Privacy Policy
Last update: 26 October 2021
This privacy policy explains in detail how we collect, use, and disclose your personal data. It also informs you about the choices that you have with respect to your personal data. Please read this privacy policy carefully before submitting your personal data to us.
Here you can find some general information about us and WorkPin.
​
1.1 About the Privacy Policy. This privacy policy (the “Privacy Policy”) governs the processing of personal data collected from individual users (“you” and “your”) through the website https://www.workpin.ai, the related software and services (“Workpin”). The Privacy Policy does not cover any third-party websites, applications or software that integrate with WorkPin or any other third-party products and services.
1.2 Data controller. WorkPin is owned and operated by Workpin ltd, having a registered business address at
34 Parkville Road, SW6 7BX, London, United Kingdom, and the company number 13012146 (“we,” “us,” and “our”).
1.3 Minors. WorkPin is not intended for use by persons under the age of 18. We do not knowingly collect personal data belonging to persons younger than 18. If you become aware that such a person has provided us with his or her personal data and you are a parent or a legal guardian of that person, please contact us immediately and we will remove the child’s personal data from our systems.
1.4 Term and termination. This Privacy Policy enters into force on the effective date indicated at the top of the Privacy Policy and remains valid until terminated or updated by us.
1.5 Amendments. This Privacy Policy can be changed from time to time to address the changes in our business practices, the functionalities of WorkPin, laws, regulations, and industry standards. The amended version of the Privacy Policy will be posted on this page and, if we have your email address, we will send you a notice about all the changes implemented by us. We encourage you to review our Privacy Policy to stay informed. For significant material changes in the Privacy Policy or, where required by the applicable law, we may seek your consent.
1.6 Our role as a data processor. We act in the capacity of a data processor in situations when, within the scope of the services provided through Workpin, our clients upload or generate data and digital files (the “Service Data”) and that Service Data contains personal data. We do not own, control, or make decisions about the personal data included in the Service Data and such personal data is processed only in accordance with our client’s instructions. Our clients act as data controllers and they are responsible for deciding what personal data should be collected from data subjects and how such data should be processed. In the situations when we act in the capacity of a data processor, we comply with data processors’ obligations. Also, in order to ensure that personal data is processed in accordance with the strictest data protection standards, we provide a data processing agreement that can be received by contacting us at privacy@workpin.ai.
Here we explain in detail what personal data we collect from you, for what purposes we use it, what technical data is collected automatically when you use Workpin, and how we communicate with you.
​
2.1 Sources of personal data. We obtain your personal data from the following categories of sources:
-
Directly from you. For example, if you submit your personal data when you register your user account or contact us;
-
Directly or indirectly through your activity on Workpin. When you use Workpin, we automatically collect technical information about your use of Workpin; and
-
From third parties. We may receive information about you from third parties to whom you have previously provided your personal data, if those third parties have a legal basis for disclosing your personal data to us (for example, for payment processing purposes).
​
2.1.1 If you use Google Account OAuth to authorise your access to Workpin, we collect the following personal information from your Google account:
-
Full name
-
Avatar
-
Email address
2.1.2​ We may ask for access to your Google or Microsoft calendar during the account creation process. This access allows us to create, update or delete calendar entries representing bookings made through Workpin.
​
2.2 Collection of personal data. We comply with data minimisation principles. This means that we collect only a minimal amount of personal data that is necessary for your use of Workpin. We use your personal data for limited, specified and legitimate purposes explicitly mentioned in this Privacy Policy. For example, we use it only for the purposes of providing you with access to Workpin, maintaining and improving Workpin, replying to your enquiries, and pursuing our legitimate interests. We do not repurpose your personal data. This means that we do not use it for any purposes that are different from the purposes for which your personal data was provided. Below, you can find an overview of the types of personal data that we collect, the purposes for which we use it, and the legal bases on which we rely when processing it.
​
-
Your account. When you sign up, we collect your email address, name, personal statement, image, occupation, interests, location, and personal statement. We use the said information to register and maintain your user account, enable you to Workpin, provide you with the requested services, provide location-specific services and features, contact you, if necessary, and maintain our business records. The legal bases on which we rely are ‘performing a contract with you’ and ’pursuing our legitimate interests’ (i.e., operate, analyse, grow, and administer Workpin). If you enable your precise location data, we rely on ‘your consent’ as a legal basis. We will store this data until you delete your user account.
