- Our pinboard Limited will be the data controller in respect of any personal data that you submit to us or that we collect from you when you use our Site. We are a company registered in England with registered offices at 2-3 Ledbury Mews West, London, England W11 2AE (we, us or our). For more information about us please visit the Site.
The information that we receive or collect from you
We will collect any information that you provide to us when you:
- Contact us by phone, via email, by post or through our Site;
- Create an account with us;
- Update your profile and other account details;
- Subscribe to our newsletter and mailing lists;
- Submit posts or other newsletter contributions to us;
- Fill in a form, conduct a search, post content on the Site, respond to surveys, participate in promotions or use any other features of the Site;
- Contact other users;
- Register to and/or attend any events we hold; and
- Submit a CV or application to a job vacancy with us, or attend an interview or assessment.
This information you provide to us may include:
- Identity and contact data, like your name, date of birth, email address, password, postal address, phone number, and if you’re registering for an account, account profile data and preferences details, like your gender and interests, which will be used for providing the services to you (including the provision of regular email notices should you chose to receive them) and contacting you with further information about our services or improving our services;
- If you are submitting a job application, your employment and background data, which might include additional information about your academic and work history, qualifications, skills, projects and research that you are involved in, references, proof of your entitlement to work in the UK, your national security number, your passport or other identity document details, your current level of remuneration (including benefits), and any other such similar information that you may provide to us, which may include sensitive information like details of your race or ethnicity, religious beliefs, sexual orientation, health and whether or not you have any disability; and
- From time to time we might ask if you would be willing to participate in our surveys; if you agree, we will also collect any survey data that you provide.
The information we collect about you may include:
- Information contained in any correspondence between you and us, for example, if you contact us, we may keep a record of that correspondence. We may also ask you for information when you report a problem with our Site or any of the content featured on it;
- Your visits to our Site and how you use it. This may include your geographical location, browser type, referral source, length of visit and number of page views and similar information. We may use this information for a number of purposes including Site administration, optimising the use and performance of the Site, and disclosing to third party contributors or for security purposes. Individual users will not be identifiable from this information. This information may be collected by a third party Site analytics service provider on our behalf and may be collected using cookies. For more information on cookies, please see the ‘cookies’ section below; and
- Information transmitted via our services, such as information posted by you, or correspondence or interactions that you may have with other users.
The third parties we receive personal information from include:
- Information from other users, who may be based inside or outside the EU, for example information that is posted or uploaded by other users or correspondence between users;
- Information from Pinboard community groups, including schools and other organisations that register to have a Pinboard group on the Site (including for the purpose of verifying an application to create a Pinboard account);
- If you are a job applicant we may contact your recruiter, current and former employers and/or referees, who may be based inside or outside the EU, to provide information about you and your application;
- Personal information from our service providers, including our Site developer and IT support provider (who are based inside the EU); and
- Publicly available sources, such as Linkedin, other social media sites including but not limited to Instagram, and Facebook, Companies House and School websites, for instance to carry out identity and compliance checks.
- We will collect any information that you provide to us when you:
Special Categories of personal information
- “Special categories” of particularly sensitive personal information require higher levels of protection. Special categories of data include details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). We need to have further justification for collecting, storing and using this type of personal information. We have in place an appropriate policy document and safeguards which we are required by law to maintain when processing such data.
Use of your information
In addition to the specific uses set out in section 3 above, we may use your information for the following purposes:
- To provide you with access to our Site and tailored newsletters in a manner convenient, optimal and with personalised content relevant to you including sharing your information with our Site hosts and developers;
- To register your Pinboard account, including verifying your eligibility for an account;
- To enable you to communicate with other Site users, including submitting posts and contacting each other;
- To provide user service and support, deal with enquiries or complaints about the Site and share your information with our Site developer, IT support provider, hosting platform, as necessary to provide user support;
- To enable you to take part in prize draws, competitions and surveys;
- to develop our services so as to improve your browsing and viewing experience;
- To provide third parties with aggregated and anonymised statistical information about our userbase (this information cannot be used to identify any individual user);
- To keep in contact with you about our news, events, Site features or services that we believe may interest you, provided that we have the requisite permission to do so;
- To share your information with selected third parties such as partners, to enable them to contact you with suggestions, recommendations and information about things that may interest you, provided that we have the requisite permission to do so;
- To promote our Site and services including featuring you in such promotional material, provided we have your prior consent to do so;
- To protect, investigate, and deter against fraudulent, unauthorised, or illegal activity, including identity fraud;
- To enable us to comply with policies, procedures and laws, to enforce our legal rights, and to protect the rights, property or safety of our employees and share your information with our technical and legal advisors; and
- For security purposes relating to our Site and services.
