Generally: As a controller established in the United Kingdom, we comply with UK law and specifically with the provisions of the retained version of the General Data Protection Regulation (UK GDPR) and the Data Protection Act.
For EU residents (or other persons located in the EU): If you are a EU resident (or are otherwise located in the EU), the EU-GDPR applies to us regarding the processing of your personal data as well. Hence, we have ensured that we also fully comply with the GDPR you can exercise any data protection rights against us, as you would against a European Company.
1. Identity of the controller
1.1. Identity of the controller
3T Software Labs Limited
Cambridge Business Park
Cambridge CB4 0WZ
Email address: [email protected]
1.2. Designated representative for the EU
The controller, has designated an EU representative in accordance with Article 27 par. 1 GDPR. The EU representative is established in Germany. The contact details of the EU representative are as follows:
3T Software Labs GmbH
Berliner Straße 80-82
Email address: [email protected]
The contact person for all matters concerning the representation of the controller is the managing director Dr. Thomas Zahn.
2. Data processing on our Site
2.1. General use of the Site
Our webserver(s) register(s) all connections to the Site automatically and collects the following technical information about your visit:
- Your IP address;
- the name of the files accessed;
- information about the transmission;
- date and time of the connection;
- the amount of data transmitted;
- the requesting provider;
- the referrer; and
- the web browser/user agent.
We store this data in log files in order to ensure the safety and integrity of our IT-Systems. Additionally, we use your IP address only to enable communication with our Site. Both constitute our legitimate interests of us pursuant to Art. 6 par. 1 lit. f) GDPR/ GDPR UK. We store our log files for 8 weeks.
Our website uses Adobe Typekit to display its fonts. Adobe Typekit is a service provided by the Adobe Systems Software Ireland Limited, 4-6 Riverwalk, City West Business Campus, Saggart D24, Dublin, Ireland. Adobe acts as a processor for us in this regard. When you visit our site, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly. In the course of providing the Typekit service, no cookies are placed or used to provide the fonts. In order to provide the Typekit service, Adobe collects font information that is used to identify the website itself and the associated Typekit account. For more information, please see the Adobe Typekit privacy information page (https://www.adobe.com/de/privacy/policies/typekit.html). The legal basis is Art. 6 par. 1 lit. f) GDPR/ GDPR UK. Adobe processes personal data in countries in the EU for which an adequacy regulation exists as well as in other third countries, for which adobe has concluded standard contractual clauses. For these purposes Adobe has concluded standard contractual clauses that suffice the EU as well as the UK standards. You can find more information under: https://www.adobe.com/content/dam/cc/uk/legal/terms/enterprise/pdfs/DPA-Sample-EU-uk_FX2.pdf and an example of the UK standard contractual clauses under: https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/international-data-transfer-agreement-and-guidance/ and the EU standard contractual clauses under https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en respectively.
2.2. Buying a license
On our website you can purchase licenses for our software. We will then collect and process your:
- First name
- Last name
- Email address
- Telephone number
- A billing address
to process your order and the performance of the contract concluded. We support different payment methods provided by our payment provider fast spring, for example Credit Card, Paypal and Amazon pay. We will transfer certain information about the transaction to fast spring in order to facilitate your payment, especially the amount due. Fast spring will inform us if the payment has been successful or not. Fast spring might also collect additional information depending on the chosen method of payment and will inform you about its processing of personal data separately. We will process and store this information for the aforementioned purposes for three years in case it becomes necessary to establish or exercise or defend against legal claims. The legal basis for the processing is Art. 6 par. 1 lit. b) GDPR/ GDPR UK.
Please be aware that we might process personal information for a longer period in your license manager account or due to our legal obligation to retain certain documents.
2.3 Registering for a license manager account
On our site you can register for a license manager account by giving us your email address and a password of your choosing. A license manager account is required if you wish to use our software and your purchased or otherwise obtained licenses within it and to be able to manage your licenses (or the licenses of your company). We will use the information from your account to manage your licenses and to verify if and to what extent you are allowed to use our software. The legal basis for this processing is Art. 6 par. 1 lit. b) GDPR/ UK GDPR.
