PRIVACY POLICY

 

BACKGROUND

(A)       Your employer (“Employer”) wishes to make the Employee Benefit available to you via the EWA application (“EWA App”), which is made available through (i)  our EWA mobile application, (ii) our EWA web application accessible on our website, and/or (iii) integration of the EWA web application into the Zellis platform, in each case where applicable.

(B)       The expression “Employee Benefit” covers those products from the list below which your Employer has made available to you, depending on the subscription chosen by them in the Client Contract (being the contract between your Employer and the relevant provider(s) for the Employee Benefits).  These may include:

  • Earned Wage Access (EWA)
  • Earnings Tracker
  • Weekly Automated Salary
  • Savings
  • Discounts
  • Bespoke Financial Education
  • Financial Health Check-ups
  • Benefits Calculator
  • AI Financial Assistant

(C)       Your use of the Employee Benefits is subject to the terms of use for the EWA App (“App User Terms”).

(D)       This Privacy Policy explains how your personal data is processed when you use the EWA App.

 

WHO WE ARE

As Hastee works with employers in two different ways, the organisation responsible for deciding how and why your personal data is used (the “controller”) may differ depending on your Employer’s contracting route.

If your Employer contracts with Zellis (“Zellis-led model”)

If your Employer has contracted with Zellis UK Limited and/or with one of its affiliates (together, “Zellis”) to provide the Employee Benefits through the EWA App:

  • Zellis’ role: Zellis will generally act as controller in respect of personal data it processes through the Zellis platform to provide the Employee Benefits to you.
  • Hastee’s role: Hastee Technologies HR Ltd and/or one of the Hastee Group Companies (as set out in the section below) may process your personal data on Zellis’ behalf where Zellis engages Hastee to deliver the Employee Benefits. In those circumstances, Hastee will generally act as Zellis’ processor and processes personal data only in accordance with Zellis’ instructions.

Due to the way the services may be integrated and delivered, Zellis and Hastee may each act as an independent controller in respect of different processing activities carried out for their own purposes.  In addition, where Zellis and Hastee jointly determine the purposes and means of processing activities, they will act as joint controllers for activities and will allocate their respective compliance responsibilities in accordance with applicable data protection law.

If your Employer contracts with Hastee (“direct Hastee model”)

If your Employer has contracted with one of the following Hastee Group Companies, that entity will generally act as controller of your personal data in connection with the provision of the services:

  • Hastee Technologies HR Ltd (UK);
  • Hastee Benefits Ltd (UK); or
  • Hastee Europe S.L. (Spain).

In some cases, Hastee Technologies HR Ltd and another Hastee Group Company may act as joint controllers where they jointly determine the purposes and means of processing your personal data for the delivery of the services.  Where this applies, the relevant Hastee Group Companies will allocate their respective responsibilities for compliance with the applicable data protection law.

If you are unsure which Hastee entity is acting as controller or joint controller in respect of your data, you may contact us at dpo@zellis.com (Zellis’ Data Protection Officer, who handles data protection enquiries for the Zellis group, including Hastee, and will route your enquiry to the appropriate entity where necessary).

In this Privacy Policy the terms “we”, “us”, or “Hastee” are each intended as a reference to the relevant Hastee Group Companies that provides the services in connection with the Employee Benefits (as applicable to your Employer’s contracting route). Details of these Hastee Group Companies and their registration details are found at the end of this Privacy Policy.

 

WHAT DOES THIS PRIVACY POLICY COVER?

This Privacy Policy applies to users who access the EWA App under either the Zellis-led model or the direct Hastee model, depending on your Employer’s contract route under the Client Contract.

This Privacy Policy explains how we process your personal data through your use of the EWA App or our website (together, the “Hastee Technology”).  It also explains how we process personal data that your Employer might provide to us in relation to our provision of the services to them (“Services”) which enable you to access the Employee Benefits.

Where you access the EWA App through the Zellis-led model, Zellis is generally the controller and Hastee will generally process personal data on Zellis’ behalf as its processor.  This Privacy Policy does not replace Zellis’ privacy notice.

It also sets out the choices you can make about the personal data we collect and the legal rights you have in relation to your personal data.

This Privacy Policy is broken down into sections which explain:

  • Who We Are & The Types of Personal Data We Process
  • Minors
  • The Legal Bases and Purposes for Using Personal Data
  • How We May Share Your Personal Data
  • Our Use of Cookies and Other Similar Technology
  • Data Storage and Transfer
  • Keeping Your Personal Data Secure
  • Retention of Your Personal Data
  • Third Party Links
  • Your Rights and Choices
  • Changes to Our Privacy Policy and Your Duties to Notify Us of Changes
  • How To Contact Us

 

WHAT THIS PRIVACY POLICY DOES NOT COVER

If you are:

  • a shareholder, an employee or supplier of Hastee or are otherwise engaged in working for us or applying to work for us; or
  • a visitor to our website who has not registered an account on the EWA App pursuant to a Client Contract, a separate privacy policy or data processing agreement applies to information instead and you will be notified of the relevant policy that applies to you.

