Privacy Policy

1. Who we are and what this is

This privacy policy is issued by Method Apps Limited (company number 11235998) (“we”, “us” or “our”). We take the privacy of your personal information very seriously and are committed to protecting it.

Please read this privacy policy carefully as it will inform you as to who we are, how and why we collect and process your personal data through your use of this website or when you engage with us to purchase our services on behalf of one of our customer organisations, and tells you about your privacy rights and how the law protects you.

We are a controller of your personal data for these purposes and are responsible for ensuring that your personal data is properly protected. When we collect and process personal information about you we are subject to the UK General Data Protection Regulation (UK GDPR).

When we provide the Method Grid platform to our customers we are acting as a processor on behalf of our customers, who are each a controller. If you require information about how we process your personal data in connection with the Method Grid platform, you should consult the privacy notice information provided by the organisation that has granted you access to the platform.

This website is not intended for children and we do not knowingly collect data relating to children.

2. The data we collect about you

Depending on why you engage with us, we may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:

  • Identity Data – full name and title.
  • Contact Data – postal address, email address and telephone number(s).
  • Financial Data – any personal bank account or payment card details.
  • Transaction Data – details about payments to and from you and other details of products and/or services you have purchased from us.
  • Technical Data – internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.
  • Usage Data – data about how you use our website, products and services, feedback and survey responses.
  • Marketing and Communications Data – your preferences in receiving marketing from us and our third parties and your communication preferences.

We also collect, use and share Aggregated Data such as statistical data, for any purpose. Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the
percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy.

We do not routinely collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any
information about criminal convictions and offences.

Where we need to collect personal data by law, or under the terms of a contract we have with you, and you do not provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with products or services).

3. How is your personal data collected?

We use different ways to collect data from and about you including through:

  • Direct interactions. You may give us your personal data when you access our website, register with us, contact us, send us feedback, subscribe to our marketing materials, purchase products or services from us or complete customer surveys.
  • Automated technologies or interactions. As you interact with our website, we will automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies and other similar technologies. Please see our cookie policy for further details.
  • Third parties or publicly available sources. We will receive personal data about you from various third party and public sources as set out below:
  • Technical Data from the following parties:
    1. Analytics providers (such as Hubspot, Yahoo and Microsoft (Bing and MSN))
    2. Advertising networks (such as Google Remarketing)
  • Identity and Contact Data from publicly available sources (such as Companies House and LinkedIn).

4. How we use your personal data

Under data protection law, we can only use your personal data if we have a lawful basis for doing so, which includes:

  • Legitimate interests: where we need to use your personal data for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
  • Legal obligation: where we need to we need to use your personal data to comply with a legal obligation (not including contractual obligations).
  • Consent: where you have given us clear consent for us to process your personal data for a specific purpose.

We have set out below, in a table format, a description of how we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.

Purpose/Activity

Type of data

Lawful basis for processing including basis of legitimate interest

To register your organisation as a new customer

(a) Identity

(b) Contact

Necessary for ours and a third party’s legitimate interests (to set up and manage our customer relationships )

To provide products and/or services to your organisation including:

(a) Manage payments, fees and charges with your organisation

(b) Collect and recover money owed to us from your organisation

(a) Identity

(b) Contact

(c) Financial

(d) Transaction

Necessary for our legitimate interests (to recover debts due to us)

To manage our relationship with you which will include:

(a) Notifying you about changes to our products and/or services, terms or privacy policy

(b) Asking you to leave a review, take a survey or for other market research purposes

(a) Identity

(b) Contact

(c) Usage

(d) Marketing and Communications

(a) Necessary to comply with a legal obligation

(b) Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services)

To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)

(a) Identity

(b) Contact

(c) Technical

(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)

(b) Necessary to comply with a legal obligation

To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you

(a) Identity

(b) Contact

(c) Usage

(d) Marketing and Communications

(e) Technical

(a) Consent

OR

(b) Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy)

To use data analytics to improve our website, products/services, marketing, customer relationships and experiences

(a) Technical

(b) Usage

Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)

To make suggestions and recommendations to you about goods or services that may be of interest to you

(a) Identity

(b) Contact

(c) Technical

(d) Usage

(e) Marketing and Communications

Necessary for our legitimate interests (to develop our products/services and grow our business)

 

5. Disclosures of your personal data

We routinely share your personal data with the parties set out below for the purposes set out in the table above.

