Version 2.0, effective 25th May 2018

Introduction

Hello and welcome to our Privacy Notice!

At Onedox, providing our service to you is our highest priority. This includes maintaining the security of your information and the protection of your privacy. This has always been the case and will continue to be so.

This notice describes how we collect and use your information covering all the different ways that you interact with us. This includes things like: browsing one of our websites (like www.onedox.com), using the Onedox service and applying for a job with us.

The notice has been updated to reflect the new data protection law called GDPR.

Please take note that you don’t have to share or transfer your information with us, but if you choose not to then it will significantly impact your ability to use our services. In particular, you won’t be able to make use of the main Onedox service.

The purpose of this privacy notice

The purpose of this privacy notice is to clearly explain how Onedox meets its legal obligations and follows best practice in order to process your information and ensure the security of your information.

This notice contains the following sections:

  • What information do we collect?
  • How and why do we use your information?
  • What third parties help us process your information?
  • Who do we share your information with?
  • Where do we store and process your information?
  • Your rights
  • Changes to this Privacy Notice
  • Contact information
  • Terms used in this notice

1. What information do we collect?

We may collect the following information about you:

1.1 Information you give us when you communicate with such as via email, live chat, by telephone or social media or when you participate in customer research. For instance, when you open a chat window with us as a visitor, you may be prompted to enter your email address in order for us to contact you with an answer at a later time. Examples of this information are your name, email address, other contact details;

1.2 Information you give to us when you signup and use the Service so that it can operate for you. Examples of this information include your name and email address, the login credentials for your online linked Providers, any notes or documents that you have attached to your Providers accounts;

1.3 Information that we collect for you from the Providers that you link to the Service. Examples of this include documents and bills, tariff information and contract end dates;

1.3 Transactional information in relation to any services or products that you purchase through the Service;

1.4 Technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;

1.5 Information about your visit to one of our websites or use the Service, including the full Uniform Resource Locators (URL) clickstream to, through and from our sites (including date and time); screens viewed in our apps; page/screen response times, download/rendering errors, length of visits to certain pages/screens, page/screen interaction information (such as scrolling, clicks, and mouse-overs), and methods used to navigate away from the page/screen;

1.6 Information about when you install or uninstall the Service from your device;

1.7 Information about the device you are using including information relating to your mobile phone network, which operating system you use and the version of that operating system, information which enables the identification of that device;

1.6 Our websites use cookies to distinguish you from other users of our sites. This allows us to provide the Service to you, give you the best possible experience when using our sites and to help us make the sites and Service better for you. For detailed information on the cookies that we use please see our Cookie Policy;

1.7 Telephone log information, such as your phone number, time and date of calls, duration of calls, SMS routing information and types of calls, any phone number used to call us and the content of those calls;

1.8. Information you provide when applying for a job with us. Examples of this include your CV and application pack;

1.9 We are also working closely with third parties (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers) and may receive information about you from them;

1.10 If you connect to the Service via a social login, such a Facebook or Google, or connect a cloud service like Dropbox or Google Drive, then we will have access to basic profile info such as name and email address.

We do not collect any “Special Categories of Personal Data” about you (e.g. your race, ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinion, trade union membership, information about your health and genetic and biometric information). Nor do we collect information about criminal convictions and offences.

Our Service is not aimed at or intended for the use of anyone below the age of 16 years old and we do not knowingly collect information regarding children.

2. How and why do we use your information?

We use your information in the following ways:

2.1 To carry out our obligations arising from any any contracts entered into between you and us such as the use of the Service. This includes:

2.1.1 Making the technology that powers the Service available and accessible to you in a safe and secure manner;

2.1.2 Being able to answer any queries that you have relating to your use of the Service;

2.1.3 To be able to notify about changes to the Service;

2.1.4 To be able to provide you with personalised recommendations on how to undertake your household admin including money saving;

2.1.5 To make it easy to take action such as purchasing a new tariff or service or following a recommendation;

2.1.6 To provide you with information about other services we offer that are similar to those that you have already used, purchased or enquired about;

We process your information for the purposes above on the following grounds: where it is necessary for the adequate performance of contracts with you.

