BACKGROUND
WHO WE ARE
In this Privacy Policy the terms “we”, “us”, or “Hastee” are each intended as a reference to Hastee Benefits Ltd, a company incorporated in England with company number 11624447 of registered office 15th Floor, 6 Bevis Marks, Bury Court, London EC3A 7BA. Our registration with the UK Information Commissioners Register of Fee Payers can be found under registration number ZA298343.
WHAT DOES THIS PRIVACY POLICY COVER?
This Privacy Policy explains how we process your personal data through your use of the Hastee App or our website (together, the “Hastee Technology”) or which your Employer might provide to us in relation to our provision of the services to them (“Services”) which enable you to access the Employee Benefit.
It also sets out the choices you can make about the Personal Data we collect and the legal rights you have in relation to your Personal Data.
This Policy is broken down into a number of sections which explain:
If you are:
Important Information regarding Employers and Organisations
This Privacy Policy is not a substitute for any privacy notice that your Employer is required to provide to its employees, contractors, staff, affiliates, workers, volunteers, associates, members or other end users. Your Employer is responsible for ensuring that Personal Data that they supply to Hastee is, at the point of transfer and on an ongoing basis, processed fairly and lawfully in accordance with the requirements of applicable data protection laws, including but not limited to: i) ensuring that your Employer provides clear and sufficient fair processing information to individuals regarding the purposes for which it will process your Personal Data (including processing by Hastee); ii) the legal basis for such purposes; and iii) such other information as is required by the applicable data protection laws.
Where we provide access to the Hastee Technology through an Employer (as defined in the App User Terms), or if you use an email address provided by an organisation to access the Hastee Technology, that Employer acts as the Controller of such information and Personal Data as is held by that Employer and uploaded or synched with the Hastee Technology. All questions about your Employer’s policies, data collection policies and fair processing notices (“Employer Policies”) relating to your Personal Data and administrative user access rights should be directed to your Employer. Hastee hereby disclaims all liability howsoever arising in relation to your actual or suspected infringement of such Employer Policies in relation to your use of the Hastee Technology.
THE TYPES OF PERSONAL DATA WE PROCESS
We collect information from you when you:
All the Personal Data we collect: i) from you directly via the Hastee App; ii) from your Employer and iii) from the Hastee Technology is set out below in Table 1. We may collect, use, store and transfer different kinds of Personal Data as follows:
TABLE 1: PERSONAL DATA
SECTION | CATEGORY OF PERSONAL DATA COLLECTED | SOURCE | DESCRIPTION |
1 | Personal Data provided by your Employer to Hastee to enable the Employee Benefit to be made available to you. | ||
Identity Data | Your Employer | Title; first name; last name; payroll or worker identification number; and (but only where required by your Employer) your date of birth and/or national insurance number. | |
Contact Data | Email address | ||
Financial Data | Your pay or salary information including: | ||
– whether you are a salaried or contingent worker – if salaried, the amount of your salary – if a contingent worker, your rate (hourly or daily) |
|||
Employment Data |
For Registered Users who are contingent workers (where payment of wages or fees is contingent upon work performed for or services provided to the Employer), once work has been approved by your Employer: – rota, time & attendance data; – job ID*; – location / venue*; and – approved start and end information / check-in time and check-out time*. *only if your Employer has provided this to us. For all Registered Users: – dates of termination of employment or engagement; – any other information provided by or on behalf of your Employer which is necessary for Hastee to provide the Services to your Employer, such as your national insurance number. |
||
2 | Personal Data that you voluntarily give us by: registering to use and creating a user account on the Hastee App (“User Account”); making a request, via the Hastee App, for payment of a Withdrawal to you by Hastee on your Employer’s behalf (“Withdrawal Request”); corresponding with us by email, telephone call or other means; by requesting an invitation code from our website; by sharing via the Hastee App social media function; entering into any competition, promotion or survey; or reporting a problem with the Hastee App. | ||
Identity Data | You | Hastee App log-in details: username (or similar identifier); password; and (but only in limited situations where required by your Employer to deliver the Employee Benefit to you) your date of birth and/or national insurance number. | |
Contact Data | Email address; mobile number | ||
