This privacy notice tells you what personal data UpTime Labs collects about you, what we use it for and who we share it with. It also explains your rights and what to do if you have any concerns.

This privacy notice will supplement any other notices you receive from us and they should be read together. We may need to make changes to this notice occasionally, to reflect any changes to our services or legal requirements. We will notify you of any important changes before they take effect.

We are UpTime Labs Ltd (registered in England and Wales under company number 13748573 with its registered office at Flat 2, 55 Frognal, London, United Kingdom, NW3 6YA)

In relation to our Website and Platform, UpTime Labs will be ‘controller’ of your information, which means that it decides what personal data we collect from you and how it is used.

UpTime Labs Ltd is registered with the Information Commissioner’s Office, the UK regulator for data protection matters under number ZB402346.

Where you are employed or engaged by one of our customers and are given access to our Platform by them, we will process some of your personal data on their behalf. In this case, they will be the ‘controller’ and we will be their ‘processor’.

Email address: patrick@uptimelabs.io
Postal address: Flat 2, 55 Frognal, London, United Kingdom, NW3 6YA

This privacy notice tells you how we look after your personal data when you visit our website at uptimelabs.io (Website) or become our customer and when you access the UpTime Labs platform (Platform) as a user.

We want to make sure that your personal data is accurate and up to date. Please let us know about any changes so that we can update our systems for you.

Our Website and Platform includes links to external websites, plug-ins and applications provided by other organisations. By clicking on those links or enabling connections you may allow those organisations to collect or share personal data about you. We do not control how these organisations use your personal data, so we encourage you to read their privacy notices.

Personal data means any information which does or could be used to identify a living person. We have grouped together the types of personal data that we collect below:

Identity Data – name and username Contact Data – billing address, delivery address, business email address, personal email address or academic email address and telephone numbers

Transaction Data – details of products and services we have provided to you and bank details (we do not process payment card details)

Technical Data – internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform on the devices you use to access our Website

Profile Data – your username and password, your interests, preferences, feedback and survey responses

Usage Data – information about your visit including the full Uniform Resource Locators (URL) clickstream to, through and from our site, reports, information you viewed or searched on our Website, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks and mouse-overs, lab completion activity and methods used to browse away from the page)

Marketing and Communications Data – your preferences in receiving marketing from us and our third parties and your communication preferences

When we collect personal data, we sometimes anonymise it (so it can no longer identify you as an individual) and then combine it with other anonymous information to form Aggregated Data.

Data protection law does not restrict us when it comes to how we use Aggregated Data and the various rights described below do not apply to Aggregated Data.

We do not intentionally collect any Special Categories of Personal Data (sensitive types of information which require additional protections, such as health information). However, we acknowledge some information we collect could suggest special category data.

Direct interactions: You provide your personal data to us by filling in forms or by corresponding with us by post, phone or email when you:

• apply for our products or services
• create an account on our platform
• subscribe to our service or publications
• allow us to send you marketing
• enter a competition, promotion or survey
• give us some feedback

Automated technologies or interactions: As you interact with our website, we automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies.

Information provided by others. We may receive personal data about you from:

• technical service providers, acting as our processors (which means they can only use your personal data in line with our instructions)
• marketing agencies that help us identify prospective customers
• organisations such as your employer if they are a customer of UpTime Labs through which you may be given access to our Platform
• organisations such as your prospective employer if they are a customer of UpTime Labs and ask you to complete labs on the Platform as part of their interview / assessment process.

We are required to identify a legal basis for collecting and using your personal data. There are six legal grounds which organisations can rely on. The most relevant of these to us are where we use your personal data:

• to enter into and perform our contract with you (but only where the contract is with you as an individual, not a contract with another organisation)
• to comply with a legal obligation that we have
• to pursue our legitimate interests (our justifiable business aims) but only if those interests are not outweighed by your other rights and freedoms (for example, your right to privacy)
• to do something that you have given your consent for

If you access the platform in your capacity as an individual, we will get your consent before we direct market to you.

If you access the platform in your capacity as an employee for your employer organisation, we will direct market to you unless you opt-out using the unsubscribe links in the footers of emails. We do this because data protection law allows us to direct market to corporate subscribers (e.g., business email addresses) under the lawful basis of legitimate interests. Our direct marketing communications will always include a link so you can unsubscribe at any time.

We sometimes use your information to form a view on what products, services or offers we think you might be interested in.

We may contact you if your recent activity suggests you might want to hear from us (for example, you entered one of our competitions), unless you have already let us know you do not wish to receive marketing communications.

We may also get in touch with you to ask you to give us feedback or participate in user research so that we can improve our products and services. Where possible, we will remove identifiable personal data so that the feedback or research does not identify you as an individual. For example, for user research, we will remove your name (and any other identifiable information) from the data completely, and we will use pseudonyms when presenting the research internally.

