This Privacy Policy applies to Keylr, our iOS and Android mobile application (our “App”). In the below policy, we inform you about the scope of the processing of your Personal Data.
General information
- What law applies?
Our use of your Personal Data is subject to the UK’s Data Protection Act (“DPA”) and the EU General Data Protection Regulation (“GDPR”), and of course we process your Personal Data accordingly.
- What is Personal Data?
Personal Data is any information relating to personal or material circumstances that relates to an identified or identifiable individual. This includes, for example, your name, date of birth, e-mail address, postal address, or telephone number as well as online identifiers such as your IP address and device ID.
- What is Special Category Data?
Special category data is Personal Data that needs more protection because it is sensitive. This includes Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data. As well as, data concerning health, a person’s sex life; and a person’s sexual orientation. In order to lawfully process Special Category Data, it is necessary to consent to the processing
- What is processing?
Processing means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means. The term is broad and covers virtually any handling of data.
- Who is responsible for data processing?
The responsible party within the meaning of DPA and the GDPR is Key Riders Ltd, Suite 3260 Unit 3a,34-35 Hatton Garden, Holborn, London, United Kingdom, EC1N 8DX (“Key Riders”, “we”, “us”, or “our”). If you have any questions about this policy or our data protection practices, please contact us using our Contact Form.
- The Legal Bases for processing Personal Data
In accordance with the DPA and the GDPR, we have to have at least one of the following legal bases to process your Personal Data: a) you have given your consent, b) the data is necessary for the fulfilment of a contract / pre-contractual measures, c) the data is necessary for the fulfilment of a legal obligation, or d) the data is necessary to protect our legitimate interests, provided that your interests are not overridden.
Processing of automatically collected data
- Downloading our App
The App can be downloaded from the “Google Playstore” a service offered by Google LLC, or the Apple App service “App Store” a service of Apple Inc., to install our App. Downloading it may require prior registration with the respective App store and/or installation of the respective App store software.
- Installing our App
As far as we are aware, Google collects and processes the following data: Licence check, network access, network connection, WLAN connections, and location information. However, it cannot be ruled out that Google also transmits the information to a server in a third country. We cannot influence which Personal Data Google processes with your registration and the provision of downloads in the respective App store and App store software. The responsible party in this respect is solely Google as the operator of the Google Play Store.
As far as we are aware, Apple collects and processes the following data: device identifiers, IP addresses, location information, it cannot be excluded that Apple also transmits the information to a server in a third country. We cannot influence which Personal Data Apple processes with your registration and the provision of downloads in the respective app store and app store software. The responsible party in this respect is solely Apple as the operator of the Apple App Store.
- Device information
Google and Apple may collect information from and about the device(s) you use to access our App, including hardware and software information such as IP address, device ID and type, device-specific and App settings and properties, App crashes, advertising IDs (AAID), information about your wireless and mobile network connection such as your service provider and signal strength; information about device sensors such as accelerometer, gyroscope, and compass and Payment Data and Billing confirmations.
- Authorizations and Access
We may request permission to store your App data including your Internet Connection and Network, Push Notifications, and Coarse Location. The legal basis for data processing is our legitimate interest, the provision of contractual or pre-contractual measures and your consent. You can deny access on your device via the Settings/Notifications/ options of your device; however, this means that our App may not function as intended.
- Google Maps
In order to better display and geographically visualise the specific task location our App uses Google Maps API and we process your coarse location. When using Google Maps, Google collects, processes and uses data about the use of Maps functions. Further information on data processing by Google is listed in Google’s privacy policy. The legal basis for data processing is our legitimate interest, the provision of contractual or pre-contractual measures and your consent.
- Device Calendar
As part of our App’s functionality and when you consent to do so you can schedule tasks (“events”). Doing so, you can use this function to synchronise the event with your device’s calendar data. We do not have access to your calendar data nor your calendar events, settings, etc. Insofar as you consent to the use of our Calendar synchronisation feature, consent is the legal basis for the processing.
.
