Privacy policy
This privacy policy outlines how we (Made Open) gather and handle your personal information while using our platform.
Our commitments to you include:
- Collecting personal information only to enhance your platform experience.
- Requesting and recording your consent before collecting any personal information.
- Never selling your personal data to third parties.
- Clearly explaining the purpose of collecting personal information, unless it's evident.
- Safeguarding and securely storing your data.
- Respecting your preferences and rights regarding data storage.
- Sending only relevant emails related to your website usage.
- Obtaining your explicit consent before sending any marketing-related emails.
1. Who we are
Made Open is a limited company registered in England and Wales (registration number is 4309700). We are registered with the Information Commissioner’s Office (reg no: Z2818556). Our office address is:
Unit FF26
Health and Wellbeing Innovation Centre
Truro
Cornwall
TR1 3FF
All data captured via this platform is securely stored with Made Open's internet hosting provider Cloud Above Ltd, of:
Unit 1,
1 King Mark House,
Tregunnel Hill,
Newquay,
Cornwall
TR7 1GF
2. What personal data we collect
All the personal data we collect is outlined in the table below:
Data type | What this means |
Identity data |
|
Contact data |
|
Location data | Your neighbourhood (optional) |
Financial data | None |
Marketing data | None |
Activity data |
Date:
General interactions:
Timebank interactions:
|
Technical data |
|
Aggregated data
We gather, use and share "aggregated data" like statistics or demographics. This type of data, while derived from personal data, doesn't reveal your identity and doesn't fall under GDPR's definition of personal data. Any information that can identify you directly or indirectly will be treated as personal data and handled according to our Privacy Policy.
No special categories of personal data
We don't gather any sensitive personal information about you such as race, religion, health details or criminal history.
3. How we use your personal data
We'll only use your personal data for the listed purposes unless we have a good reason that aligns with the original purpose. If we ever need to use it for a different reason, we'll update the Privacy Policy and explain the legal basis for doing so.
What is our “legal basis” for processing your personal data?
We follow the GDPR, which requires a legal basis for using your data. Usually, we rely on:
- Contractual necessity: When we need your data for a contract.
- Legitimate interests: When it's necessary for our interests and yours.
- Compliance with law: When we must follow legal obligations.
- Consent: When you give specific approval.
We typically don't rely on your consent, except for direct marketing communications.
Here is a table showing the legal bases for using your personal data:
Purpose | Categories of personal data involved | Our legal basis for this use of data |
Registering an account | Identity / contact data | Contractual necessity |
Setting up your profile | Identity data | Legitimate interest |
Setting up your Best Match | Activity data | Legitimate interest |
Your activities | Activity / contact data | Legitimate interest |
Your messages | Activity data | Legitimate interest / compliance with law |
Your connections | Activity data | Legitimate interest |
Joining the timebank | Identity data | Legitimate interest |
Member management | Identity / contact / activity data | Contractual necessity / legitimate interest |
Communications | Contact data | Contractual necessity / legitimate interest |
4. Who we share your personal data with
We use your information as described. Third parties get your personal details only with your consent or to protect our business interests. We may share your info in these situations:
- With our employees to enhance the platform's user experience.
- When required by law.
- If we sell our business or assets.
- To establish, exercise or defend legal rights.
- To protect Made Open, our clients or others.
We won't provide or sell your info to third parties, except as mentioned. See the table below for details on who we share your data with, what we share and why.
Who we share data with | What we share | Why we access it |
Made Open Communications Ltd | All data | As the software supplier, Made Open processes data on behalf of their customers. |
Cloud Above Ltd | Technical data | Data from our software is safely stored by our hosting provider, Cloud Above Ltd. |
Mailgun | Contact data | To process important system notifications, like "You have a new connection request". |
Mailchimp | Contact data | To send important website updates and information, such as "We've updated our terms and conditions". |
Google Analytics | Technical data | To use website data to enhance user experience. |
5. How we secure your personal data
We prioritise the security of your data. Your personal information is stored securely on our UK-based servers, which have strong password protection, regular updates, an industry-standard Firewall and authentication processes.
To prevent hacking, we use recognised security measures like password hashing, salting and techniques against SQL injection. However, transmitting data over the Internet isn't entirely secure. While we strive to protect your data, we can't guarantee its security during transmission.
Please keep your password confidential; we won't ask for it unless you're logging in. Don't share your password with others to ensure the security of your account.
6. How long we store your personal data for
We'll keep your personal data only until:
- You delete your account.
- You exercise your right to be forgotten.
- The website is shut down.
Unless the law requires a longer retention period.
7. Your personal data rights
You have the right to:
- Access your personal data, getting a copy and ensuring lawful processing.
- Correct any incomplete or inaccurate personal data we hold about you.
- Request the erasure of your data if there's no good reason for us to process it.
- Object to processing based on Legitimate Interest or for marketing purposes.
- Ask for the suspension of processing if you question accuracy or purpose.
- Receive your personal data in a machine-readable format or transfer it to a third party.
- Withdraw consent, impacting certain platform functionalities, if we rely on your consent for processing. We'll inform you if this affects your access when you withdraw consent.
8. Things to be mindful of
Our children policy:
This platform is meant for users aged 18 and above; we don't knowingly collect data from those under 18.
Third-party personal data:
We don't currently collect personal data from third-parties. If you join a timebank, administrators may check references from third-party sources with your permission. This ensures safer exchanges and an additional safeguarding check.
Third-party links:
Our platform may have links to third-party sites. Clicking on them may allow third parties to collect or share your data. We're not responsible for their privacy policies, so check them when you leave our platform.
Data requirements:
If we need more personal data to comply with the law or our terms, and you don't provide it when requested, we may have to limit your platform use. We'll inform you if this happens.
Marketing preferences:
We don't send marketing messages from third parties. You can adjust your marketing preferences anytime on the platform or through opt-out links in marketing messages. Opting out won't affect personal data provided through platform use.
9. How to exercise your rights
To use any of the rights mentioned earlier, please email .
Accessing your personal data or exercising other rights usually doesn't require a fee. However, if your request is unfounded, repetitive or excessive, we might charge a reasonable fee or refuse to comply. To confirm your identity, we may ask for specific information, ensuring your data is protected. We aim to respond within a month, but if it's complex or we receive multiple requests, it may take longer. We'll keep you informed in such cases.
10. Making a complaint
If you want to complain about this Privacy Policy or how we handle your personal data, please email .
If your complaint isn't resolved to your satisfaction, you can contact your local data protection authority, such as the UK's Information Commissioner's Office, as granted by the GDPR.