At Bounce Technologies Limited, we’re committed to protecting and respecting your privacy. This Privacy Policy explains when and why we collect personal data about people who visit the Heythere website, use the Heythere web application or the Heythere LinkedIn extension, how we use it, the conditions under which we may disclose it to others and how we keep it secure.

We will update this Policy from time to time, so please check this page regularly to ensure that you’re happy with any changes. You can also see exactly what’s changed between versions of our privacy policy on our GitHub repository:

https://github.com/bouncetechnologies/heythere-privacy-policy/

Any questions regarding this Policy and our privacy practices should be sent by email to dataprotection@bouncebot.io, or by writing to Bounce Technologies Limited, Office 5-5, Platf9rm Nine, Floor 5, Tower Point, 44 North Road, Brighton, BN1 1YR. Please also feel free to provide feedback, suggestions or improvements you feel we can make to this Privacy Policy, as we are always looking for ways to improve the way we protect our customers’ privacy, and better meet our customers’ needs.

We are only able to provide you with the services (including use of our website or our Application) under the conditions of this privacy policy.

Bounce Technologies Limited is a Brighton-based startup whose core mission is to build software that people love and that has a positive impact on the world. To this end, we have developed Heythere to help facilitate meaningful connections between people. Connecting more people allows us to create a more creative and collaborative world, and helps us solve the most challenging problems we face.

Bounce Technologies Limited is a Private limited Company registered in the UK, with company number 10805448. Our registered address is: Bounce Technologies Limited, The Old Casino, 28 Fourth Avenue, Hove, East Sussex, BN3 2PJ.

Under the GDPR (General Data Protection Regulation), Bounce Technologies Limited is known as a data “Controller” of the personal data you provide us. We are registered with the ICO (Information Commissioner’s Officer) in the UK with registration reference ZA296666.

If you would like a copy of some or all of the personal data we hold about you, or if you have any concerns about how we have handled your personal data, in the first instance please send an email addressed to our Data Protection Officer at dataprotection@bouncebot.io, or write to: Data Protection Officer, Bounce Technologies Limited, Office 5-5, Platf9rm Nine, Floor 5, Tower Point, 44 North Road, Brighton, BN1 1YR.

If you are not satisfied with our response, you can also raise a concern with the ICO (https://ico.org.uk/) with our company’s registration reference (ZA296666). Please go to https://ico.org.uk/concerns/ for more information about raising a concern with the ICO.

We obtain data about you when you use our website, web application and LinkedIn extension. We also collect data that you import into our services through our web application, LinkedIn extension and CRM plug-ins. This data contains other peoples personal data as outlined below.

We collect web analytics when you visit our website. The system we use for these analytics is self-hosted by us, does not collect any personal information, does not use cookies, does not track users across websites, and is GDPR compliant.

Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide data to the owners of websites. Heythere only uses first-party, strictly necessary session cookies that are essential for using the Heythere service, such as authenticating logged-in users.

How to change your cookie settings

Most web browsers allow some control of cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.aboutcookies.org or www.allaboutcookies.org.

To provide Heythere as a service, we collect personal data from our users. We will only collect personal data required to provide you with the services you have requested. To help provide you with a clear view of the personal data we collect, we have broken it down into data on yourself as a user, and data you provide as a user (e.g. other people’s personal data):

1. Personal data on you:
   1. Personal information: first name, last name, email address.
   2. Financial data: Heythere collects financial data if you pay for our services. This data is stored with our 3rd party payment provider, Stripe (https://stripe.com/gb). The data stored included bank card details, billing address, location, tax location status and contact details.
2. Data you provide us (other people’s personal data)
   1. Personal information: first name, last name, email address, phone number, LinkedIn profile, bio, interests, job title, organisation name, organisation home page, preferred pronouns.

We process personal data in order to provide services requested by you. This includes:

1. customising your experience with Heythere;
2. processing payments for Heythere;
3. providing support and help with using our website, web application or LinkedIn extension.

We also process your personal date to:

1. seek your views or comments on the services we provide;
2. gain insights on new products and services we could develop to help you better connect your network;
3. analysing users’ behaviours with Heythere’s services and looking at how we can improve the service.

• We do not sell or rent your personal data (including personal data) to third parties.
• We do not share your personal data with third parties for marketing purposes.
• We do not collect any personal data from you that we do not need in order to provide and oversee the Heythere service.

