Conductori mobile application Privacy Policy 

1. Introduction

1.1.        We take your privacy very seriously. Please read this privacy policy carefully as it contains important information on who we are and how and why we collect, store, use and share your personal data. It also explains your rights in relation to your personal data and how to contact us or supervisory authorities in the event you have a complaint. This policy should be read together with any other privacy policy we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This privacy policy supplements other notices and privacy policies and is not intended to override them.

Our app is not intended for persons under 13 and we do not knowingly collect data or process data relating to persons under 13.

1.2.        This policy applies to your use of our app, which is available from the Apple App Store or the Google Play Store once you have downloaded a copy of the app onto your mobile telephone or handheld device, as well as any of the services accessible through the app. Different policies may apply when you access our website.

1.3.        We collect, use and are responsible for certain personal data about you. When we do so we are subject to the UK General Data Protection Regulation (UK GDPR).

1.4.        It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during our relationship with you.

1.5.        Our app may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our app, we encourage you to read the privacy policy of every website you visit.

1.6.        This policy is provided in a layered format so you can click through to the specific areas set out below.

2.            Key terms

The following key terms are used in this policy:

We, us, our: Armchair Productions Limited, a company registered in England and Wales with company number 13341431 having its registered office at 109 Wardour Street, London, England, W1F 0UH trading as Conductori (Conductori)

Our application:               Conductori

Our website
:      www.conductori.com

Personal data
:   Any information relating to an identified or identifiable individual

Data subject:     The individual who the personal data relates to

3.            Personal data we collect about you

3.1.        The personal data we collect about you depends on the particular services we provide to you or you request from us. We may collect and use the following personal data about you (as applicable):

  • your name and contact information, including email address and telephone number;information to check and verify your identity, e.g., your date of birth;
  • information you provide when you download or register our app or share data via the app’s functions;
  • your gender, if you choose to give this to us;
  • location data, if you choose to give this to us;
  • data containing unique application and device numbers (e.g., the type of your operating system);
  • data containing your usage of the app, including but not limited to waves, messaging, reported posts, traffic data and other communication data, and the resources that you access;
  • data contained in messages you send or receive via our app;
  • your billing information, transaction and payment card information;
  • your contact history, purchase history and saved items;
  • information from accounts you link to us, e.g., Facebook;
  • information about how you use our app, IT, communication and other systems

3.2.    We collect and use this personal data for the purposes described in the section ‘How and why we use your personal data’ below. If you do not provide personal data we ask for, it may delay or prevent us from providing services to you.

4.            How your personal data is collected

We collect most of this personal data directly from you via our app, features and other services. However, we may also collect information: 

  • in person, by telephone, text or email;
  • via our app (e.g., when you download, install, uninstall, register our app, turn on automatic updates or push notifications or share data via the app’s functions);
  • directly from a third party, e.g.:
  • customer due diligence providers;
  • log in authentication providers for assisting in authenticating you, such as Google login; 
  • from a third party with your consent;
  • via our IT systems, e.g. through automated monitoriing of our app and other technical systems, such as our computer networks and connections, communications systems, email and instant messaging systems 
  • device data and technical data from the following parties:
  • analytics providers such as Google and Apple based outside the UK;
  • search information providers such as Google based inside and outside the UK;
  • identity and contact data from social media services as part of our customer verification and anti-fraud measures; and
  • information from other users of our app or our services or third parties if we receive any complaints about you (e.g., of harassment or sending inappropriate messages);
  • from a third party with your consent

We do not use cookies on our app.

5.            How and why we use your personal data—sharing

5.1.        Under data protection law, we can only use your personal data if we have a proper reason, e.g.:

•             where you have given consent;

•             to comply with our legal and regulatory obligations;

•             for the performance of a contract with you or to take steps at your request before entering into a contract; or

•             for our legitimate interests or those of a third party.

5.2.        We will ask for your consent when collecting and using information you allow us to receive through your device (such as access to your contacts and other content, data, location, camera, or photos), so we can provide the features and services described when you enable the settings.

