This policy sets out:
- Information we collect about you
- Cookies and other technologies
- How we use your information
- Our promotional updates and communications
- Who we give your information to
- Where we store your information
- How we protect your information
- How long we keep your information
- Your rights
- Changes to this policy
- Contact us
Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
Please also visit our Terms and Conditions, establishing the use, disclaimers, and limitations of liability governing the use of our website.
For the purposes of European Economic Area data protection law, (the "Data Protection Law"), the data controller is Locatable Ltd.
information we collect about you
We will collect and process the following personal data from you:
Information you give us
This is information about you that you give us directly when you interact with us.
This is information about you that you give us by registering to use our Services, including via Facebook, information you provide to use that is tracked about your houseshare or through your acceptance of our cookies.
The information you give us may include your name, address, e-mail address and phone number, login and password details, as well as information about your house and what services you use – like energy, internet and TV licensing. This may also include your card payment details.
If you register using your Facebook account, we use your name, current profile photo and email address to create an account for you on acasa. We do not (and never will!) post to your timeline without your explicit permission. We abide by the Facebook Platform Policy.
This may also include employment details if you send us a CV, resumé or other details of your employment history in connection with an advertised job vacancy or a general enquiry regarding employment opportunities with us.
Information we collect about you from your use of our Services
We will automatically collect information from you each time you use our Services. This includes:
- Technical information
- Information about your visit
- Information about your house
- Technical information may include the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform.
- Information about your visit may include the full Uniform Resource Locators (URL), clickstream to, through and from our site (including date and time), page response times, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page, and any phone number used to call our customer service number or social media handle used to connect with our customer service team.
- Information about your house. This includes information we receive from bill suppliers or utility companies if you are managing your bills through acasa, such as energy and water usage, supplier reference and account numbers and other service information such as details of broadband installation appointments.
Information we receive from other sources
This is information we receive about you from:
- From third parties we work closely with (including Octopus Energy, only if have chosen to sign up with them).
We will always tell you at the time when we collect that data if we intend to share your data internally and combine it with data collected on this site. We will tell you for what purpose we will share and combine your data.
We may get your name, email addess and phone number from your someone in your house if they invite you to use the app. We don't collect any other data about you from them. If don't register with us, we won't keep your email address or phone number for longer than 1 month, and your name will be removed if the account creator deletes the account or changes your display name.
If you have signed up with Octopus Energy, we will receive information about your account number, and billing and other service information. We don't get any other personal information from that that you haven't directly provided to us already.
how we use your information
We use information held about you in the following ways:
Information you give to us:
We will use this information to:
Take steps in order to enter into a contract with you, or to carry out our obligations arising from any contract entered into between you and us including:
- administering your account with us;
- verifying and carrying out financial transactions in relation to payments you make online or through the App;
- notifying you about changes to our service.
- Provide you with information about important acasa updates and information testing new features, if you have given your consent to receiving marketing material from us at the point we collected your information, where required by law or otherwise in our legitimate interests provided these interests do not override your right to object to such communications. See 'Our promotional updates and communications'.
We will use this information to:
Ensure in our legitimate interests that:
- content from our site is presented in the most effective manner for you and for your computer.
- we provide you with the information, products and services that you request from us.
Information we collect about you from your use of our Services:
We will use this information in our legitimate interests, where we have considered these are not overridden by your rights:
- to administer our Services and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes.
- to personalise and tailor your experience so that we can provide the best solutions for your own individual needs;
- for measuring or understanding the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you.
- to improve our Services to ensure that content is presented in the most effective manner for you and for your computer.
Information we receive from other sources:
We may combine this information with information you give to us and information we collect about you in our legitimate interests (where we have considered that these are not overridden by your rights). We will use this information and the combined information for the purposes set out above (depending on the types of information we receive).
our promotional updates and communications
Where permitted in our legitimate interest or with your prior consent where required by law, we will use your personal information for marketing analysis and to provide you with promotional update communications by email about our Services (and our business partners, like Octopus energy). We will not contact you about other companies, or let them contact you, without your explicit consent.
We use Sparkpost and Intercom to handle our emails and neither of us will sell your email address, pass it on to any unauthorised third parties or bombard you with spam. You may receive some necessary emails about our services. In addition you may receive onboarding emails about how to use acasa when you first sign up, newsletters about important updates, or emails requesting customer feedback. You can opt-out of all of these in your account email notification settings. If you have explicitly opted-in, you may also receive promotional and marketing emails, advertising either acasa or third-party services, from us or the partners we work with.
