Policy version: 3 April 2024
This Privacy Policy is provided by CommLoop Limited (trading as CommunityLoop), a company registered in England and Wales under company number:12631707 with registered office Unit 1, Ground Floor, Riverside Business Centre, Shoreham-By-Sea, West Sussex, BN43 6RE, United Kingdom. ('we', 'our' or 'us') for use of our services including our mobile applications available on the Apple iOS Store and the Google Play Store, our website and any associated services we offer (Services).
We take your privacy very seriously. Please read this privacy policy carefully as it contains important information on how and why we collect, store, use and share any information relating to you (your personal data).
It also explains your rights in relation to your personal data and how to contact us or the relevant regulator in the event you have a complaint. Our collection, storage, use and sharing of your personal data is regulated by law, including under the UK General Data Protection Regulation (UK GDPR).We are the controller of Other Information (as defined in clause 3) obtained via the Services, meaning we are the organisation responsible for deciding how and for what purposes it is used.
The Customer is the controller of Customer Data, and we are the processor. If you want to understand how your information obtained via the Customer Data is used, please contact the Customer directly.
If you do not agree with this privacy policy, then do not access or use our Services, website or any other aspect of our business.
This privacy policy relates to your use of the Services only.
The Services may link to or rely on other apps, websites, APIs or services owned and operated by us or by certain trusted third parties to enable us to provide you with Services. These other apps, websites, APIs or services may also gather information about you in accordance with their own separate privacy policies. For privacy information relating to these other apps, websites or services, please consult their privacy policies as appropriate. For more information see the section 'Who we share your personal data with' below.
A separate agreement governs delivery, access and use of the Services ('the Customer Subscription Agreement'), including the processing of data such as messages, files or other content submitted through Services accounts (collectively Customer Data). The organisation that entered into the Customer Subscription Agreement (the Customer) controls its instance of the Services (its Community Space) and any associated Customer Data. If you have any questions regarding specific Community Space settings and privacy practices, please contact the Customer whose Community Space you use.
We will collect and receive information through operating the Services and websites, and through other interactions with us. Such information will include Customer Data and other information and data (Other Information) in a variety of ways.
| Category of data | In more detail |
|---|---|
| Customer Data submitted to us when using the Services | Customers or individuals granted access to a Community Space by a Customer (Users) routinely submit Customer Data to us when using the Services, which includes:
|
| Category of data | In more detail |
|---|---|
| Identify and account data you input into the Services |
|
| Data collected when you use specific functions in the Services | Data you store online with us using the Services including your usage history or preferences (while such data may not always be personal data as defined at law in all cases we will assume it is and treat it in accordance with this policy as if it were) |
| Data collected when you permit the collection of location data | Details of your location with a high degree of precision, see the section 'Location services/data' below |
| Other data the Services collects automatically when you use it |
|
| Other information you may provide to us | Information you may provide to us if you request support or otherwise communicate with us |
If you do not provide personal data we ask for where it is required, including the geo-localisation services, it may prevent us from providing services and/or the Services to you.
We collect and use this personal data for the purposes described in the section 'How and why we use your personal data' below.
Sensitive personal data (also known as special category data) means information related to personal data revealing racial or ethnic origin; political opinions; religious or philosophical beliefs; trade union membership; genetic data; biometric data (where used for identification purposes); data concerning health; data concerning a person's sex life; and data concerning a person's sexual orientation.
Certain personal data we collect is treated as a 'special category' to which additional protections apply under data protection law. This is also known as 'Sensitive Data'. Where we process such Sensitive Data, we will also ensure we are permitted to do so under data protection laws, and any such data will be collected on the basis of your consent. Sensitive Data we collect about you, where you choose to give it to us, may include your religious beliefs.
If you use the "find organisations near me" functionality, the Services will request your consent to use location services to precisely identify your location. We require access to that data in order to provide you with the "find organisations near me" functionality.
If you consent to use location services, the permission will only be used for the search action you take on that particular screen. The location services are not used in every session (unless you provide your consent in each instance), or whilst the Services are in the background.
If you do not provide your consent, you may use the Services but that will mean the "find organisations near me" feature on the Services will not be available. To withdraw your consent at any time you can turn off the localisation permissions for our app on your device.
The location services in the Services will not operate unless location services/data are generally enabled on your device. You may disable such functionality at any time by turning your device's location on "off" using the device's settings app. When you allow your device to use location services/data, data will also be collected by Google in accordance with their Privacy Policy.