5.3.        A legitimate interest is when we have a business or commercial reason to use your personal data, so long as this is not overridden by your own rights and interests.

5.4.        We may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.

5.5.        This section outlines what we use your personal data for and our reasons for so doing: 

  • to provide services to you; in order to perform our contract with you or take steps at your request before entering into a contract
  • to enable the delivery of in app advertising; to help us fund the development and availability of the app
  • to create and manage your account with us; to perform our contract with you or to take steps at your request before entering into a contract
  • to provide you with access so you could download, install and register our app; to perform our contract with you or to take steps at your request before entering into a contract
  • to customise our app and its content to your particular preferences based on a record of your selected preferences or on your use of our app
  • to retain and evaluate information on your recent uses of our app and how you move around different sections of our app for analytics purposes to understand how people use our app so that we can make it more intuitive or to check our app is working as intended
  • to prevent and detect fraud against you or us; in order to minimise fraud that could be damaging for you and/or us
  • to enforce legal rights or defend or undertake legal proceedings; in order to comply with our legal and regulatory obligations, to protect our business, interests and rights, to gather and provide information required by or relating to audits, enquiries or investigations by regulatory bodies
  • to ensure business policies are adhered to, e.g., policies covering security and internet use; to make sure we are following our own internal procedures so we can deliver a good service to you
  • for operational reasons, such as improving efficiency, training and quality control; to be efficient so we can deliver a good service to you
  • to ensuring the confidentiality of commercially sensitive information; to protect trade secrets and other commercially valuable information; to comply with our legal and regulatory obligations
  • to updating and enhancw customer records; in order to to perform our contract with you or to take steps at your request before entering into a contract; to comply with our legal and regulatory obligations; for our legitimate interests, e.g., making sure that we can keep in touch with our customers about existing orders and new products

5.6.        The section below outlines the purpose, processing operations, lawful basis and relevant categories of data used by Conductori:

  • To communications with you (not related to marketing), including about changes to our terms or policies or changes to the services or other important notices. The processing operation is addressing and sending communications to you. The lawful basis relied on under the UK GDPR includes compliance with a legal obligation to which we are subject, our legitimate interests so we can deliver a good service to you, consent, our legitimate interests (to keep records updated and to analyse how users use our services, to manage the services and our app, to notify you of security concerns and issues and deal with complaints from others), performance of a contract with you. The relevant categories of personal data are your name, address and contact information, including email address and telephone number, your account details (username) and profile.
  • To install the app and register you as a new app user and to help verify your identity. The processing operation is addressing and sending communications to you, technical data we obtain from you. The lawful basis relied on under the UK GDPR includes consent, performance of a contract with you. The relevant categories of personal data will include all data that we have. 
  • To manage our relationship with you and to enable us to send you push notifications, know your location and access data on your device such as your contacts and other content, data, location, camera, or photos. The processing operation is adressing and sending communications to you. The lawful basis relied on under the UK GDPR includes performance of a contract with you, consent. The relevant categories of personal data will include all data that we have. 
  • To deliver content and advertisements to you, to make recommendations to you about goods or services which may interest you. The processing operations are reviewing your data to see what might be appropriate for you, addressing and sending communications to you. The lawful basis relied on under the UK GDPR includes our legitimate interests which is so we can deliver a good service to you and offer you products and services that may interest you, consent. The relevant categories of personal data will include all data that we have. 
  • To measure and analyse the effectiveness of the advertising we serve you. The processing operations are of technical data we obtain from you. The lawful basis relied on under the UK GDPR includes our legitimate interests which is so we can deliver a good service to you and offer you products and services that may interest you, consent. The relevant categories of personal data include technical data and your order and purchase activities.

5.6.        See ‘Who we share your personal data with’ for further information on the steps we will take to protect your personal data where we need to share it with others.

5.6.        See ‘Who we share your personal data with’ for further information on the steps we will take to protect your personal data where we need to share it with others.

6.            How and why we use your personal data—marketing

6.1.        We will use your personal data to send you updates (by email) about our services, including exclusive offers, promotions or new services.

