Privacy policy

Effective from 1st May 2018

This privacy policy sets out how PixelPin uses and protects any personal data that we store for any individual. PixelPin is committed to ensuring that your privacy is protected. This Privacy Policy may be revised or updated without notice, but updates will be communicated to any people whose email addresses we hold. Details on updates can be found at the end of this document.

1. What we collect and how

The data we collect depends on the way you are interacting with us.

Data collected directly: Business card exchange, signing up for an account at login.pixelpin.io, enquiries via the marketing web site or by email, direct sales information

Data collected indirectly: Job applicant information from Recruiters, potential sales contacts passed to us by a mutual friend or acquaintance

The data that we might collect about you, depending on how we have interacted, might include:

  • Your title, full name and email address
  • Postal address, including postcode
  • Telephone number(s)
  • Business information i.e. who you work for and in what capacity
  • CV information for job applicants
  • Other information specifically collected during customer surveys, user testing, and/or offers including data such as demographic questions (age group, interests etc.)

2. What we do with the information with the information we gather

We require this information to provide you with a better service, to maintain business relationships or in order to test or get feedback about our products.

Specifically, we use personal data in the following systems:

  • Login and use of the PixelPin authentication system (https://login.pixelpin.io)
  • Pass this data to third-party companies who are using PixelPin as a login system and who will require your explicit consent (via a PixelPin dialog) when you login using PixelPin
  • Financial reporting and record keeping.
  • Employee HR records
  • A marketing list for people interested in hearing about PixelPin, promotions, offers and progress
  • Customer relationship management (CRM) software, used for business relationships.

3. Security

We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.

Most personal data is encrypted at-rest, where the platform supports this. This prevents a common vulnerability where physical disks are stolen, lost or obtained and an attacker attempts to read the data off of the disks.

All data that is transmitted across the internet is protected by https. PixelPin has a 100% https policy, even on pages that arguably don't need it.

4. How we use cookies

A cookie is a small file used by web sites to remember certain information. At its most basic level, this information is used to know that a user entering a page is the same user who was on the previous page and is therefore required for most web sites to work correctly.

Other types of cookies, called "tracking cookies" are used across multiple sites to understand somebody's behaviour, interests etc. that are then often used either for advert targeting or for the collection of demographic data that is useful for web site owners to improve their content. Note that most of these tracking cookies are anonymous but it is theoretically possible for a site who knows who you are to correlate your visits to other sites that would otherwise be anonymous.

PixelPin cookies are only used to store information about your PixelPin session for our sites to function correctly. We also use Google Analytics and Microsoft Application Insights, which store their own cookies, which help us analyse data about web page traffic and improve our website. These cookies are anonymous.

A cookie does not give a web site owner access to the end-user's computer.

You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can disable this. Disabling cookies globally in your browser would prevent most web sites being able to function.

Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.

6. Transfer of information

Except for the services listed below, we will not sell, distribute or send your personal data to third parties unless we have your explicit permission or are required by law to do so.

The following is a list of Software-as-a-Service organisations, with links to their privacy policies, which we use to store personal data. Each of these is GDPR compliant.

  • Capsule CRM - A UK company used for storing personal data for business dealings
  • Mailchimp - A US company used for storing emails and names for email marketing
  • PipeDrive - A US/Estonian company used for storing personal data for business dealings
  • Citrus HR - A UK company used for storing HR information about employees past and present

7. Requesting your data

If you need to request a copy of the information held on you please write to PixelPin, C/O Data Protection Controller at the address at the bottom of this page.

8. Amending your data

If you believe that any information we are holding on you is incorrect or incomplete, please write to us at the address at the bottom of this page.

9. Restricting the processing your data

The General Data Protection Regulation permits an individual to request a restriction in the way their data is processed when it should not be deleted for some reason. For security reasons, most PixelPin systems completely delete data when it is disabled and therefore this type of request cannot be supported in general (and in most cases, data deletion would be appropriate). If there is a reason why data needs to be restricted without being deleted, please contact PixelPin at the address at the bottom of the page, explaining what exactly you need to achieve, and we will do our best to either comply or explain why we are not able to - giving you the choice of how to proceed before any actions are taken.

10. Objecting to the use of your data

The General Data Protection Regulation permits an individual to object to their data being used for a specific purpose, such as profiling or direct marketing when these uses do not directly relate to the relationship between the company and individual. PixelPin only uses data for the express purpose of providing our products, business dealings or company updates. If these uses are no longer wanted, the individual can choose to delete their data.

11. Exporting your data (portability)

The General Data Protection Regulation uses the term portability to aid with scenarios such as moving a large amount of data from one provider to another rather than being "locked in" by virtue of your data being held by a single company. PixelPin does not currently hold enough information about individuals, or information that is not accessible by another provider, for this to be implemented automatically/electronically. An individual can make a subject access request for their data in a desired format but in most cases, it would simply be quicker for the individual to re-enter their details into another provider if required.

12. Deleting your data

If you wish to terminate your login.pixelpin.io account, you can do so by pressing the delete button on your account dashboard once logged in via the email address that you signed up with. This will terminate your account without any human intervention. Please note that there is no undo to this procedure.

If you no longer have access to the email address you signed up with, we currently have no mechanism to prove account ownership and would delete the account (including personal data) automatically after 12 months of inactivity.

To delete your data related to the mailing list, please use the unsubscribe link at the bottom of the email. The data removal is then automatic.

Data in the CRM system for our business customers is generally archived after a period of time but if you need your personal data removed, please write to us at the address below on headed note-paper (if a company).

13. Automated decision making including profiling

PixelPin does not perform any automated decision making tasks based on personal data.

Personalisation and improvements based on profiling are only carried out on aggregated and anonymised information e.g. ages ranges of individuals visiting a web site based on Google Analytics data

14. Changes

PixelPin may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes and do not wish to terminate your relationship with us.

  • 1st May 2018 - Updated for GDPR requirements: language improved; wording made to match GDPR more closely; invalid clauses removed

Contact Address

Please use the following address for Data Protection requests ONLY.

Data Protection Controller. 3 Manchester Park, Tewkesbury Road, Cheltenham, Gloucestershire, GL51 9EJ