 

Important Information regarding Employers, Organisations and Third Parties

This Privacy Policy is not a substitute for any privacy notice that:

  • your Employer is required to provide to its employees, contractors, staff, affiliates, workers, volunteers, associates, members or other end users. All questions about the policies, data collection policies and fair processing notices of your Employer (“Employer Policies”) relating to your personal data and administrative user access rights should be directed to your Employer.
  • Zellis is required to provide its own privacy notice as controller of your personal data for the purposes of providing the Employee Benefits through the Zellis platform.
  • a third party is required to provide (for example, providers of products we may offer as Employee Benefits such as the Benefits Calculator), as an independent controller of your personal data.

Hastee is not liable for your Employer nor any third parties’ compliance with their obligations as controllers. Any concerns you have about the processing of your personal data by such parties should be directed to them.

 

THE TYPES OF PERSONAL DATA WE PROCESS

We collect information from you when:

  • You interact with the Hastee Technology.
  • You request information about our Hastee Technology.
  • Your Employer provides your personal data to us.
  • You sign-in or visit our Hastee Technology or use the services and functionality available through that Hastee Technology, including:
    • to register or update your interest in receiving bespoke financial education content and/or financial health check-ups (including via Nudge)
    • to use the Benefits Calculator
  • You use a social media service, for example, our Facebook page or YouTube channel
  • You sign up for e-mails, mobile messages, social media, or other communications or notifications from us.
  • You enter a contest or sweepstakes, respond to one of our surveys, or participate in a focus group.
  • You provide us with comments, suggestions, or other input (please do not include personal data unless we specifically request it).

 

AI Financial Assistant: If you choose to use the AI Financial Assistant, please do not include any personal data (or information that could identify you or anyone else) in your prompts or messages.  The AI Financial Assistant is intended to respond to general, non-personal queries only.

All the personal data we collect:

  • from you directly via the EWA App
  • from your Employer
  • from the Hastee Technology
  • from any third-party providers involved in the delivery of the Employee Benefit to you, is set out in Table 1 below.

We may collect, use, store and transfer different kinds of personal data as follows:

 

TABLE 1: PERSONAL DATA

SECTION

CATEGORY OF PERSONAL DATA COLLECTED

SOURCE

DESCRIPTION

1

Personal data provided by your Employer to Hastee (including via the Zellis-led model) to enable the Employee Benefit to be made available to you.

 

Identity Data

Your Employer

Title; first name; last name; payroll or worker identification number; and (but only where required by your Employer) your date of birth and/or national insurance number.

Contact Data

Email address and/or phone number.

Financial Data

Your pay or salary information including:

–         whether you are a salaried or contingent worker

–         if salaried, the amount of your salary, and any additional pay such as overtime or bonuses

–         if salaried, the frequency of your salary

–         if a contingent worker, your rate (hourly or daily)

Employment Data

For Registered Users who are contingent workers (where payment of wages or fees is contingent upon work performed for or services provided to the Employer), once work has been approved by your Employer:

–         rota, time & attendance data;

–         job ID*;

–         location / venue*; and

–         approved start and end information / check-in time and check-out time*.

*only if your Employer has provided this to us.

For all registered users:

–         start date of employment or engagement;

–         dates of termination of employment or engagement;

–         any other information provided by or on behalf of your Employer which is necessary for Hastee to provide the Services to your Employer, such as your national insurance number.

2

Personal data that you voluntarily give us by:

·        registering to use and creating a user account on the EWA App (“User Account”);

·        registering to receive bespoke financial education content and/or financial health check-ups (please note: though you may provide this via our third-party provider of financial education services and financial health check-ups (Nudge), Hastee is the controller of any such personal data and that service provider the data processor);

·        opting to receive marketing from us or our service providers;

·        opting to use products provided by third-party service providers such as:

·        discounts on popular high street brands;

·        the benefits calculator;

·        making a request, via the Hastee Technology, for payment of a Withdrawal or Savings allocation to you by or on behalf of the relevant controller (“Withdrawal Request”);

·        corresponding with us by email, telephone call or other means;

·        using the AI Financial Assistant (please do not include any personal data in your prompts or messages);

·        requesting an invitation code from our website;

·        sharing via the EWA App social media function; or

·        reporting a problem with the EWA App.

 

Identity Data

You

EWA App log-in details: username (or similar identifier); password; and (but only in limited situations where required by your Employer to deliver the Employee Benefit to you) your date of birth and/or national insurance number.

If you choose to receive bespoke financial education content and/or financial health check-ups: first name; last name; username (which would be your email address) and password. Additionally, but only if you choose to provide it to receive financial education tailored to your specific individual circumstances:  date of birth.

If you opt in to receive discounts through the Hastee Technology, first name and last name.

Contact Data

Email address; mobile number; residential address.

Financial Data

Bank account number, sort code or other account or card details (cardholder name and card number) into or onto which payment of a Withdrawal would be made to you.

If you opt in to receive bespoke financial education content and/or financial health check-ups (including via Nudge) and choose to provide this personal data: salary/wage; any sources of additional income or use of financial products.

If you opt in to receive discounts through the Hastee Technology: account balance.

Employment Data

Employer name.

Marketing and Communications Data

Your preferences in receiving marketing from us, our third parties, and your communication preferences by opting to manage your preferences through a link at the bottom of any email we send you.