-
Orders. When you mare an order for our services and goods, we use your account information (as specified above), your order number and use number. We also create a pseudonymous record that contains the location you provided to us as your starting point, your preferred mode of transport, the weather, the time of day, the intended purpose of the meeting (from a predefined list of potential reasons) and your job title. We use the said information to manage and fulfil your order, send you transactional receipts, contact you, if necessary, analyse our business, and maintain our business records. The legal bases on which we rely are ‘performing a contract with you’ and ’pursuing our legitimate interests’ (i.e., administer and analyse Workpin). We will store this data for as long as required by the applicable law or you delete your user account, whichever later.
-
Payments. When you make a payment or request a payout, our third-party payment processor Revolut collects your personal data, such as name, billing and delivery addresses, and payment details (e.g., credit card details). We do not have access to your full payment data; only a part of your personal data is made available to us by the payment processor. Your payment data is used to process payments and maintain our accountancy records. The legal bases on which we rely are ‘performing our contractual obligations’ and ‘pursuing our legitimate interests’ (i.e., to administer our business). We store such data for the time period prescribed by law.
-
Enquiries. When you contact us by email, we collect your first name, last name, email address, and any information that you decide to include in your message. When you contact us by using the contact form available on Workpin, we collect your name, email address, phone number, and any information that you decide to include in your message. We use such data to respond to your enquiries and provide you with the requested information. The legal bases on which we rely are ‘pursuing our legitimate interests’ (i.e., to grow and promote Workpin) and ‘your consent’ (for optional personal data). We will store this data until you stop communicating with us.
-
Location and cookies. When you browse Workpin, we or our third-party analytics service provider (as explained below) collect your location and cookie-related data. We use such information to analyse the technical aspects of your use of Workpin, prevent fraud and abuse, and ensure the security of Workpin. For more information on our use of cookies, please refer to our Cookie Policy. The legal bases on which we rely are ‘pursuing our legitimate interests’ (i.e., analyse our content and protect Workpin) and ‘your consent’. We will store this data as long as analytics records are necessary for our activities or you withdraw your consent.
​
2.2 Sensitive data. We do not collect or use any special categories of personal data (“sensitive data”) from you, unless you decide, at your own discretion, to provide such data to us. Sensitive data refers to your health, religious and political beliefs, racial origins, membership of a professional or trade association, or sexual orientation.
​​
2.3 Refusal to provide personal data. If you refuse to provide us with your personal data when we ask for it, we may not be able to perform the requested operation and you may not be able to use the full functionality of Workpin, receive the requested information, or get our response. Please contact us immediately if you think that any personal data that we collect is excessive or not necessary for the intended purpose.
2.4 Collection of analytics data. When you browse Workpin, we collect or have access to certain technical analytics data collected from you. Such data includes the following information:
-
Your activity on Workpin (time of visit, pages visited, products viewed, time spent on each page, clicks, scroll depth, interaction with widgets);
-
URL addresses from which you access Workpin;
-
Your browser type and version;
-
Your operating system;
-
Your device details;
-
Information about your orders; and
-
Your other online behaviour.
​​
2.5 Purposes of analytics data. We use your analytics data to analyse what kind of users access and use Workpin, measure your engagement with Workpin, see which products are interesting to you, improve our content, develop new products and services, and investigate and prevent security issues and abuse. In most cases, such analytics data is non-personal and it does not allow us to identify you as a natural person. However, some of such data like your IP address may be considered personal data and we will make sure that we have the necessary legal basis for processing such data. When we process your analytics data that is personal data, we rely on the ‘legitimate interest’ (i.e., to analyse and improve Workpin) and ‘your consent’ bases.
2.6 Your feedback. If you contact us, we may keep records of any questions, complaints, recommendations, or compliments made by you and the response. Where possible, we will de-identify your personal data (i.e., we will remove all personal data that is not necessary for keeping such records).
2.7 Aggregated and de-identified data. In case your non-personal data is combined with certain elements of your personal data in a way that allows us to identify you, we will handle such aggregated data as personal data. If your personal data is aggregated or de-identified in a way that it can no longer be associated with an identified or identifiable natural person, it will not be considered personal data and we may use it for any legitimate purpose.
