Privacy Policy
1. INTRODUCTION
This Privacy Policy explains how Openbook Analytics Ltd. (“we”, “us”, or “our”) collects, uses, and protects your personal data when you visit our website, use our services, or interact with us in any capacity. We are committed to protecting your privacy and ensuring your personal data is handled in a transparent, lawful, and secure manner, in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR) and other relevant legislation.
This Privacy Policy applies to Openbook Analytics Ltd. and all products, services, and platforms offered by us, including but not limited to our website, mobile applications, and any related tools or features. This document outlines how we collect, process, store, and share your personal data, as well as your rights regarding this data.
Our services are intended for users who are at least 18 years old. By using this service, you represent and warrant that you are 18 years of age or older.
2. THE DATA WE COLLECT ABOUT YOU
We collect and process the following types of personal data about you to provide, improve, and secure our services, as well as to comply with legal obligations. The data we collect may include:
- Contact Information: This includes, but is not limited to, your name, email address, phone number, and any other contact details you provide to us (e.g., postal address or social media handles). This information is used to communicate with you, manage your account, and respond to your requests.
- Account Information: This includes, but is not limited to, your username, password, profile picture, and account settings. We also collect preferences related to your account (e.g., language, notification settings, or customization options) to tailor your experience.
- Interaction Data: This includes, but is not limited to, your responses to surveys, feedback forms, customer support interactions, and any other communication or engagement with our team. This data helps us improve our services and address your needs effectively.
- Usage Data: This includes, but is not limited to, information about how you interact with our website or services, such as pages visited, time spent on the site, features used, and any actions taken (e.g., downloads, purchases, or clicks). This data is used to enhance user experience and optimize our services.
- Device and Technical Information: This includes, but is not limited to, your IP address, browser type, operating system, device type, and other technical details. This information is collected automatically to ensure our services function properly and to detect or prevent security threats.
We do not knowingly collect personal information from individuals under the age of 18. If we become aware of such data being collected, we will take steps to comply with applicable laws and regulations.
2.1 HOW WE COLLECT THIS DATA
We collect your personal data when you interact with us through our website, mobile applications, or in person at events, meetings, or other interactions. This data may be collected directly from you or automatically through our systems, depending on the context of your engagement. Below are the primary ways we collect personal data:
- Directly from you: When you provide information voluntarily, such as through contact forms, account registration, surveys, or during customer support interactions. This includes details like your name, email address, phone number, and other information you choose to share.
- Automatically through our systems: When you visit our website or use our services, we may collect technical data such as your IP address, device type, browser type, operating system, and browsing behavior (e.g., pages visited, time spent, or clicks). This is often done through cookies, web beacons, or similar technologies, which help us improve our services and user experience.
- From third-party sources: In some cases, we may receive your data from trusted third parties, such as partners, service providers, or other entities, provided we have a legal basis for doing so (e.g., with your consent or to fulfill a contractual obligation).
- In person: During events, meetings, or other face-to-face interactions, we may collect your personal data (e.g., name, contact details, or preferences) to facilitate the interaction or provide requested services.
2.2 EMAIL TRACKING
We may collect and use information regarding whether a user has opened an email sent by us, including but not limited to the recipient's email address, the date and time of email opening, and the device or IP address associated with the action. This information is collected through standard email tracking technologies, such as pixel tags or links embedded in emails, and is used solely to improve our communication effectiveness, analyze user engagement, and provide a more tailored user experience.
3. HOW WE PROCESS YOUR PERSONAL DATA
We process your personal data only for the specific purposes outlined below, and always in compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR). The processing of your data is lawful, transparent, and limited to what is necessary for the purpose(s) for which it was collected. Below is a summary of the purposes for which we may process your personal data, along with the legal basis for each:
| Purpose | Description | GDPR Basis |
|---|---|---|
| Service Provision | To provide and manage our services, including account creation, maintenance, and customer support. This includes processing data to fulfill service requests, troubleshoot issues, and ensure your experience is seamless. | Performance of a contract (e.g., to deliver the services you have requested). |
| Communication | To contact you about your account, updates, service-related information, and promotional content (where permitted by law). This includes sending emails, push notifications, or other messages. | Legitimate interests (e.g., to keep you informed of relevant services, improve engagement, or maintain a relationship). |
| Analytics and Improvements | To analyze how you interact with our services (e.g., website traffic, user behavior, or feedback) to improve our offerings, user experience, and operational efficiency. | Legitimate interests (e.g., to enhance service quality and user experience). |
| Legal Compliance | To comply with legal obligations, such as responding to court orders, law enforcement requests, or other legal requirements. | Legal obligation (e.g., to adhere to applicable laws or regulations). |
We do not process any special categories of personal data (e.g., racial or ethnic origin, political opinions, religious beliefs, health data, or biometric data) unless explicitly required by law or with your explicit consent. In such cases, we will ensure such processing is necessary, proportionate, and subject to additional safeguards.
