What’s the tl;dr?
We only collect data where you have given your consent or when it is for our legitimate interests. You remain the owner of your data: if you want to learn what data we have on you or would like us to delete it, please email firstname.lastname@example.org.
Thanks! What’s the long version?
We are registered with the ICO Data Protection Register. Our registration is ZA094962.
We’re serious about protecting your data. In this note, you’ll find out:
- The personal data that we collect;
- Where we got your personal data from;
- Your personal data rights;
- Your right to object to our processing your personal data and withdrawing consent;
- How and when we use that personal data;
- Whether we share your personal data with anyone else;
- For how long will we keep your personal data;
- How you can access your personal data;
What data do you collect?
When you browse our website, the personal data that we collect includes your anomymised IP address, the pages you viewed, the time of your requests, the time spent on a page, mouse events, keypresses, browser, and operating system and version. We collect your personal data using Google Analytics, Hotjar, New Relic, Optinmonster and AWS. If your browser sends a Do Not Track signal, we do not collect any data via Hotjar, or Optinmonster.
We always ensure that we have a lawful basis for processing the personal data that we collect. When you browse our website, the lawful basis for processing your data is that it is necessary for our legitimate interests to understand how people are using our website in order to improve the experience for our visitors.
If you sign up to one of our mailing lists, or fill in a form to get access to a specific publication or to contact us, the personal data we collect includes your full name and email address, as well as your full IP address, user agent, and referrer for anti-spam measures. We collect your personal data from you, via our website, when you have completed our sign-up form. In this case the lawful basis for processing your data is that it is consent.
If you apply for a job at Human Made, the personal data we collect includes your name, CV, email address, Skype username, WordPress.org Slack username, Github username, LinkedIn profile, and any data contained in your application letter. This data was collected when you emailed email@example.com. We may also contact a third-party to request a reference. The lawful basis for processing this data is that it is necessary for our legitimate interests.
Okay, great. What are my rights?
You have the right to request access to your personal data, amendments to it, and for it to be deleted. Further information about those rights along with your right to withdraw any consent you’ve given or object to our processing your data can be found in our data protection policy by clicking here. That policy also includes who to speak with if you have any queries about our approach to processing your personal data.
But just what are you doing with that data?
We’re committed to using your personal data responsibly and lawfully. Here’s what we do with your personal data:
- We use data collected from our website visitors, including anonymised IP address, viewed pages, time of visit, time spent on site, browser information, mouse movement, keypresses, and operating system and version information to understand the user journey on our website so that we can better tailor the experience for all of our website visitors.
- If you signed up to our mailing list, we may communicate with you in the form of a newsletter, direct message, or email. This is so we can update you about Human Made, its events, products, services, industry news, and similar. We’ll always provide an opt-out button in case you don’t want to hear from us anymore.
- If you applied for a job at Human Made, our hiring team will review it and use it to process your application for employment. Details of the hiring process can be found in the Human Made company handbook. Your data may be shared beyond the hiring team when it makes sense for another employee to review an application.
Where is my data stored?
Where possible, we keep your data inside the EEA. Where we don’t, the following safeguards are in place:
- We use Google Analytics for website analytics, and your data may be transferred outside of the EU. When this happens, your data is protected by the EU-US and Swiss-US Privacy Shield Frameworks, adhered to by Google Analytics.
- We use New Relic for website analytics, and your data may be transferred outside of the EU. When this happens, your data is protected by the EU-US and Swiss-US Privacy Shield Frameworks, adhered to by New Relic.
- We use AWS as a cloud services platform, and your data may be transferred outside of the EU. When this happens, your data is protected by the EU-US and Swiss-US Privacy Shield Frameworks, adhered to by AWS (Amazon Web Services).
- If you’ve joined our mailing list, your name and email is stored with Mailchimp on their data servers in the US. Mailchimp has self-certified to both the EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield regimes, and lawfully transfers EU/EEA personal data to the U.S. pursuant to their Privacy Shield Certification.
- If you’ve submitted a form to contact us, the data you entered into the form is processed by these third-party services:
- Automattic (Akismet): on their data servers in the US, under EU-US and Swiss-US Privacy Shield
- Apollo: on their data servers in the US, under the EU-US Privacy Shield
- Google: on their data servers in the US, under the EU-US and Swiss-US Privacy Shield
Do you ever share my data?
As a remote company that is heavily reliant on cloud technologies, your data will be shared with some third-party companies. When we share your data with third-parties we conduct an impact assessment to ensure that your data remains protected. The instances when we transfer data to a third-party are:
- When data is sent to Hotjar to track your user journey and experience on our website pages
- When data is sent to AWS to deliver requests from our website
- When data is sent to New Relic to monitor your behaviour on our website
- When data is sent to Google Analytics to monitor behaviour and traffic to our website
- When you sign-up to receive email communications from us and your name and email are stored in Mailchimp
- When you fill in a form to get access to a specific publication, or to contact us, and your name, email, and company name as well as other data you submit are processed via Akismet (Automattic), Zapier and stored in G Suite (by Google) and may or may not be stored in Apollo and Salesforce.
- Your hiring application is processed through Workable where me manage our hiring pipeline.
How long do you keep my data for?
We only keep your data for as long as we require it for the purposes we outlined above. The maximum that we will keep your data for is:
- IP Address – 50 months
- Pages views – 50 months
- Time of requests – 50 months
- Time on a Page – 50 months
- Mouse events – 12 months
- Keypresses – 12 months
- Browser – 50 months
- Operating system and version – 24 months
Mailing list members
- Name – 365 days
- Email address – 365 days
Website visitors who contact us
- Name – 365 days
- Email address – 365 days
- Company name – 365 days
- Other user input on the contact form – 365 days
- For the duration of the hiring process.
Can I get a copy of my data?
Sure! You can ask us for a copy of the personal data that we hold on you by emailing firstname.lastname@example.org. We’ll ask you for copies of two types of approved identity in order to process your request (such as a passport and driving licence). You can also ask us to make corrections to data you consider to be inaccurate by emailing email@example.com.
A cookie is a small file (typically letters and numbers) which may be placed on your computer when you access our website. Through the cookie we can recognise your computer and browsing activity if you return to the website.
We use Google Analytics which allows us to collect information about how you use our site. If you access our website directly (and not via an email) your visits will be tracked anonymously. We use Google Analytics and Hotjar to understand how our website is being used in order to improve the experience for you. All user data is anonymous.
We use social buttons such as Twitter, Google, Facebook and LinkedIn to share or bookmark pages on our site or email updates. Those sites may collect information about your internet activity, including if your visit to our site (even if you don’t click on the button if you’re logged on to their site). You should check the privacy and cookies policy of each of these sites to see how they use your information and find out how to opt out and delete such information.
You are able to manage cookies. For more information click ‘here’. If you want to block all cookies all of the time you can set your computer preferences to do so.
Our website does not require you to input personal data to use it. You may however volunteer personal data such as your name and email address to request information, updates and our services. That information is required to deal with your query appropriately.