This document describes how we handle and manage your data to protect its security and your privacy.
NITTY GRITTY.NET LIMITED ("we", "us", "our") is a limited company registered in England and Wales (registration number 4947163) Eagle House C/O Ramon Lee & Partners, 167 City Road, London, England, EC1V 1AW.
Throughout your interactions with us we will collect only the data that we require in order to provide you with the service that you are requesting. The key information that we process is shown below for your information:
In addition to these cookies, we also store IP addresses an user agents with your session. This allows us to look for anomalies in its use to help us protect your account and our systems.
This data is stored until such time as the associated user account is deleted.
When you sign up, we need to know your first and last name so that you can be identified. We will use your name to address you and it may be stored in various systems that you use (for example: our helpdesk). This is necessary to provide our service to you.
Your name may be shared with other people that share access to an account you are part of. For example, if you have a BigFilebox account, your name will be shared with other members of that account.
Your name will be retained until your user account is deleted. In some cases, your name may be kept with your billing records where we have a legal obligation to store this information.
We will store your email address for the purposes of managing your account with us. This will be used for transactional emails that relate directly to your account or services. This information is required in order to ensure you are informed about your account and can take appropriate actions in various situations.
We may also use your email address to send you messages about our services which may include notifications about newly launched features, improvements to the service, upcoming maintenance as well as ways to help you make the most of your service. If you would rather not receive these messages, please let us know or click the unsubscribe link in these emails.
We will not send you any other marketing messages unless you subscribe to our newsletter which you can do through our website when signing up or through one of our applications. When you do this, you will be consenting with us to use your email address for this purpose.
You may withdraw this consent at any time by unsubscribing from the messages or contacting us.
If you are using a service that allows multiple users to have access to the same account, your email address may be shared with the other users on this account.
Your email address will be kept until such time as all accounts associated with it are deleted from our systems.
If we send you transactional emails, these will be passed through our mail service provider’s servers. This is necessary to provide our service to you. The information stored includes the contents of the message sent, the email addresses of the recipients and any other headers.
If you send us emails, these may be passed through our mail service provider’s mail servers. If some cases, these messages will be consumed by one of our services or applications, for example, tickets sent to your BigSupportbox account. This is necessary to provide our service to you.
We never store your own passwords on our services in plain text. Passwords are hashed using an industry standard hashing algorithm. Use a unique password with our services that is not shared with any others.
We require your postal address in order to provide you with an invoice for your services. This information is collected as a legal obligation and will be stored on our systems along with invoices for a minimum period of 7 years.
We do not store full payment card details on our own servers. We work with external PCI-compliant payment processors (Stripe and GoCardless) who store these details.
We store the last 4 digits of your card and the card type on our systems so that you can identify which card will be used for future payments.
We also store the country that the card was registered in and the IP address country that the card was added from as a legal obligation to ensure that the correct VAT rate is charged for your payments.
We will instruct our payment processors to delete any stored card details when you cancel your account.
When you use our services you might upload or generate personal information relating to your own customers and users. You will remain the data controller for all such data that is stored within our systems and are responsible for ensuring you have an appropriate lawful basis and notices in place to allow us to store this data on your behalf.
If you use an Nittygritty.net service which allows you to upload, store or process any personal data, you are responsible for ensuring that you are compliant with appropriate laws and regulations (for example the General Data Protection Regulation) for this data.
We do not recommend customers store any personal data in areas of our systems that are not designed for the purposes of storing this information.
Data stored in the services you have with us will be kept until such time as you delete the data yourselves or you cancel your account. Upon cancellation of an account, we may keep the data for up to 7 days at which point it will be purged from our databases.
We use Google Analytics to help us track the details of visitors browsing our public websites. We do not send any personal data to Google's services through Google Analytics and we configure our tracking codes to anonymise any IP addresses.
If you contact us by email or through one of our websites, you will be sharing your contact details (email address and/or phone number) with us for the purposes of responding to your query. This is necessary to provide our service to you. Retention: We retain all support requests (including name and contact details) that we receive for the purposes of auditing and training of staff.
If you chat with us on our live chat service, you will be sharing your email address with us for the purposes of sending you a transcript as well as identifying yourself to our support team. This is necessary to provide our service to you.
In addition to this information, our live chat system will place a cookie in your browser which will persist until you quit your browser. This is required to ensure that your live chat can continue between separate page requests to our website.
We also use records of live chats for staff training, to make sure we can offer you the best possible service.
We retain transcripts of all live chats (including name and contact details of the website visitor) for the purposes of auditing and training of staff.
If you apply for a job with us, we will store the personal data that you submit for the purposes of considering your application.
Job application data will only be kept until the position has been filled unless you ask us to keep your information on record for considering for a future position.
In some cases, we may use third parties to provide storage or computing services. We maintain a list of third parties that process data on our behalf.
We will not share your data with third parties for the purposes of any marketing without your consent unless otherwise specified in this privacy notice.
It is important to us that the information we store is up to date and accurate. You may update your details at any time through our various websites and applications.
In some cases, you may be able to request that we remove your personal data from our systems. As with correcting your data, you can often delete your data yourselves through our websites and applications. In other cases, though, please feel free to contact us using the information below.
You have a lot of rights, including right to request access to and rectification or erasure of your personal data or restriction of processing of it. You also have the right to object to our processing of your data in some situations, as well as the right to data portability.
Upon discovering any data breaches, we will notify any affected individuals as soon as its practical following our data breach notification policy. This policy dictates that in the event of a data breach concerning personal data, the affected parties will be notified by email to the main email address we store with your account.
Under the General Data Protection Regulation, unless we have otherwise specified above, we will be processing your data as a legitimate interest. These interests include staff training, ensuring the security of our systems and to allow us to operate our business in an efficient manner.
Where our processing is based on consent, you may withdraw consent at any time.
Where our processing is necessary for us to perform our contract with you, or to take steps to enter into a contract with you, we will not be able to enter into a contract with you or deliver our services to you if you do not give us the data in question.
You may have the right to lodge a complaint with your local data protection authority or the Information Commissioner's Office (ICO) in the United Kingdom (our authority). The ICO can be contacted at: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. Other information can be found on their website at ico.gov.uk.