3.1 THIRD-PARTY DISCLOSURES
We may share your personal data with third-party service providers, contractors, or partners who assist us in operating, improving, or providing our services. These third parties may process your data for specific purposes, such as hosting services, payment processing, analytics, marketing, or customer support. We only share data with third parties that have agreed to protect your information in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR), and we require them to maintain confidentiality and security standards comparable to our own.
We do not endorse, recommend, or guarantee the services, products, or practices of any third-party provider unless explicitly stated in writing. For example, if we partner with a third party for a specific service, we will clearly disclose the nature of the partnership and any limitations of our involvement. If you are directed to a third-party website, app, or service via our platform (e.g., through affiliate links or partnerships), we are not responsible for the privacy practices or data handling of those third parties.
If you wish to request a list of third parties with whom we share your data, or to understand how your data is used by these parties, please contact us using the details in the "Contact Us" section. We will provide this information promptly, subject to any legal restrictions or confidentiality obligations.
In all cases, we ensure that any disclosure of your personal data is limited to what is necessary for the specific purpose and is carried out in compliance with our Privacy Policy and applicable laws.
3.2 INTERNATIONAL TRANSFERS
We may transfer your personal data to countries outside of your own, including to the United States. If we do so, we will ensure that appropriate safeguards are in place to protect your personal data. We aim to ensure your data is protected by holding your data within countries countries or territories are covered by adequacy regulations, provided by the ICO https://ico.org.uk In the case of transfering your data outside a country or territory covered by adequacy regulations, we will maintain data protection though contractual clauses or other legal and appropriate mechanisms.4. SECURITY OF YOUR DATA
We take the security of your personal data seriously and implement appropriate technical and organizational measures to protect it from unauthorized access, disclosure, alteration, or destruction. These measures include encryption of data both at rest and in transit, secure access controls, regular system audits, and strict internal policies to ensure data is handled responsibly. We only retain your data for as long as necessary to fulfill the purpose for which it was collected, in accordance with our Data Retention Policy.
We may share your data with trusted third-party service providers who assist us in operating our services. These providers are contractually obligated to protect your data and comply with applicable data protection laws, including the General Data Protection Regulation (GDPR). Below is a list of the third-party providers we currently use:
- Google Cloud Platform – We use Google Cloud Platform to host our services and store your data securely. Google Cloud Platform is GDPR-compliant and adheres to strict data protection standards. We ensure that all data shared with them is encrypted and subject to contractual safeguards to prevent misuse.
- Mailgun – We use Mailgun to send emails, including account-related notifications and marketing communications. Mailgun is GDPR-compliant and implements robust security measures to protect user data. We only share data necessary for the specific purpose of email delivery and ensure it is handled in accordance with our privacy commitments.
We regularly review and update our security protocols to address emerging threats and ensure compliance with evolving regulatory standards. You also have the right to request access to, correction of, or deletion of your personal data at any time, as outlined in our Privacy Policy.
4.1 DATA RETENTION
We will retain your personal data only for as long as is necessary to fulfill the purpose(s) for which it was collected, including but not limited to providing services, fulfilling legal obligations, and maintaining accurate records. The specific retention period depends on the nature of the data and the purpose for which it is processed. For example, data collected for account management may be retained while your account remains active, whereas data used for legal or compliance purposes may be retained for the duration required by applicable laws (e.g., tax, audit, or regulatory requirements).
Where retention is not required by law or for a legitimate purpose, we will securely delete or anonymize your personal data as soon as it is no longer needed. We review our data retention policies regularly to ensure they align with legal requirements.
In cases where data is retained for security or fraud prevention purposes (e.g., to detect or prevent malicious activity), we will ensure such retention is proportionate, necessary, and limited to the specific purpose. We will not retain data for longer than required to address the threat or comply with legal obligations.
4.2 DATA SECURITY
We take the security of your personal data seriously and implement appropriate technical and organizational measures to protect it against unauthorized access, loss, misuse, or disclosure. These measures include, but are not limited to:
- Encryption: All personal data is encrypted both at rest and in transit using industry-standard protocols (e.g., SSL/TLS) to ensure confidentiality.
- Access Controls: We restrict access to personal data to authorized personnel only, using role-based access and multi-factor authentication where necessary.
- Secure Hosting: Data is stored on secure servers or cloud platforms (e.g., Google Cloud Platform) that comply with GDPR and other data protection standards.
- Incident Response: In the event of a security breach, we will notify you and the relevant data protection authority within 72 hours, as required by GDPR, and take immediate steps to mitigate harm (e.g., patching vulnerabilities or isolating affected systems).
We also ensure that third-party service providers we work with adhere to strict security standards and contractual obligations to safeguard your data. Employees are trained on data protection principles, and we maintain up-to-date incident response plans to address threats effectively.