To authenticate you during the creation or log in, we use the services of Amazon AWS Cognito der Amazon Web Services EMEA Sàrl, Avenue John F. Kennedy 38, 1855 Luxembourg (“AWS”) as a processor. Generally, AWS processes personal data in data centers in Europe, for which an adequacy decision has been adopted. We have also concluded standard contractual clauses with AWS (or AWS with respective sub processors). You can obtain a copy of the standard contractual clauses on the ICO’s website (https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/international-data-transfer-agreement-and-guidance/) and the website of the EU Commission respectively (https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_en).
The account also provides you with the option to assign bought licenses to other users if you bought multiple or multi-user licenses. Licenses are paired with the user’s email addresses, so in order to give a license to another user you have to enter their email address in the license manager. We will then invite the user via email and ask them to claim their license. The processing is based on Art. 6 par. 1 lit. b) and f) GDPR/ UK GDPR. Our legitimate interest in the processing is to provide the licenses to the other persons.
Additionally, we will do license enquiries from time to time, in order to get an overview on the use of our licenses to pursue our legitimate interest to detect and prevent cases of license exploitation or fraud. This processing is based on Art. 6 par. 1 lit. f) GDPR/ UK GDPR.
We store the aforementioned information for as long as you have a license or account with us. At least we will keep the information for 3 years after the end of the year your license expires in order to be able to make or defend ourselves against claims that arise from the use of the license or stand in connection with it in any way.
For certain groups of users, namely Startups, teachers, students, researchers and nonprofits, we offer special discounts on our products. To verify if you are entitled to receive such discount we collect:
If you apply for a Startup discount:
- Your name
- Your company email
- Company name
- Establishment date
- Supporting documents
- Supporting links (if applicable)
If you apply for a teacher, student or researcher discount:
- Email address
- Your role as teacher, student or researcher
- Academic institution
- Supporting documents (official documents verifying your status)
If you apply for a nonprofit discount:
- Email address
- Organization name
- Supporting documents (if applicable)
The legal basis for verifying whether you are entitled to a discount is Art. 6 par. 1 lit. b) GDPR/ UK GDPR. Additionally, we use the data for the purposes described in Section 2.2.
2.5. Legal obligation to retain documents
As a company, we have to comply with certain legal obligations, such as to retain certain documents like business letters or invoices or other documents containing financial relevant information. Such documents may include personal information, for example in case of an invoice the recipient of the invoice. We will store and retain these documents for the time legally necessary and destroy them thereafter together with any personal data contained therein. The legal basis for this processing is Art. 6 par. 1 lit. c) GDPR / UK GDPR in connection with the respective laws. The retention period for tax relevant and financial documents is 6 years.
2.6. Feedback & Support via our Site
We enable you to contact us and ask us for support on our Site. For these purposes we collect your:
- First name
- Last name
- Email address and
- Your message to us
Depending on the topic you request our help for, we may ask you for additional information to help us assist you (like diagnostic logs). We may share this with our product development teams to enable them to reproduce and fix product issues. 3T also maintains a presence on Uservoice, Twitter, Facebook, YouTube, and LinkedIn. We manage your interactions with us using Hootsuite as well as using social media platforms directly. If you send us a message via social media, we may include this in our CRM systems.
The legal basis for these processing is Art. 6 par. 1 lit. f) GDPR/GDPR UK. Our legitimate interest is to answer your questions and fulfill your requests. We store your data for 3 years.
Some of our products also include feedback mechanisms such as live chat. If you’re signed into the product, we’ll see your name and email address when you chat to us. Any information you send to us in the chat session will be shared with our product development and support teams. We store your data for 3 years.
2.7. Registering for Academy 3T
To register for free Academy 3T courses, we ask you to create an account and provide us with your:
- First name
- Last name
- Email address
We also require you to enter a password to access your account information. Please do not disclose your account password to unauthorized people.