Financial Data | Bank account number, sort code or other account details into which payment of a Withdrawal would be made to you. | ||
Employment Data | Employer name. | ||
Marketing and Communications Data | Your preferences in receiving marketing from us, our third parties, and your communication preferences by opting to manage your preferences through a link at the bottom of any email we send you. | ||
3 | Personal Data that the Hastee Technology collects about you and your device automatically each time you use the Hastee Technology, including by the use of cookies and other similar technologies. For more information on our cookie policy please see the “How we use cookies and other technologies” section below. | ||
Identity Data | Hastee (by Hastee Technology) | One-time unique registration code
Records of future log-ins to your User Account once you have become a Registered User Login credentials (username and password) |
|
Transaction Data | Transaction and usage information including details of Withdrawal payments made to you by Hastee on behalf of your Employer and any charges associated with such payments (“Charges”). | ||
Device Data | Mobile device type and model, mobile device identifier, mobile network information, operating system and platform and other technology on the devices you use to access the Hastee Technology, internet protocol (“IP”) address used to connect your computer to the internet, your login information, browser type and version, time zone setting and location, browser and browser plug-in types and versions | ||
Usage Data | Information about your visit, including the full Uniform Resource Locators (“URL”) clickstream to, through and from the Hastee Technology (including date and time); the pages you viewed; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page. | ||
Location Data | We use GPS technology on your device to determine your current location to support the time and attendance functionality of the Hastee App (you will confirm the activation of the collection of such location data via a pop up in the Hastee App). Please note that you can withdraw your consent to your location data being used for this purpose by changing the settings in the Hastee App. | ||
Camera Data | Data collected from your device’s camera where the camera is used as part of the “check in” and “check out” functionality of the Hastee App (for example to collect QR code data). | ||
Aggregate Data | Statistical or demographic data which may be derived from your Personal Data, and which, once in aggregated form, does not directly or indirectly reveal your identity. E.g., We may aggregate your Usage Data to calculate the percentage of users using a specific feature of the Hastee Technology. However, if we combine or connect Aggregated Data with your Personal Data so that it can directly or indirectly identify you, we treat the combined data as Personal Data which will be used in accordance with this Privacy Policy. |
Sensitive Data
In some jurisdictions, Personal Data that is considered “sensitive personal data” (or “special categories of data”) under applicable laws may be subject to more stringent protection and limitations on use than other Personal Data. What is considered sensitive Personal Data varies from country to country, but generally includes information relating to a person’s sexual orientation, racial or ethnic origin, alleged or actual criminal offence, physical or mental health or condition, trade union membership, political opinions, religious belief or genetic data. It is our intent that information collected will not include any Personal Data that would be considered sensitive Personal Data under the applicable laws of any jurisdiction.
MINORS
The Hastee Technology is not intended for children below 16 and we do not knowingly collect Personal Data relating to such children. In the event that such data is provided to us, we reserve the right in our absolute discretion to delete it.
THE LEGAL BASES AND PURPOSES FOR OUR USING PERSONAL DATA
We will only use your Personal Data where the law allows us to do so and for the purposes for which we collected it as listed in Table 2, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.
If we need to use your Personal Data for an unrelated purpose, we will update this Privacy Policy and we will explain the legal basis which allows us to do so.
LEGAL BASIS
We process your information based on the following legal bases:
Pursuant to contract
Legitimate interest
We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your Personal Data for our legitimate interests. More detail about the specific legitimate interests pursued in respect of each purpose we use your Personal Data for is set out in the table below.
Compliance with Law
Consent
On the basis of consent we may share your information with nonaffiliated third parties, for example, for them to develop their own products or market to you, where they have the requisite legal permissions to do so.
We have set out in Table 2, the legal bases relied on in respect of the relevant Purposes for which we use your Personal Data.
