Hastee Privacy

Privacy Policy

BACKGROUND

(A) Your employer (“Employer”) wishes to make the Employee Benefit available to you.

(B) The expression “Employee Benefit” means a benefit whereby eligible employees may, through the Hastee App, request that they receive part of their accrued salary or wages for immediate payment rather (a “Withdrawal”) at the next scheduled pay day in accordance with the terms of use for the Hastee mobile application (“Hastee App”) which can be accessed via https://www.hastee.com/app-policy/ (“App User Terms”).

(C) Your Employer has engaged Hastee under a separate contract (the “Client Contract”) to make the Employee Benefit available to you. You may access the Employee Benefit via the Hastee.

(D) In providing services to your Employer under the Client Contract which enable us to make the Employee Benefit available to you, Hastee will receive Personal Data about you. Hastee respects your privacy and we want to be transparent with you about what personal data we collect and why. This policy (“Privacy Policy”) explains the personal data we collect from you, either directly or indirectly, and how we will use it. Personal data is any information that can be used to identify you or that we can link to you (“Personal Data”).

WHO WE ARE

In this Privacy Policy the terms “we”, “us”, or “Hastee” are each intended as a reference to Hastee Benefits Ltd, a company incorporated in England with company number 11624447 of registered office 15th Floor, 6 Bevis Marks, Bury Court, London EC3A 7BA.  Our registration with the UK Information Commissioners Register of Fee Payers can be found under registration number ZA298343.

WHAT DOES THIS PRIVACY POLICY COVER?

This Privacy Policy explains how we process your personal data through your use of the Hastee App or our website (together, the “Hastee Technology”) or which your Employer might provide to us in relation to our provision of the services to them (“Services”) which enable you to access the Employee Benefit.

It also sets out the choices you can make about the Personal Data we collect and the legal rights you have in relation to your Personal Data.

This Policy is broken down into a number of sections which explain:

  • • Who We Are
  • • The Types of Personal Data We Process
  • • Minors
  • • The Legal Bases and Purposes for Using Personal Data
  • • How We May Share Your Personal Data
  • • Our Use of Cookies and Other Similar Technology                                                              
  • • Data Storage and Transfer
  • • Keeping Your Personal Data Secure
  • • Retention of Your Personal Data
  • • Third Party Links
  • • Your Rights and Choices
  • • Changes to Our Privacy Policy and Your Duties to Notify Us of Changes
  • • How To Contact Us

If you are:

  • i) a shareholder, an employee or supplier of Hastee or are otherwise engaged in working for us or applying to work for us; or
  • ii) a visitor to our website who has not registered an account on the Hastee App pursuant to an Employer a separate privacy policy or data processing agreement applies to information instead, you will be notified of the relevant policy that applies to you.

Important Information regarding Employers and Organisations

This Privacy Policy is not a substitute for any privacy notice that your Employer is required to provide to its employees, contractors, staff, affiliates, workers, volunteers, associates, members or other end users. Your Employer is responsible for ensuring that Personal Data that they supply to Hastee  is, at the point of transfer and on an ongoing basis, processed fairly and lawfully in accordance with the requirements of applicable data protection laws, including but not limited to: i) ensuring that your Employer provides clear and sufficient fair processing information to individuals regarding the purposes for which it will process your Personal Data (including processing by Hastee); ii) the legal basis for such purposes; and iii) such other information as is required by the applicable data protection laws.

Where we provide access to the Hastee Technology through an Employer (as defined in the App User Terms), or if you use an email address provided by an organisation to access the Hastee Technology, that Employer acts as the Controller of such information and Personal Data as is held by that Employer and uploaded or synched with the Hastee Technology. All questions about your Employer’s policies, data collection policies and fair processing notices (“Employer Policies”) relating to your Personal Data and administrative user access rights should be directed to your Employer. Hastee hereby disclaims all liability howsoever arising in relation to your actual or suspected infringement of such Employer Policies in relation to your use of the Hastee Technology.