You can object to further marketing at any time by checking and updating your contact details within your account, selecting the "unsubscribe" link at the end of all our marketing and promotional update communications to you, or by sending us an email at [firstname.lastname@example.org].
who we give your information to
We may give your information to:
- Any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, who support our processing of personal data under this policy. If any of these parties are using your information for direct marketing purposes, we will only transfer the information to them for that purpose with your prior consent.
- Selected third parties.
Our selected third parties may include:
- Organisations that process your personal data on our behalf and in accordance with our instructions and the Data Protection Law. This includes in supporting the services we offer through our Services in particular those providing website and data hosting services like Heroku, providing fulfilment services, distributing any communications we send like Sparkpost, supporting or updating marketing lists, facilitating feedback on our services and providing IT support services from time to time. These organisations (which may include third party suppliers, agents, sub-contractors and/or other companies in our group) will only use your information to the extent necessary to perform their support functions.
- Advertisers and advertising networks that require the data to select and serve relevant adverts to you and others. We do not disclose information about identifiable individuals to our advertisers, but we will provide them with aggregate information about our users (for example, we may inform them that 500 men aged under 30 have clicked on their advertisement on any given day). We may also use such aggregate information to help advertisers reach the kind of audience they want to target. We may make use of the personal data we have collected from you to enable us to comply with our advertisers' wishes by displaying their advertisement to that target audience and subject to the cookie section of this policy.
- Analytics and search engine providers that assist us in the improvement and optimisation of our site and subject to the cookie section of this policy (this will not identify you as an individual).
We will disclose your personal information to third parties:
- If acasa or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
- If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of supply terms and other agreements with you; or to protect the rights, property, or safety of Acasa, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction and to prevent cybercrime.
where we store your information
The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area ("EEA") that may not be subject to equivalent Data Protection Law.
We may transfer your personal information outside the EEA:
- In order to store it.
- In order to enable us to provide goods or services to you and fulfil our contract with you. This includes order fulfilment, processing of payment details, and the provision of support services.
- Where we are legally required to do so.
- In order to facilitate the operation of our group of businesses, where it is in our legitimate interests and we have concluded these are not overridden by your rights.
We may transfer your personal information outside the EEA to the US. All of our US third party processors are certified under the EU-US Privacy Shield and/or the Swiss-US Privacy Shield.
|Name||Privacy Shield profile|
|Intercom||Privacy Shield profile|
|SparkPost||Privacy Shield profile|
|Amplitude||Privacy Shield profile|
|Amazon||Privacy Shield profile|
|Heroku||Privacy Shield profile|
|PaperTrail||Privacy Shield profile|
|Zapier||Privacy Shield profile|
|Wootric||Privacy Shield profile|
|Privacy Shield profile|
|Trello||Privacy Shield profile|
|Mailchimp||Privacy Shield profile|
|Slack||Privacy Shield profile|
|Branch||Privacy Shield profile|
|Twilio||Privacy Shield profile|
how we protect your information
All information you provide to us is stored on our secure servers. Any supplied information is transmitted over an industry standard Secure Socket Layer (SSL) connection. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our Services, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Our website is hosted on Heroku, who use Amazon Web Services to provide a secure environment for running applications and storing customer data. You can see Heroku's security policy here.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our Services; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
Our site may, from time to time, contain links to external sites. We are not responsible for the privacy policies or the content of such sites.
how long we keep your information
We retain personal data for for as long as you have an account with us in order to meet our contractual obligations to you and for as long as our service provider partners, like Octopus Energy, and our payments processor, Mangopay, require to maintain records for their contractual and regulatory purposes. We may also retain aggregate information beyond this time for research purposes and to help us develop and improve our services. You cannot be identified from aggregate information retained or used for these purposes.
You have the right under certain circumstances:
- to be provided with a copy of your personal data held by us;
- to request the rectification or erasure of your personal data held by us;
- to request that we restrict the processing of your personal data (while we verify or investigate your concerns with this information, for example);
- to object to the further processing of your personal data, including the right to object to marketing [(as mentioned in 'Our promotional updates and communications' section];
- to request that your provided personal data be moved to a third party.
Your right to withdraw consent:
Where the processing of your personal information by us is based on consent, you have the right to withdraw that consent without detriment at any time by contacting us. You can also change your marketing preferences at any time as described in 'Our promotional updates and communications' section;
You can also exercise the rights listed above at any time by contacting us.
If your request or concern is not satisfactorily resolved by us, you may approach your local data protection authority, (see http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.html). The Information Commissioner is the supervisory authority in the UK and can provide further information about your rights and our obligations in relation to your personal data, as well as deal with any complaints that you have about our processing of your personal data.
changes to this policy
We will also email you about any major changes we make.
Locatable Ltd, c/o iHorizon
Stapleton House, Block A, 2nd Floor,
110 Clifton Street, London
email: support [at] helloacasa [dot] com