TABLE 2: PURPOSE AND LEGAL BASIS FOR PROCESSING PERSONAL DATA
TYPE OF PERSONAL DATA | PURPOSE FOR COLLECTING | LAWFUL BASIS FOR PROCESSING |
Identity Data Contact Data Financial Data Employment Data Location Data Camera Data | Account creation, transfer and use. | Pursuant to contract:
To fulfil our obligations to you under the Hastee App User Terms (which you agreed to as part of the process of creating your User Account) and enable you to take advantage of the Employee Benefit. To enable us to fulfil our obligations to your Employer pursuant to our terms of business with them under the Client Contract and to enforce rights against them arising out of your use of the Hastee App and your use of the Employee Benefit.
To enable Hastee to invite you to use and install the Hastee App and register you as a new Registered User, to log back in should you have forgotten your password or find yourself locked out for other reasons; to submit Withdrawal Requests and receive payments of Withdrawals on the basis of the Employment and Financial Data provided and, where used by you to check in/out of work, the Location Data and Camera Data.
To keep transaction records of Withdrawal payments made to you and Charges associated with them so that this data can be provided to your Employer by us at the end of each payroll period so that we may seek reimbursement from them in respect of the same. To notify you about any changes to the Charges for the payment of Withdrawals to you. The provision of Services to your Employer (our client) under the Client Contract which enable them to provide the Employee Benefit to you. The effective and efficient management of our business, including the ability to recover sums owing to us by your Employer(s) in relation to the payment of Withdrawals to you and Charges in relation to them. Ensuring that your data is accurate so that we can ensure the functionality of the Hastee App and security of your Personal Data. |
Identity Data Contact Data Marketing and Communication Data |
Relationship Management To manage our relationship with you and deliver content. |
Pursuant to contract: to fulfil our obligations: • to you under the Hastee App User Terms and to advise you if the Employee Benefit or the Charges in respect of it are changing in any way; and • to your Employer under the terms of the Client Contract between us and them.
Legitimate Interests: of keeping records updated and analysing how customers use our products/ services). To enable you to participate in a prize draw, competition or complete a survey. |
Marketing and Communication Data | Marketing communication information
Such as details of your preferences for receiving marketing from us and our third parties and your communication preferences (if applicable). To make recommendations to you about which goods or services Hastee provide that may be of interest to you; via email, text, in-app notifications and/or push notifications. |
Legitimate Interests: it is in our legitimate interest to provide you with information that is relevant to you, where you have signed up for a User Account. You will be provided with the opportunity to unsubscribe from such communications. Details as to how to manage your preferences are set out in this Privacy Policy.
Consent: On the basis of consent we may share your information with nonaffiliated third parties, for example, for them to develop their own products or market to you, where they have the requisite legal permissions to do so. |
Identity Data Contact Data Employment Data Financial Data Device Data | Important Notices, Educative Materials, Benefits and Transactional E-mail.
To fulfil our obligations to your Employer under the Client Contract. |
Contract: We will send to your email address non- commercial electronic email messages with important information about: us; the Hastee Technology; the Employee Benefit; or advice pertaining to personal finance that your Employer has requested we provide to you as part of our performance of the Client Contract (the “Financial Education Series”). Please note that any opt-out you have made in relation to promotional content (including the receipt of push notifications and/or in-Hastee App notifications) will not apply to these Transactional Emails, the Financial Education Series or to any communications which we are required to send you pursuant to the performance of our obligations to your Employer under the Client
Contract. |
Identity Data Contact Data Employment Data
Financial Data |
Fraud Prevention
To keep the Hastee Technology operational and secure. |
Legitimate Interests: We have a legitimate interest in ensuring the ongoing security and proper operation of our services, website and associated IT services and networks. |
Device Data | To keep your Personal Data and identity secure. | Pursuant to contract: To fulfil our obligations to you under the Hastee App User Terms and to your Employer under the Client Contract. |
Identity Data Contact Data Transactional Data Device Data
Usage Data Aggregated Data |
Optimisation and Analytics
To understand and measure how users use our Hastee Technology and to use this data to improve it. |
Legitimate Interests:
• To ensure content is presented in the most effective manner for your device and the proper operation and improvement of the Hastee Technology. It is in our legitimate interest to better understand how to deliver our services to our customers and prospective customers, such as though finding efficiencies and new opportunities. To allow for participation in interactive features of the Hastee Technology when you choose to do so. • To develop our products/ Services and grow our business, though understanding app usage and how to improve the service and/or Hastee Technology. |
Device Data Identity Data Contact Data Transactional Data Financial Data Employment Data | Troubleshooting
To track issues that might be adversely affecting the operation of the Hastee Technology. |
Legitimate interests:
To enable us to monitor and ensure the proper operation of the Hastee Technology. It is also in our mutual legitimate interest for your User Account to be secure. To help you in the event you have a problem with your User Account, the Hastee App or the submission of a Withdrawal Request or receipt of a payment of a Withdrawal.
