51Degrees Contributor App Privacy Policy : Thursday, June 9, 2022
Background
51Degrees.mobi Limited (“we”, “us”, “our”) understands that your privacy is important to you and that you care about how your personal data is used. We respect and value the privacy of everyone whose personal data we collect and process in the course of operating the 51Degrees Contributor (“App”).
This privacy policy describes how we handle personal and other data we receive about you when you use the App including information we obtain from your device.
We will only collect and use data about you or from your device in the ways that are described here, and in a way that is consistent with our obligations and your rights under the law. Please read this Privacy Policy carefully.
This Privacy Policy was last updated on the date that appears at the top of this page.
1. About Us
51Degrees.mobi Limited is the company that owns and operates the App and is a limited company incorporated in England under company registration number 07397529, whose registered address is located at 51Degrees, Davidson House, Forbury Square, Reading, Berkshire, RG1 3EU, United Kingdom.
For the purposes of data protection laws, we are the ‘controller’ of the personal data we process about you in connection with the App. This means that we decide why and how your personal data is processed and are legally responsible for processing it in accordance with those laws.
2. What Does This Policy Cover?
This Privacy Policy applies only to the data we collect and receive through or in connection with the App. If you use a third-party platform to redeem a reward e.g. Microworkers ("Redemption Platform"), the personal data processed by the operator of that platform will be processed in the ways described in its privacy policy, not ours.
For further information, please see the privacy policy of the relevant third-party operator on the website or application you use to access that platform.
3. What Data Do We Use?
We collect/generate and use the following data from you in connection with the App:
-
Device Data. We collect from your device the following data relating to your device:
- General information about your device: device name, type, model, manufacturer, and fingerprint (indicating time and location of manufacture). We obtain some of this information by collecting the Type Allocation Code (TAC) of your device.
- Information about the hardware specification of your device: CPU, RAM, firmware version, storage type and capacity, SIM type, SIM country, number of SIM cards, and connectivity and sensor capabilities
- Screen information: screen size, refresh rate, resolution, and type of touch sensor
- Battery information: power consumption and battery level
- Camera information: maximum resolution of the front and back cameras of your device
- Network/carrier information: carrier code identifier (e.g. Vodafone, O2) and network type (e.g. GSM, Wi-Fi)
- Location information: mobile country code, and longitude and latitude
- Application/connection information: User Agent, HTTP header, and IP address
- User preferences: ad tracking preferences
- Data received from third parties: Redemption Platform User ID
None of the Device Data can by itself be used by us to identify details of your real-world identity such as your name, postal address, or email address. If you wish to delete your data, please refer to Part 10.
Except in relation to any location information, the Device Data we obtain from your device is strictly necessary to provide our service through the App and the reward cannot be processed until you have provided this information.
We do not collect any messages, audio files, images, videos, or any other content from your device or make or manage phone calls from your device. However, due to the limitations of the operating system on which the App operates, you may be asked a series of system-generated questions requesting that we do so, as the operating system may require these questions to be answered positively before we can collect some of the Device Data.
-
Redemption Process. Once you have submitted your data via the 51Degrees Contributor and completed the process on the Redemption Platform, we will verify the Device Data above from your device. We also use your Redemption Platform User ID and Device Data to ensure the App is not misused.
We do not obtain any personal data about you from any third-party platform with whom you redeem payment. Any payment made is at the discretion of 51Degrees once we have verified your Device Data.
-
Correspondence Data. If you correspond with us or otherwise contact us in connection with the App or this Privacy Policy, we will also collect any personal data included in those communications.
All of the data you provide to us is provided on a voluntary basis. Although you do not have to provide this data, if you do not do so we will not be able to process any applicable reward (in the case of Device Data) or properly deal with your queries, complaints, and requests (in the case of Correspondence Data).
4. How Do You Use My Personal Data?
To comply with data protection laws, we must always have a legal reason (known as a ‘lawful basis’ under data protection law) for using your personal data. We process your personal data for the following purposes and by relying on the following lawful bases:
Where you provide your consent
We process your Device Data on the basis that you have provided your consent in circumstances where you have been presented with a consent statement requesting use of that data, you have allowed us to use that data, and we actually collect your data after you have done so (e.g. location information relating to your device).
You can withdraw your consent at any time. Please see Part 10 for further details. Your withdrawal of consent will not affect the lawfulness of our processing before you withdrew your consent.
To perform our contractual obligations under the terms of service of the App
We generate, process, and share with the relevant Redemption Platform information on your submission to the App in order to process the redemption of your reward for providing the Device Data to us.