6.2.        We have a legitimate interest in using your personal data for marketing purposes (see above ‘How and why we use your personal data’). This means we do not usually need your consent to send you marketing information. If we change our marketing approach in the future so that consent is needed, we will ask for this separately.

6.3.        You have the right to opt out of receiving marketing communications at any time by contacting us at info@conductori.com

6.4.        We may ask you to confirm or update your marketing preferences if you ask us to provide further services in the future, or if there are changes in the law, regulation, or the structure of our business.

6.5.        We will always treat your personal data with respect and never share it with other organisations for marketing purposes.

6.6.        See ‘Who we share your personal data with’ for further information on the steps we will take to protect your personal data where we need to share it with others.

7.            Who we share your personal data with

7.1.        We routinely share personal data with:

•             companies within our group;

•             third parties we use to help deliver our services to you, e.g., payment service providers and advertising networks;
 
•             third parties we use to help us run our business, e.g., marketing agencies or website hosts;

•             our bank(s).

7.2.        We only allow third parties to handle your personal data if we are satisfied they take appropriate measures to protect your personal data. We also impose contractual obligations on them to ensure they can only use your personal data to provide services to us and to you.

7.3.        We or the third parties mentioned above occasionally also share personal data with:

•             our and their external auditors, e.g., in relation to the audit of our or their accounts, in which case the recipient of the information will be bound by confidentiality obligations;

•             our and their professional advisors (such as lawyers and other advisors), in which case the recipient of the information will be bound by confidentiality obligations;

•             law enforcement agencies, courts, tribunals and regulatory bodies to comply with our legal and regulatory obligations;

•             other parties that have or may acquire control or ownership of our business (and our or their professional advisers) in connection with a significant corporate transaction or restructuring, including a merger, acquisition, asset sale, initial public offering or in the event of our insolvency—usually, information will be anonymised but this may not always be possible. The recipient of any of your personal data will be bound by confidentiality obligations.

7.4.        More details about who we share your personal data with and why are set out below:

  • Amazon Web Services Europe. We share personal data with Amazon Web Services Europe in order manage account authentication;
  • Google Firebase Europe. We share personal data with Google Firebase Europe in order to understand application usage. 

7.5.        We may disclose your personal data to third parties if we are under a duty to disclose or share your personal data in order to comply with any legal or regulatory obligation or request, if you have consented to this, to protect our rights and property and the rights, safety and property of others (provided we comply with data protection law). 

7.6.        If you would like more information about who we share our data with and why, please contact us (see ‘How to contact us’ below).

8.            Where your personal data is held

8.1.        Personal data may be held in electronic format and also in paper format at our offices and those of our third party agencies, service providers, representatives and agents as described above (see above: ‘Who we share your personal data with’).

8.2.        Some of these third parties may be based outside the UK. For more information, including on how we safeguard your personal data when this happens, see below: ‘Transferring your personal data out of the UK’.

9.            How long your personal data will be kept

9.1.        We will not keep your personal data for longer than we need it for the purpose for which it is used. 

9.2.        We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

9.3.        To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

9.4.        Details of retention periods for different aspects of your personal data are available in our retention policy which you can request from us by contacting us. In most cases, we will keep your information for three years after our relationship with you ends but where we have a contract with you, we will keep it for at least 6 years. It will vary depending on what data we hold, why we hold it and what we are obliged to do by law. Further details of our data retention policies can be obtained by contacting us. 

9.5.        We will not keep your personal information longer than is reasonably necessary to fulfil the relevant purposes set out in this policy and in order to comply or demonstrate compliance with our legal and regulatory obligations. Where we can, and it is appropriate, we will minimise personal data or de-personalise data to use for statistical or analytical purposes. 

9.6.        In some cases, such as if there is a dispute or a legal action affecting the information we may need or be required to keep personal information for longer. 

9.7.        By law we have to keep basic information about our customers (including contact, identity, financial and transaction data for at least 6 years.

9.8.        In some circumstances you can ask us to delete your data, see below for further information: ‘Your rights’.

9.9.        If you no longer have an account with us and we are no longer providing services to you, we will delete or anonymise your account data after seven years.