Pursuant to contract: To fulfil our obligations to you under the Hastee App User Terms. |
Device Data Identity Data Contact Data
Employment Data |
Changes to our App, the App User Terms, Employee Benefit and Privacy Policy. | Legal Obligations: To notify you of changes to the Hastee App, the App User Terms, this Privacy Policy, the Services delivered to your Employer or any change to the Charges for accessing the Employee Benefit. |
In some situations we have more than one legal basis for processing your Personal Data. For example, we may collect information concerning your use of the Hastee Technology to both perform under our contractual obligations to you under the App User Terms and also pursuant to a legitimate business interest in maintaining your information for record keeping purposes. As a result, our collection and processing of your Personal Data is based, in different contexts, upon different legal bases. Please contact us by using the contact information provided at the end of this Privacy Policy to learn more about the purposes for which we use any specific types of your Personal Data.
HOW WE MAY SHARE YOUR PERSONAL DATA
TABLE 3: The following table describes whom we share your Personal Data with, what we share and why we share it.
RECIPIENTS | CATEGORIES OF PERSONAL DATA SHARED | REASON SHARED |
Your Employer(s) | Transaction Data Identity Data | We share, with your Employer, at the end of each payroll period, details of the consolidated Withdrawals you have received from us on your Employer’s behalf and any associated Charges during that payroll period (using your first name, last name and payroll or worker identification number to identify you) to enable your Employer to make the appropriate deductions from your pay at the end of each pay period. |
Service Providers | Identity Data Contact Data Financial Data Employment Data Transaction Data Device Data Aggregate Data Usage Data | So that survey, hosting, analytics, search engine and other technical assistance providers can assist us in the improvement and optimisation of the Hastee Technology and the provision of Services to your Employer.
Survey companies are only permitted to use your Personal Data to request a review from you in the context of your use of the Hastee App. They may not use it for any other purpose. Our IT service providers provide us with software development, business analyst and system administration services. |
Communication Partners | Contact Data | Our third-party partners provide live chat and facilitate communication (like email, chat and phone), in order to provide you with the full functionality of the Hastee App.