  • Third parties we use to help provide our products and/or services to you, such as Stripe and Chargebee our payment and billing service providers.
  • Other third parties we use to help us run our business, such as Hubspot our contract management and CRM tool, Xero our accounting software and our marketing advisory partners from time to time.

We only allow our service providers to handle your personal data if we are satisfied they take appropriate measures to protect your personal data.

We may disclose your personal data to law enforcement agencies and regulatory bodies where we need to do so according to the law or regulations.

We may also need to share some personal data with other parties during a corporate re-structuring or third parties to whom we may choose to sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. Usually, data will be anonymised but this may not always be possible. The recipient of the data will be bound by confidentiality obligations.

6. Cookies and other tracking technologies

We use cookies on our website. A cookie is a small text file which is placed onto your device (e.g. computer, smartphone or other electronic device) when you use our website. Cookies help us recognise you and your device and store some information about your preferences or past actions.

For more information about the cookies we use, when we ask for your consent before placing them and how to disable them, please see our cookie policy

7. Marketing

We will only send you marketing communications if it is in our legitimate interests to send them (such as business-to-business marketing). We will never sell your personal data to a third party for marketing purposes.

You can ask us to stop sending you marketing messages at any time by:

  • following the opt-out links on any marketing message sent to you; or
  • contacting us.

Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of a product/service purchase, our response to queries you have raised or any other communications which are service communications and are not considered a form of marketing communications.

8. Third-party links

This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.

9. International transfers

To provide you with the website, products and/or services, we may need to share your personal data with our trusted third party service providers located outside the UK.

Whenever we transfer your personal data out of the UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  • We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data, such as countries located within the EEA.
  • Where we use certain service providers, we may use specific contracts approved for use in the UK which give personal data the same protection it has in the UK (such as an approved International Data Transfer Agreement or Standard Contractual Clauses).

Non-UK countries do not have the same data protection laws as the United Kingdom. We will, however, ensure that any transfer to third countries complies with data protection law and all personal data will be secure.

Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the UK.

10. Data security

We have appropriate security measures to prevent personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data in an authorised manner and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

11. Data retention

We will only keep your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, for example for the purpose of sending you marketing communications where it is in our legitimate interests to do so, or satisfying any legal, regulatory, tax, accounting or reporting requirements. We may
retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect of our relationship with you. When we no longer need your personal data, we will delete or anonymise it.

If your organisation purchases our products and/or services, we will keep your personal data while we are providing those products and/or services. Thereafter we will keep your personal data for as long as is necessary:

  • to respond to any questions, complaints or claims made by you or on your behalf;
  • to show that we treated your organisation fairly; and
  • to keep records required by law.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

You can request further details of retention periods for different aspects of your personal data by contacting us.

12. Your legal rights

You have the following rights, which you can exercise free of charge:

Access

The right to receive a copy of your personal data (the right of access)

Rectification

The right to make us to correct any mistakes in your personal data

To be forgotten

The right to make us delete your personal data—in certain situations

Restriction of processing

The right to make us restrict processing of your personal data—in certain circumstances, e.g. if you contest the
accuracy of the data

Data portability

The right to receive the personal data we hold on you in a structured, commonly used and machine-readable format and/or transmit that data to a third party—in certain situations

To object

The right to object:

—at any time to your personal data being processed for direct marketing (including profiling)

—in certain other situations to our continued processing of your personal data, e.g. processing carried out for the purpose
of our legitimate interests

Not to be subject to automated individual decision making

The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal
effects concerning you or similarly significantly affects you

For further information about your rights please contact us or see the guidance provided by the UK Information Commissioner’s Office (ICO) on individuals’ rights.

If you would like to exercise any of your rights, please:

  • email, call or write to us — see the ‘Contact us’ section at the end of this notice;
  • let us have enough information to identify you e.g. your full name, address and customer or matter reference number);
  • let us have proof of your identity if requested; and
  • let us know which right you want to exercise and the data to which your request relates.

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

13. Contact details

If you have any questions about this privacy policy or the data we hold about you, please contact us in the following ways:

By email: [email protected]

By post: 11 Laura Place, Bath, England, UK, BA2 4BL

14. How to complain

Please contact us if you have any query or concern about our use of your data. We hope we will be able to resolve any issues you may have.

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK regulator for data protection issues (www.ico.org.uk).

15. Changes to the privacy policy

We keep our privacy policy under regular review. This version was last updated on 24 March 2022. If we change our privacy notice from time to time, we will update the details of any changes on our website.