- In addition to the specific uses set out in section 3 above, we may use your information for the following purposes:
Legal basis for using your personal information
We will only use and otherwise process your personal information where we have a legal basis to do so. The legal basis will depend on the purposes for which we collect and use your personal information. In almost every case the legal basis will be one of the following:
- Consent: for example, where you have provided your consent to receive certain marketing from us, such as our email newsletters. You can withdraw your consent at any time, including by clicking on the “unsubscribe” link at the bottom of any marketing email we send you;
- Our legitimate interests or the legitimate interests of third parties: for example, where it is necessary for us to understand our customers, promote our services, and operate a safe and lawful business, provided in each case that this is done in a legitimate way which does not unduly affect your privacy and other rights. For example, we will rely on this legal basis when we conduct certain market analysis to understand our users in sufficient detail so we can create new services and Site features;
- Performance of a contract with you (or in order to take steps prior to entering into a contract with you): for example, where you have registered to access the Site and we need to use your contact and account details to enable you to do so; or
- Compliance with law: where we are subject to a legal obligation and need to use your personal information in order to comply with that obligation.
- We will only use and otherwise process your personal information where we have a legal basis to do so. The legal basis will depend on the purposes for which we collect and use your personal information. In almost every case the legal basis will be one of the following:
Our legitimate interests
As outlined above, in certain circumstances we may use your personal information to pursue legitimate interests of our own or those of third parties. Where we refer to using your information on the basis of our “legitimate interests”, we mean our legitimate business interests in conducting and managing our business and our relationship with you, our clients, and/or other third parties, including the legitimate interest we have in:
- Presenting our Site and services (such as our emails) in an effective and optimal manner;
- Studying how our Site and services are used;
- Defining types of users for our Site, to keep our Site updated and relevant, to develop our business and to inform our marketing strategy;
- Providing the correct services to our Site users;
- Providing user support;
- Keeping our records updated;
- Recruiting new staff;
- Promoting our business;
- Providing marketing communications where we may lawfully do so; and
- Operating a safe and lawful business.
- Where we use your information for our legitimate interests, we make sure that we take into account any potential impact that such use may have on you. Our legitimate interests don’t automatically override yours and we won’t use your information if we believe your interests should override ours unless we have other grounds to do so (such as your consent or a legal obligation). If you have any concerns about our processing please refer to section headed “Your rights to the information we hold about you” below.
- As outlined above, in certain circumstances we may use your personal information to pursue legitimate interests of our own or those of third parties. Where we refer to using your information on the basis of our “legitimate interests”, we mean our legitimate business interests in conducting and managing our business and our relationship with you, our clients, and/or other third parties, including the legitimate interest we have in:
Disclosure of your information
- In connection with the purposes and on the lawful grounds described above and in addition to the recipients of your information as described above, we will share your personal information when relevant with third parties such as:
- other users who you communicate with;
The service providers we work with to delivery our business (who are acting as data processors) and who provide us with:
- Site development and hosting services based in the EEA;
- IT, system administration and security services based in the EEA;
- Payment services based in EEA;
- identity verification, fraud prevention and detection services based in the UK;
- Banking services based in the UK;
- Legal, accountancy, auditing and insurance services and other professional advisers based in the UK; and
- Recruitment service providers based in the UK.
- To selected third party marketing parties so that they can provide you with marketing communications by post and/or electronic means (such as email, SMS and/or MMS) about their own products, services, events, special discounts and offers, which you have requested to be sent, or which may be of interest to you where you have expressly consented to be contacted for such purposes;
- To any affiliate or third party to whom disclosure is necessary to enable us to provide you with any services or products that you have requested through the Site which may be provided by such affiliates or third parties;
- In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets (who may be based inside or outside the EU);
- If all or a substantial part of our assets are acquired by a third party (who may be based inside or outside the EU), in which case personal data held by us about our users will be one of the transferred assets; and
- Other third parties, including legal, professional or other advisors, regulatory authorities, courts, law enforcement agencies and government agencies based in the United Kingdom where necessary to enable us to enforce our legal rights, or to protect the rights, property or safety of our employees or where such disclosure may be permitted or required by law.
- If you do not wish for cookies to be installed on your device, you can change the settings on your browser or device to reject cookies. For more information about how to reject cookies using your internet browser settings please consult the “Help” section of your internet browser (or alternatively visit http://www.aboutcookies.org). Please note that, if you do set your Internet browser to reject cookies, you may not be able to access all of the functions of the Site.