If you participate in user research, we may ask you if we can record your voice and browser for the purposes of the exercise. For some types of research, we will also ask if we can record your video through your webcam, but this is less frequent. We use a third-party software provider (please see our list of Processors) to facilitate the research. We will always let you know before we access your camera, microphone and / or browser.

Please be aware that the software records your entire browser. Therefore, if you access other content on your browser outside the UpTime Labs platform during your participation in the research, we may have access to such recorded content. As always, you can exercise any of your rights in relation to this data.

• Our staff (our employees or other workers bound by contracts containing strict confidentiality and data protection obligations)
• Our technical service providers including hosting, customer support, marketing and customer relationship, software monitoring, project management and customer insight providers (these organisations only have access to information they need to provide their services to us and are bound by contracts containing strict confidentiality and data protection obligations)
• Regulatory authorities such as HM Revenue & Customers
• Our professional advisers such as the accountants or legal advisors we sometimes use to help us conduct our business
• Any actual or potential buyer of our business

If UpTime Labs are asked to provide personal data in response to a court order or legal request (e.g. from the police), we would seek legal advice before disclosing any information and carefully consider the impact on your rights when providing a response.

Where we instruct organisations to process personal data on our behalf (our Processors) and that results in your information being sent outside of the UK or European Economic Area (EEA), we make sure that your information receives a similar level of protection by:

• only sending information to countries that have been formally recognised by the European Commission as having an adequate level of protection for personal data or
• using contracts approved by the European Commission to ensure appropriate safeguards are in place

If you are using our Platform because you have been enrolled by an organisation (e.g. your employer) then your personal data may be stored on servers located in the same region that they are based. You can ask us for more information if you have a question about information sent outside the UK or EEA.

We will get your consent before we share your personal data with any person outside UpTime Labs for marketing purposes.

You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly.

We have implemented security measures to prevent your personal data from being accidentally or illegally lost, used or accessed by those who do not have permission. These measures include:

• access controls and user authentication
• internal IT and network security
• regular testing and review of our security measures
• staff policies and training
• incident and breach reporting processes
• business continuity and disaster recovery processes

For further information about our security measures, please contact us.

If there is a breach of security which has affected your personal data and we are the controller, we will notify the regulator and keep you informed (where required under data protection law).

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the volume, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we use your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements

By law we must keep Transaction Data for six years.

We may keep Identity Data, Contact Data and certain Marketing and Communications Data (specifically, any exchanges between us by email or any other means) for up to six years after the end of our contractual relationship with you or your organisation to help us bring or defend any legal proceedings.

If you are not a customer and you browse our Website, we keep personal data collected through our analytics tools.

If you are not a customer and you have asked for information from us or you have subscribed to our mailing list, we keep your details until you ask us to stop contacting you or your email address becomes permanently unavailable.

You have specific rights when it comes to your personal data:

Access: You must be told if your personal data is being used and you can ask for a copy of your personal data as well as information about how we are using it to make sure we are abiding by the law

Correction: You can ask us to correct your personal data if it is inaccurate or incomplete. We might need to verify the new information before we make any changes.

Deletion: You can ask us to delete or remove your personal data if there is no good reason for us to continuing holding it or if you have asked us to stop using it (see below). If we think there is a good reason to keep the information you have asked us to delete (e.g. to comply with regulatory requirements), we will let you know and explain our decision.

Restriction: You can ask us to restrict how we use your personal data and temporarily limit the way we use it (e.g. whilst you check that the personal data we hold for you is correct)

Objection: You can object to us using your personal data if you want us to stop using it. We always comply with your request if you ask us to stop sending you marketing communications but in other cases, we decide whether we will continue. If we think there is a good reason for us to keep using the information, we will let you know and explain our decision.

Portability: You can ask us to send you or another organisation an electronic copy of your personal data

Complaints: If you are unhappy with the way we collect and use your personal data, you can complain to the UK Information Commissioner’s Office but we hope we can help in the first instance. If you have any concerns you can email us at patrick@uptimelabs.io

It is usually free for you to exercise your rights and we aim to respond within one month. We might ask you to verify your identity before we begin working on your request as part of our security measures (to keep personal data safe).

It might take us longer to deal with more complicated requests or where multiple requests are made at the same time, but we will always let you know first and will only ever extend the deadline by a maximum of two months.

The only time we charge a fee or refuse to respond is if we feel the request is unfounded or excessive, but we will always let you know and explain our decision. If you want to make any of the right requests above, you can reach us at patrick@uptimelabs.io

Last Updated: 04/11/2022
Version: 2