 

3

Personal data that the Hastee Technology collects about you and your device automatically each time you use the Hastee Technology, including using cookies and other similar technologies. For more information on our cookie policy please see the “How we use cookies and other technologies” section below.

 

Identity Data

Hastee (by Hastee Technology)

One-time unique registration code

Records of future log-ins to your User Account once you have become a Registered User

Login credentials (username and password)

Transaction Data

Transaction and usage information including details of Withdrawal payments made to you via the EWA App (whether made by Hastee and/or on behalf of the relevant controller) and any charges associated with such payments (“Charges”).

Device Data

Mobile device type and model, mobile device identifier, mobile network information, operating system and platform and other technology on the devices you use to access the Hastee Technology, internet protocol (“IP”) address used to connect your computer to the internet, your login information, browser type and version, time zone setting and location, browser and browser plug-in types and versions.

 Usage Data

Information about your visit, including the full Uniform Resource Locators (“URL”) clickstream to, through and from the Hastee Technology (including date and time); the pages you viewed; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page.

Location Data

We use GPS technology on your device to determine your current location to support the time and attendance functionality of the EWA App (you will confirm the activation of the collection of such location data via a pop up in the EWA App).  Please note that you can withdraw your consent to your location data being used for this purpose by changing the settings in the EWA App.

Camera Data

Data collected from your device’s camera only to support device-level biometric authentication managed by your device’s operating system.  We do not capture, store or process facial imagery and we do not have access to, receive or process biometric data; we only receive confirmation that the authentication has been successful.  The camera is not used for check-in/check-out, facial recognition or identity verification.

Aggregate Data

Statistical or demographic data which may be derived from your personal data, and which, once in aggregated form, does not directly or indirectly reveal your identity. E.g., We may aggregate your Usage Data to calculate the percentage of users using a specific feature of the Hastee Technology. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this Privacy Policy.

 

Special Category Data

In some jurisdictions, certain types of personal data are considered “sensitive personal data” (or “special categories of data”) under applicable laws and may be subject to more stringent protections and limitations on use than other personal data. What is considered sensitive personal data varies from country to country, but generally includes information relating to a person’s, racial or ethnic origin, political opinions or philosophical beliefs, trade union membership, genetic data, biometric data (when used for identification), health data, and data concerning a person’s sex life or sexual orientation. Information about criminal convictions and offences is subject to additional protections under applicable data law. We do not seek to collect special category data or information about criminal convictions and offences.  For clarity, we do not collect or process biometric data for identification purposes (including facial imagery); any biometric authentication (e.g. Face ID) is performed by your device operating system and we only receive confirmation that the authentication has been successful. Please do not provide such special category data when using the EWA App or communicating with us, including when using the AI Financial Assistant.

 

MINORS

The Hastee Technology is not intended for children under 16.  We do not knowingly collect personal data relating to children. If we become aware that we have collected personal data from a child under 16, we will take appropriate steps to delete it and/or restrict further processing, unless we are required to retain it to comply with a legal obligation.

 

THE LEGAL BASES AND PURPOSES FOR OUR USING PERSONAL DATA

We will only use your personal data in accordance with applicable law and only for the purposes for which it was collected as set out Table 2, unless we reasonably consider that we need to use it for another purpose and that purpose is compatible with the original purpose.

If we need to use your personal data for an unrelated purpose, we will update this Privacy Policy and explain the legal basis which allows us to do so.

 

LEGAL BASIS

We process your information based on the following legal bases:

Pursuant to contract

  • Where the provision of your personal data is necessary for us to perform a contract applicable to your use of the EWA App and the Employee Benefits (for example, to comply with obligations under the App User Terms).

Legitimate interest

  • Where it is necessary for our interests in conducting and managing our business to give you the best product and most secure experience.
  • To send you direct marketing communications by email or text where permitted by applicable law and subject to your right to opt out at any time. You can unsubscribe from such communications in advance of receiving any by emailing dpo@zellis.com or at any time by clicking the link in the email itself.

We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. More detail about the specific legitimate interests pursued in respect of each purpose we use your personal data for is set out in the table below.

Compliance with Law

  • Where we need to comply with a legal or regulatory obligation.

Consent

  • Where we have your specific, freely given, informed and unambiguous consent to carry out the processing for the purpose in question.
  • On the basis of consent, we may share your information with non-affiliated third parties, for example, for them to develop or provide you with their own products or market to you, where they have the requisite legal permissions to do so. We will get your express opt-in consent before we share your personal data with any third party for marketing purposes.

Table 2 sets out the legal bases we rely on where we act as controller. In the Zellis-led model, Zellis is generally the controller and determines the relevant legal bases (see “Who We Are”).  Where we process personal data on behalf of another controller, we do so on that controller’s instructions and, where required, the controller obtains any necessary consents.

TABLE 2:  PURPOSE AND LEGAL BASIS FOR PROCESSING PERSONAL DATA

 

TYPE OF PERSONAL DATA

PURPOSE FOR COLLECTING

LAWFUL BASIS FOR PROCESSING

Identity Data

Contact Data

Financial Data

Employment Data

Location Data

Camera Data

Account creation and use

To create your User Account on the App.

To facilitate your use of the EWA App & User Account.

To provide details and retain records of your Withdrawal transactions.

