Privacy Policy

We’re committed to protecting your privacy rights, so we’ve prepared this document (the “Privacy Policy” or “Policy” ) to explain how we will collect and process your data when you use our products and your rights with respect to that data.

If you have any questions or concerns about how we process your information or about this Privacy Policy, you can email us any time at privacy@abstractleap.com.

Definitions

When we say “we”, “our”, or “us”, we are referring to Abstract Leap Ltd.

When we say “Platforms” or “Services” we are referring to the web sites and other services we provide now or in the future that make up the Abstract Leap products, including abstractleap.com, however you access them.

When we say “Data Protection Legislation” we mean all applicable data protection and privacy UK laws and regulations relating to the processing of personal data including, where applicable, the Data Protection Act 2018, the UK General Data Protection Regulations known as “UK GDPR”, and all applicable codes of practice and guidance issued by the Information Commissioner.

When we say “Data Controller” we are referring to the entity that determines the purposes and means of the processing of personal data as defined in the Data Protection legislation.

When we say “Data Processor” we are referring to the entity that processes personal data on behalf of the Data Controller as defined in the Data Protection Legislation.

When we say “personal data” we mean identifiable information about you as defined in the Data Protection Legislation, such as your name, email address, connected information and technical data such your IP address, but this doesn’t include anonymised or aggregated data where you can no longer be identified.

Our relationship with you

This Privacy Policy sets out our obligations as the “Data Controller” with respect to the types of data specified below (the data we collect directly from our customers and users including you) and does not cover information that is being processed on behalf of our customers, where they are the “Data Controller”. Our obligations as their “Data Processor” are set out in our Data Processing Agreement with them and do not form part of this Policy.

From time to time, we may make updates to this Policy. When a change is significant, we’ll do our best to let you know through our Platforms or by sending you an email.

Our promise to you

We are committed to protecting your privacy. We believe in using your personal data to make things simpler and better for you, and we work hard to keep your personal data safe.

We’ll never sell your personal data to third parties, and we'll be clear and open with you about why we collect your personal information and how we use it.

We hope you find this Policy clear and simple, but if you have any questions our team is here to help.

What data we collect and why

Our guiding principle is to collect only what we need. Here’s what that means in practice:

Technical Data: When you use our Services, we may automatically collect technical information about you including your IP address and device type. We use this information to protect the Services from abuse and to provide a safe and reliable Platform.
Contact Data: If you email us with a question, or if you otherwise interact with our online helpdesk, we may keep a record of that correspondence so that we know what’s happened if you reach out in the future. If you volunteer feedback we may use that information without restriction to improve and promote our Services.
Activity Data: We may also collect metadata related to the way you use our Services, including the actions you take on our Platforms, the content you interact with, and information about any errors you experience, so that we can better understand the way you use our Platform, to enhance and improve our Services, and to help us diagnose and fix any bugs.
Aggregated Data: We may also collect, use and share aggregated data such as statistical or demographic data which is not personal data as it does not directly (or indirectly) reveal your identity. For example, we may aggregate Activity Data to calculate the percentage of users accessing a specific feature or to analyse general trends about how people use our Services to improve or promote our Services.

How we may use your information

We use your information to operate our Platforms and Services, to communicate with you, to process transactions with account holders, for security and fraud prevention and to comply with the law.

Specifically, we may process your information to:

Provide, maintain, and protect our Services
Detect and prevent fraud or unauthorized activity
Communicate with you to provide important notices, updates and alerts
Respond to your questions or act on your data at your direction
Provide you with support or get your feedback
Identify, troubleshoot and fix bugs and errors
Understand usage trends and analyse performance
Customise your use of the Services
Further develop and improve our services
Comply in good faith with a valid legal requestor regulatory requirement

How is your personal data collected?

