Who we are?
The Dirty Little Goblins applications (“apps”) is brought to you by Dirty Little Goblins (2018) Ltd. Dirty Little Goblins (2018) Ltd is a limited company registered in England (Company number 11237635) with registered address 17 Boundary Street, Liverpool, England, L5 9UB. For the purposes of this policy, Dirty Little Goblins (2018) Ltd is the ‘Data Controller’ and assumes that role under UK and European Law and is registered with the Information Commissioner’s Office.
Information you provide through the application
If you sign up to use the application you provide us with some details:
- Name (required)
- Email address (required)
- Password (required)
This information is used to provide login capabilities with a distinct identity and to keep the data you enter into the application secure. We will use your email address to send password reset and other account management communications. Our basis for this processing is the legitimate interest of Dirty Little Goblins (2018) Ltd in providing you with the benefits of the application and developing and improving the application.
We may retain a record of any contact you make with us.
Information about application usage
Dirty Little Goblins (2018) Ltd gather information about the users of the application and their use of the application. This information consists of details of the Dirty Little Goblins (2018) Ltd account being used and the application use (screens used, input fields filled out, etc). This data is obtained using the following platforms Amplitude, Hotjar and Google analytics, and these companies act as data processors on our behalf.
Amplitude operated by Amplitude, Inc., 501 2nd Street, Suite 100 San Francisco, CA 94107, United States of America. Amplitude is accredited with the EU-US Privacy Shield Framework, ensuring that it provides the same level of security and privacy protection as in the UK and EU.
Hotjar Limited, a private limited liability company registered under the Laws of Malta with company number C 65490, having its registered address situated at Level 2, St Julian’s Business Centre, 3, Elia Zammit Street, St Julian’s STJ 1000, Malta. Hotjar carries out all processing operations in strict compliance with the EU General Data Protection Regulation (“GDPR”) (specifically but not limited to Article 6(1)(b) to (f) and Article 28) as well as the Laws of Malta (together the “Applicable Law”), where Hotjar is incorporated.
Google, 1600 Amphitheatre Parkway Mountain View, CA 94043 uses the EU-US Privacy Shield Framework, ensuring that it provides the same level of security and privacy protection as in the UK and EU.
Dirty Little Goblins (2018) Ltd does not perform any automated decision making based upon any personal data.
How long do we hold data for?
We only hold your data for as long as you have an active account, after which we will remove it.
Dirty Little Goblins (2018) Ltd only retain data for as long as it is strictly required. This means data that you provide through the application is held for as long as you have an active account. We consider an account to be active if it has been logged into in the prior 12 months. After this time the account will be removed and all stored data for that account will be removed from our systems. Prior to removal, we will attempt to contact you to inform you of the account closure.
In order to operate a reliable system and to avoid data loss, we perform regular encrypted backups of the system. These backups are retained for up to 15 days, and after this time are removed. This means that a removed account will be completely removed from all backups 15 days after removal.
Who has access to your data?
We won’t share or sell your information or allow the use of your information for marketing however, we will share relevant information with our suppliers to help us deliver our services to you.
Dirty Little Goblins (2018) Ltd will not sell or rent your information to third parties, and we do not share information for marketing purposes with any third parties.
Dirty Little Goblins (2018) Ltd may share data with 3rd party suppliers working on our behalf – this includes contractors, agents and other subcontractors who work for Dirty Little Goblins (2018) Ltd to provide services and complete tasks for the delivery of our service. Where such a relationship is in place there are contractual safeguards in place to protect your information. Dirty Little Goblins (2018) Ltd will only share data that is relevant to the tasks being completed and to the delivery of service to you, and where possible the data will be anonymised. None of these organisations and individuals are permitted to use the data for any other purpose.
How will we keep your data secure?
Dirty Little Goblins (2018) Ltd has been designed with a privacy first development methodology meaning that we follow a rigorous development process which places the security of personal information at its core. To that end we host our application using a GDPR compliant cloud data provider (Amazon Web Services) hosting the application in the UK. All of our services run over HTTPS using TLS ensuring data transmitted between the application and our servers is secure. Data you provide to us which is stored is encrypted when it is stored, and in any backups taken. We take lengths to ensure that the network environment in which the application is hosted is kept secure by following best practices and ensuring that security updates are applied in a timely fashion.
How do we support your rights?
You have the right to request confirmation that your information is being processed, access to it (through us providing a copy) and other information about how we process your personal data.
The accuracy of your information is important to us. If you change email address, or any of the other information we hold is inaccurate, not complete or out of date and you cannot already change it in the app, please email us at firstname.lastname@example.org.
You have the right to ask for a copy of the information Dirty Little Goblins (2018) Ltd holds about you. We may, in some circumstances, charge £10 for information requests to cover our costs in providing you with details of the information we hold about you.
You have the right to ask us to erase or delete your information where there is no reason for us to continue to process it. This right would apply if we no longer need to use it, where you withdraw your consent for us to process special categories of your information, or where you object to the way we process your information.
You have the right to ask us to restrict or block the processing of your information. This right applies where you believe the information is not accurate, you would rather we block the processing of it rather than erase your information.
You have the right to port your information by obtaining it from us to reuse for your own purposes across different services. This allows you to move personal data easily to another organisation, or to request us to do this for you.
Right to remove consent
Where we rely upon your consent to perform data processing we allow you to revoke the previously granted consent by contacting us at email@example.com whereupon we will comply with your request.
It is possible to switch off cookies by setting your browser preferences. For more information on how to switch off cookies on your computer, visit our full cookies policy. Turning cookies off may result in a loss of functionality when using our app. For further information about cookies and how to disable them please to go www.aboutcookies.org or www.allaboutcookies.org