To provide you with bespoke financial education content if this is something you opt to receive. To allow us to share your personal data with our service providers involved in the provision of any aspect of the Employee Benefits, such as our third-party provider of bespoke financial education and financial health check-ups (Nudge) or discounts so that they can register a user account for you and deliver content tailored to your individual circumstances.

To enable the Zellis platform integration, we process limited identifier information data received from Zellis (such as employee number, name and email address) to match the correct user account and to enable the integration.  We also generate and send a widget data feed from Hastee to the Zellis platform containing earned wage access information (for example, amounts withdrawn and related transaction information) so that it can be displayed in the Zellis platform.

Pursuant to contract:

To fulfil our obligations to you under the applicable App User Terms (where we are the contracting party and which you agreed to as part of the process of creating your User Account) and enable you to use the Employee Benefits.

To enable Hastee to invite you to use and install the mobile version of the EWA App and register you as a new Registered User, to log back in should you have forgotten your passcode or find yourself locked out for other reasons; to submit Withdrawal Requests and receive payments of Withdrawals via the EWA App  on the basis of the Employment and Financial Data provided and, where used by you  the Location Data and Camera Data.

To notify you about any changes to the Charges for the payment of Withdrawals to you.

To allow third-party providers to provide to you, on our behalf, elements of the Employee Benefits, such as discounts and bespoke financial education services and financial health check-ups tailored to your individual circumstances. In such situation, the relevant controller (as described in the “Who We Are” section) is the controller of your personal data and the relevant third-party provider will act as a processor where it processes personal data on the controller’s behalf.

Legitimate Interest:

To enable us to fulfil our obligations to your Employer pursuant to our terms of business with them under the Client Contract and to enforce rights against them arising out of your use of the EWA App and your use of the Employee Benefit.

To keep transaction records of Withdrawal payments, discounts and savings allocations made to you via the Hastee Technology and Charges associated with them so that this data can be provided to your Employer by us at the end of each payroll period so that we may seek reimbursement from them in respect of the same.

The provision of services to your Employer (our client) under the Client Contract which enable them to provide the Employee Benefit to you.

The effective and efficient management of our business, including the ability to recover sums owing to us by your Employer(s) in relation to the payment of Withdrawals to you and Charges in relation to them.

Ensuring that your data is accurate so that we can ensure the functionality of the EWA App and security of your personal data.

 

Zellis-led model: Where we act as Zellis’ processor for the Zellis integration, we process personal data on Zellis’ instructions.  Zellis (as controller) determines the lawful basis for that processing and for instructing us to process on its behalf.

Identity Data

Contact Data

Marketing and Communication Data

Relationship Management

To manage our relationship with you and deliver content.

To provide customer support to you regarding your User Account and Withdrawal Payments or to investigate any complaint or query.

Pursuant to contract: to fulfil our obligations:

·        to you under the App User Terms and to advise you if the Employee Benefits or the Charges in respect of it are changing in any way; and

·        to your Employer under the terms of the Client Contract between us and them.

Legitimate Interests: of keeping records updated and analysing how customers use our products/ services). To enable you to participate in a prize draw, competition or complete a survey.

Marketing and Communication Data

Marketing communication information

Such as details of your preferences for receiving marketing from us and our third parties and your communication preferences (if applicable).

To make recommendations to you about which goods or services Hastee group companies provide that may be of interest to you; via email, text, in-app notifications and/or push notifications.

Legitimate Interests: it is in our legitimate interest to provide you with information that is relevant to you, where you have signed up for a User Account. You will be provided with the opportunity to unsubscribe from such communications by clicking on a link in the email itself or, in advance, by emailing dpo@zellis.com. Further details as to how to manage your preferences are set out in this Privacy Policy.

Consent: On the basis of consent we may share your information with non-affiliated third parties, for example, for them to develop their own products or market to you, where they have the requisite legal permissions to do so.

Identity Data

Contact Data

Employment Data

Financial Data

Device Data

Important Notices, Educative Materials, Benefits and Transactional E-mail.

 

To fulfil our obligations to your Employer under the Client Contract.

Contract: We will send to your email address non-commercial electronic email messages with important information about: us; the Hastee Technology; the Employee Benefits; or, should you have opted-in to receive it, advice pertaining to personal finance. Please note that any opt-out you have made in relation to promotional content (including the receipt of push notifications and/or in-EWA App notifications) will not apply to these Transactional Emails or to any communications which we are required to send you pursuant to the performance of our obligations to your Employer under the Client Contract.

Identity Data

Contact Data

Employment Data

Financial Data

Device Data

Fraud Prevention

To keep the Hastee Technology operational and secure.

To keep your personal data and identity secure.

Legitimate Interests: We have a legitimate interest in ensuring the ongoing security and proper operation of our services, website and associated IT services and networks.

Pursuant to contract: To fulfil our obligations to you under the EWA App User Terms and to your Employer under the Client Contract.

Identity Data

Contact Data

Transactional Data

Device Data

Usage Data

Aggregated Data

Optimisation and Analytics

To understand and measure how users use our Hastee Technology and to use this data to improve it.