They may ask for your email and Employer name to provide assistance to you. |
Transaction Processing Partners | Identity Data Contact Data Financial Data
Transaction Data |
So that these third-party partners may process transactions on our behalf. |
Professional advisers | Identity Data Contact Data Transaction Data Financial Data
Device Data |
To our lawyers, bankers, consultants, auditors and providers of banking, legal, insurance and accountancy services if such disclosure is reasonably required to comply with any legal obligation; to enforce any contract entered into with you or your Employer; to protect the rights, property or safety of Hastee or our customers |
Usage Data | (including by exchanging information with other organisations for the purposes of fraud protection). | |
Hastee Group Companies | Identity Data
Contact Data |
We may share your information with our corporate affiliates and associates (e.g., parent company, sister companies, associated trust entities, subsidiaries, joint ventures, or other companies under common control). We have a legitimate business interest to share data with our group as it allows us to better understand the performance of our Services and how to offer and improve our product offerings across the group. It also assists us with finding operational efficiencies (such as financial efficiencies though sharing IT infrastructure), making use of group level software solutions and improving our technological offerings which form an integral part of our Service. |
Financial Data | ||
Transaction Data | ||
Employment Data | ||
Usage Data | ||
Device Data | ||
Aggregate Data | ||
Location Data | ||
Camera Data | ||
Purchaser of Hastee and/or any member of the Hastee Group | Identity Data Contact Data Financial Data Transaction Data
Employment Data |
Any entity which purchases all or part of Hastee and/or any member of the Hastee Group, upon completion of which transaction, Personal Data held by Hastee about its Registered Users will be one of the transferred assets (whether transferred via a business or share sale). We will also share information at the negotiation stage or in a bidding process, as applicable. |
Usage Data | We may retain a copy of that information. | |
Device Data | ||
Aggregate Data | ||
Location Data | ||
Camera Data | ||
Law Enforcement Agencies | Identity Data Contact Data Financial Data
Transaction Data |
On the basis of the compliance with a legal obligation for example if we are required to disclose information pursuant to regulatory, employment, taxation, criminal, terrorist financing and money laundering law requirements. |
Employment Data | ||
Usage Data | ||
Device Data | ||
Aggregate Data | ||
Location Data | ||
Legal, civil or business affairs | Identity Data
Contact Data |
We may disclose information when we believe disclosure is appropriate to comply with the law, to enforce or apply applicable terms and conditions and other agreements, or to protect our rights, property or safety or the rights, property or safety of our affiliates, users, or third parties. For example, we may disclose information in response to subpoenas, arbitration proceedings, warrants, or court orders, or in connection with any legal process, or to comply with relevant laws. We may also share information in order to
establish or exercise our rights, to defend against a legal |
Financial Data | ||
Transaction Data | ||
Employment Data | ||
Usage Data | ||
Device Data
Aggregate Data Location Data |
claim, to investigate, prevent, or take action regarding possible illegal activities, suspected fraud, safety of person or property, or a violation of our policies. |
OUR USE OF COOKIES AND OTHER SIMILAR TECHNOLOGIES
What are cookies?
We may collect information using “cookies”. Cookies are small data files stored on the hard drive of your computer or mobile device by a website. We use them to distinguish you from other users of the Hastee Technology and to remember your preferences. This helps us to provide you with a good experience when you use the Hastee Technology and also allows us to improve it. We may use both session cookies (which expire once you close your web browser) and persistent cookies (which stay on your computer or mobile device until you delete them) to provide you with a more personal and interactive experience.
Categories of cookies
The Hastee Technology uses two broad categories of cookies:
Type & purposes of cookie use
The Hastee Technology uses the following types of cookies for the purposes set out below:
Disabling cookies
You can typically remove or reject cookies via your browser settings. In order to do this, follow the instructions provided by your browser (usually located within the “settings”, “help” “tools” or “edit” facility). Many browsers are set to accept cookies until you change your settings.
If you do not accept our cookies, you may experience some inconvenience in your use of the Hastee Technology. For example, we may not be able to recognise your computer or mobile device and you may need to log in every time you visit the Hastee Technology.
Further information about cookies, including how to see what cookies have been set on your computer or mobile device and how to manage and delete them, visit www.allaboutcookies.org and www.youronlinechoices.com.uk.
You can also prevent the use of Google Analytics relating to your use of the Hastee Technology by downloading and installing the browser plugin available via this link: http://tools.google.com/dlpage/gaoptout?hl=en-GB
Mobile Privacy
Although you do not have to provide your location information to us to use our Hastee Technology, your Employer may require a postcode or geolocation as part of its provision of the Employee Benefit to you and we therefore require it to enable our Hastee App to function to deliver the Services to your Employer. For example, where your Employer requires you to check in and check out of a work or job location to prove your physical presence or the time at which you started / ended your work. If you request that we confirm your location or IP address, we may use your geolocation information to do so. Our Hastee Technology may also tell us the region of the world in which you are located when you use the Hastee Technology. If you have questions about location and notification privacy, please contact your mobile service provider or the manufacturer of your device to learn how to adjust your settings.