- The names of the cookies used on our Site and the purposes for which these cookies are used are set out in the table below:
Expires when session expires
Third party content, websites and contributors
- Our Site may contain content and links to other websites and microsites that are operated by third parties. In addition, advertisements contained on our Site may operate as links to that advertiser’s website, and such advertisers and third parties may also use and place cookies on your computer.
When you share your data directly with third parties
- You might end up sharing personal information directly with third parties as a consequence of your interactions with our Site and other services offered by us. For example, your name and other personal information (such as your email address) will be shared with other Site users when you correspond with them via the Site, or when you make a comment to a post, or when you contact them directly (e.g. in response to a posting). We are not responsible for how such third parties use personal data provided by you.
- Please be responsible with personal information of others when using our Site and the services available on it. We are not responsible for your misuse of personal information, or for the direct relationship between you and others when takes place outside of the Site or our services.
Security and data retention
We operate a policy of “privacy by design” by looking for opportunities to minimise the amount of personal information we hold about you. We employ appropriate technological and operational security measures to protect against any unauthorised access to or any unlawful processing of any personal information about you that we hold, such as:
- Ensuring the physical and digital security of our equipment and devices by using appropriate password protection;
- Maintaining a data protection policy for, and delivering data protection training to, our staff; and
- Limiting access to your personal information to those in our business who need to use it in the course of their work.
You can also play a part in keeping your information safe by:
- Choosing a strong account password and changing it regularly and using different passwords for different online accounts;
- Keeping your login and password confidential and avoiding sharing these details with others;
- Making sure you log out of the Site each time you have finished using it. This is particularly important when using a shared computer;
- Letting us know if you know or suspect that your account has been compromised, or if someone has accessed your account without your permission;
- Keeping your devices protected by using the latest version of your operating system and maintaining any necessary anti-virus software; and
- Being vigilant to any fraudulent emails that may appear to be from us. Any emails that we send will come from an email address ending in '@PINBOARD.COM'.
We will retain your information for as long as is necessary to provide any services to you or as we reasonably require to retain the information for our lawful business purposes, such as for the purposes of exercising our legal rights or where we are permitted to do. We operate a data retention policy and look to find ways to reduce the amount of information we hold about you and the length of time that we need to keep it. For example:
- We archive our email and paper correspondence regularly and destroy information older than 10 years;
- We maintain a suppression list of email addresses of individuals who no longer wish to be contacted by us. So that we can comply with their wishes we must store this information permanently; and
- If requested by an individual, we will manually delete all the individual’s personal account data from our site.
- We operate a policy of “privacy by design” by looking for opportunities to minimise the amount of personal information we hold about you. We employ appropriate technological and operational security measures to protect against any unauthorised access to or any unlawful processing of any personal information about you that we hold, such as:
International data transfers
- The data that we collect from you may be transferred to, and stored in the United Kingdom. In addition, another of our service providers may provide data processing services on our behalf. These companies may be located in, or use IT equipment located in, countries outside the European Economic Area (EEA) or different to that in which your information is collected. Where this is the case, we will take steps to ensure that your information receives an equivalent level of protection.
Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following transfer solutions are implemented:
- We will transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. For further details, see European Commission: Adequacy of the protection of personal data in non-EU countries;
- Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe. For further details, see European Commission: Model contracts for the transfer of personal data to third countries; and
- Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US. For further details, see European Commission: EU-US Privacy Shield.
You have certain rights in respect of the information that we hold about you, including:
- The right to ask us not to process your personal data for marketing purposes;
- The right to request access to the information that we hold about you;
- The right to request that we correct or rectify any information that we hold about you which is out of date or incorrect;
- The right to object to our using your information on the basis of our legitimate interests (or those of a third party)) and there is something about your particular situation which makes you want to object to processing on this ground;
- The right to receive a copy of any information we hold about you (or request that we transfer this to another service provider) in a structured, commonly-used, machine readable format, in certain circumstances;
- In certain circumstances, the right to ask us to limit or cease processing or erase information we hold about you; and
- The right to lodge a complaint about us to the UK Information Commissioner’s Office (https://ico.org.uk/) as well as a right to lodge a complaint with the relevant authority in your country of work or residence.
- Please note that we may need to retain certain information for our own record-keeping and research purposes. We may also need to send you service-related communications relating to your App user account even when you have requested not to receive marketing communications.
How to exercise your rights:
What we need from you to process your requests:
- We may need to request specific information from you to help us confirm your identity and to enable you to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
- You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances. We will try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
- You have certain rights in respect of the information that we hold about you, including:
Changes to this privacy notice and your duty to inform us of changes