Legitimate Interests:

·      To ensure content is presented in the most effective manner for your device and the proper operation and improvement of the Hastee Technology. It is in our legitimate interest to better understand how to deliver our services to our customers and prospective customers, such as though finding efficiencies and new opportunities. To allow for participation in interactive features of the Hastee Technology when you choose to do so.

·      To develop our products/ services, grow our business, and to improve the user experience.  Through understanding app usage and how to improve the service and/or Hastee Technology.

Device Data

Identity Data

Contact Data

Transactional Data

Financial Data

Employment Data

 

 

 

 

Troubleshooting

To track issues that might be adversely affecting the operation of the Hastee Technology.

 

 

Legitimate interests:

To enable us to monitor and ensure the proper operation of the Hastee Technology. It is also in our mutual legitimate interest for your User Account to be secure.

To help you in the event you have a problem with your User Account, the EWA App or the submission of a Withdrawal Request or receipt of a payment of a Withdrawal.

Pursuant to contract:

To fulfil our obligations to you under the EWA App User Terms.

Device Data

Identity Data

Contact Data

Employment Data

Changes to our App, the App User Terms, Employee Benefit and Privacy Policy.

Legal Obligations: To notify you of changes to the EWA App, the App User Terms, this Privacy Policy, the Services delivered to your Employer or any change to the Charges for accessing the Employee Benefit.

 

In some situations, we have more than one legal basis for processing your personal data. For example, we may collect information concerning your use of the Hastee Technology to both perform under our contractual obligations to you under the App User Terms and also pursuant to a legitimate business interest in maintaining your information for record keeping purposes. As a result, our collection and processing of your personal data is based, in different contexts, upon different legal bases. Please contact us by using the contact information provided at the end of this Privacy Policy to learn more about the purposes for which we use any specific types of your personal data.

 

HOW WE MAY SHARE YOUR PERSONAL DATA

TABLE 3: The following table describes whom we share your personal data with, what we share and why we share it.

RECIPIENTS

CATEGORIES OF PERSONAL DATA SHARED

REASON SHARED

Your Employer(s)

Transaction Data

Identity Data

We share, with your Employer:

i) at the end of each payroll period, details of the consolidated Withdrawals , discounts and savings allocations you have received from us on your Employer’s behalf and any associated Charges during that payroll period (using your first name, last name and payroll or worker identification number to identify you) to enable your Employer to make the appropriate deductions from your pay at the end of each pay period; and

ii) aggregated use data, so that your Employer may see, at any time, statistics concerning use of the EWA App across their worker base who have registered an account with the Hastee, such as categorising the number of Withdrawals by any data demographic that you have provided pursuant to this Privacy Policy.

Zellis UK Limited and/or other relevant Zellis affiliate (where the Zellis-led model applies)

Identity Data

Contact Data

Financial Data

Transaction Data

Employment Data

Usage Data

Device Data

Aggregate Data

Location Data

Camera Data

Where you access the EWA App via the Zellis platform, we may share personal data with Zellis to enable Zellis (as controller) to provide the Employee Benefits through the Zellis platform, including administering your access, calculating and determining the amount of any advance/withdrawal made available to you, facilitating Withdrawal Requests and payments, maintaining transaction records, and supporting security and fraud prevention.

Service Providers

Identity Data

Contact Data

Financial Data

Employment Data

Transaction Data

Device Data

Aggregate Data

Usage Data

So that survey, hosting, analytics, search engine and other technical assistance providers can assist us in the improvement and optimisation of the Hastee Technology and the provision of Services to your Employer.

Survey companies are only permitted to use your personal data to request a review from you in the context of your use of the EWA App. They may not use it for any other purpose.

Our IT service providers provide us with software development, business analyst and system administration services.

So that third-party providers of products within the Employee Benefit, such as bespoke financial education and financial health check-ups (provided via Nudge) may provide you with content tailored to your individual circumstances.

If you choose to check your eligibility for government grants and benefits, we will share the information you enter into that section with Investment Solver Ltd (“InBest”) who will use this information to calculate any grants and/or benefits for which you may be eligible. By selecting yes, you consent to the sharing of your personal information with InBest for this purpose. Please note that InBest privacy policy also applies to the use of your personal information by them. You can read the InBest’s privacy policy here.

We may use technology service providers to support the AI Financial Assistant feature.  Users should not include personal data in prompts or messages.  If personal data is included, it will be processed only to the extent necessary to provide the feature, maintain security and prevent misuse, and will not be used to train models unless we clearly inform you and have a lawful basis to do so.

Communication Partners

Contact Data

Our third-party partners provide live chat and facilitate communication (like email, chat and phone), in order to provide you with the full functionality of the EWA App.

They may ask for your email and Employer name to provide assistance to you.

Transaction Processing Partners

Identity Data

Contact Data

Financial Data

Transaction Data

So that these third-party partners may process transactions on behalf of the relevant controller

Professional advisers

Identity Data

Contact Data

Transaction Data

Financial Data

Device Data

Usage Data

To our lawyers, bankers, consultants, auditors and providers of banking, legal, insurance and accountancy services if such disclosure is reasonably required to comply with any legal obligation; to enforce any contract entered into with you or your Employer; to protect the rights, property or safety of Hastee or our customers (including by exchanging information with other organisations for the purposes of fraud protection).