THE TYPES OF PERSONAL DATA WE PROCESS

We collect information from you when you:

  • • You interact with the Hastee Technology.
  • • You request information about our Hastee Technology.
  • • Your Employer provides your Personal Data and information to us.
  • • You sign-in or visit our Hastee Technology or use the services and functionality available through that Hastee Technology.
  • • You use a social media service, for example, our Facebook page or YouTube channel.
  • • You sign up for e-mails, mobile messages, social media, or other communications or notifications from us.
  • • You enter a contest or sweepstakes, respond to one of our surveys, or participate in a focus group.
  • • You provide us with comments, suggestions, or other input.

All the Personal Data we collect: i) from you directly via the Hastee App; ii) from your Employer and iii) from the Hastee Technology. We may collect, use, store and transfer different kinds of Personal Data as follows:

TABLE 1: PERSONAL DATA

SECTION

CATEGORY OF PERSONAL DATA COLLECTED

SOURCE

DESCRIPTION

1

Personal Data provided by your Employer to Hastee to enable the Employee Benefit to be made available to you.

Identity Data

Your Employer

Title; first name; last name; payroll or worker identification number; and (but only where required by your Employer) your date of birth and/or national insurance number.

Contact Data

Email address

Financial Data

When you have created a User Account (as defined below) and become a registered user (“Registered User”) of the Employee Benefit, pay or salary information including:

– whether you are a salaried or contingent worker

– if salaried, the amount of your salary

– if a contingent worker, your rate (hourly or daily)

Employment Data

For Registered Users who are contingent workers (where payment of wages or fees is contingent upon work performed for or services provided to the Employer), once work has been approved by your Employer:

– rota, time & attendance data;

– job ID*;

– location / venue*; and

– approved start and end information / check-in time and check-out time*.

*only if your Employer has provided this to us.

For all Registered Users:

– dates of termination of employment or engagement;

– any other information provided by or on behalf of your Employer which is necessary for Hastee to provide the Services to your Employer, such as your national insurance number.

2

Personal Data that you voluntarily give us by: registering to use and creating a user account on the Hastee App (“User Account”); making a request, via the Hastee App, for payment of a Withdrawal to you by Hastee on your Employer’s behalf (“Withdrawal Request”); corresponding with us by email, telephone call or other means; by requesting an invitation code from our website; by sharing via the Hastee App social media function; entering into any competition, promotion or survey; or reporting a problem with the Hastee App.

Identity Data

You

Hastee App log-in details: username (or similar identifier); password; and (but only in limited situations where required by your Employer to deliver the Employee Benefit to you) your date of birth and/or national insurance number.

Contact Data

Email address; mobile number

Financial Data

Bank account number, sort code or other account details into which payment of a Withdrawal would be made to you.

Employment Data

Employer name.

Marketing and Communications Data

Your preferences in receiving marketing from us, our third parties, and your communication preferences by opting to manage your preferences through a link at the bottom of any email we send you.

3

Personal Data that the Hastee Technology collects about you and your device automatically each time you use the Hastee Technology, including by the use of cookies and other similar technologies. For more information on our cookie policy please see the “How we use cookies and other technologies” section below.

Identity Data

Hastee (by Hastee Technology)

One-time unique registration code

Records of future log-ins to your User Account once you have become a Registered User

Login credentials (username and password)

Transaction Data

Transaction and usage information including details of Withdrawal payments made to you by Hastee on behalf of your Employer and any charges associated with such payments (“Charges”).

Device Data

Mobile device type and model, mobile device identifier, mobile network information, operating system and platform and other technology on the devices you use to access the Hastee Technology, internet protocol (“IP”) address used to connect your computer to the internet, your login information, browser type and version, time zone setting and location, browser and browser plug-in types and versions

Usage Data

Information about your visit, including the full Uniform Resource Locators (“URL”) clickstream to, through and from the Hastee Technology (including date and time); the pages you viewed; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page.

Location Data

We use GPS technology on your device to determine your current location to support the time and attendance functionality of the Hastee App (you will confirm the activation of the collection of such location data via a pop up in the Hastee App).  Please note that you can withdraw your consent to your location data being used for this purpose by changing the settings in the Hastee App.

