service to you. If so, we will notify you of this at the time.

It is important that the personal data we hold about you is accurate and current. Please keep us informed if the personal data you have supplied us changes. If you fail to keep your data updated, or ask us to remove data, this may limit our ability to perform our obligations.

As a registered user of our digital services

We may use your contact details to uniquely identify you when you log in, and thereby maintain the security of your account; and to send you routine customer service messages as part of your use of the services.

We may also use the information you supply as part of a verification procedure, for security and fraud prevention purposes, and to ensure we are not recording inaccurate information.

When you sign in to our services using a third-party login service, such as “Sign in with Google” or “Sign in with Apple”, the third party sends us your basic profile details. We import your name, contact details and localization preferences for the purpose of setting up and maintaining your account with us. You should consult the third party’s privacy policy to learn whether and how they use information about your use of our services:

When you are logged into our services, we would like to record your pattern of interactions, so that we can personalise your experience and on the basis of our legitimate interest in making more informed decisions about product improvements. This is often referred to as “tracking”. We respect that you may not want to be tracked in this way, and therefore offer a setting that allows you to opt out of tracking. When you have opted out, we still collect anonymous analytics, but we do not connect these to your user account.

We would like to use your tracking data to send you personalised messages and in-app announcements to promote features and encourage you to engage with our services. We may do this using a “soft opt-in”, which means providing the opportunity to refuse such messages when you first sign up for the service, and providing a simple opportunity to opt out of further messages in every message we send.

Regarding content in our digital services

Some of our digital services may allow you to post information with a view to that information being stored and shared with other people, such as populating a profile or using a messaging facility. We only use this information for this purpose. However, before you post it, you should satisfy yourself as to how the recipients of this information might use it, as we have no control over the data once it has been shared in this way.

Because users are responsible for the content they post, we will consider any reasonable complaint, balancing your right to complain against the right of the person who posted the content that offends you. If we feel it is justified or if we believe the law requires us to do so, we may remove content during or following investigation.

Information we obtain from third parties

When you enter data into our services, we may cross-reference this data with these third-party sources, on the basis of your legitimate interest in convenience of populating more complete information:

We will indicate that we intend to cross-reference data with a third party by displaying an attribution such as (for example) “Powered by Google”. If you do not consent to sharing your data with that provider, you should not enter your data where the attribution is displayed. If you do choose to share your data with the third party, their use of your information is subject to their own privacy policy, referenced above.

Where technically feasible, we will endeavour to obfuscate any personally identifiable information from the third-party provider and/or we will provide an alternative way to enter data that does not involve sharing personally identifiable information with a third party.

When you make a payment to us

When you supply your payment details to make a payment to us, you are actually supplying these directly to one of our trusted payment service providers, whose use of your information is subject to their own privacy policy, referenced here. Your payment details are never shared with us.

To assist in combating fraud, we may share information with credit reference agencies, so far as it relates to clients or customers who instruct their bank or card issuer to cancel payment to us without having first provided an acceptable reason to us and given us the opportunity to refund their money.

Marketing messages from us

With your consent, we would like to be able to contact you with marketing messages about products and services that are similar to those you have bought, or negotiated to buy, from us in the past. We may do this using a “soft opt-in”, which means providing the opportunity to refuse such marketing when we first collect your contact details, and providing a simple opportunity to opt out of further marketing in every message we send.

If you have made information about your work and contact details publicly available, for example on your organisation’s website, then we may use this information to analyse whether any of our products and services would be beneficial to you. If so, we may contact you about the relevant products or services, on the basis of our legitimate interest in marketing to you and doing business with you.

Employment with us

If you apply to work with us, we collect information about you that we need to process your application, including your name and contact details; details of your qualifications, skills and experience; and details needed to verify your entitlement to work. We need to do this to fulfil our legal obligations as an employer and to permit effective management of our business, whether you apply for a position as an employee or as an independent contractor, and whether you apply directly to us or via an agency.

If we employ you, either as an employee or independent contractor, we collect information about you and your work from time to time throughout the period of employment or engagement, as necessary to meet our obligations under the contract, to ensure you are meeting your obligations under the contract, to ensure we are complying with our legal obligations, and to permit effective management of our business. This will include the details we need to remunerate you and our assessment of your performance and conduct.