 

Zellis Group Companies (including Hastee Group Companies)

Identity Data

Contact Data

Financial Data

Transaction Data

Employment Data

Usage Data

Device Data

Aggregate Data

Location Data

Camera Data

We may share your information with our corporate affiliates and associates (e.g., parent company, sister companies, associated trust entities, subsidiaries, joint ventures, or other companies under common control with Zellis UK Limited). We have a legitimate business interest to share data with the Zellis group as it allows us to better understand the performance of our services and how to offer and improve our product offerings across the Zellis group. It also assists us with finding operational efficiencies (such as financial efficiencies though sharing IT infrastructure), making use of group level software solutions and improving our technological offerings which form an integral part of our service.

Purchaser of Hastee and/or any member of the Hastee Group

Identity Data

Contact Data

Financial Data

Transaction Data

Employment Data

Usage Data

Device Data

Aggregate Data

Location Data

Camera Data

Any entity which purchases all or part of Hastee and/or any member of the Hastee Group, upon completion of which transaction, personal data held by Hastee about its Registered Users will be one of the transferred assets (whether transferred via a business or share sale). We will also share information at the negotiation stage or in a bidding process, as applicable.

We may retain a copy of that information.

Law Enforcement Agencies

Identity Data

Contact Data

Financial Data

Transaction Data

Employment Data

Usage Data

Device Data

Aggregate Data

Location Data

On the basis of the compliance with a legal obligation for example if we are required to disclose information pursuant to regulatory, employment, taxation, criminal, terrorist financing and money laundering law requirements.

Legal, civil or business affairs

Identity Data

Contact Data

Financial Data

Transaction Data

Employment Data

Usage Data

Device Data

Aggregate Data

Location Data

We may disclose information when we believe disclosure is appropriate to comply with the law, to enforce or apply applicable terms and conditions and other agreements, or to protect our rights, property or safety or the rights, property or safety of our affiliates, users, or third parties. For example, we may disclose information in response to subpoenas, arbitration proceedings, warrants, or court orders, or in connection with any legal process, or to comply with relevant laws. We may also share information in order to establish or exercise our rights, to defend against a legal claim, to investigate, prevent, or take action regarding possible illegal activities, suspected fraud, safety of person or property, or a violation of our policies.

 

 

 

 

 

OUR USE OF COOKIES AND OTHER SIMILAR TECHNOLOGIES

What are cookies?

We may collect information using “cookies”. Cookies are small data files stored on the hard drive of your computer or mobile device by a website. We use them to distinguish you from other users of the Hastee Technology and to remember your preferences. This helps us to provide you with a good experience when you use the Hastee Technology and also allows us to improve it. We may use both session cookies (which expire once you close your web browser) and persistent cookies (which stay on your computer or mobile device until you delete them) to provide you with a more personal and interactive experience.

Categories of cookies

The Hastee Technology uses two broad categories of cookies:

  • First party cookies, served directly by us to your computer or mobile device; and
  • Third party cookies, which are served by our partners or service providers.

Type & purposes of cookie use

The Hastee Technology uses the following types of cookies for the purposes set out below:

  • Essential cookies: to provide you with services available through the Hastee Technology to enable you to use some of its features. For example, they allow you to log in to secure areas of the Hastee Technology and help the content of the pages you request to load quickly. Without these cookies, the services that you have asked for cannot be provided, and we only use these cookies to provide you with those services.
  • Functional cookies: to allow the Hastee Technology to remember choices you make when you use the Hastee Technology, such as remembering your language preferences, login details and any aspects of the Hastee Technology which you can customise. The purpose of these cookies is to provide you with a more personal experience and to avoid you having to re-enter your preferences every time you visit the Hastee Technology.
  • Analytics and performance cookies: to collect information about traffic to the Hastee Technology and how it is used. The information gathered via these cookies does not “directly” identify any individual user. However, it may render such visitors “indirectly identifiable”. This is because the information collected is typically linked to a pseudonymous identifier associated with the device you use to access the Hastee Technology. The information collected is aggregated and anonymous. It includes the number of visitors to the Hastee Technology, the websites that referred them, the pages they visited, what time of day they visited it, whether they have visited the Hastee Technology before, and other similar information. We use this information to help operate the Hastee Technology more efficiently, to gather broad demographic information and to monitor the level of activity on the Hastee Technology.
    • We use Google Analytics for this purpose. Google Analytics uses its own cookies. It is only used to improve how the Hastee Technology works. You can find out more information about Google Analytics cookies here:

https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage

  • You can find out more about how Google protects your data here:

www.google.com/analytics/learn/privacy.html

Disabling cookies

You can typically remove or reject cookies via your browser settings. In order to do this, follow the instructions provided by your browser (usually located within the “settings”, “help” “tools” or “edit” facility). Many browsers are set to accept cookies until you change your settings.

If you do not accept our cookies, you may experience some inconvenience in your use of the Hastee Technology. For example, we may not be able to recognise your computer or mobile device and you may need to log in every time you visit the Hastee Technology.

Further information about cookies, including how to see what cookies have been set on your computer or mobile device and how to manage and delete them, visit www.allaboutcookies.org.