Camera Data

Data collected from your device’s camera where the camera is used as part of the “check in” and “check out” functionality of the Hastee App (for example to collect QR code data).

Aggregate Data

Statistical or demographic data which may be derived from your Personal Data, and which, once in aggregated form, does not directly or indirectly reveal your identity. E.g., We may aggregate your Usage Data to calculate the percentage of users using a specific feature of the Hastee Technology. However, if we combine or connect Aggregated Data with your Personal Data so that it can directly or indirectly identify you, we treat the combined data as Personal Data which will be used in accordance with this Privacy Policy.

Sensitive Data

In some jurisdictions, Personal Data that is considered “sensitive personal data” (or “special categories of data”) under applicable laws may be subject to more stringent protection and limitations on use than other Personal Data. What is considered sensitive Personal Data varies from country to country, but generally includes information relating to a person’s sexual orientation, racial or ethnic origin, alleged or actual criminal offence, physical or mental health or condition, trade union membership, political opinions, religious belief or genetic data. It is our intent that information collected will not include any Personal Data that would be considered sensitive Personal Data under the applicable laws of any jurisdiction.

MINORS

The Hastee Technology is not intended for children below 16 and we do not knowingly collect Personal Data relating to such children. In the event that such data is provided to us, we reserve the right in our absolute discretion to delete it.

THE LEGAL BASES AND PURPOSES FOR OUR USING PERSONAL DATA

We will only use your Personal Data where the law allows us to do so and for the purposes for which we collected it as listed in Table 2, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.

If we need to use your Personal Data for an unrelated purpose, we will update this Privacy Policy and we will explain the legal basis which allows us to do so.

LEGAL BASIS

We process your information based on the following legal bases:

Pursuant to contract

  • • Where the provision of your Personal Data is necessary for us to perform a contract we have entered into with you – namely, to comply with our obligations to you under our Hastee App User Terms and for you to have access to the Employee Benefit and the full functionality of the Hastee App.

Legitimate interest

  • • Where it is necessary for our interests in conducting and managing our business to give you the best product and most secure experience.
  • • To send you direct marketing communications by email or text. You can unsubscribe from such communications at any time. We explain how you can do this below.

We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your Personal Data for our legitimate interests. More detail about the specific legitimate interests pursued in respect of each purpose we use your Personal Data for is set out in the table below.

Compliance with Law

  • • Where we need to comply with a legal or regulatory obligation.

Consent

  • • Where we have your specific, freely given, informed and unambiguous consent to carry out the processing for the purpose in question.
  • • On the basis of consent we may share your information with nonaffiliated third parties, for example, for them to develop their own products or market to you, where they have the requisite legal permissions to do so. We will get your express opt-in consent before we share your personal data with any third party for marketing purposes.

On the basis of consent we may share your information with nonaffiliated third parties, for example, for them to develop their own products or market to you, where they have the requisite legal permissions to do so.

We have set out in Table 2, the legal bases relied on in respect of the relevant Purposes for which we use your Personal Data.

TABLE 2:  PURPOSE AND LEGAL BASIS FOR PROCESSING PERSONAL DATA 

TYPE OF PERSONAL DATA

PURPOSE FOR COLLECTING

LAWFUL BASIS FOR PROCESSING

Identity Data

Contact Data

Financial Data

Employment Data

Location Data

Camera Data

Account creation, transfer and use.

Pursuant to contract:

To fulfil our obligations to you under the Hastee App User Terms (which you agreed to as part of the process of creating your User Account) and enable you to take advantage of the Employee Benefit.

To enable us to fulfil our obligations to your Employer pursuant to our terms of business with them under the Client Contract and to enforce rights against them arising out of your use of the Hastee App and your use of the Employee Benefit.

To enable Hastee to invite you to use and install the Hastee App and register you as a new Registered User, to log back in should you have forgotten your password or find yourself locked out for other reasons; to submit Withdrawal Requests and receive payments of Withdrawals on the basis of the Employment and Financial Data provided and, where used by you to check in/out of work, the Location Data and Camera Data.