In the Onedox service preference screens we provide a range of options to help you tailor the processing of your information to your needs.

If you fail to provide information which we need to provide the Service then we may not be able to perform the contract we have with you. You are responsible for ensuring that the information which you give us is accurate and up to date.

2.2 For our operation as a company and for us to provide services including:

2.2.1 To operate the Service and allow you to use its features and allow you to integrate with third party services where you wish to;

2.2.2 To ensure the Services and our websites work as well as they can and provide you with the best experience;

2.2.3 To operate our business and further develop our products and services by performing data analysis, research, surveys and keeping the Service, our business and your information safe and secure;

2.2.4 To allow us to comply with applicable laws and regulations including for tax, legal, audit and reporting obligations;

2.2.5 Where you have applied for a job for us to assess if you are suitable to join our team;

We process your information for the purposes above on the following grounds: given our legitimate interest in providing the Service and other products, operating and improving the Service and being as efficient as we can about complying with legal duties, obligations and regulations that apply to us and keeping our records up to date.

2.3 At your request, to share your information with third party services such as Dropbox and Google Drive via an API or other means;

We process your information for the purposes above on the following grounds: your consent to do so where you choose to share your information with third party services that integrate with the Service. You can manage your consent for integrated third party services using the Integrations screen in the Service preferences.

2.4 To measure or understand the effectiveness of any functionality or access to, or the commerciality of, any products or services we offer or to which we provide access and we use analytics and search engine providers to assist us in the improvement and optimisation of our websites, the Service and our business generally;

We process your information for the purposes above on the following grounds: given our legitimate interest in operating and improving our company and providing services

2.5 To process results of market research surveys that you have completed;

We process your information for the purposes above on the following grounds: your consent to do so which was given at the time of completing the survey.

2.6 For communicating with you if you have joined our Beta Team with early access to new features;

We process your information for the purposes above on the following grounds: your consent to do so. You can manage your consent using the Communications screen in the Service preferences.

2.7 For communicating with you if you are a shareholder or investor in our company;

We process your information for the purposes above on the following grounds: given our legitimate interest in keeping you informed of the progress of the business and given your consent to do so. You can manage your consent using the Communications screen in the Service preferences.

2.8 For communicating with you about our fundraising and investment campaigns where you have requested;

We process your information for the purposes above on the following grounds: your consent to do so. If you wish to withdraw your consent you can do so by emailing info@onedox.com.

2.9 To send you marketing and promotional communications where you have opted-in;

We process your information for the purposes above on the following grounds: your consent to do so. You can manage your consent using the Communications screen in the Service preferences.

3. What third parties help us process your information?

Tech businesses like ours often use third parties to help them host their application, communicate with customers, power their emails etc. We partner with third parties who we believe are the best in their field at what they do.

When we do this, sometimes it is necessary for us to share your information with them in order to get these services to work well. Your information is shared only when strictly necessary and according to the safeguards and good practices detailed in this Privacy Notice.

4. Who do we share your information with?

We may share your information in certain circumstances:

4.1 With third party data processors so that we can do the things set out in the section “How and why do we use your information?” above.

4.2 Any third party whom you ask us to via our Integrations or API functionality such as Dropbox or Google Drive.

4.3 We may also share anonymised aggregated data (information about our customers that we combine together such that it no longer identifies or references an individual) such as statistical or demographic data for any purpose including market analysis.

4.4 If we are under a duty to disclose or share your information in order to comply with any legal obligation, or in order to enforce or apply the Terms and Conditions for the Service and other agreements; or to protect the rights, property, or safety of Onedox, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

4.5 In the event that we sell or buy any business or assets, in which case we may disclose your information to the prospective seller or buyer of such business or assets.

4.6 If Onedox or substantially all of its assets are acquired by a third party, in which case information held by it about its customers will be one of the transferred assets.

5. Where do we store and process your information?

5.1 Your information is stored and processed in secure data centres that are managed by hosting providers and third party data processors.

5.2 Any information is encrypted on being stored. This is also known as encryption “at rest”.

5.3 Where practical the data is stored and processed inside the European Economic Area (EEA) but this is not always possible.