To comply with our legal obligations
We process your Correspondence Data and other personal data on the lawful basis that it is necessary to comply with our legal obligations including for the purposes of:
- dealing with complaints;
- complying with your requests where you exercise your legal rights – see Parts 9 and 10 for further details); and
- notifying you of changes to our terms and conditions and policies.
Where processing is necessary for our legitimate interests
We process Device Data to provide services to our clients. To the extent this is personal data, we rely on the lawful basis that the processing is necessary for us to pursue a legitimate interest relating to our business, namely the development and provision of current and new services to our clients to grow our business. We may anonymise the Device Data to provide services to our clients. Once the Device Data is anonymised it is no longer your personal data and cannot be converted back into your personal data.
We may process any of the data described in this Privacy Policy for the following purposes and rely on the lawful basis that the processing is necessary for us to pursue a legitimate interest relating to our business, namely the efficient and effective operation of the administrative and technical aspects of our business:
- to correspond and communicate with you when supporting you in connection with the App and responding to your queries;
- for the prevention of fraud and other criminal activities;
- to verify the accuracy of the data we hold about you/your device;
- for network and information security purposes in order for us to take steps to protect your and our information and property against loss or damage, theft, or unauthorised access;
- for the purposes of a corporate restructure or reorganisation or sale of our business or assets;
- for efficiency, accuracy or other improvements of our databases and systems e.g. by combining systems or consolidating records we or other companies in our group hold about you;
- to enforce or protect our contractual or other legal rights or to bring or defend legal proceedings; and
- to send service messages through the App or to provide you with other important information about our business.
5. How Long Will You Keep My Personal Data?
We will not keep your personal data for any longer than is necessary in light of the reason(s) for which it was first collected or generated. Your personal data will therefore be kept for the following periods (or, where there is no fixed period, the following factors will be used to determine how long it is kept):
- We retain your Device Data indefinitely as the nature of the services we provide to our clients means that we, in part, rely on access to historic data. As mentioned above, none of the Device Data is linked to your real-world identity such as your name, postal address, or email address. If we no longer require any Device Data for the purposes set out in this Privacy Policy, we will delete this data in accordance with our legal obligations.
- We retain your Correspondence Data for 7 years from the date we receive it.
-
The only exceptions to the periods mentioned above are where:
- you exercise your right to have your personal data erased (where it applies) and we do not need to hold it in connection with any of the reasons permitted or required under the law (see further Part 9 ‘What Are My Data Protection Rights?’);
- you exercise your right to require us to retain your personal data for a period longer than our stated retention period (see further Part 9 ‘What Are My Data Protection Rights?’);
- we bring or defend a legal claim or other proceedings during the period we retain your personal data, in which case we will retain your personal data until those proceedings have concluded and no further appeals are possible; or
- in limited cases, existing or future law or a court or regulator requires us to keep your personal data for a longer or shorter period.
We may retain anonymised data derived from your personal data for as long as we require it for our business purposes. Such anonymised data will not identify you and may be derived from personal data in respect of which you have exercised your legal rights of erasure or restriction.
6. Where Do You Store or Transfer My Personal Data?
All information you provide to us may be transferred to countries outside the UK and European Economic Area (“EEA”). These countries may not have similar data protection laws to the UK and so may not protect the use of your personal information to the same standard. If we transfer your information outside of the UK and EEA, we will take steps to ensure that appropriate security and legal measures are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this Privacy Policy. These steps include ensuring the non-UK/EEA countries to which transfers are made have been deemed adequately protective of your personal information under data protection law, imposing contractual obligations on the recipients of your personal information using provisions formally issued by relevant bodies for this purpose and/or ensuring that the recipients are subscribed to ‘international frameworks’ that aim to ensure adequate protection. Please contact us using the details at the end of this Privacy Policy for more information about the protections that we put in place and to obtain a copy of the relevant documents.
7. Security
The security of your data is essential to us, and to protect your data, we take a number of important measures, including use of computer servers in a controlled, secure environment which is protected from unauthorised access, use or disclosure and when personal data is transmitted to or from us, it is securely encrypted.
8. Do You Share My Personal Data?
We may share your Device Data with our clients to whom we provide services.
We may share your personal data with other companies in our group for administration and audit purposes and to provide services. This includes subsidiaries and our holding company and its subsidiaries.
We will share information related to the completion of your submission with the relevant Redemption Platform to allow you to claim your reward.