DATA STORAGE AND TRANSFER
The Personal Data that we obtain about you is stored on third party servers. We generally process such Personal Data on servers located within the United Kingdom, however, it is possible that the Personal Data we collect in relation to you may be transferred, stored and/or processed outside the European Economic Area. In connection with such transfers, we endeavour to ensure that the entities or people to whom we provide Personal Data hold it subject to appropriate safeguards and controls. Whenever we transfer your Personal Data out of Europe to countries that have not been deemed to provide an adequate level of protection for Personal Data by the European Commission, we ensure a similar degree of protection is afforded to it by implementing the following safeguards:
KEEPING YOUR PERSONAL DATA SECURE
The transmission of information by the internet is not completely secure. Although we will endeavour to protect your Personal Data, we cannot guarantee the security of your data transmitted via the Hastee App; any transmission is at your own risk. Once we have received your information, we will use security features to try to prevent unauthorised access.
We have put in place appropriate security measures to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We limit access to your Personal Data to those employees and other staff who have a business need to have such access.
RETENTION OF YOUR PERSONAL DATA
We will retain your Personal Data for so long as we reasonably need to use it for the purposes set out above unless a longer retention period is required by law (e.g. for tax, regulatory or future potential claims purposes). We will retain your information for as long as necessary for the purposes described in this Privacy Policy and in accordance with the following principles:
THIRD PARTY LINKS
The Hastee Technology may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates and other third-party websites, plug-ins and applications. Please note that these websites and any services that may be accessible through them have their own privacy policies and that we do not accept any responsibility or liability for these policies or for any personal data that may be collected through these websites or services, such as Contact and Location Data. Please check these policies before you submit any personal data to these websites or use these services. When you leave the Hastee Technology, we encourage you to read the privacy policy of every site you visit.
WHAT CHOICES AND RIGHTS YOU HAVE REGARDING YOUR PERSONAL DATA
If your Personal Data was collected by another party under their privacy policy, we may have to refer you to that party in order to exercise the choices regarding your Personal Data. If your data was collected by us under this Privacy Policy, you can make the following choices regarding your Personal Data. In order to exercise any of these rights, you can contact us by using the contact information provided at the end of this Privacy Policy.
It is important to note that as Hastee is designed to collect and manage Personal Data collected in the course of your employment or relationship with your Employer. In such circumstances, that organisation will act as the controller of the Personal Data that was initially collected and then uploaded or synched to the Hastee Technology. Therefore, in some instances where we receive a data subject request, we may be required to contact that organisation for direction and/or to provide them with assistance in managing the request. Because of this, we may therefore be required to direct you or third-party enquiries to that organisation, as they may hold and/or be in control of the Personal Data which that request relates. Unless we are not allowed to do so by law, confidentiality or contract, we will tell you when we pass the request on to that organisation. In such circumstances it will be that organisation’s obligation to comply with the request.
If you would like to exercise any of the rights described above, please contact us by emailing: gdpr@hastee.com.
We may need to request specific information from you to help us confirm your identity and verify your right to access your Personal Data (or to exercise any of your other rights). This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response. We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or in the event you have made a number of requests, in which case, we will notify you and keep you updated.
If you feel that your complaint has not been adequately resolved, please note that you have the right to contact the Information Commissioner’s Office (“ICO”), the UK supervisory authority for data protection issues. Please see https://ico.org.uk/make-a-complaint/ for information on how to do this.
CHANGES TO THE PRIVACY POLICY AND YOUR DUTY TO NOTIFY US OF CHANGES
We may change this Privacy Policy and our information collection, use, and sharing practices over time. To the extent that our Privacy Policy changes in a material way, we will notify you of such changes in accordance with applicable data protection law requirements.
HOW TO CONTACT US
Our address is: Hastee Benefits Ltd, 15th Floor, 6 Bevis Marks, Bury Court, London, EC3A 7BA.
You can contact us with any questions, comments and requests regarding this Privacy Policy or your Personal Data by emailing: gdpr@hastee.com or calling us on +44(0)20 7199 8626.
Privacy Policy 2020.01.17