10.         Transferring your personal data out of the UK

10.1.      Countries have differing data protection laws, some of which may provide lower levels of protection of privacy.

10.2.      It is sometimes necessary for us to transfer your personal data to countries outside the UK. In those cases, we will comply with applicable UK laws designed to ensure the privacy of your personal data.

10.3.      We will transfer your personal data to Amazon Web Services

10.4.      Under data protection laws, we can only transfer your personal data to a country outside the UK where:

  • the UK government has decided the particular country ensures an adequate level of protection of personal data (known as an ‘adequacy regulation’). A list of countries the UK currently has adequacy regulations in relation to is available here. We rely on adequacy regulations for transfers to countries in the EEA;
  • there are appropriate safeguards in place, together with enforceable rights and effective legal remedies for you; or
  • a specific exception applies under relevant data protection law.

10.5.      Where we transfer your personal data outside the UK, we do so on the basis of an adequacy regulation or (where this is not available) a legally approved method.

10.6.      If you would like further information about data transferred outside the UK, please contact us (see ‘How to contact us’ below).

11.         Your rights

11.1.      You have the following rights, which you can normally exercise free of charge:

  • Access: The right to be provided with a copy of your personal data
  • Rectification: The right to require us to correct any mistakes in your personal data
  • Erasure (also known as the right to be forgotten): The right to require us to delete your personal data—in certain situations
  • Restriction of processing: The right to require us to restrict processing of your personal data in certain circumstances, e.g., if you contest the accuracy of the data
  • Data portability: The right to receive the personal data you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party—in certain situations
  • The right to object:
  • at any time to your personal data being processed for direct marketing;
  • in certain other situations to our continued processing of your personal data, e.g., processing carried out for the purpose of our legitimate interests unless there are compelling legitimate grounds for the processing to continue or the processing is required for the establishment, exercise or defence of legal claims
  • Not to be subject to automated individual decision making. The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you. We do not carry out this activity at present.
  • The right to withdraw consents   If you have provided us with a consent to use your personal data you have a right to withdraw that consent easily at any time. You may withdraw consents by contacting us (see ‘How to contact us’ below). Withdrawing a consent will not affect the lawfulness of our use of your personal data in reliance on that consent before it was withdrawn

11.2.      You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

11.3.      For more information on each of those rights, including the circumstances in which they apply, please contact us (see ‘How to contact us’ below) or see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals’ rights.

11.4.      If you would like to exercise any of those rights, please:

  • email or write to us—see below: ‘How to contact us’; 
  • provide enough information to identify yourself, e.g., your full name, address any additional identity information we may reasonably request from you (this is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response); and
  • let us know what right you want to exercise and the information to which your request relates.

11.5.      We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

12.         Keeping your personal data secure

12.1.      We have appropriate security measures to prevent personal data from being accidentally lost, used or accessed unlawfully. We limit access to your personal data to those who have a genuine business need to access it. Those processing your personal data will do so only in an authorised manner and are subject to a duty of confidentiality.

13.         How to complain

13.1.      Please contact us if you have any queries or concerns about our use of your personal data (see below ‘How to contact us’). We hope we will be able to resolve any issues you may have.

13.2.      You also have the right to lodge a complaint with the Information Commissioner in the UK. The UK’s Information Commissioner may be contacted using the details at https://ico.org.uk/make-a-complaint/ or by telephone: 0303 123 1113. We would, however, appreciate the chance to deal with your concerns before you approach the UK’s Information Commissioner, so please contact us in the first instance.

14.         Changes to this privacy policy

14.1.      This privacy notice was published on 16th March 2023 and last updated on 3rd April 2023

14.2.      We may change this privacy notice from time to time—when we do we will inform you via our app or other means of contact such as email.

15.         How to contact us

15.1.      You can contact us by post or email if you have any questions about this privacy policy or the information we hold about you, to exercise a right under data protection law or to make a complaint.

15.2.      Our contact details are shown below:

info@conductori.com

Armchair Productions, 109 Wardour Street, London W1F 0UH