We may disclose your information to our third-party service providers, agents, and subcontractors (collectively, “Suppliers”) for the purposes of operating and/or testing the App and the services we provide through it, including the hosting or other operation and maintenance of the App and those services. Our Suppliers can be categorised as follows:
Recipient / relationship to us | Industry sector (and sub-sector) |
Cloud software system providers, including database and document management providers | IT (Cloud Services) |
Legal, security and other professional advisers and consultants | Professional Services (Legal & Accounting) |
If any of your personal data is required by a third party, as described above, we will take steps to ensure that your personal data is handled safely, securely, and in accordance with your rights, our obligations, and the third party's obligations under the law.
If any personal data is transferred outside of the UK and EEA, we will take suitable steps in order to ensure that your personal data is treated just as safely and securely as it would be within the UK/EEA and under relevant data protection laws, as explained above in Part 6.
In limited circumstances, we may disclose your personal information to other third parties as follows:
- any third party who is restructuring, selling or acquiring some or all of our business or assets or otherwise in the event of a merger, re-organisation or similar event; and
- if we are under a duty to disclose or share your information in order to comply with any legal or regulatory obligation or request, including by the police, tribunals, courts, government authorities or regulators.
9. What Are My Data Protection Rights?
Under relevant data protection laws, you have the following rights, some of which may only apply in certain circumstances:
a) The right to be informed about our collection and use of your personal data. This Privacy Policy should tell you everything you need to know, but you can always contact us to find out more or to ask any questions using the details in Part 11.
b) The right to access the personal data we hold about you. Part 10 will tell you how to do this.
c) The right to have your personal data rectified if any of your personal data held by us is inaccurate or incomplete. Please contact us using the details in Part 11 to find out more.
d) The right to be forgotten, i.e. the right to ask us to delete or otherwise dispose of any of your personal data that we have. Please contact us using the details in Part 11 to find out more.
e) The right to restrict (i.e. prevent) the processing of your personal data.
f) The right to object to us using your personal data for a particular purpose or purposes.
g) The right to data portability. This means that, if you have provided personal data to us directly, we are using it with your consent or for the performance of a contract, and that data is processed using automated means, you can ask us for a copy of that personal data to re-use with another service or business in many cases.
h) Rights relating to automated decision-making and profiling. We do not use your personal data in this way.
i) The right to withdraw your consent. We do not rely on your consent to process any personal data described in this Privacy Policy.
For more information about our use of your personal data or exercising your rights as outlined above, please contact us using the details provided in Part 11 below.
Further information about your rights can also be obtained from the Information Commissioner's Office or your local Citizens Advice Bureau.
If you have any cause for complaint about our use of your personal data, you have the right to lodge a complaint with the Information Commissioner's Office.
10. How Can I Exercise My Data Protection Rights?
If you wish to exercise any of the data protection rights listed above in Part 9 in respect of the personal data described in this Privacy Policy, including the right to know what personal data we have about you, you can simply ask us using our contact details. Any such requests are known as "data subject rights requests".
We may ask you for information to verify your identity at the time you first contact us and, where applicable, may ask you to help us with focussing our search for your data, where possible.
In respect of Device Data, owing to its nature, we are unlikely to be able to identify which of that data relates to you without further information. Where you are able to provide this information, we will comply, where applicable, with our legal obligations to fulfil your data subject rights requests. In respect of any Device Data that we cannot link to you, we shall be under no obligation to provide access or to delete, restrict or otherwise fulfil any other type of data subject rights request.
You can make a data subject rights request by contacting us using any method of communication. However, to allow us to smoothly and efficiently deal with your rights requests, please make your request in writing and send this by email or post to us to the relevant addresses shown in Part 11.
We do not usually charge for a dealing with a data subject rights request. If your request is 'manifestly unfounded or excessive' (for example, if you make repetitive requests) a fee may be charged to cover our administrative costs in dealing with your request.
We will respond to your data subject rights request within one calendar month of receiving it. Normally, we aim to provide a complete response, including a copy of your personal data within that time in relation to access requests. In some cases, however, particularly if your request is more complex, more time may be required up to a maximum of three months from the date we receive your request. You will be kept fully informed of our progress and the timescales envisaged for our resolution of your request.
11. How and to Whom Can I Send Queries and Complaints?
If you have any queries or complaints regarding our use of your personal data in relation to the App or in respect of this Privacy Policy, including to make a data subject request, please use the following details:
Email address: contactus@51degrees.com.
Postal Address: 51Degrees, Davidson House, Forbury Square, Reading, Berkshire, RG1 3EU, United Kingdom.
12. Changes To This Privacy Policy
We may change this Privacy Policy from time to time. This may be necessary, for example, if the law changes, or if we change the App or other aspects of our business in a way that affects the way we process or handle your personal data.
Any changes will be posted on this page so we recommend that you check this page regularly to keep up-to-date.