You can also prevent the use of Google Analytics relating to your use of the Hastee Technology by downloading and installing the browser plugin available via this link: http://tools.google.com/dlpage/gaoptout?hl=en-GB

Mobile Privacy

Although you do not have to provide your location information to us to use our Hastee Technology, your Employer may require a postcode or geolocation as part of its provision of the Employee Benefit to you and we therefore require it to enable our EWA App to function to deliver the Services to your Employer. For example, where your Employer requires you to check in and check out of a work or job location to prove your physical presence or the time at which you started / ended your work. If you request that we confirm your location or IP address, we may use your geolocation information to do so. Our Hastee Technology may also tell us the region of the world in which you are located when you use the Hastee Technology. If you have questions about location and notification privacy, please contact your mobile service provider or the manufacturer of your device to learn how to adjust your settings.

 

DATA STORAGE AND TRANSFER

For the purposes of this section the following definitions apply:

European Data Protection Laws means applicable laws relating to the processing of personal data and privacy in the European Economic Area, including the GDPR and any applicable guidance issued by the relevant supervisory authorities.

GDPR means Regulation (EU) 2016/679 of the European Parliament and the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (as amended from time to time).

UK Data Protection Laws means applicable laws relating to the processing of personal data and privacy in the United Kingdom, including the UK GDPR and the Data Protection Act 2018, and any applicable guidance issued by the UK Information Commissioner.

UK GDPR means Regulation (EU) 2016/679 as it forms part of the law of England and Wales, Scotland and Northern Ireland by virtue of section 3 of the European Union (Withdrawal) Act 2018 (as amended).

The personal data that we obtain about you is stored on third party servers. We process such personal data on servers located both within the United Kingdom and outside the United Kingdom, in the European Economic Area. In connection with any transfers of your personal data, we endeavour to ensure that the entities or people to whom we provide personal data hold it subject to appropriate safeguards and controls. Whenever we transfer your personal data:

  1. out of the United Kingdom to countries that have not been deemed to provide an adequate level of protection for personal data by the United Kingdom, we will ensure a similar degree of protection is afforded to it by implementing the following safeguards:
  • Transfers of personal data will only take place where the organisation receiving the personal data has provided us with adequate safeguards and we have put in place a written agreement, in line with the requirements of UK Data Protection Laws for international transfers. We will use the UK International Data Transfer Agreement (“IDTA”) and/or the UK Addendum to the EU Standard Contractual Clauses (as applicable), or another lawful transfer mechanism to give personal data the same protection as it has in the United Kingdom.
  1. out of the EEA to countries that have not been deemed to provide an adequate level of protection for personal data by the European Commission, we will ensure a similar degree of protection is afforded to it by implementing the following safeguards:
  • Transfers of personal data will only take place where the organization receiving the personal data has provided us with adequate safeguards and where we have put in place a written agreement, in line with the requirements of European Data Protection Laws for international transfers. We use the EU Standard Contractual Clauses (and, where required, supplementary measures), which give personal data the same protection it has in the EEA. For further details, see European Commission: Model contracts for the transfer of personal data to third countries.
  • Where transfers are made to the United States, we may rely on the UK Extension to the EU-US Data Privacy Framework (“UK-US Data Bridge”) or other lawful transfer mechanism.

 

KEEPING YOUR PERSONAL DATA SECURE

The transmission of information by the internet is not completely secure. Although we will endeavour to protect your personal data, we cannot guarantee the security of your data transmitted via the EWA App; any transmission is at your own risk. Once we have received your information, we will use security features to try to prevent unauthorised access.

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We limit access to your personal data to those employees and other staff who have a business need to have such access. Where we process personal data on behalf of another controller (for example, in the Zellis-led model), we do so in accordance with that controller’s instructions and applicable security requirements.

 

RETENTION OF YOUR PERSONAL DATA

We will retain your personal data only for as long as necessary for the purposes set out above unless a longer retention period is required by law (e.g. for tax, regulatory or future potential claims purposes). We will retain your information for as long as necessary for the purposes described in this Privacy Policy and in accordance with the following principles:

  • For the duration required pursuant to a legal obligation.
  • For the period required by applicable law and regulations, for the activities relating to the service.
  • For the duration of legal proceedings and the related limitation periods, for processing activities necessary to protect against legal liability and enforce our rights.
  • Where we act as processor on behalf of another controller, retention periods are determined by that controller, and we will delete or return data in line with their instructions.

 

THIRD PARTY LINKS

The Hastee Technology may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates and other third-party websites, plug-ins and applications. Clicking on such third-party links or enabling those connections may allow third parties to collect or share your personal data. We do not control these third-party websites and are not responsible for their privacy statements. We do not accept any liability for these policies or for any personal data that may be collected through these websites or services. Please check these policies before you submit any personal data to these websites or use these services. They will tell you what rights you have in relation to the information they hold about you and how you can exercise them.

Example: if you click on a link to the benefits calculator, this takes you to the website of Investment Solver Limited (t/a Inbest), who will use the data you provide to calculate whether you might be eligible for welfare benefits.

When you leave our platform, we encourage you to read the Privacy Notice of every site you visit.