To keep transaction records of Withdrawal payments made to you and Charges associated with them so that this data can be provided to your Employer by us at the end of each payroll period so that we may seek reimbursement from them in respect of the same.

To notify you about any changes to the Charges for the payment of Withdrawals to you.

The provision of Services to your Employer (our client) under the Client Contract which enable them to provide the Employee Benefit to you.

The effective and efficient management of our business, including the ability to recover sums owing to us by your Employer(s) in relation to the payment of Withdrawals to you and Charges in relation to them.

Ensuring that your data is accurate so that we can ensure the functionality of the Hastee App and security of your Personal Data.

Identity Data

Contact Data

[Marketing and Communication Data]

Relationship Management

To manage our relationship with you and deliver content.

Pursuant to contract: to fulfil our obligations:

• to you under the Hastee App User Terms and to advise you if the Employee Benefit or the Charges in respect of it are changing in any way; and

• to your Employer under the terms of the Client Contract between us and them.

Legitimate Interests: of keeping records updated and analysing how customers use our products/ services). To enable you to participate in a prize draw, competition or complete a survey.

[Marketing and Communication Data]

Marketing communication information

Such as details of your preferences for receiving marketing from us and our third parties and your communication preferences (if applicable).

To make recommendations to you about which goods or services Hastee provide that may be of interest to you; via email, text, in-app notifications and/or push notifications.

Legitimate Interests: it is in our legitimate interest to provide you with information that is relevant to you, where you have signed up for a User Account. You will be provided with the opportunity to unsubscribe from such communications. Details as to how to manage your preferences are set out in this Privacy Policy.

Consent: On the basis of consent we may share your information with nonaffiliated third parties, for example, for them to develop their own products or market to you, where they have the requisite legal permissions to do so.

Identity Data

Contact Data

Employment Data

Financial Data

Device Data

Important Notices, Educative Materials, Benefits and Transactional E-mail.

To fulfil our obligations to your Employer under the Client Contract.

Contract: We will send to your email address non-commercial electronic email messages with important information about: us; the Hastee Technology; the Employee Benefit; or advice pertaining to personal finance that your Employer has requested we provide to you as part of our performance of the Client Contract (the “Financial Education Series”). Please note that any opt-out you have made in relation to promotional content (including the receipt of push notifications and/or in-Hastee App notifications) will not apply to these Transactional Emails, the Financial Education Series or to any communications which we are required to send you pursuant to the performance of our obligations to your Employer under the Client Contract.

Identity Data

Contact Data

Employment Data

Financial Data

Device Data

Fraud Prevention

To keep the Hastee Technology operational and secure.

To keep your Personal Data and identity secure.

Legitimate Interests: We have a legitimate interest in ensuring the ongoing security and proper operation of our services, website and associated IT services and networks.

Pursuant to contract: To fulfil our obligations to you under the Hastee App User Terms and to your Employer under the Client Contract.

Identity Data

Contact Data

Transactional Data

Device Data

Usage Data

Aggregated Data

Optimisation and Analytics

To understand and measure how users use our Hastee Technology and to use this data to improve it.

Legitimate Interests:

• To ensure content is presented in the most effective manner for your device and the proper operation and improvement of the Hastee Technology. It is in our legitimate interest to better understand how to deliver our services to our customers and prospective customers, such as though finding efficiencies and new opportunities. To allow for participation in interactive features of the Hastee Technology when you choose to do so.

• To develop our products/ Services and grow our business, though understanding app usage and how to improve the service and/or Hastee Technology.

Device Data

Identity Data

Contact Data

Transactional Data

Financial Data

Employment Data

Troubleshooting

To track issues that might be adversely affecting the operation of the Hastee Technology.

Legitimate interests:

To enable us to monitor and ensure the proper operation of the Hastee Technology. It is also in our mutual legitimate interest for your User Account to be secure.

To help you in the event you have a problem with your User Account, the Hastee App or the submission of a Withdrawal Request or receipt of a payment of a Withdrawal.

Pursuant to contract:

To fulfil our obligations to you under the Hastee App User Terms.

