Privacy Policy
An explanation of the information we gather from you and how we handle it.
We understand that your data is private and, by using Unobox, that you are trusting us to manage it appropriately. We are committed to upholding that trust and this policy explains how we manage your data.
Although our approach towards privacy is already aligned with GDPR (EU General Data Protection Regulation), you may request a specific GDPR-compliant data processing agreement.
The Data We Collect
The following table lists out the data we collect and the capacity in which we collect it.
| Category | Includes | Capacity |
|---|---|---|
| Identity | first name, last name | controller |
| Contact | physical addresses, email addresses, telephone numbers | controller |
| Financial | payment card details | controller |
| Marketing and Communications | your communication preferences | controller |
| Messaging | the mobile phone number, message content and metadata of the messages you send/receive to/from your users | processor |
| Profile | settings, preferences, feedback and survey responses | controller |
| Technical | internet protocol (IP) address, time zone setting and location, technology on the devices you use to access our website | controller |
| Transaction | details about the payments you make to us and the purchases you make from us | controller |
| Usage | information about how you use Unobox | controller |
We do not collect any data about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health or any information about criminal convictions and offences.
Why We Collect Data
The only reason we collect data is to deliver Unobox to you, manage our relationship with you, carry out core operations (e.g. accounting) as well as detecting, preventing or investigating security incidents, fraud and other misuses/abuses of Unobox.
How We Collect Data
We collect data when you fill in our forms, correspond with us and/or interact with Unobox.
We may also collect it from third party service providers (e.g. telecommunications companies, payment service providers, analytics providers, search information providers etc.) or through publicly available sources.
Disclosing Your Data
To provide Unobox, protect it and improve it, we may have to share your data with third parties such as service providers (e.g. analytics providers), professional advisers (e.g. lawyers, auditors) and regulators.
Please rest assured that we require all third parties to respect the privacy of your data and to treat it in accordance with the law. We only permit them to process your data for specified purposes and in accordance with our instructions, and we do not allow them to use your data for their own purposes.
Although we prefer to work with third parties in the EEA, we also work with third parties outside the EEA (meaning that your data may be transferred outside the EEA). When we do, we only appoint processors who can provide sufficient guarantees that the requirements of the GDPR will be met.
If our business enters into a joint venture with or is sold to or merged with another business entity, we may disclose your information to our new business partners or owners.
We will never disclose your details to any third party for marketing purposes and, unless required to do so by law, we will not otherwise disclose your data to any third parties without your consent.
Securing Your Data
We have appropriate security measures to prevent your data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
We also have procedures to deal with any suspected data breach and will notify you of a breach where we are legally required to do so.
Retaining Your Data
We will only retain your data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements.
To determine the appropriate retention period for data, we consider the amount, nature, and sensitivity of the data, the potential risk of harm from unauthorised use or disclosure of your data, the purposes for which we process your data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances we may anonymise your data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
Entitlement
Under certain circumstances, you are entitled to:
(a) Receive a copy of the data we hold about you.
(b) Correct any incomplete or inaccurate data we hold about you.
(c) Ask us to delete data where there is no good reason for us continuing to process it, where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
(d) Object to processing of your data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your data for direct marketing purposes.
(e) Request restriction of processing of your data. This lets you ask us to suspend the processing of your data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
(f) Request the transfer of your data to you or to a third party in a structured, commonly used, machine-readable format.
(g) Withdraw consent at any time where we are relying on consent to process your data, though this will not affect the lawfulness of any processing carried out before you withdraw your consent.
To exercise any of your rights, please contact us. You will not have to pay a fee, though we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances. We will try to respond to all legitimate requests within one month, though it may take longer if your request is particularly complex or you have made a number of requests.
Contacting Us
If you have any questions about our privacy policy or would like to exercise any of your rights, please contact our Data Privacy Officer using email via privacy@unobox.io
Complaints
If you have any reason to make a privacy-related complaint, please contact us in the first instance so that we can resolve the matter as quickly as possible.
Changes to Our Privacy Policy
If we ever change our privacy policy, we will update this notice accordingly. If any such changes materially change how we treat your data, we will update you via email.