4.3 DATA BREACH NOTIFICATION
In the event of a data breach that affects your personal data, we will notify you without undue delay, typically within 72 hours of becoming aware of the breach, unless doing so would hinder our efforts to resolve the incident. This notification will include details such as the nature of the breach, the categories of personal data affected, and the likely consequences for affected individuals. We will also outline the steps we are taking to address the breach, mitigate harm (e.g., by securing systems, offering credit monitoring, or contacting affected parties), and prevent similar incidents in the future.
If the breach poses a high risk to your rights and freedoms, we will provide specific guidance on how to protect yourself (e.g., changing passwords, monitoring accounts). Additionally, we will promptly report the breach to the relevant data protection authority, as required by the General Data Protection Regulation (GDPR). We take data security seriously and are committed to continuous improvement in our data protection practices to minimize risks and ensure compliance with legal obligations.
5. YOUR LEGAL RIGHTS
Under the General Data Protection Regulation (GDPR), you have the right to make requests regarding your personal data, and we are committed to complying with these requests in a timely and transparent manner. Upon receiving a request, we will acknowledge it promptly and aim to respond within one month of receipt. If additional time is required to process a complex or multiple request, we will inform you of the extension and provide a new deadline, not exceeding two months from the initial request. We will strive to resolve all legitimate requests within this timeframe, ensuring your rights are upheld efficiently.
If we suspect a request is made in bad faith, for example, to disrupt our services, test our systems, or engage in malicious activity, we may verify the authenticity of the request. This could involve asking for additional information to confirm your identity or assess the legitimacy of the request. In cases where we believe a request is being used to harm our operations or violate laws, we may report such activity to the appropriate authorities or take steps to protect our systems and data. We will always balance compliance with your rights against the need to safeguard our services and prevent abuse.
Our goal is to handle all requests fairly and in accordance with GDPR principles, while maintaining the security and integrity of our systems. If you believe a request has been unreasonably delayed or denied, you may escalate the matter to the relevant data protection authority.
5.1 YOUR LEGAL RIGHTS SUMMARY
You have the following rights regarding your personal data:
| Right | Short Description |
|---|---|
| Right to be informed | You have the right to be informed about the collection and use of your personal data. |
| Right to access | You can request a copy of your personal data held by the controller. |
| Right to rectification | You can correct inaccurate or incomplete personal data. |
| Right to erasure | You can request deletion of your personal data under certain conditions. |
| Right to restrict processing | You can limit how your data is used, e.g., while rectifying inaccuracies. |
| Right to data portability | You can request your data in a structured format to transfer to another controller. |
| Right to object | You can object to processing your data for direct marketing or other purposes. |
| Rights relating to automated decision-making | You can object to decisions made solely by automated means (e.g., profiling). |
These rights are protected under GDPR. For the exercise of your rights, you can contact us using the details provided in the "Contact Us" section below. To view the full text of the GDPR, you can visit the official ICO website: https://ico.org.uk
6. GOVERNING LAW AND DISPUTE RESOLUTION
This Privacy Policy and any disputes arising from its interpretation or enforcement shall be governed by and construed in accordance with the laws of Scotland. Any legal action or proceeding related to this Privacy Policy, including but not limited to disputes concerning data collection, processing, or user rights, shall be exclusively brought in the Courts of Scotland. This includes, without limitation, disputes involving the interpretation of this policy, compliance with data protection laws, or claims related to the handling of personal data.
The company, Openbook Analytics Ltd., is registered in Scotland, and any claims or disputes shall be resolved within the jurisdiction of Glasgow. By accessing or using our services, you agree to the exclusive jurisdiction of the Scottish courts for any disputes.
7. CONTACT US
If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us using the following details:
- Email: contact@openbookanalytics.com
- Postal Address: Graham Hills Building (Level 6), 50 Richmond Street, Glasgow, United Kingdom, G1 1XP
You may also submit a data subject request (e.g., to access, correct, delete, or restrict processing of your data) by contacting us directly. We will respond to your request within [insert number, e.g., 30] business days of receipt, unless the law allows for a longer timeframe. If you believe your data is being processed unlawfully or wish to file a complaint, you may also contact the relevant data protection authority (e.g., the Information Commissioner’s Office in the UK or your local equivalent).
We welcome feedback and are committed to resolving any issues promptly. If you need further assistance or have specific concerns about how your data is handled, please do not hesitate to reach out using the contact details above.
8. CHANGES TO OUR PRIVACY POLICY
We may update this Privacy Policy from time to time to reflect changes in our data practices, legal requirements, or the services we offer. Any updates will be posted on the news section of our website (https://openbookanalytics.com) or communicated to you via email if you have provided consent for such notifications. You are encouraged to review this Privacy Policy periodically to stay informed about how we collect, use, and protect your personal data. Changes to the Privacy Policy will take effect immediately upon posting, and continued use of our services after such changes constitutes your acceptance of the updated terms.