5.4 Where data is transferred to, or stored at, a destination outside of the EEA it is done so in a lawful manner typically using the Privacy Shield framework. As part of this we ensure that appropriate measures are in place before your data is transferred.

5.5 By using the Service and accepting this Privacy Notice you agree to the transfer of your information outside of the EEA.

5.6 We only retain your information for as long as is required in order to fulfil the processing activities as described in the “How and why do we use your information?” section above.

6. Your rights

You have certain rights under the law and under this notice to request access to your information, to manage it and to request us to delete or transfer information about you or restrict the way it is used. You also have a right to complain.

In particular, you have the rights to:

6.1 Not share or transfer your information with us, but if you choose not to then it will significantly impact your ability to use our services. In particular, you won’t be able to make use of the main Onedox service. Where the legal basis for the processing described in “How and why do we use your information?” is consent you can withdraw consent using the method described in that section or by emailing us at info@onedox.com. In certain circumstances, we can process your information without your consent in line with the lawful processing requirements in GDPR. These include (amongst other reasons) where processing is necessary to comply with a legal obligation, or to protect your vital interests.

6.2 Ask us to rectify inaccurate or incomplete information. We would seek to rectify the information as soon as possible and usually within one month unless the request is complex.

6.3 Ask us to erase your information. This is commonly referred to as the right to be forgotten. This right is only applicable where there is no compelling reason for the continued processing of your information. There are some circumstances where this right to erasure does not apply and in such cases we would notify you of the reason(s) why we need to retain your information (unless prevented to do so by law).   

6.4 Restrict processing of your information where, for example, the information is inaccurate, being processed unlawfully or where the information is no longer relevant to the specific purpose for processing. In such cases, we would retain the information but we would not process it further without your consent, or if processing your information is for establishing, exercising or defending a legal claim, or for the protection of rights of other individuals, or for public interest reasons. In such circumstances, we would let you know that we intend to lift the restriction on processing your information.

6.5 Request access to your information via a subject access request. Your request should be made to us in writing and we may ask you for proof of your identity before providing you with the information. There is usually no fee for making such a request however, in limited circumstances, we can charge an administrative fee (which will be based on the administrative cost of providing the information).

6.6 You have the right to ask us not to process your information for marketing purposes (including profiling). We will inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by reviewing the Communications screen of the Service preferences. You can also exercise the right at any time by emailing us at info@onedox.com.

6.7 Obtain and reuse your information for your own purposes across different services (right to data portability). This right is only applicable to data that you have provided to us, where we are processing the information based on your consent or for the performance of a contract and when the processing is carried out by automated means. Where this right applies, the information will be provided to you in a structured, commonly used and machine-readable format.

Please note that our site and email communications may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies.

Furthermore, any information you have transmitted to others e.g. via a third party integration will be subject to the privacy policies of those others.

Please check these policies before you submit any information to these websites and services.

7. Changes to this Privacy Notice

We may need to change this Privacy Notice from time to time. For example, if the law changes, or if we change our business in a way that affects personal data protection.

Any changes will be immediately posted on our website and you will be deemed to have accepted the terms of the Privacy Notice on your first use of our website or the Service following the alterations. We recommend that you check this page regularly to keep up-to-date.

8. Contact information

If you have any questions, comments or requests regarding this Privacy Notice, please contact our Data Protection Officer: dpo@onedox.com

For the purposes of GDPR the data controller is Ideavate Limited company number 09624882 and our registered address is 3rd Floor, Basildon House, 7 Moorgate, London, EC2R 6AF.

If you have any complaints regarding our handling of your information, we would appreciate the chance to deal with your concerns in the first instance. However, if you wish, you may make a complaint directly to the Information Commissioner’s Office, the UK supervisory authority for data protection issues (https://ico.org.uk/concerns/ or 0303 123 1113).

9. Terms used in this notice

9.1 “Providers” – This refers to the companies that provide household services to you such as across gas, electricity, Internet, mobile, landline, TV, Insurance and car tax and MOT registration.

9.2 “Service” – This refers to the Service provided by Onedox to registered users via the web-based application or downloadable, native mobile applications, as applicable.