Device Data

Identity Data

Contact Data

Employment Data

Changes to our App, the App User Terms, Employee Benefit and Privacy Policy.

Legal Obligations: To notify you of changes to the Hastee App, the App User Terms, this Privacy Policy, the Services delivered to your Employer or any change to the Charges for accessing the Employee Benefit.

In some situations we have more than one legal basis for processing your Personal Data. For example, we may collect information concerning your use of the Hastee Technology to both perform under our contractual obligations to you under the App User Terms and also pursuant to a legitimate business interest in maintaining your information for record keeping purposes. As a result, our collection and processing of your Personal Data is based, in different contexts, upon different legal bases. Please contact us by using the contact information provided at the end of this Privacy Policy to learn more about the purposes for which we use any specific types of your Personal Data.

HOW WE MAY SHARE YOUR PERSONAL DATA

TABLE 3: The following table describes whom we share your Personal Data with, what we share and why we share it.

RECIPIENTS

CATEGORIES OF PERSONAL DATA SHARED

REASON SHARED

Your Employer(s)

Transaction Data

Identity Data

We share, with your Employer, at the end of each payroll period, details of the consolidated Withdrawals you have received from us on your Employer’s behalf and any associated Charges during that payroll period (using your first name, last name and payroll or worker identification number to identify you) to enable your Employer to make the appropriate deductions from your pay at the end of each pay period.

Service Providers

Identity Data

Contact Data

Financial Data

Employment Data

Transaction Data

Device Data

Aggregate Data

Usage Data

So that survey, hosting, analytics, search engine and other technical assistance providers can assist us in the improvement and optimisation of the Hastee Technology and the provision of Services to your Employer.

Survey companies are only permitted to use your Personal Data to request a review from you in the context of your use of the Hastee App. They may not use it for any other purpose.

Our IT service providers provide us with software development, business analyst and system administration services.

Communication Partners

Contact Data

Our third-party partners provide live chat and facilitate communication (like email, chat and phone), in order to provide you with the full functionality of the Hastee App.

They may ask for your email and Employer name to provide assistance to you.

Transaction Processing Partners

Identity Data

Contact Data

Financial Data

Transaction Data

So that these third-party partners may process transactions on our behalf.

Professional advisers

Identity Data

Contact Data

Transaction Data

Financial Data

Device Data

Usage Data

To our lawyers, bankers, consultants, auditors and providers of banking, legal, insurance and accountancy services if such disclosure is reasonably required to comply with any legal obligation; to enforce any contract entered into with you or your Employer; to protect the rights, property or safety of Hastee or our customers (including by exchanging information with other organisations for the purposes of fraud protection).

Hastee Group Companies

Identity Data

Contact Data

Financial Data

Transaction Data

Employment Data

Usage Data

Device Data

Aggregate Data

Location Data

Camera Data

We may share your information with our corporate affiliates and associates (e.g., parent company, sister companies, associated trust entities, subsidiaries, joint ventures, or other companies under common control). We have a legitimate business interest to share data with our group as it allows us to better understand the performance of our Services and how to offer and improve our product offerings across the group. It also assists us with finding operational efficiencies (such as financial efficiencies though sharing IT infrastructure), making use of group level software solutions and improving our technological offerings which form an integral part of our Service.

Purchaser of Hastee and/or any member of the Hastee Group

Identity Data

Contact Data

Financial Data

Transaction Data

Employment Data

Usage Data

Device Data

Aggregate Data

Location Data

Camera Data

Any entity which purchases all or part of Hastee and/or any member of the Hastee Group, upon completion of which transaction, Personal Data held by Hastee about its Registered Users will be one of the transferred assets (whether transferred via a business or share sale). We will also share information at the negotiation stage or in a bidding process, as applicable.

We may retain a copy of that information.

Law Enforcement Agencies

Identity Data

Contact Data

Financial Data

Transaction Data

Employment Data

Usage Data

Device Data

Aggregate Data

Location Data

On the basis of the compliance with a legal obligation for example if we are required to disclose information pursuant to regulatory, employment, taxation, criminal, terrorist financing and money laundering law requirements.