 

WHAT CHOICES AND RIGHTS YOU HAVE REGARDING YOUR PERSONAL DATA

If your personal data was collected by another party under their privacy policy, we may have to refer you to that party in order to exercise the choices regarding your personal data. If your data was collected by us under this Privacy Policy, you can make the following choices regarding your personal data. In order to exercise any of these rights, you can contact us by using the contact information provided at the end of this Privacy Policy.

It is important to note that some of the personal data we hold relates to your employment or engagement with your Employer. Depending on our Employer’s contracting route (see “Who We Are” above), the controller responsible for the personal data may be your Employer, Zellis, or the relevant Hastee Group Company.  Where we process personal data on behalf of another controller and on their instructions, we may ask that you contact them directly or we will contact them for instructions in relation to any request you make for that data and they may either respond to you directly or ask us to respond on their behalf. In such circumstances, it will be the relevant controller’s obligation to comply with your request, although we will assist as required.

 

  • Access to Your Personal Data: You may request access to your personal data by contacting us using the contact information provided at the end of this Privacy Policy. If permitted, and required by law, we will grant you reasonable access to the data that we have about you.
  • Changes to Your Personal Data: We rely on you to update and correct your personal data. Note that we may keep historical personal data in our backup files as permitted by law. If our services do not permit you to update or correct certain personal data, please contact us by using the contact information provided at the end of this Privacy Policy.
  • Deletion of Your Personal Data: Typically, we retain your personal data for the period necessary to fulfil the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. You may, however, request information about how long we keep a specific type of personal data, or request that we delete your personal data by contacting us using the contact information provided at the end of this Privacy Policy. If permitted by law, we may grant a request to delete personal data, but you should note that in many situations we are required to keep your personal data to comply with our legal obligations, resolve disputes, enforce our agreements, or for another one of our business purposes. If we grant your request to delete your personal data, you should note that in many situations we may no longer be able to provide you with access to the functionality and services of the Hastee Technology (or certain features of it).
  • Objection to Certain Processing: You may object to our use of your personal data where we rely on legitimate interests as our lawful basis (and you may object at any time to direct marketing) by contacting us using the contact information provided at the end of this Privacy Policy.
    • Marketing: When we send you promotional emails, push notifications and/or in-app notifications (“Promotional Content”) based on your consent or as permitted by applicable laws, you have the right to unsubscribe or amend your in-app preferences accordingly. You also have the ability to unsubscribe to Promotional Content by following the unsubscribe instructions in e-mails. Please allow us up to 10 business days to implement your request to unsubscribe. Note that even if you decide to opt out of receiving Promotional Content, we may still send you service-related communications.
    • Important Notices and Transactional E-mails: From time to time we may send to your email address non-commercial electronic email messages with important information about us, the Hastee Technology and/or the Employee Benefit (“Transactional Emails”). Please note that even if you decide not to receive Promotional Content, we will still send you Transactional Emails.
    • Mobile: We may distribute text messages to your mobile device. You may opt out of receiving text via the texts you receive.
  • Revocation of Consent: Where we rely on consent as our lawful basis for processing, if you revoke your consent for the processing of your personal data, then we may no longer be able to provide you with access to the functionality and services of the Hastee Technology. In some cases, we may limit or deny your request to revoke consent if the law permits or requires us to do so, or if we are unable to adequately verify your identity. You may revoke consent to processing (where such processing is based upon consent) by contacting us using the contact information provided at the end of this Privacy Policy.

If you would like to exercise any of the rights described above, please contact us by emailing: dpo@zellis.com.

We may need to request specific information from you to help us confirm your identity and verify your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response. We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or in the event you have made a number of requests.  In that case, we may extend the time to respond by up to a further two months, but we will notify you within one month of receiving your request and explain why an extension is necessary.

If you feel that your complaint has not been adequately resolved, please note that you have the right to contact the Information Commissioner’s Office (“ICO”), the UK supervisory authority for data protection issues. Please see https://ico.org.uk/make-a-complaint/ for information on how to do this.

CHANGES TO THE PRIVACY POLICY AND YOUR DUTY TO NOTIFY US OF CHANGES

We may change this Privacy Policy and our information collection, use, and sharing practices over time. To the extent that our Privacy Policy changes in a material way, we will notify you of such changes in accordance with applicable data protection law requirements.

 

HASTEE GROUP COMPANIES

  • Hastee Technologies HR Ltd, a company incorporated in England with company number 14155527 and of registered office 740 Waterside Drive Aztec West, Almondsbury, Bristol, England.
  • Hastee Benefits Ltd, a company incorporated in England with company number 11624447, of registered office 740 Waterside Drive Aztec West, Almondsbury, Bristol, England.
  • Hastee Europe S.L., a company registered in Spain with NIF B-67.374.504 at Plaça Pau Vila n.º 1, 2 A, Barcelona, Spain.

 

REGISTRATION DETAILS

  • Our registration with the UK Information Commissioners Register of Fee Payers can be found under registration number ZB340716 (Hastee Technologies HR Ltd) and ZA773532 (Hastee Benefits Ltd).

 

HOW TO CONTACT US

Our address for all queries in relation to this policy is: 740 Waterside Drive Aztec West, Almondsbury, Bristol, England.

You can contact our Data Protection Officer, or ask us any questions, comments and requests regarding this Privacy Policy or your personal data by emailing: dpo@zellis.com.