This privacy notice outlines our practices regarding the collection and handling of your personal data through your interaction with this site, ensuring we fulfil our obligation for transparency.
Our pledge to you encompasses:
- Gathering your personal information solely to enhance your platform experience.
- Securing your explicit consent prior to collecting any personal information.
- Our promise not to disclose your personal information to external parties.
- Providing clear reasons for requesting your personal information (when not immediately apparent).
- Ensuring the security and confidential storage of your data.
- Honouring your preferences and legal rights concerning the management of your information.
- Committing to send only communications pertinent to your platform usage.
- Guaranteeing that any marketing communications are sent only with your direct agreement.
Hexitime and University of Warwick have established a partnership where Hexitime grants Warwick University, along with their approved and final users, access to Hexitime's software and services.
Under this agreement, it's recognised that the University of Warwick holds all rights regarding the content and data created by users. Meanwhile, Hexitime retains the intellectual property rights for its software, services, and related documentation.
It's acknowledged by both entities that in instances where Hexitime handles personal data on behalf of the University of Warwick's to fulfil their contractual duties, within the scope of data protection laws, the University of Warwick is designated as the data controller, and Hexitime acts as the data processor.
Contact Information
University of Warwick's address:
Warwick Innovation District,
University of Warwick,
Junction Building,
6 University Rd,
Coventry,
CV4 7EQ
Email: innovate@warwick.ac.uk.
Hexitime’s address :
26 Craigton Road
London
SE91QG
Hexitime’s is recognised as a limited company in England (company no. 14578992) and is registered with the ICO for data protection (registration no. ZB553482).
Email hello@hexitime.com.
Data Management
All data collected through this platform is securely hosted by Hexitime's internet service provider, Microsoft Azure, ensuring the safety and integrity of user information.
The personal data we gather is detailed as follows:
| Data type | What this means |
| Identity data |
|
| Contact data |
|
| Location data | Your location (optional) |
| Financial data | Your income range |
| Marketing data | None |
| Activity data | Date:
General interactions:
Platform interactions:
|
| Exchange data | Additional data required to join the timebank: |
| Technical data |
|
Aggregated data
We accumulate and disseminate "aggregated information" like statistical or demographic data. Although derived from your personal data, such aggregated data is not considered personal under GDPR guidelines because it doesn't directly or indirectly disclose your identity.
Any data capable of directly or indirectly identifying you is treated as personal data and handled in line with this Privacy Policy.
Sensitive Personal Data
Certain sensitive personal data categories are collected, including your racial or ethnic background and gender. This collection aids us in evaluating our service impact across different demographics. This data is voluntarily provided by you, not shared with external parties, and is safeguarded. Information pertaining to criminal convictions or offences is not collected.
We commit to using your personal data strictly for the initially specified purposes unless a new need arises that is compatible with our original intent. Should there be a need to process your personal data for a different reason, we'll update our Privacy Policy and clarify the legal justification for such processing.
Understanding Our Legal Grounds for Data Processing:
The GDPR mandates that we must have a valid legal basis to handle your personal data. We typically process your data based on:
- Contractual Necessity: Processing is required to fulfil or prepare to enter into a contract with you.
- Legitimate Interests: We process data for purposes that align with our legitimate organisational interests, provided your rights do not override these interests.
- Compliance with Law: Where we're obliged to adhere to legal or regulatory requirements.
- Consent: With your explicit consent for specific processing activities.
It's important to note that consent isn't our primary basis for processing your data, except when it comes to direct marketing efforts.
Below, you'll find a table that outlines these legal bases in relation to the specific purposes for which we utilise your personal data:
| Purpose | Categories of personal data involved | Why do we do this | Our legal basis for this use of data |
| Registering an account | Identity / contact data | To register you as a member of the platform. To send you platform notifications. To contact you if a need arises. | Contractual necessity |
| Setting up your profile | Identity data | To raise your profile to other users of the platform. | Legitimate interest |
| Your activities | Activity / contact data | To describe your activity in more detail and enable other members or a platform administrator to contact you | Legitimate interest |
| Your messages | Activity data | To let you message other members. To ensure any inappropriate messaging is recorded for safeguarding and legal purposes. | Legitimate interest / compliance with law |
| Your following/followers | Activity data | To let you manage your following/followers. | Legitimate interest |
| Joining the timebank | Identity data | To help the platform administrator determine whether you are eligible to join the exchange. | Legitimate interest |
| Member management | Identity / contact / activity data | To keep our platform and our services operational, safe and secure. To understand and monitor user behaviour. To form a view on what we think you may want or need, or what may be of interest to you. | Contractual necessity / legitimate interest |
Communications | Contact data | To be able to provide technical support. To be able to provide updates about your activity on the website. To share important updates to privacy policies, terms and conditions. To share important information about website changes and updates. To promote activities that you may be interested in. | Contractual necessity / legitmate interest |
We handle your personal data with the utmost confidentiality, sharing it only for specific purposes as detailed here. Third-party sharing occurs under these circumstances:
- To enhance the platform based on feedback from our team.