The employment-related information we collect may include some special categories of personal data, such as information about health or medical conditions. This is necessary to enable us to carry out legal obligations such as making reasonable adjustments for disabilities of for the purpose of equal opportunities monitoring.

Employment-related information will be used only for purposes directly relevant to your job application and/or employment. It will be retained while processing your application and for three years thereafter; and during your employment with us and for six years thereafter; on the basis of our legitimate interest in the proper record-keeping and administration of our business.

Employment information is not shared unless you explicitly request us to provide a reference in regard to your employment with us.

Sometimes, we must process your information in order to comply with a statutory obligation. For example, we may be required to give information to legal authorities if they so request or if they have the proper authorisation such as a search warrant or court order. This may include your personal information.

Cookies and similar technologies

A “cookie” is a small piece of information that is sent from a website and stored on the visitor’s computer or device. Whenever that person visits the website, the cookie can be viewed by the website. This allows the website to identify the visitor’s device or to remember preferences. For the purposes of this privacy notice, we will use the term “cookie” to encompass all technical mechanisms that provide equivalent functionality, including browser cookies, HTML5 local storage and local storage on mobile devices.

We may use cookies to identify your device when you are logged in, or if you have asked us to remember you, so that we do not need to repeatedly ask for your access credentials. These would be erased when you log out.

We may use cookies to identify your device for essential technical purposes, such as routing your requests to the correct server within our infrastructure or to help us detect and defeat potential security threats. These cookies would normally be erased at the end of your session or shortly thereafter, as strictly necessary for the correct operation of our services.

We may use limited-lifespan cookies to store user interface preferences, without which it would become extremely difficult for you to use our services, including (by way of example) localization and accessibility settings and your consent for the use of cookies for other purposes.

With your consent, we may use cookies to identify your device for the purpose of collecting analytics, as described in the relevant section of this privacy notice.

It may be possible for you to configure your web browser or device to refuse some or all cookies, or to force cookies to be deleted when you exit the browser. Please be aware that some combinations of settings may leave you unable to access some or all of our services, or may degrade performance, functionality or experience while using them.

Sharing and transferring your personal data

Except as set out in this notice, we do not share, or sell, or disclose to a third party, any information we collect.

In order to supply our services to you, we may share your personal information with any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.

In the event that we sell or buy any business or assets, your personal data may be one of the transferred assets of the sale or purchase.

We work with some trusted third-party providers, whom we have engaged to enable us to operate our business and provide our services to you. This means they may be involved in process some of your data on our behalf. We have taken appropriate steps to ensure that third-party processing is conducted in accordance with this policy, and that appropriate security measures are in place to protect your personal information. We do not allow our third-party providers to use your personal data for their own or other purposes, unless explicitly stated in this privacy notice.

Where your data is processed

We are based in the United Kingdom (UK), but your personal data may be transferred to and processed on computers located outside the UK, including countries outside the European Union.

We only work with suppliers or partners in territories that ensure an adequate level of protection for the rights and freedoms of individuals in relation to the processing of personal data, and we only permit our suppliers to process data as detailed in this privacy notice.

The nature of the Internet means your data may pass through a number of countries and third-party servers before it reaches our servers or those of our suppliers or partners. While we go to considerable effort to protect your data within the boundaries of our services, please remember that we cannot control security and privacy beyond these boundaries. In particular, this means that any communications you send unencrypted, including (by way of example) e-mails and phone calls, are not secure and may be intercepted, seen or modified by a third party.

Data retention

Except as otherwise indicated in this privacy notice, we retain your data only for as long as we reasonably need it for the purposes listed, to comply with other legal obligations, or to support a claim or defence in court.

Review of this privacy policy

We may update this privacy notice from time to time as necessary, for example to accommodate changes in the relevant legislation or to notify you of changes to the third-party providers we work with.

If you are a customer of one of our products or services, the privacy policy that applies to you when you use that product or service is the most recent one you accepted as part of the terms and conditions; otherwise the policy that applies is the one posted here. We notify registered customers of material changes to our terms and conditions, incorporating this privacy policy. Please be assured that we will only process your data for the purposes described in the policy that was in effect when you supplied the data to us; we will not change this policy to allow us to process data for other purposes without your knowledge.

If the lawful basis on which we process your personal information is no longer relevant then we shall immediately stop processing your data. If the basis changes then, if required by law, we will notify you of the change and of any new basis under which we have determined that we can continue to process your information.