We will hold your personal data on our systems for as long as you are using our services. Once you stop using our services, we hold your personal data for two years in case you wish to restart our services. If you don’t resume using our services within that time period we will fully anonymise your personal data so that you are no longer identifiable. If you wish your personal data to be deleted or anonymised before this 2-year window please contact us.

We only provide internal data access to trained individuals within Bounce Technologies Limited, who have an understanding of GDPR and its implications. All personal data that you provide through the services is stored on Heroku (https://www.heroku.com/policy/security) a service provided by Salesforce, and you can find out more about their data privacy policies and procedures here: https://www.salesforce.com/company/privacy/. Our web and database servers are all provisioned in Europe, and the associated data is stored within Europe. Some data may pass through or be stored in the United States when additional Heroku services are used. See https://devcenter.heroku.com/articles/regions#data-residency and https://devcenter.heroku.com/articles/heroku-postgresql#data-residency for more details.

To enable the services offered to you through Heythere services, the personal data which you provide to us may be transferred to countries outside the European Union (“EU”). These countries may not have similar data protection laws to the EU. If we transfer your personal data outside of the EU in this way, we will take steps to ensure that appropriate security measures are taken in order to ensure that your privacy rights continue to be protected as outlined in this Policy, by only transferring personal data to companies certified under the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework where possible. In addition, as highlighted above our service relies on Heroku, we have setup the service to only store your personal data on EU servers, but they may store usage data outside the EU. In addition, if you use our services while you are outside the EU, your personal data may be transferred outside the EU in order for us to provide you with those services.

You have a number of rights under the personal data protection laws, namely:

• To access your personal data (by way of a subject access request);
• To have your personal data rectified if it is inaccurate or incomplete;
• To have your personal data deleted or removed, if: (i) it is no longer required for the purpose it was collected; (ii) we are processing it with your consent and you withdraw your consent to its processing; (iii) you object to the processing and we have no overriding legitimate interest for the processing; (iv) the personal data has been unlawfully processed; or (v) we are required to delete it in order to comply with the law;
• To restrict the processing of your personal data, if: (i) it is inaccurate and we require time to verify its accuracy; (ii) the personal data has been unlawfully processed; (iii) the purpose for which it was collected is no longer relevant, but we are required to keep it for legal reasons; or (iv) you object to the processing and we have no overriding legitimate interest for the processing;
• A right of data portability, namely to obtain and reuse your personal data for your own purposes across different services if (i) we are relying on your consent;
• To object to processing where (i) processing is based on public interest; (ii) processing is necessary for our legitimate interests or that of a third party. You also have the right to object to direct marketing and any related profiling;
• Not to be subject to automated decision making (including profiling) which produces a legal effect or a similarly significant effect on you unless the processing is (i) required for entering into or performance of a contact; (ii) authorised by law; or (iii) we have your explicit content to do so.
• To claim compensation for damages caused by a breach of the data protection legislation;
• If we are processing your personal data with your consent, you have the right to withdraw your consent at any time.

When you give us personal data, we take steps to ensure that it’s treated securely. Any personal data (such as payment details) are encrypted in transit and at rest on servers controlled by Bounce Technologies Limited. When you are on a web page using an encrypted connection, a lock icon will appear in web browsers such as Google Chrome or Microsoft Edge.

Once we receive your personal data, we make our best effort to ensure its security on our systems. All personal data is stored on Heroku in dedicated, access controlled databases. The production version of the web application and LinkedIn extension uses databases that are encrypted at rest to mitigate the risk of data leaks.

Finally, we minimise the amount of personal data we store and collect from you by implementing privacy-by-design techniques into our design and development processes.

If you do not provide the required personal data we will not be able to provide you with the services you have requested.

We keep this Privacy Policy under regular review, and schedule an in-depth review of the Policy to take place every six months. This Privacy Policy was last updated on: 8 November 2022.

Please contact us if you have any questions about our privacy policy or personal data we hold about you by emailing our Data Protection Officer at dataprotection@bouncebot.io, or by post: Data Protection Office, Bounce Technologies Limited, Office 5-5, Platf9rm Nine, Floor 5, Tower Point, 44 North Road, Brighton, BN1 1YR.