We use different methods to collect data from and about you including through:

Your interactions with us. You may give us your personal data by filling in online forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:
- create an account on one of our Platforms or Services;
- make a sales enquiry or request marketing to be sent to you;
- subscribe to our newsletter;
- enquire about one of our job opportunities;
- give us feedback or contact us.
Automated technologies or interactions. As you interact with our Platforms, we will automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using server logs, application performance management tools and other similar technologies.

Legal Basis

The law requires us to have a legal basis for collecting and using your personal data. We rely on one or more of the following legal bases:

Legitimate interests: We may use your personal data where it is necessary to conduct our business and pursue our legitimate interests, for example to prevent fraud and enable us to give you the best and most secure customer experience. We make sure we consider and balance any potential impact on you and your rights (both positive and negative) before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
Legal obligation: We may use your personal data where it is necessary for compliance with legal obligations. We will identify the relevant legal obligation when we rely on this legal basis.
Consent: We rely on consent only where we have obtained your active agreement to use your personal data for a specified purpose, for example if you subscribe to an email newsletter.

Where we process your personal data

Most information is processed and stored within the UK and the EEA, where our customer service team are based, and where our core technology services are hosted.

Some parts of our Services are delivered by third-party companies that operate globally, and so we make sure that any international data transfers are covered by appropriate safeguards and compliance measures to ensure the standards of protection and security that we expect when processing information in the UK.

Who we share your data with

We may disclose the information we collect about you under the following conditions:

Service providers. We work with select third-party service providers set out in annex A (“Third Parties”) to deliver the Services, including Microsoft who provide the cloud services where we store and process most of our data about you. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions. You can see a list of our Sub-processors in Appendix A.
Account owners. If your use of the Services is in connection with one of our customers’ accounts and we reasonably need to disclose your information to comply with our contractual obligations to them, or if you agree to us sharing your information with them.
Legal obligation. We may disclose your personal data where it is necessary for compliance with our legal, regulatory or safeguarding obligations. We will notify individuals or account holders of the request unless we are prohibited from doing so, or there are exceptional circumstances such as emergency involving the risk of serious harm, or potential harm to children.
Vendors/public institutions. To the extent that this is necessary in order to make use of certain services requiring special expertise (such as legal, accounting or auditing services) we may share personal data with vendors of such services or public institutions that offer them (e.g. courts).
Business transfers If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, purchase or sale of assets, or transition of service to another provider, personal data may be sold or transferred as part of such a transaction, as permitted by law and/or contract.

Data Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

How we retain your data over time

We hold your personal information for as long as we have a legal or business reason to do so, and this might differ depending on the type of data and your use of our services. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you or if we are required to do so by applicable law.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

Your rights to your data

We know your data belongs to you, and you have the right to:

right to be informed: you have the right to be informed about what we do with your personal data.
right of access: you have the right to request a copy of any personal data we hold about you and what we do with it. This is known as a ‘subject access request’.
right to rectification: you have the right to request that any inaccurate personal data we hold is corrected or have incomplete personal information completed
right to erasure: you have the right to request that your personal data is erased. This only applies in certain circumstances
right to restrict processing: you have the right to request that we limit the use of your personal data. This only applies in certain circumstances.
right to data portability: you have the right to move, copy or transfer personal information from one IT system to another in a safe and secure way. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
right to object: you have the right to object to the use of your information, which means that we would have to stop using your personal information. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your right to object.
If your personal data is processed on the basis of consent, you have the right to withdraw consent to the use of your personal data at any time.

In addition, you have the right to lodge a complaint with your respective data protection authority. We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

You can exercise these rights at any time by making a request to our team.

Appendix A: Third Parties

Sub-processor	Description of Processing
Microsoft	Email and office productivity. We use Microsoft services to provide our email and document storage, which may include information that Customers share with us.
RayGun Limited	Error logging and monitoring provider. We use RayGun to understand and manage errors and problems with the Platforms as they arise.
FrontApp, Inc	Helpdesk services provider. We use Front as helpdesk software to communicate with our Customers and users.