- Complying with legal obligations.
- During business transitions like sales.
- For legal claims or rights protection.
- Ensuring the safety and security of Hexitime, our users, or the public.
Your personal information remains confidential and is not sold or disclosed to third parties outside these conditions.
Below is an outline of our data-sharing practices, including the recipients, the nature of the data shared, and the purpose for such sharing:
| Who we share data with | What we share | Why we access it |
| Hexitime Ltd and Hexitime CIC | All data | As the supplier of this software, Hexitime processes data on behalf of their customers. |
University of Warwick and their authorised users. | All data | As the customer, University of Warwick are the data controllers |
| Microsoft Azure | Technical data | All data captured via our software service is securely stored with our internet hosting provider Microsoft Azure |
Mailgun Klaviyo Zitadel | Email address Username / Full name | To process relevant system notifications (e.g. "You have a new accept on your offer of X"). |
| Mailchimp | Email address Username / Full name | To send out relevant website updates and information (e.g. "We've updated our terms and conditions"). |
| Google Analytics | IP Address Language setting | To process website use data to help us improve user experience (e.g."10% of users exit the site after X page"). Please note: this data is anonymous and we can't see individual IP address data. |
We prioritise the protection of your data and implement robust measures to keep it secure.
Your personal information is housed on secure servers in the UK, featuring:
- Advanced password protections.
- Routine updates and security patches.
- Standardised firewall protections.
- Authentication processes.
- Audit trails for users.
To safeguard our platform from unauthorised access, we employ recognised security practices like password hashing with salt, defences against SQL injection on all data entry points, and regular security assessments.
However, transmitting data over the internet carries inherent risks. We strive to protect your information, but we cannot fully guarantee its security once sent to our site; this responsibility also lies with you.
Maintaining the confidentiality of your login credentials is crucial. Remember, we will never ask for your password outside of the login process, and sharing your password is strongly discouraged.
We retain your personal data only for as long as necessary, which could be until:
- You choose to delete your account.
- You exercise your right to be forgotten.
- The platform ceases operation.
Extended retention may occur if required by legal obligations.
You're entitled to certain rights regarding your personal data, including:
- Accessing the data we hold about you, ensuring our processing activities are lawful.
- Correcting any data inaccuracies to ensure the completeness of your information.
- Erasing your data upon your request, especially if its continued processing lacks a valid basis.
- Objecting to our processing of your data based on legitimate interests, particularly if your specific situation warrants it, including for direct marketing purposes.
- Restricting data processing in certain scenarios, such as while verifying data accuracy or exploring the grounds for processing.
- Transferring your data to you or a chosen third party in a structured, widely used, and machine-readable format, applicable primarily to information processed automatically based on your consent or contractual necessity
- Withdrawing consent at any time, acknowledging that it may affect your access to certain platform features. We'll inform you if such a situation arises when you withdraw consent.
Child Protection Policy:
Our platform is not designed for children under 16 years old, and we do not intentionally gather data about children in this age group.
Third-Party Data and References:
We do not collect personal data from third-party sources directly. However, for those joining an accelerator or Network Page, administrators may perform reference checks with third-party sources based on the references you provide and with your consent. This is to ensure the safety and integrity of our exchanges and provide an additional layer of security for our community.
External Links:
Our site may feature links to external sites, applications, or plugins. Interacting with these may result in third parties accessing or collecting your data. We advise caution, as we do not oversee these third-party entities and their privacy practices.
Requirement for Additional Personal Data:
If we need more personal data for legal reasons or to uphold our user agreement, and you cannot provide this, it might restrict your platform access. We will inform you if such a situation arises.
Marketing Communications:
We do not send out third-party marketing communications. You have the ability to control your marketing preferences directly within the platform or through opt-out links in any marketing communication from us. Opting out of marketing messages does not affect the processing of personal data provided through platform use
To exercise any data protection rights, reach out to us at hello@hexitime.com. While accessing your personal data is generally free, we might charge a fee or refuse requests that are unfounded or excessive.
For identity verification purposes, we might ask for specific information. This ensures that no unauthorised individual accesses your data. Our goal is to address all valid requests within a month, but more complex or numerous requests could take longer.
Should you have concerns about our privacy practices, please contact us atinnovate@warwick.ac.ukorhello@hexitime.com. If you believe your issue hasn't been resolved satisfactorily, you have the right under GDPR to approach your local data protection regulatory body, such as the UK's Information Commissioner's Office.