Legal, civil or business affairs

Identity Data

Contact Data

Financial Data

Transaction Data

Employment Data

Usage Data

Device Data

Aggregate Data

Location Data

We may disclose information when we believe disclosure is appropriate to comply with the law, to enforce or apply applicable terms and conditions and other agreements, or to protect our rights, property or safety or the rights, property or safety of our affiliates, users, or third parties. For example, we may disclose information in response to subpoenas, arbitration proceedings, warrants, or court orders, or in connection with any legal process, or to comply with relevant laws. We may also share information in order to establish or exercise our rights, to defend against a legal claim, to investigate, prevent, or take action regarding possible illegal activities, suspected fraud, safety of person or property, or a violation of our policies.

OUR USE OF COOKIES AND OTHER SIMILAR TECHNOLOGIES

What are cookies?

We may collect information using “cookies”. Cookies are small data files stored on the hard drive of your computer or mobile device by a website. We use them to distinguish you from other users of the Hastee Technology and to remember your preferences. This helps us to provide you with a good experience when you use the Hastee Technology and also allows us to improve it. We may use both session cookies (which expire once you close your web browser) and persistent cookies (which stay on your computer or mobile device until you delete them) to provide you with a more personal and interactive experience.

Categories of cookies

The Hastee Technology uses two broad categories of cookies:

• First party cookies, served directly by us to your computer or mobile device; and

• Third party cookies, which are served by our partners or service providers.

Type & purposes of cookie use

The Hastee Technology uses the following types of cookies for the purposes set out below:

  • Essential cookies: to provide you with services available through the Hastee Technology to enable you to use some of its features. For example, they allow you to log in to secure areas of the Hastee Technology and help the content of the pages you request to load quickly. Without these cookies, the services that you have asked for cannot be provided, and we only use these cookies to provide you with those services.
  • Functional cookies: to allow the Hastee Technology to remember choices you make when you use the Hastee Technology, such as remembering your language preferences, login details and any aspects of the Hastee Technology which you can customise. The purpose of these cookies is to provide you with a more personal experience and to avoid you having to re-enter your preferences every time you visit the Hastee Technology.
  • Analytics and performance cookies: to collect information about traffic to the Hastee Technology and how it is used. The information gathered via these cookies does not “directly” identify any individual user. However, it may render such visitors “indirectly identifiable”. This is because the information collected is typically linked to a pseudonymous identifier associated with the device you use to access the Hastee Technology. The information collected is aggregated and anonymous. It includes the number of visitors to the Hastee Technology, the websites that referred them, the pages they visited, what time of day they visited it, whether they have visited the Hastee Technology before, and other similar information. We use this information to help operate the Hastee Technology more efficiently, to gather broad demographic information and to monitor the level of activity on the Hastee Technology.
    • o We use Google Analytics for this purpose. Google Analytics uses its own cookies. It is only used to improve how the Hastee Technology works. You can find out more information about Google Analytics cookies here: https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage
    • o You can find out more about how Google protects your data here: www.google.com/analytics/learn/privacy.html
    • Targeting Cookies: these will collect information about your browsing habits and allow us to deliver content and functionality that best suits you and your interests while you are browsing our site and other sites on the Internet.
    • Social Media Cookies: these cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit.

Disabling cookies

You can typically remove or reject cookies via your browser settings. In order to do this, follow the instructions provided by your browser (usually located within the “settings”, “help” “tools” or “edit” facility). Many browsers are set to accept cookies until you change your settings.

If you do not accept our cookies, you may experience some inconvenience in your use of the Hastee Technology. For example, we may not be able to recognise your computer or mobile device and you may need to log in every time you visit the Hastee Technology.

Further information about cookies, including how to see what cookies have been set on your computer or mobile device and how to manage and delete them, visit www.allaboutcookies.org and www.youronlinechoices.com.uk.