We use this data to get insights on your course progression and feedback. Moreover, we use this data to provide course reminders and updates, and inform you of other educational resources that might be of interest to you. The legal basis is Art. 6 par. 1 lit. f) GDPR/GDPR UK. The aforementioned purposes also constitutes our legitimate interests. If you agreed in receiving this information, we store your data until you object. Otherwise, we delete your data after 3 years.
You can opt out of Academy 3T by sending an email to [email protected]. You can opt out of receiving educational emails at any time by clicking the unsubscribe link in these emails, or sending an email to [email protected].
2.8. Newsletters and drip campaigns
If you subscribe to our newsletter, we will send your emails with information about our products, onboarding, and use of our software (including educational emails). We also gather statistics around email opening and interaction using industry-standard technologies to analyze the performance or email campaigns. We use data about your interactions with our emails as an indicator of your interest in our products and to send you more appropriate information in the future. We store the data necessary for sending the newsletters until you withdraw your consent or object to the processing.
To send our emails we use processors that carry out the processing on our behalf. These processors are: 3T Software Labs GmbH, Berliner Straße 80-82,13189 Berlin and; HubSpot (see below sec. 10) and Twilio Ireland Limited, a company registered in the Republic of Ireland, whose registered address is 25-28 North Wall Quay, Dublin 1, Ireland. Hence, when you subscribe access our website your information is processed in the European Union and specifically in Germany and Ireland, which are a third country outside of the UK. However, the UK has adopted an adequacy regulation for the EU so that an adequate level of protection for any processing of your personal information is ensured. With Hub Spot Inc. we have concluded Standard Contractual Clauses as appropriate guarantees that ensure an adequate level of protection as well. You may obtain a copy under: https://legal.hubspot.com/dpa.
Depending on how you subscribed the legal basis for the processing is either your informed consent Art. 6 par. 1 lit. a) GDPR/GDPR UK or if you obtained one of our free licenses our legitimate interest to send you such email marketing (Art. 6 par. 1 lit f) GDPR in connection with the UK PECR regulation.
You may withdraw your consent or object to this processing at any time, for example by using the unsubscribe link in one of our emails or sending an email to [email protected].
2.9. About cookies
- Maintain your active session
- Store your preferences
- Track the success of our marketing and advertising campaigns
- Analyze the way people use our websites
- Gather data on how our websites are performing
We provide you with an easy-to-use consent manager to either give or withdraw your consent at any time. You may access it via https://studio3t.com/#cookie-settings
For a detailed information on the analytics, tracking and advertising tools please refer to Section 11.
3. Data processing when you use our Software
3.1 Installing our software and registering for a license
You may download our software for free and without giving us any information about yourself. However, in order to use our software, you need to activate it with a valid license. You can either buy a license (see sec. 2.2) or use our restricted free license. In both cases (as well as for a free, time-limited trial of our software) you have to have or register for a license manager account (see sec. 2.3) though and enter your name during set up. We will process your information to verify if and to what extent you are allowed to use our software. You may also voluntarily enter your telephone number.
If you install our software and use our free license, we will also subscribe you to our newsletter (see section 2.8 above) and use your email address to contact you in the future for customer service and sales purposes, e.g. to inform you about renewal and upgrade options, which also constitutes our legitimate interests (Art. 6 par. 1 lit. f) GDPR/GDPR UK). For more information please refer to section 2.8 above.
3.2. Information sent to us when you use our products
Our products send in certain situations usage and fault reporting information to us. We use this to:
- Measure how many people are using the different versions of our products, and the different features within them.
- Understand the environments in which our products are used (for example, the operating system version, MongoDB Server version, the amount of system memory and screen resolutions)
- Measure the success of our sales and marketing operations
- Guide product development decisions and improve our products
Some of our products allow you to submit error reports if something goes wrong. These contain logs and other diagnostic data, and you can choose to include your contact details and any additional information you think may be useful. Our support and development teams use this data to improve our products. If you choose not to include diagnostic data with an error report, an anonymous record of the type of error which occurred will be sent. This allows us to measure how many of our customers experience errors and prioritize our focus for product development.
