Version 2. Updated 10 September 2019.
Who is responsible for my personal data?
Hello, we’re MAGNEZIUM and the developers of DataKB. As providers of data protection products & services, safeguarding your personal data and respecting your privacy rights is always a top priority in everything we do.
Under the definition of UK and EU data protection laws*, MAGNEZIUM are the sole data controller for all personal data that you provide to us, or is collected by our website or the DataKB web application.
* Data Protection Act (DPA) 2018 – UK, General Data Protection Regulation (GDPR) 2018 – EU and Privacy and Electronic Communications Regulations (PECR) 2013 – UK.
This scope of this main policy covers our public datakb.io website and signed-in DataKB app usage. For policies relating to other MAGNEZIUM products & services, please refer to magnezium.co.uk/privacy.
What personal data do you collect and why?
Name and email address of app users
A) Datakb.io website
- Our public website pages (i.e. the ones not requiring login) do not collect any personal data by default.
- Whilst we do utilise Google Analytics for site usage tracking, IP address collection has been disabled (IP masking).
- Therefore, our analytics can be considered truly anonymous.
- If you do contact us via firstname.lastname@example.org then, the lawful basis for using your contact details to respond to your query will be legitimate interest.
- If you have joined our mailing list, then the lawful basis for emailing you promotion and announcements will be consent.
- You will be able to opt out of our mailing list at any time.
B) DataKB web application
- You need to login to access the actual DataKB application and your account data.
- You’ll provide us with your full name, email address, password and optional marketing consent when creating a DataKB account.
- Once in the app, you may provide extra personal information (e.g. job role) about yourself, your colleagues and third party contacts, for your own purposes – we or the application will not use this data.
- Your email address is necessary for the application to identify and validate your access and help reset your password.
- Your email address will only be used by MAGNEZIUM staff to contact you on an individual basis regarding your account or to answer a support query.
- As an existing account holder, MAGNEZIUM may also contact you on this email address in regards to any relevant promotions, announcements or product updates, but only if you have provided explicit consent to do so.
- In order to initiate a free trial, you will be re-directed to a third party Stripe payment page.
- There your email address, card number, expiry date, 3-digit security code (CCV), cardholder name, post code and country details will be collected by Stripe, in order to process any future subscription payments and send payment confirmation and notification emails.
- This data will be only stored securely in Stripe and never passed to our systems.
- MAGNEZIUM staff will only never be able to see your full, or unmasked, card details.
D) Data Rights Requests (DDRs)
- One key benefit of using DataKB is the in-built easy management of Data Rights Requests (e.g. “provide the information you hold on me”, “take me off your mailing list”, or “delete my data”).
- The DDR form enables collection of any relevant personal for the data subject raising the request, including such details as name, account number, phone number, email address and postcode.
- As the data controller, you have a legal obligation under the GDPR to process these details in order to fulfil each valid request within one calender month.
DDRs are linked to the 8 rights of a data subject.
Do you collect child data?
Whilst persons aged 13 or under (definition of a child under the current Data Protection Laws) may of course visit our website, we are not intentionally collecting any other information that could determine your age or personally identify a child.
IMPORTANT: Please avoid entering any sensitive personal data into the DataKB application. Whilst DataKB is very secure, it is intended to provide an overview of your personal data assets – not to be a significant source of personal data itself.
Where is my personal data stored?
EU for DataKB application data, globally for customers.
- Any personal data submitted within the DataKB web application is securely stored within a cloud-hosted database.
- This application database is hosted in Frankfurt, Germany, to ensure that your DataKB account data does not ever leave the EU.
- We do not download, view or share any of the data stored for the DataKB application, unless an authorised MAGNEZIUM database administrator requires access to handle a support query.
- Your personal data will only be transferred outside of the EU if you either:
- choose to get in touch with us via our website,
- submit your payment details to Stripe in order to create a DataKB account, or
- opt-in to receive email contact about MAGNEZIUM’s products & services during the DataKB account setup process.
- For any of the above processes, your data will be used and stored within our accounts for:
- Stripe (subscription payments).
- Google G-Suite (email).
- HubSpot (CRM).
- Stripe, Google G-Suite and HubSpot all have the appropriate legal frameworks in place for these international data transfers, including EU-US Privacy Shield.
Is my personal data shared with any other third parties?
MAGNEZIUM reserve the right to share and publicise aggregated and anonymous usage statistics, which may be based upon your personal or organisational account data.
However the raw data itself will never be shared or used for any other purpose other than to provide the required service to our DataKB account holders.
What are my rights as your data subject?
You have 8 individual rights, as defined under the GDPR, that we as the Data Controller will of course uphold
- The right to be informed (understanding why we have your personal data and what we do with it).
- The right of access (providing information of what personal data we hold on you, on request).
- The right to rectification (allowing you to correct and complete your personal data).
- The right to erasure (deleting all personal data that we currently hold on you).
- The right to restrict processing (enabling you to limit how we use your personal data).
- The right to data portability (providing you a copy of the personal data we hold on you).
- The right to object (informing us that we must stop using your personal data).
- Rights in relation to automated decision making and profiling (not currently applicable for MAGNEZIUM).
For more information, please read through this guide from the ICO: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/.
Do you ever change your privacy information?
- We will notify you via email or within the DataKB app of a significant policy change, such as if we decided to use your personal data for a different purpose (with a clear lawful basis) from what was stated when your information was originally collected
- If you are not happy with us using your information in this new manner, then we will give you the option to opt-out where applicable and possible
- If opt-out is not relevant, then you will always be able to contact us to either delete your personal data (right to erasure) or not use it for this specific purpose (right to restrict processing)
Can I raise a question or complaint with you?
But we’d like to talk to you first!