Marketing Privacy Policy
Last revision date – June 22, 2023.
This Marketing Privacy Policy covers the data we process when you interact with our Website or social media pages, and also when we send to you marketing communications i.e., information about our Services, new features, functions, surveys, newsletters, and promotions.
This Marketing Privacy Policy applies both to users of our Website or any of our Apps, and the Customer.
Broken Build is the data controller of data processed under this Marketing Privacy Policy. This means that we decide what data should be processed, how and why.
Who we are
When we refer to Broken Build, we mean Broken Build LLP, a company registered in the United Kingdom (OC445385) with a registered address at 61 Bridge Street, Kington, Herefordshire, HR53DJ, United Kingdom.
If you have questions, concerns, or complaints, or would like to exercise your rights, we are available at infosec@brokenbuild.net.
You can also complain to the ICO if you are unhappy with how we have used your personal data.
Information Commissioner’s Office
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, United Kingdom
Helpline number: 0303 123 1113
Detailed description of how we process your personal data
Below you will find a detailed information about:
what personal data we may process;
purposes of processing your personal data;
legal basis for the processing of your personal data;
retention period of your personal data; and
engaged sub-processors.
To get more information on how we process your personal data when you use our Services, please read our Customer Privacy Policy.
The data we process under this Marketing Privacy Policy is both the data of your company (our Customer under the EULA) and you (End User, for whom the Customer has paid the required fees and to whom access is given to the App; as well as any Visitor of our Website, even if they are not End Users of the Apps).
The information below is classified by the purpose of data processing:
To send our marketing information to the Customer | ||
Nature and purpose(s) of processing | Personal data we process | Legal basis for the processing (if applicable) |
Send to the Customers the information about our services, new features and functions, surveys, newsletters, and promotions. Administer the Customer’s responses and survey answers. Generate analytical and statistical data based on the Customer responses. | The data mentioned below is both processed and stored:
2. Technical contact data:
3. The Customer’s responses to our surveys. | Legitimate interest (Article 6.1(f) GDPR). |
Data retention period: We may store your personal data during the term of EULA and for up to 12 months after the termination of EULA. | ||
Types of sub-processors engaged:
|
To send our marketing information to End Users of our Apps and Visitors of the Website | ||
Nature and purpose(s) of processing | Personal data we process | Legal basis for the processing (if applicable) |
Send to the End Users and Visitors the information about our services, new features and functions, surveys, newsletters, and promotions. Administer the End Users’ and Visitors’ responses and survey answers. Generate analytical and statistical data based on the End Users’ and Visitors’ responses. | The data mentioned below is both processed and stored:
2. Any data we process when we handle your support requests and enhance functionality of the Apps.
To find a detailed list of data we may process please take a look at our Customer Privacy Policy. | Consent (Article 6.1(a) GDPR) |
Data retention period: We may store your personal data mentioned above from the moment you provide consent to processing and until you withdraw your consent. | ||
Types of sub-processors engaged:
|
We may also process data to perform legal duties, responsibilities, and obligations and to comply with laws and regulations that apply to us. For example, we could store data about emails and names of subscribers to our newsletters, as well as their choices and consent - to make sure we comply with laws on e-communication.
Your rights when we process your personal data
GDPR and other countries’ privacy laws provide certain rights for data subjects. A good explanation of them (in English) is available on the website of the United Kingdom’s Information Commissioner’s Office (“ICO”).
You have the following rights with respect to your personal data when we are the controller of such data:
Right of access. You may ask to access and obtain a copy, if required, of the data about you that we collected.
Right to rectification. You may ask to update the data or to correct any inaccuracies.
Right to erasure. You may ask to delete the data we retain in certain circumstances, such as when you withdraw consent we have earlier received from you.
Right to restriction of the processing. You may request to restrict the use of your data in certain circumstances, such as when you have objected to our use. But we will first verify whether we have overriding legitimate grounds to use it.
Right to data portability. You may ask to transfer your data to a third party in a structured, commonly used, and machine-readable format, in circumstances where the data is processed with your consent or by automated means.
Right to object. You may object to our processing of your data in some cases, for example, when we process your data on the basis of our legitimate interest.
How we share data
We share your data with third parties. We are not in the business of selling any of your data, including personal data, to other third parties or advertisers.
We may pass on your data to our employees or verified independent contractors (including contracted private entrepreneurs who are based in Ukraine). We always enter into non-disclosure and confidentiality agreements with those who have access to your data to ensure the data protection.
We may also share your data with service providers that help us operate, provide, support and enhance our Services. If a service provider needs to access your data, they do so under appropriate security and confidentiality measures designed to protect your data. You should always check the privacy settings and notices in these third-party services to understand how those third parties may use your data. You may find a complete list of service providers (sub-processors) we involve following this link.
In exceptional circumstances, we may disclose data with law enforcement agencies, courts, fraud prevention agencies, or other third parties, where we think it is necessary to comply with applicable laws or regulations or to defend our legal rights (where possible, we will notify you of this type of disclosure).
International data transfers
When we use and share your data, it may be transferred to and processed in countries other than your country or residence. We process and store data in the countries you may check in the list of service providers we involve following this link.
Where we transfer your data, we put safeguards in place to ensure your data remains protected. For individuals in the UK or EEA, this means that your personal data may be transferred outside of the UK or EEA. When this is the case, it will be transferred to countries where we have compliant transfer mechanisms in place, in particular, the implemented European Commission’s Standard Contractual Clauses to agreements with entities and independent contractors the data is transferred to or other appropriate legal mechanisms to safeguard the transfer.
How we secure and store data
We are committed to keeping our customers’ personal data safe. We use industry-standard security measures appropriate for all user data and our processing activities, adequate to preserve data confidentiality and security.
You may read a more detailed description on how we protect your data in DPA Annex 1(C) available via the link.