The legal basis for this processing is Art. 6 par. 1 lit. f) GDPR/GDPR UK. The aforementioned purposes also constitute our legitimate interests.
4. Applying for a role with us
If you apply for a role at 3T, we will use all the information you provide to assess your application. In most cases this will be at least your name, address, birth date and your cv. If you are unsuccessful in your application, we will remove your data after 6 months.
The legal basis is Art. 6 par. 1 lit. f) GDPR/ GDPR UK. We may ask your permission to keep your details on file in our talent pool on the legal basis of Art. 6 par. 1 lit. a) GDPR/ GDPR UK. We store this data until you withdraw your consent.
5. Recipients of personal data and transfers to third countries outside of the UK (or EU)
Internally, we process your personal data in the relevant department. Externally, we use selected third parties to help us process data, which helps us deliver our products and services to you. Specifically, we use service providers to run our online shop, to send you emails, to provide you with the Site’s “Feedback & Support” tool and generally, to give you access to our site. If you ask for assistance, support or other services, your data may be processed by affiliated companies, which will provide the services directly to you.
We do not sell any data regarding your use of our products or services except as part of a reorganization or a sale of the assets of 3T. In such case, we will ensure that your privacy continues to be protected.
For any processing described under section 2 and 3, we use to different extents the 3T Software Labs GmbH, Berliner Straße 80-82,13189 Berlin as a data processor on our behalf. Hence, when you access our website, use our software or subscribe to a newsletter, your information is processed in the European Union and specifically in Germany, which is a third country outside of the UK. However, the UK has adopted an adequacy regulation for the EU so that an adequate level of protection for any processing of your personal information is ensured.
To the extent that there is no adequacy regulation (Art. 46 UK GDPR) or adequacy decision (Art. 46 GDPR) for the transfer of data from the European Economic Area, or the United Kingdom respectively, we have concluded the UK and EU standard contractual clauses with these providers. You can obtain a copy of the standard contractual clauses on the ICO’s website (https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/international-data-transfer-agreement-and-guidance/) and the website of the EU Commission respectively (https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_en).
6. Your rights
If the respective requirements are met, the GDPR/ GDPR UK grants you certain rights as a data subject.
– Art. 15 GDPR/ GDPR UK – Right of access: You shall have the right to obtain from us confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data and certain information.
– Art. 16 GDPR/ GDPR UK – Right to rectification: You shall have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
– Art. 17 GDPR / GDPR UK – Right to erasure: You shall have the right to obtain from us the erasure of personal data concerning you without undue delay.
– Art. 18 GDPR/ GDPR UK – Right to restriction of processing: You shall have the right to obtain from us the restriction of processing.
– Art. 20 GDPR/ GDPR UK – Right to data portability: You shall have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and you shall have the right to transmit those data to another controller without hindrance from us. You shall also have the right to have the personal data transmitted directly from us to another controller, where technically feasible.
– Art. 21 GDPR/ GDPR UK – Right to object: You shall have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you, which is based on legitimate interests or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
In such a case, we shall no longer process the personal data unless we demonstrate compelling legitimate grounds for the processing, which override your interests, rights and freedoms or where the processing is necessary for the establishment, exercise or defence of legal claims.
Where personal data are processed for direct marketing purposes, the you shall have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
– Art. 77 GDPR – Right to lodge a complaint with a supervisory authority: Without prejudice to any other administrative or judicial remedy, within the territorial scope of the GDPR, you shall have the right to lodge a complaint with a supervisory authority, in particular in the (EU) Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.
– Art. 77 GDPR UK – Right to lodge a complaint with the Commissoner: Without prejudice to any other administrative or judicial remedy, within the territorial scope of the GDPR UK, you shall have to right to lodge a complaint with the Commissioner if you consinder that the processing of personal data relating to you infringes the GDPR UK.
Where the processing is based on your informed consent, you shall have the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal. Therefore, you may send us a message to [email protected].
7. Your obligation to provide us with personal data
You have no statutory or contractual obligation to provide us with any personal data. However, we may not be able to provide you with our services if you decide not to do so.