2.8 Newsletters. If you opt-in for our newsletter, subscribe to our newsletter, or conclude a contract with us, we will inform you about our new products, features of Workpin, and special offers. The legal bases on which we rely is ‘your consent’ (if you opt-in) and ‘pursuing our legitimate business interests’ (i.e., promote Workpin). You can opt-out from receiving our commercial communication at any time free of charge by clicking on the “unsubscribe” link included in our newsletters or by contacting us directly.
2.9 Transactional notices. If we have your email address and it is necessary to do so, we may send you important informational messages, such as order updates, payment receipts, invoices, shipping information, and other technical or administrative emails. Please note that such messages are sent on an “if-needed” basis and they do not fall within the scope of commercial communication that may require your prior consent. You cannot opt-out from service-related notices.
​
2.10 Use of Google or Microsoft account data. When authorised with a Google Account or a Microsoft Account, we use your Full Name and Avatar to populate your user profile. We use your email address to send confirmations of bookings, updates or cancellations. If you provide us with access to your Google Calendar or Office 365 Calendar, we will create calendar entries for any bookings made through Workpin. If you edit or cancel those bookings, we will amend or remove the calendar entries. We do not access any other entries in your calendar.
​
2.11 Storage of Google or Microsoft account data. Your First Name, Avatar and Email Address are stored in our encrypted storage. Credentials required to access your calendar are securely stored by our technology provider Auth0. See section 4 of this policy for details of our storage technology and technology providers.
Here we explain for how long we keep your data in our systems and how we delete it.
3.1 Storage of personal data. We and our data processors store your personal data only for as long as such personal data is required for the purposes described in this Privacy Policy or until you request us to update or delete your personal data, whichever comes first. For more details about the period for which each type of personal data is stored, please refer to section 2.2. After your personal data is no longer necessary for its purposes and there is no other legal basis for storing it, we will immediately securely delete your personal data from our systems. We do not store any personal data longer than strictly necessary.
3.2 Storage of non-personal data. We retain non-personal data pertaining to you for as long as necessary for the purposes described in this Privacy Policy. This may include storing non-personal data for the period of time needed for us to examine our activities, fulfil our contractual obligations, pursue our legitimate interests, conduct audits, comply with (and demonstrate compliance with) legal obligations, resolve disputes and enforce our agreements.
3.3 Storage as required by law. When we are obliged by law to store your personal data for a certain period of time (e.g., for keeping accounting records), we will store your personal data for the time period stipulated by the applicable law and delete the personal data as soon as the required retention period expires.
Here you can find information about third parties that may have access to your personal data.
​​
4.1 Disclosure to data processors. We keep your personal data in strict confidentiality. However, if necessary for the intended purpose of your personal data, we will disclose your personal data to entities that provide services on our behalf (our data processors). Your personal data may be shared with entities that provide technical support services to us, such as hosting, payment processing, and email distribution services. We do not sell your personal data to third parties and do not intend to do so in the future. The disclosure of your personal data is limited to the situations when it is required for the following purposes:
​
-
Ensuring the proper operation of Workpin;
-
Delivering your products;
-
Processing your payments;
-
Responding to your enquiries;
-
Pursuing our legitimate interests;
-
Enforcing our rights, preventing fraud, and security purposes;
-
Carrying out our contractual obligations;
-
Law enforcement purposes; or
-
If you provide your prior consent to such a disclosure.
​
4.2 List of data processors. We choose our data processors carefully and make sure that they ensure an adequate level of protection of personal data that is consistent with this Privacy Policy and the applicable data protection laws. The data processors that will have access to your personal data are:
-
Our hosting and data storage service provider Amazon Web Services (AWS) located in the United States (please note, however, that our servers are based in Ireland);
-
Our authentication and authorisation service provider Auth0 located in the United States (please note, however, that your personal data is processed in Germany and Ireland);
-
Our payment service provider Revolut located in the United Kingdom;
-
Our analytics service provider Plausible Analytics located in Estonia; and
-
Our independent contractors and consultants.
​
4.3 International transfers. We and some of our data processors may be based outside the country where you reside. For example, if you reside in the UK or a country belonging to the EEA, we may need to transfer your personal data outside the UK or the EEA. In case it is necessary to make such a transfer, we will make sure that the country in which our data processor is located guarantees an adequate level of protection for your personal data or we conclude an agreement with it that ensures such protection (e.g., a data processing agreement based pre-approved standard contractual clauses).