- Push messages
When you use our App, you will receive so-called push messages from us, even if you are not currently using our App. These are messages that we send you as part of the performance of the contract. You can adjust or stop receiving push messages at any time via a) the device settings of your device or b) or by enabling or disabling specific types of notifications within the App. Insofar as you consent to the use of push messages, consent is the legal basis for the processing.
Data processing by us
- Contacting us
Personal data is processed depending on the contact method. In addition to your name and email address, IP address or phone number, we usually collect the context of your message, which may also include certain Personal Data. The Personal Data collected when you contact us is used to process your request and the legal basis is your consent.
- Contracting with us
The protection of your data is particularly important to us in the performance of our contractual services. We therefore only want to process as much Personal Data (for example, your name, and e-mail address, phone number and company details) as is absolutely necessary. Nevertheless, we rely on the processing of certain Personal Data, to fulfil our contractual obligations to you or to carry out pre-contractual measures.
- Registration
If you register, we will request mandatory and, where applicable, non-mandatory data in accordance with our registration form including your name and email address, phone number and company details, region, country and in case of partner companies certain property details. The entry of your data is encrypted so that third parties cannot read your data when it is entered. Your data will remain stored for as long as the registration lasts, in particular if the storage is necessary for the fulfilment/execution of the contract, to enforce our rights or for our other legitimate interests or we are required by law to retain your data (e.g., within the framework of tax retention periods).
- Profile
As a registered user, you have the opportunity to create a user profile with just a few clicks and details and the relevant profile data you provide will be posted on your profile. Of course, you can change and delete and correct the information at any time via the settings in your profile. You have choices about the information on your profile. It’s your choice whether to include sensitive information on your profile and to make that sensitive information public. Please do not post or add Personal Data to your profile that you would not want to be available. The legal basis for the processing of your Personal Data is the establishment and implementation of the user contract for the use of our App.
- Using our App
If you wish to use our App and its features, we process the Personal Data you voluntarily provide for the purpose of providing our App. Depending on how you use our services (Companies or Taskers), you may provide contact information, location data etc. and share content, information about the task, inventory details, guests and meet and greets etc which may include Personal Data, and Special Category Data or non-personal data that you make available to us (“Service Data”).
We recognize that you own your Service Data and provide you with complete control of your Service Data by providing you the ability to (i) access your Service Data, (ii) share your Service Data through our App, and (iii) request export or deletion of your Service Data.
When we process Service Data, we become your Data Processor or in other words, we will process the Service Data involved in your use of Mentor Connect in accordance with your instructions and shall use it only for the purposes agreed between you and us.
We ensure that access by our employees to your data is only available on a need-to-know basis, restricted to specific individuals, and is logged and audited. We communicate our privacy and security guidelines to our employees and enforce privacy and protection safeguards strictly.
Some jurisdictions may require you to disclose your use of our services as your processor in your privacy policy and/or data processing agreement as applicable. For this purpose all Service Data processed by us will be processed using Amazon Web Services (AWS) and take appropriate legal precautions and corresponding technical and organisational measures to ensure the protection of your Service Data.
Further and if you are providing us with Personal Data relating to a third party, you agree a) that you have in place all necessary appropriate consents and b) that such third party has read this Privacy Policy. You agree to indemnify us in relation to all and any liabilities, penalties, fines, awards, or costs arising from your non-compliance with these requirements.
The legal basis for the processing of your Service Data is our obligation to fulfil the contract we have with you.
- Data management and technical support
If you create a support ticket, we will request personal and, where applicable, non- personal data in accordance with your request, this may include your name, email address and other order related data you voluntarily provide. The data provided is not shared with third parties and cannot read your data when it is entered. If you submit a support ticket, we process the data for the purpose of processing and handling your ticket. The legal basis of the data processing is our obligation to fulfil the contract and/or our legitimate interest in processing your support ticket. You can delete data provided at any time in the ticket or by contacting us.