8. Existence of automated decision-making, including profiling
We do not use automated decision-making, including profiling, which produces legal effects concerning you or similarly significantly affects you.
9. Tools used on our website for analytics, marketing and other purposes
We use several tools and technologies for analytics, marketing and other purposes. These technologies usually store cookies or other information on your device and access such information. Hence, we will only use these technologies with your explicit consent according to PECR or the applicable e-Privacy regulation (such as the German Telekommunikation-Telemedien-Datenschutz-Gesetz – TTDSG).
Accordingly, any processing of personal data is based on your informed consent (Art. 6 par. 1 lit. a) GDPR / UK GDPR).
You can give us or withdraw your consent at any time in our Consent Manager: https://studio3t.com/#cookie-settings
The purpose “Performance” allow us to collect information such as number of visits and sources of traffic. This information is used in aggregate form to help us understand how our websites are being used, allowing us to improve both our website’s performance and your experience. We also may use this information for personalized advertising.
Google Tag Manager:
Google Tag Manager operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, (“Google“) as a processor on our behalf is a solution with which we can manage so-called website tags via an interface and thus integrate other services into our online offer (please refer to further information in this data protection declaration). The Tag Manager itself (which implements the tags) does not create user profiles or store cookies. Google only learns the user’s IP address, which is necessary for the Google Tag Manager to be able to perform its functions.
Generally, any personal data in connection with Google Analytics is processed in the EU and/or UK; however, if that should in exceptional cases not be the case, Google has concluded standard contractual clauses with any recipient in a third country. Please see https://business.safety.google/adsprocessorterms/ for more details.
We use Google Analytics, operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, (“Google“) to collect information about how users use our Site. The information generated by the cookie about your use of the Site will be transmitted to and stored by Google on servers in the United States. As IP-anonymization is activated, your IP address will be anonymized as soon as technically feasible at the earliest possible stage of the collection network. In addition, it will only be partially used within the European Union or just in the European Economic Area if it is used by other parties. Only in exceptional cases, the full IP address will be transferred to a Google server in the United States, and then shortened so it is only partially used there.
Generally, any personal data in connection with Google Analytics is processed in the EU; however, if that should in exceptional cases not be the case, Google has concluded standard contractual clauses with any recipient in a third country. Please see https://business.safety.google/adsprocessorterms/ for more details.
The legal basis for this data processing is your consent in accordance with Art. 6 par. 1 lit. a) GDPR/ GDPR UK.
The collected data is stored for 50 months. Further information on how Google processes personal data is available at: https://policies.google.com/?hl=en.
We use the online marketing tool “Google Ads” to place ads in the Google advertising network (e.g., in search results, in videos, on web pages, etc.) so that they are displayed to users who have a presumed interest in the ads (so-called “conversion”). We also measure the conversion of the ads. However, we only learn the anonymous total number of users who clicked on our ad and were redirected to a page marked with a so-called “conversion tracking tag”. We do not receive any information with which users can be identified. You can find more information under: https://policies.google.com/privacy; and https://privacy.google.com/businesses/adsservices.
We also use enhanced conversions for Google Ads: When you click on our Google ads and subsequently use the advertised service (so-called “conversion”), the data entered by the user, such as the email address, name, residential address or telephone number, may be transmitted to Google. The hash values are then matched with existing Google accounts of the users in order to better evaluate and improve the interaction of the users with the advertisements (e.g. clicks or views) and thus their performance.
We use Bing Ads Universal Event Tracking, a conversion tracking service of the Microsoft Ireland operations Ltd., One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland (“Microsoft”). The service enables us to track your activities, if you accessed our site by clicking on a bing advertisement. For this purpose, Microsoft stores a cookie on your device. By using this cookie, Microsoft and we can see the total number of users that clicked on the ad. This data is stored by Microsoft for 180 days. We have no access to any personal information about you.