We exert no control over Google's Privacy Policy and we therefore recommend that you consult their privacy policy for further information on how Google protect personal data please visit their site - https://policies.google.com/privacy?hl=en-US. For more information see the section 'Who we share your personal data with' below.
We collect personal data from you directly when you sign up to the Services, contact us directly or reach out to us via social media, make submissions via the Services when a forum element is available, or indirectly, such as your activity while using the Services.
We use Customer Data in accordance with a Customer's instructions, including to provide the Services, any applicable terms in the Customer Subscription Agreement, a Customer's use of Services functionality and as required by applicable law.
We are a processor of Customer Data and the Customer is the Controller. The Customer may, for example, use the Services to grant and remove access to a Community Space, assign roles and configure settings, access, modify, export, share and remove Customer Data, and otherwise apply its policies to the Services.
Under data protection law, we can only use your personal data if we have a proper reason, e.g.:
A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests. We will carry out an assessment when relying on legitimate interests, to balance our interests against your own. You can obtain details of this assessment by contacting us (see 'How to contact us' below).
We use Other Information to operate our Services, websites and business.
The table below explains what we use Other Information for and why.
| What we use your personal data for | Our reasons |
|---|---|
| Create and manage your account with us | To perform our contract with you or to take steps at your request before entering into a contract |
| Providing services and/or the functionalities of the Services to you | Depending on the circumstances:
|
| To communicate with you by responding to your requests, comments and questions | For our legitimate interests or those of a third party, i.e., to provide the best service to you |
| To enforce legal rights or defend or undertake legal proceedings | Depending on the circumstances:
|
| Communications with you not related to marketing, including about changes to our terms or policies or changes to the Services or service or other important notices | Depending on the circumstances:
|
| Protect the security of systems and data | To comply with our legal and regulatory obligations we may also use your personal data to ensure the security of systems and data to a standard that goes beyond our legal obligations, and in those cases our reasons are for our legitimate interests or those of a third party, i.e., to protect systems and data and to prevent and detect criminal activity that could be damaging for you and/or us |
| Operational reasons, such as improving efficiency, training, and quality control or to provide support to you | For our legitimate interests or those of a third party, i.e., to be as efficient as we can so we can deliver the best service to you |
| Statistical analysis to help us manage our business, e.g., in relation to our performance, customer base, app and functionalities and offerings or other efficiency measures | For our legitimate interests or those of a third party, i.e. to be as efficient as we can so we can deliver the best service to you and improve and develop our app |
| Updating and enhancing user records | Depending on the circumstances:
|
| Billing, account management and other administrative matters | Depending on the circumstances:
|
Depending on the circumstances:
|
To comply with our legal and regulatory obligations |
| To share your personal data with members of our group and third parties in connection with a significant corporate transaction or restructuring, including a merger, acquisition, asset sale, initial public offering or in the event of our insolvency.In such cases information will be anonymised where possible and only shared where necessary | Depending on the circumstances:
|
See 'How we share and disclose information' for further information on the steps we will take to protect your personal data where we need to share it with others.
We intend to send you email marketing to inform you of our services such as promotions.
We will always ask you for your consent before doing sending you marketing communications, except where you have explicitly opted-in to receiving email marketing from us in the past or except where you were given the option to opt-out of email marketing when you initially signed up for your account with us and you did not do so.
You will have the right to opt out of receiving marketing communications at any time by:
We will always treat your personal data with the utmost respect and never sell or share it with other organisations for marketing purposes.
For more information on your right to object at any time to your personal data being used for marketing purposes, see 'Your rights' below.
We routinely share personal data with service providers we use to help us run our business or provide the services or functionalities in the Services, including developers and cloud storage providers. We exert no control over Google's Privacy Policy and we therefore recommend that you consult their privacy policy for further information on how Google protect personal data - https://policies.google.com/privacy?hl=en-US
We only allow service providers to handle your personal data if we are satisfied they take appropriate measures to protect your personal data. We also impose contractual obligations on service providers to ensure they can only use your personal data to provide services to us and to you.
We or the third parties mentioned above may occasionally also need to share your personal data with:
Customers determine their own policies and practices for the sharing and disclosure of Customer Data to third parties. We do not control how a Customer or a third party chooses to share or disclose information.
We may share and disclose Customer Data or Other Information in accordance with a Customer's instructions and with appropriate consent, including any applicable terms in the Customer Subscription Agreement and the Customer's use of Services functionality and in compliance with applicable laws.
If you would like more information about who we share our data with and why, please contact us (see 'How to contact us' below).
We will not share your personal data with any other third party.
