Privacy policy
Last updated: 8th August, 2022
We care about your privacy. This privacy policy details how Consent Kit, Ltd (We, Us) uses any personal data we collect from you when you use app.consentkit.com or visit consentkit.com
What information do we collect?
We collect the following categories of data:
- Visitor Data - anyone who visits consentkit.com
- Customer Data - information about our customers and their employees
- Participant Data - information about the people who our customers are conducting research with
Visitor data
We only collect personally identifiable visitor data when you use any of the in-page sign up forms.
- Scheduling information if you book a demo (Name, email address)
- Sign up for our newsletter, or to access another marketing resource (Name, email address)
We use an analytics tool called Fathom so we can understand our website traffic without using tracking cookies. Fathom respects your privacy and does not use any identifiable information.
Customer data
- Personal identification information (Name, email address, IP address)
- Information about the organisation or institute (Organisation name, logo, billing information)
We collect and process Customer data when you:
- Register online for any of our products or services, including starting a free trial and or booking a demo
- Voluntarily complete a customer survey or provide feedback on our in-app messaging or via email
- Make a support request via our in app chat or by email
- Use or view our services via your browser’s cookies
Participant data
- Personal identification information (First name, email address, IP address)
- Additional Personal Information that you provide to us directly or indirectly through your use of our Service or other integrations from which you permit us to collect information
We only collect and process Participant data when you:
- Add a participant to a research panel within Consent Kit (whatever information you have specified in your import or recruitment survey)
- Add a participant to a project within Consent Kit (first name, email address)
- Add a participant to ask for consent (first name, email address and IP address)
- Respond to an information request, withdraw a Participant from research or delete a Participant’s information
How will we use your information?
Visitor data
We collect Visitor data so that we can:
- Share relevant content with you in relation to our services.
- Enable you to schedule a demo or call with us should you want to.
In order to provide you with a service and manage your account, We will share your Visitor data with our partner companies who help us provide the service (under GDPR these partners are known as Subprocessors).
| Name | Use | Data processed | Processing location | SCC |
|---|---|---|---|---|
|
Userlist
|
Promotional email delivery
|
Name, Email address
|
USA 🇺🇸
|
|
|
Calendly
|
Scheduling
|
Name, email address
|
USA 🇺🇸
|
To protect Visitor data when transferring outside the EU, We have updated SCCs in place with all of our subprocessors.
We do not, and will never sell any data to third parties.
If Visitors have opted in, they may receive marketing emails and product updates directly from and related to Consent Kit. If you have agreed to receive any marketing, you may always opt out at a later date.
You have the right at any time to stop Consent Kit from contacting you for marketing purposes. If you no longer wish to be contacted for marketing purposes, please click here.
Customer data
We collect Customer data so that we can:
- Provide you with a service and manage your account.
- Email you with product updates and information on other products and services we think you might like, unless you opt-out from marketing communications.
In order to provide you with a service and manage your account, We will share your Customer data with our partner companies who help us provide the service (under GDPR these partners are known as Subprocessors).
| Name | Use | Data processed | Processing location | SCC |
|---|---|---|---|---|
|
Heroku
|
Host our application and data stores
Manage SSL |
Application data
|
EU 🇪🇺
USA 🇺🇸 (EU alternative)
|
|
|
AWS
|
CDN and customer logos
|
Files
|
EU 🇪🇺
|
|
|
Postmark
|
Email provider - Application emails
|
Name, Email address
|
USA 🇺🇸
|
|
|
Sparkpost
|
Email provider - Application emails
(EU alternative to Postmark) |
Name, Email address
|
EU 🇪🇺
|
|
|
Stripe
|
Payment processor
|
Payment details
|
UK 🇬🇧
|
|
|
Segment
|
Data management and analytics
|
Name, Email address
|
USA 🇺🇸
|
|
|
Mixpanel
|
Product analytics.
(Data received from Segment) |
See Segment data
|
EU 🇪🇺
|
|
|
Userlist
|
Promotional email delivery
|
Name, Email address
|
USA 🇺🇸
|
|
|
Intercom
|
Customer support.
