Privacy at Retro
Last updated 12th December 2021
We understand the importance of transparent privacy for apps you use at work. This is why this page is as straight-forward as possible, showing you information in a clear manner while also allowing us to stay compliant with the relevant guidelines.
Who we are
This website is operated by Illumi Media, as authorised by the HMRC that encompasses RetroPlan and other sister brands.
We collect, use and are responsible for certain personal information about you. When we do so we are regulated under the General Data Protection Regulation which applies across the European Union and the United Kingdom and we are responsible as ‘processor’ of that personal information for the purposes of those laws.
Website
This privacy policy relates to your use of our website: retroplan.io (and other affiliate domains) only. Throughout our website we may link to other websites owned and operated by certain trusted third parties to provide users with support features and analytics for our website. These other third party websites may also gather information about you in accordance with their own separate privacy policies. For privacy information relating to these other third party websites, please consult their privacy policies as appropriate.
Data
Here is a summary of how data works at Retro:
- Your data is stored on Google Firestore (europe-west1)
- We use the same tech Google uses for authentication
- Access validation is done both on APIs and the Database
- Your user data (such as email) is not accessible by any other user
- Data is encrypted at rest using 8 rounds of SCRYPT
Collection and use of your data
We collect personal information from you either directly, such as when you register with us or contact us or indirectly, such as your browsing activity while on our website (see ‘Cookies’ below), or if such is contained in any of your Notes. The personal information we collect about you depends on the particular activities carried out through our website. This information includes: your name and email address We use this personal information to: create and manage your account with us provide goods and services to you notify you of any changes to our website or to our services that may affect you improve our services This website is not intended for use by children and we do not knowingly collect or use personal information relating to children.
Legal basis for processing your data
When we use your personal information we are required to have a legal basis for doing so.
There are various different legal bases on which we may rely, depending on what personal information we process and why. The legal bases we may rely on include:
- Where you have given us clear consent for us to process your personal information
- Where it is necessary for a contract we have with you
- Where it is is necessary for us to comply with the law
- Where it is is necessary to protect you or someone else’s life
- Where it is is necessary for us to perform a task in the public interest
- Where it is is necessary for our legitimate interests
Who we share your data with
We utilise tools such as Google Analytics, HotJar and Intercom to help us analyse user behaviour and improve our service. Please refer to their respective privacy policies for how they handle your data. In terms of cold, hard storage we utilise Google Firestore in the Europe West (London) region.
Some of these third party recipients may be based outside the United Kingdom and European Economic Area.
Transfer of your data out of the UK and EEA
We may transfer your personal information to the following which are located outside the United Kingdom (UK) and European Economic Area (EEA) as follows: USA in order to utilise the Intercom service which provides our in-tool support feature.
Any transfer of your personal information will be subject to equivalent safeguards as permitted under GDPR Article 46(5) of the General Data Protection Regulation) that are designed to help safeguard your privacy rights and give you remedies in the unlikely event of a misuse of your personal information.
To obtain a copy of such safeguards see here:https://www.intercom.com/help/en/articles/1385437-how-intercom-complies-with-gdpr
See ‘Cookies and other tracking & analytics technologies’ for details of the information submitted to Intercom. You may opt-out of having this information collected or submitted to Intercom; to do so please contact us at [email protected].
If you would like further information please contact us (see ‘How to contact us’ below). We will not otherwise transfer your personal data outside of the UK OR area comprising the UK and EEA or to any organisation (or subordinate bodies) governed by public international law or which is set up under any agreement between two or more countries.
Cookies, tracking and analytics
We only use strictly necessary cookies within our service to maintain a users logged in session. Once this session expires or a user logs out then the cookie is removed. However, RetroPlan does utilise third party analytics tools (see below) and Google, GitHub and Twitter social login integration which also use cookies.
If you would like information on how they use cookies, please refer directly to their websites. Additionally, you can find further information on how third parties and your browser may use cookies here: aboutcookies.org. We use analytics tools to gather user information whilst they use the service.
Marketing
We would like to send you information about products and services, which may be of interest to you.
Where we have your consent or it is in our legitimate interests to do so, we may do this by email. We will only ask whether you would like us to send you marketing messages when you tick the relevant boxes upon or after registration. If you have previously agreed to being contacted in this way, you can unsubscribe at any time by: contacting us at [email protected] or using the ‘unsubscribe’ link in emails.
Your rights
Under the General Data Protection Regulation you have a number of important rights free of charge.
In summary, those include rights to:
- Fair processing of information and transparency over how we use your use personal information
- Access to your personal information and to certain other supplementary information
- Receive the personal information concerning you
- Restrict our processing of your personal information in certain circumstances
- Claim compensation for damages caused by our breach of any data protection laws
Keeping your data secure
We have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way.
We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality. We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so. You can read more about how we keep your personal information secure on our Security page.
How to complain
We hope that we can resolve any query or concern you raise about our use of your information - [email protected]
The General Data Protection Regulation also gives you the right to lodge a complaint with a supervisory authority, in particular in a European Economic Area state or in the United Kingdom if you work, normally live or if any alleged infringement of data protection laws occurred in the relevant state. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns/ or telephone: 0303 123 1113.
Changes to this website privacy policy
This website privacy policy was published on 11th December 2021 and the last updated date can be viewed at the top of the page. We may change this website privacy policy from time to time, when we do we will inform you via a pop up on service entry to reconfirm acceptance to the change in terms and policies.
Getting in touch
Please contact us at [email protected] if you have any questions about this privacy notice or the information we hold about you.