You can also prevent the use of Google Analytics relating to your use of the Hastee Technology by downloading and installing the browser plugin available via this link: http://tools.google.com/dlpage/gaoptout?hl=en-GB

Mobile Privacy

Although you do not have to provide your location information to us to use our Hastee Technology, your Employer may require a postcode or geolocation as part of its provision of the Employee Benefit to you and we therefore require it to enable our Hastee App to function to deliver the Services to your Employer. For example, where your Employer requires you to check in and check out of a work or job location to prove your physical presence or the time at which you started / ended your work. If you request that we confirm your location or IP address, we may use your geolocation information to do so. Our Hastee Technology may also tell us the region of the world in which you are located when you use the Hastee Technology. If you have questions about location and notification privacy, please contact your mobile service provider or the manufacturer of your device to learn how to adjust your settings.

DATA STORAGE AND TRANSFER

The Personal Data that we obtain about you is stored on third party servers. We generally process such Personal Data on servers located within the United Kingdom, however, it is possible that the Personal Data we collect in relation to you may be transferred, stored and/or processed outside the European Economic Area. In connection with such transfers, we endeavour to ensure that the entities or people to whom we provide Personal Data hold it subject to appropriate safeguards and controls. Whenever we transfer your Personal Data out of Europe to countries that have not been deemed to provide an adequate level of protection for Personal Data by the European Commission, we ensure a similar degree of protection is afforded to it by implementing the following safeguards:

    • • We use specific contracts approved by the European Commission, which give Personal Data the same protection it has in Europe. For further details, see European Commission: Model contracts for the transfer of Personal Data to third countries.
    • • Where we use service providers based in the U.S., we may also transfer data to them if they are part of the Privacy Shield, which requires them to provide similar protections to Personal Data shared between Europe and the U.S. For further details, see European Commission: EU-U.S. Privacy Shield.

KEEPING YOUR PERSONAL DATA SECURE

The transmission of information by the internet is not completely secure. Although we will endeavour to protect your Personal Data, we cannot guarantee the security of your data transmitted via the Hastee App; any transmission is at your own risk. Once we have received your information, we will use security features to try to prevent unauthorised access.

We have put in place appropriate security measures to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We limit access to your Personal Data to those employees and other staff who have a business need to have such access.

RETENTION OF YOUR PERSONAL DATA

We will retain your Personal Data for so long as we reasonably need to use it for the purposes set out above unless a longer retention period is required by law (e.g. for tax, regulatory or future potential claims purposes). We will retain your information for as long as necessary for the purposes described in this Privacy Policy and in accordance with the following principles:

    • • For the duration required pursuant to a legal obligation;
    • • For the period required by applicable law and regulations, for the activities relating to the service; or
    • • For the duration of legal proceedings and the related limitation periods, for processing activities necessary to protect against legal liability and enforce our rights.

THIRD PARTY LINKS

The Hastee Technology may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates and other third-party websites, plug-ins and applications. Please note that these websites and any services that may be accessible through them have their own privacy policies and that we do not accept any responsibility or liability for these policies or for any personal data that may be collected through these websites or services, such as Contact and Location Data. Please check these policies before you submit any personal data to these websites or use these services. When you leave the Hastee Technology, we encourage you to read the privacy policy of every site you visit.

WHAT CHOICES AND RIGHTS YOU HAVE REGARDING YOUR PERSONAL DATA

If your Personal Data was collected by another party under their privacy policy, we may have to refer you to that party in order to exercise the choices regarding your Personal Data. If your data was collected by us under this Privacy Policy, you can make the following choices regarding your Personal Data. In order to exercise any of these rights, you can contact us by using the contact information provided at the end of this Privacy Policy.

It is important to note that as Hastee is designed to collect and manage Personal Data collected in the course of your employment or relationship with your Employer. In such circumstances, that organisation will act as the controller of the Personal Data that was initially collected and then uploaded or synched to the Hastee Technology. Therefore, in some instances where we receive a data subject request, we may be required to contact that organisation for direction and/or to provide them with assistance in managing the request. Because of this, we may therefore be required to direct you or third-party enquiries to that organisation, as they may hold and/or be in control of the Personal Data which that request relates. Unless we are not allowed to do so by law, confidentiality or contract, we will tell you when we pass the request on to that organisation. In such circumstances it will be that organisation’s obligation to comply with the request.