4.4 Disclosure of non-personal data. Your non-personal data may be disclosed to third parties for any purpose as it does not identify you as a natural person. For example, we may share it with prospects or partners for business or research purposes, for improving Workpin, responding to lawful requests from public authorities or developing new products and services.
4.5 Legal requests. If requested by a public authority, we will disclose information about the users of Workpin to the extent necessary for pursuing a public interest objective, such as national security or law enforcement.
Here you can find information on how we protect your data against breaches.
​
5.1 Security measures. We implement technical and organisational information security measures that protect your personal data from loss, misuse, unauthorised access and disclosure. The security measures taken by us include proper authentication, secured networks, strong passwords, encryption, limited access to your personal data by our staff, anonymisation of personal data (when possible), use of virtual private cloud technology, and carefully selected data processors.
5.2 Security breaches. Although we put our best efforts to protect your personal data, given the nature of communication and information processing technology and the Internet, we cannot be liable for any unlawful destruction, loss, use, copying, modification, leakage, and falsification of your personal data caused by circumstances that are beyond our reasonable control. In case a serious breach occurs, we will take reasonable measures to mitigate the breach, as required by the applicable law. Our liability for any security breach will be limited to the highest extent permitted by the applicable law.
The workpin app for Slack allows users to send data from their workpin account to the Slack Application (the “Service”) and send data from Slack to workpin.
When you interact with the workpin app for Slack we save your Slack username, Slack ID and team ID. If you have linked your Slack account with your workpin account via the workpin website, we store that connection.
​
We do not collect any personal information via the workpin app for Slack.
Here we explain how we delete your information.
​
If you uninstall the workpin app for Slack, we remove your Slack username, Slack ID and team ID from our store. If you unlink your Slack account from your workpin account, we remove that connection from our store.
​
To request access to your data or request deletion of your data from our systems, please contact us by using our contact details available at the end of this Privacy Policy and explain in detail your request. In order to verify the legitimacy of your request, we may ask you to provide us with an identifying piece of information, so that we can identify you in our system. We will answer your request within a reasonable time frame but no later than 30 days.
If we change this Policy, we will post the updated policy on the workpin app for Slack. From time to time, we may change this Policy, in which case we post the updated Policy on the workpin section in the Slack App store. The latest version of the Policy will always be accessible on the workpin section in the Slack App store.
Here you can find detailed information about the rights that you have with regard to your personal data and how to exercise those rights.
7.1 The list of your rights. You have the right to control how we process your personal data. Subject to any exemptions provided by law, you have the following rights:
-
Right of access: you can get a copy of your personal data that we store in our systems and a list of purposes for which your personal data is processed;
-
Right to rectification: you can rectify inaccurate personal data that we hold about you;
-
Right to erasure (‘right to be forgotten’): you can ask us to erase your personal data from our systems;
-
Right to restriction: you can ask us to restrict the processing of your personal data;
-
Right to data portability: you can ask us to provide you with a copy of your personal data in a structured, commonly used and machine-readable format and move that personal data to another processor;
-
Right to object: you can ask us to stop processing your personal data;
-
Right to withdraw consent: you have the right to withdraw your consent, if you have provided one; or
-
Right to complaint: you can submit your complaint regarding our processing of your personal data.
​
7.2 How to exercise your rights? If you would like to exercise any of your legitimate rights, please contact us by using our contact details available at the end of the Privacy Policy and explain in detail your request. In order to verify the legitimacy of your request, we may ask you to provide us with an identifying piece of information, so that we can identify you in our system. We will answer your request within a reasonable time frame but no later than 30 days.
7.3 Complaints. If you would like to launch a complaint about the way in which we handle your personal data, we kindly ask you to contact us first and express your concerns. After you contact us, we will investigate your complaint and provide you with our response as soon as possible (no later than 30 days). If you are not satisfied with the outcome of your complaint, you have the right to lodge a complaint with your local data protection authority. In the UK, the data protection authority is the UK Information Commissioner’s Office (ICO). More information about ICO is available at https://ico.org.uk .
8. CONTACT
If you have any questions about this Privacy Policy, your rights, or our data protection practices, please contact us by using the following contact details:
Our email address: privacy@workpin.ai
Postal address: Workpin ltd, 34 Parkville Road, SW6 7BX, London, the United Kingdom