(Data received from Segment) |
See Segment data
|
USA 🇺🇸
|
|
|
Calendly
|
Scheduling
|
Name, email address
|
USA 🇺🇸
|
To protect Customer data when transferring outside the EU, We have updated SCCs in place with all of our subprocessors.
We do not, and will never sell any data to third parties.
If Customers have opted in, they may receive marketing emails and product updates directly from and related to Consent Kit. If you have agreed to receive any marketing, you may always opt out at a later date.
You have the right at any time to stop Consent Kit from contacting you for marketing purposes. If you no longer wish to be contacted for marketing purposes, please click here.
Participant data
We collect Participant data so that we can:
- Enable you to ask for consent and manage your relationship with the participant
- Enable the Participant to request their information, withdraw from the research and manage their permissions
In order to provide you with a service, We will share your Participant data with our partner companies who help us provide the service (called Subprocessors).
| Name | Use | Data processed | Processing location | SCC |
|---|---|---|---|---|
|
Heroku
|
Host our application and data stores
Manage SSL |
Application data
|
EU 🇪🇺
USA 🇺🇸 (EU alternative)
|
|
|
AWS
|
Secure storage for uploaded consent
|
Files
|
EU 🇪🇺
|
|
|
Postmark
|
Email provider - Application emails
|
Name, Email address
|
USA 🇺🇸
|
|
|
Sparkpost
|
Email provider - Application emails
(EU alternative to Postmark) |
Name, Email address
|
EU 🇪🇺
|
To protect Participant data when transferring outside the EU, We have updated SCCs in place with all of our subprocessors.
We do not and will never sell Participant data to third parties, or market to them in any way.
if you would like all Participant data processed within the EU or the USA.
How do we store your data?
We securely store your data on Heroku. Heroku’s physical infrastructure is hosted and managed within Amazon’s secure data centres and utilise the Amazon Web Service (AWS) technology. Amazon’s data centre operations have been accredited under ISO 27001, SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 Type II), PCI Level 1, FISMA Moderate and Sarbanes-Oxley (SOX). These are the international standards for ensuring best practice data management and security.
All of the data is encrypted at rest using AES256 encryption. Your data in transit traverses the Internet via encrypted HTTPS traffic using TLS v1.2. This encryption during transit ensures information cannot be read or manipulated by unauthorised third parties.
We will keep your Customer and Participant data for as long as you need them. If you decide you no longer need Us to manage your account, we will delete all of your data within 45 days.
What are your rights?
We would like to make sure you are fully aware of all of your data protection rights. Every user is entitled to the following:
- The right to access – You have the right to request copies of your personal data. We may charge you a small fee for this service, in the event of asking for multiple copies
- The right to rectification – You have the right to request that We correct any information you believe is inaccurate. You also have the right to request We to complete the information you believe is incomplete
- The right to erasure – You have the right to request that We erase your personal data, under certain conditions
- The right to restrict processing – You have the right to request that We restrict the processing of your personal data, under certain conditions
- The right to object to processing – You have the right to object to Consent Kit’s processing of your personal data, under certain conditions
- The right to data portability – You have the right to request that We transfer the data that we have collected to another organisation, or directly to you, under certain conditions
If you make a request, we will respond within one month. If you would like to exercise any of these rights, please contact us at our email: support@consentkit.com
Or write to us: Consent Kit, 4A Erlington Avenue, Manchester, M16 0FW, England.
Cookies
Please see our Cookies Policy for information about how we use cookies.
Privacy policies of other platforms
The Consent Kit platform may contain links to other platforms. Our privacy policy applies only to our platform, so if you click on a link to another platform, you should read their privacy policy.
Changes to our privacy policy
Consent Kit keeps its privacy policy under regular review and places any updates on this web page. This privacy policy was last updated on 8th August 2022.
How to contact us
If you have any questions about Consent Kit’s privacy policy, the data we hold on you, or you would like to exercise one of your data protection rights, please do not hesitate to contact us.
Email us at: support@consentkit.com or write to us: Consent Kit, 4A Erlington Avenue, Manchester, M16 0FW, England.
Making a complaint
Should you wish to report a complaint or if you feel that Consent Kit has not addressed your concern in a satisfactory manner, you may contact the Information Commissioner’s Office in the UK.