    • Access to Your Personal Data: You may request access to your Personal Data by contacting us using the contact information provided at the end of this Privacy Policy. If permitted, and required by law, we will grant you reasonable access to the data that we have about you.
    • Changes to Your Personal Data: We rely on you to update and correct your Personal Data. Note that we may keep historical Personal Data in our backup files as permitted by law. If our services do not permit you to update or correct certain Personal Data, please contact us by using the contact information provided at the end of this Privacy Policy.
    • Deletion of Your Personal Data: Typically, we retain your Personal Data for the period necessary to fulfil the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. You may, however, request information about how long we keep a specific type of Personal Data, or request that we delete your Personal Data by contacting us using the contact information provided at the end of this Privacy Policy. If permitted by law, we may grant a request to delete Personal Data, but you should note that in many situations we are required to keep your Personal Data to comply with our legal obligations, resolve disputes, enforce our agreements, or for another one of our business purposes. If we grant your request to delete your Personal Data, you should note that in many situations we may no longer be able to provide you with access to the functionality and services of the Hastee Technology.
    • Objection to Certain Processing: You may object to our use of your Personal Data by contacting us using the contact information provided at the end of this Privacy Policy.
    • o Marketing: When we send you promotional emails, push notifications and/or in-app notifications (“Promotional Content”) based on your consent or as permitted by applicable laws, you have the right to unsubscribe or amend your in-app preferences accordingly. You also have the ability to unsubscribe to Promotional Content by following the unsubscribe instructions in e-mails. Please allow us up to 10 business days to implement your request to unsubscribe. Note that even if you decide to opt out of receiving Promotional Content, we may still send you service-related communications.
    • o Important Notices and Transactional E-mails: From time to time we may send to your email address non-commercial electronic email messages with important information about us, the Hastee Technology and/or the Employee Benefit (“Transactional Emails”); or advice pertaining to personal finance that your Employer has requested we provide as part of our performance of the Client Contract (the “Financial Education Series”). Please note that even if you decide not to receive Promotional Content, will still send you Transactional Emails and the Financial Education Series.
    • o Financial Education Series: You also have the ability to unsubscribe from the Financial Education Series by following the unsubscribe instructions in e-mails. Please allow us up to 10 business days to implement your request to unsubscribe. Note that even if you decide to opt out of receiving the Financial Education Series, we may still send you Transactional Emails.
    • o Mobile: We may distribute text messages to your mobile device. You may opt out of receiving text via the texts you receive.
    • Revocation of Consent: Where we rely on consent as our lawful basis for processing, if you revoke your consent for the processing of your Personal Data, then we may no longer be able to provide you with access to the functionality and services of the Hastee Technology. In some cases, we may limit or deny your request to revoke consent if the law permits or requires us to do so, or if we are unable to adequately verify your identity. You may revoke consent to processing (where such processing is based upon consent) by contacting us using the contact information provided at the end of this Privacy Policy.

If you would like to exercise any of the rights described above, please contact us by emailing: gdpr@hastee.com.

We may need to request specific information from you to help us confirm your identity and verify your right to access your Personal Data (or to exercise any of your other rights). This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response. We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or in the event you have made a number of requests, in which case, we will notify you and keep you updated.

If you feel that your complaint has not been adequately resolved, please note that you have the right to contact the Information Commissioner’s Office (“ICO”), the UK supervisory authority for data protection issues. Please see https://ico.org.uk/make-a-complaint/ for information on how to do this.

CHANGES TO THE PRIVACY POLICY AND YOUR DUTY TO NOTIFY US OF CHANGES

We may change this Privacy Policy and our information collection, use, and sharing practices over time. To the extent that our Privacy Policy changes in a material way, we will notify you of such changes in accordance with applicable data protection law requirements.

HOW TO CONTACT US

Our address is: Hastee Benefits Ltd, 15th Floor, 6 Bevis Marks, Bury Court, London, EC3A 7BA.

You can contact us with any questions, comments and requests regarding this Privacy Policy or your Personal Data by emailing: gdpr@hastee.com or calling us on +44(0)20 7199 8626.