- Administration, financial accounting, office organisation, contact management
We process data in the context of administrative tasks as well as organisation of our business and your reward system, managing your obligations and compliance with legal obligations, such as archiving. In this regard, we process the same data that we process in the course of providing our contractual services. The processing bases are our legal obligations and our legitimate interest.
General principles
- What we do not do
- We do not request Personal Data from minors and children;
- We do not process special category data without obtaining prior specific consent;
- We do not use Automated decision-making including profiling; and
- We do not sell your Personal Data.
- Sharing
We will not disclose or otherwise distribute your Personal Data to third parties unless this is a) necessary for the performance of our services, b) you have consented to the disclosure, c) or the disclosure of data is permitted by relevant legal provisions. In addition, we may disclose your Personal Data: in connection with law enforcement, fraud prevention or other legal proceedings; as required by law or regulation; if Keylr or Key Riders LTD or a part of Key Riders LTD is sold to or merged with another company; or if we have reason to believe that disclosure is necessary to protect our business.
- International Transfer
We may transfer your Personal Data to other companies as necessary for the purposes described in this Privacy Policy. In order to provide adequate protection for your Personal Data when it is transferred, we have contractual arrangements regarding such transfers. We take all reasonable technical and organisational measures to protect the Personal Data we transfer.
- Storage
In the course of our business and App operations, we process data in our Ireland based headquarters. All data collected is generally transferred to our Amazon Web Services (AWS) Server. The legal basis for the data processing is our legitimate interest in providing our App.
- Data Security
Our App uses SSL or TLS encryption to ensure the security of data processing and to protect the transmission of confidential content, such as login data or contact requests that you send to us. We have also implemented numerous security measures (“technical and organisational measures”) for example encryption or need to know access, to ensure the most complete protection of Personal Data processed through our App.
Nonetheless, databases or data sets that include Personal Data may be breached inadvertently or through wrongful intrusion. Upon becoming aware of a data breach, we will notify all affected individuals whose Personal Data may have been compromised, and the notice will be accompanied by a description of the action being taken to reconcile any damage as a result of the data breach. Notices will be provided as expeditiously as possible after which the breach was discovered.
Your rights and privileges
- Privacy rights
You can exercise the following rights:
- Right to information
- Right to rectification
- Right to object to processing
- Right to deletion
- Right to data portability
- Right to withdraw consent
- Right to complain to a supervisory authority
- Right not to be subject to a decision based solely on automated processing.
If you wish to exercise any of your rights, please contact us.
- Updating your information
If you believe that the information we hold about you is inaccurate or that we are no longer entitled to use it and want to request its rectification, deletion, or object to its processing, please do so by contacting us.
- Withdrawing your consent
You can revoke consents you have given at any time by contacting us. The legality of the data processing carried out until the revocation remains unaffected by the revocation.
- Access Request
In the event that you wish to make a Data Subject Access Request, you may inform us in writing of the same. We will respond to requests regarding access and correction as soon as reasonably possible. Should we not be able to respond to your request within thirty (30) days after receiving your request, we will inform you in writing within thirty (30) days of the time by which we will be able to respond to your request. If we are unable to provide you with any Personal Data or to make a correction requested by you, we shall generally inform you of the reasons why we are unable to do so (except where we are not required to do so under the respective legal regulations mentioned above).
- What we do not do
- We do not request Personal Data from minors and children;
- We do not process special category data without obtaining prior specific consent;
- We do not use Automated decision-making including profiling; and
- We do not sell your Personal Data.
- Complaint to a supervisory authority
The supervisory authority in the UK is: The Information Commissioner’s Office (ICO) and is located at Wycliffe House, Water Ln, Wilmslow SK9 5AF, UK www.ico.org.uk. However, we would appreciate the opportunity to address your concerns before you contact the ICO.
Validity and questions
This Privacy Policy was last updated on Friday, 10th of May, 2024, and is the current and valid version. However, from time to time changes or a revision to this policy may be necessary.
If you feel that the above is not sufficient or if you have any queries as regards the collection, processing or use of your information we are looking forward to hearing from you. We will make every effort to reply as soon as possible and take into consideration any suggestions from your end.