We use the “Custom Audiences” pixel of the social network Facebook within our website. So-called tracking pixels are integrated on our pages. When you visit our pages, a direct connection is established between your browser and the Facebook server via the tracking pixel. Facebook thus receives information from your browser that our site has been accessed from your end device. If you are a Facebook user, this enables Facebook to associate your visit to our pages with your user account. Facebook can then measure the performance of content and advertisements, as well as play advertisements on Facebook in a targeted manner. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by Facebook. We can only select which segments of Facebook users (such as age, interests) should be shown our advertisements. We do not use the feature “Facebook Custom Audiences via the customer list”. We do not transmit any customer data to Facebook, in particular no e-mail addresses – neither encrypted nor unencrypted. The “advanced matching” function is deactivated.
We also use the Facebook Conversion API. No cookies or other files are stored on your device or data on your device is accessed. The Conversion API allows us to track how successful our activities are on Facebook. When you reach us via an ad on Facebook, Facebook assigns you an ID and shares this ID with us. If you then submit one of our forms, we in turn transmit this ID to Facebook so that Facebook can determine from which ad you arrived at our site. Of course, the content data of the form is not transmitted. In the end, we only receive anonymous and aggregated statistics on the success of our ads from which we cannot identify individual users. Facebook acts on our behalf within the scope of these activities. The legal basis for the processing in this case is Art. 6 para. 1 lit. f) DSGVO. Our legitimate interest lies in being able to measure the success of our campaigns.
We also use the analysis and conversion tracking technology of the LinkedIn platform. The data processing is carried out by: LinkedIn Ireland, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn places a cookie on your computer, from which information is obtained for the display of advertising. LinkedIn collects information about your use of our site in order to recognise you on LinkedIn and target you with our ads or to track when you have clicked on one of our ads on LinkedIn. LinkedIn also processes your data in the United States of America, among other places. In order to provide suitable guarantees for the transfer, we have concluded standard contractual clauses of the European Union with LinkedIn, which establish an appropriate level of data protection. You can obtain a copy at: https://www.linkedin.com/legal/l/dpa.
On our website, we use services from Quora Inc., 605 Castro Street, Mountain View, CA 94041, USA. Quora.
The purpose “Functional” means that we collect information about your preferences and choices and make using the website a lot easier and more relevant. Without these cookies, some of the site functionality may not work as intended.
We use the services of HubSpot (HubSpot Ireland Ltd., 2nd Floor 30 North Wall Quay, Dublin 1, Ireland, Telefon: +353 1 5187500 “HubSpot”). HubSpot is an integrated software solution that we use to cover different aspects of our online marketing. This includes, among others:
- Email marketing (e.g. marketing and sales emails)
- Contact management (e.g, user segmentation & CRM)
- Customer support (e.g. tickets, customer support emails)
- Reporting (e.g., sources of traffic, access, etc.)
- Contact forms
HubSpot tracks visitors using browser cookies. Every time a visitor lands on our website, HubSpot will check for an existing tracking cookie. If one does not exist, a cookie will be associated with that visitor and will log every page that person visits moving forward. Visitors will be tracked anonymously. If a visitor fills out a form, HubSpot will associate their previous page views based on the tracking cookie. Visitors will be tracked anonymously even before they become contacts. We use this data to analyze and improve our website and services in order to make them more appealing to you.
Insofar as data is processed outside the EU/EEA or the UK and there is no level of data protection corresponding to the European or the UK standard, we have concluded EU standard contractual clauses (and the “EU SCCs UK Amendment”) with the service provider to establish an adequate level of data protection.
9.3 Social Media
For the purpose Social media we share user behaviour information with a third-party social media platform. They may consequently effect how social media sites present you with information in the future.
10. Questions about data privacy
If you have any questions regarding this policy, or wish to make a complaint about the way we’ve handled your personal information, contact [email protected].
We encourage the responsible disclosure of security issues, and will act quickly on any vulnerabilities reported. We will not take legal action against you if you:
- Provide us with the information needed to reproduce and validate the vulnerability
- Avoid violating the privacy of our customers, staff and other users
- Avoid the destruction of data, or degradation of our services
- Do not modify or access data that is not your own
- Give us a reasonable time to address the issue before making any information public