We will retain Customer Data in accordance with a Customer's instructions (including to perform any applicable terms in the Customer Subscription Agreement and through the Customer's use of Services functionality) and as required by applicable law.
We will keep Other Information pertaining to you for as long as you have an active account with us and for a period of up to 6 years thereafter to comply with any accounting or legal obligations including in the event of the pursuit or defence of legal claims.
Following the end of the of the aforementioned retention period, we will delete or anonymise your personal data.
If you join a workspace provided by a Customer, that Customer can:
If you join a Community Space provided by a Customer, our processing of your personal data in connection with that workspace and your account is governed by a contract between the Customer and CommLoop. We process your personal data to provide the Services to the Customer and you.
We may transfer your personal data to countries which are located outside the United Kingdom (UK) and European Economic Area (EEA). Where we transfer your personal data outside of the UK and the EEA, we will only do so for the purposes mentioned in this Policy and any contract that we have entered into with you.
Countries outside of the UK and the EEA do not have the same data protection laws as the UK and EEA. Therefore, when making such a transfer of data, we will always rely on a safeguard mechanism under the UK GDPR and the EU GDPR, whichever is applicable. We will only transfer your personal data to a country which the European Commission or the UK authorities have given a formal adequacy decision/regulation that confirms this third-country provides an adequate level of data protection similar to those which apply in the UK and EEA. If the third-country does not have an adequacy decision awarded to it, any transfer of your personal information will be subject to entering into the European Commission's Standard Contractual Clauses (the SCCs) which are designed to help safeguard your privacy rights and give you remedies in the unlikely event of a misuse of your personal data.
Transfers of personal data from the UK to the EEA shall be done on the basis of the adequacy regulation awarded to the European Union by the UK pursuant to the withdrawal of the UK from the European Union. Transfers of personal data from the EEA to the UK shall be done either on the basis of an adequacy decision awarded by the European Commission to the UK, and notwithstanding this, by entering into the SCCs for any such transfers of personal data.
If you would like further information, please contact us using the details provided at the end of this Policy.We will not otherwise transfer your personal data outside of the UK and the EEA or to any organisation (or subordinate bodies) governed by public international law or which is set up under any agreement between two or more countries.
You generally have the following rights, which you can usually exercise free of charge. For more information regarding these rights, please visit the ICO website here.
| Access to a copy of your personal data | The right to be provided with a copy of your personal data. |
|---|---|
| Correction (also known as rectification) | The right to require us to correct any mistakes in your personal data. |
| Erasure (also known as the right to be forgotten) | The right to require us to delete your personal data—in certain situations. |
| Restriction of use | The right to require us to restrict use of your personal data in certain circumstances, e.g. if you contest the accuracy of the data. |
| Data portability | The right to receive the personal data you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party—in certain situations. |
| To object to use | The right to object:
|
| Not to be subject to decisions without human involvement | The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you. We do not make any such decisions based on data collected by the Services. |
For further information on each of those rights, including the circumstances in which they do and do not apply, please contact us (see 'How to contact us' below). You may also find it helpful to refer to the guidance from the UK's Information Commissioner on your rights under the UK GDPR.
If you would like to exercise any of those rights, please complete a request form—available on our website at www.communityloop.co/support/ or email , call or write to us—see below: 'How to contact us'. When contacting us please:
We do not allow use of our Services by anyone younger than 13 years of age, or under the age of digital consent in your country, to the extent prohibited by applicable law. We do not knowingly collect personal data online from children under the age of 13. If a child under the age of 13 has unlawfully provided us with personal data, we ask that you please contact us and we will take steps to delete such information. Please see the 'How to contact us' below for our contact information.
We have appropriate security measures to prevent personal data from being accidentally lost, or used or accessed unlawfully. We limit access to your personal data to those who have a genuine business need to access it.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
If you want detailed information from Get Safe Online on how to protect your information and your computers and devices against fraud, identity theft, viruses and many other online problems, please visit www.getsafeonline.org. Get Safe Online is supported by HM Government and leading businesses.
Please contact us if you have any queries or concerns about our use of your information (see below 'How to contact us'). We hope we will be able to resolve any issues you may have.
You also have the right to lodge a complaint with the Information Commissioner.
The Information Commissioner can be contacted at https://ico.org.uk/make-a-complaint or telephone: 0303 123 1113.
We may change this privacy policy from time to time. When we make significant changes we will take steps to inform you, for example via the Services or by other means, such as email.
You can contact us by post, email or telephone if you have any questions about this privacy policy or the information we hold about you, to exercise a right under data protection law or to make a complaint.
Our contact details are shown below: