PRIVACY POLICY
The CommStack Application is provided by CommStack Ltd.
CommStack is the data controller for pages including the prefix commstack, musketeer or tether when used in conjunction with the application.
What data we collect
The personal data we collect from you includes:
-
questions, queries or feedback you leave, including your email address if you contact us
-
your address details and location if you use a location-based service that requires a geolocation to confirm source of transactions
-
your email address and subscription preferences when you sign up to our email alerts
-
how you use our emails – for example whether you open them, and which links you click on
-
your Internet Protocol (IP) address, and details of which version of web browser you used
We continuously test and monitor our data protection controls to make sure they’re effective and to detect any weaknesses.
Why we need your data
We collect your information through our applications to validate transactions and to confirm transaction details. We do this to help:
-
make sure we are meeting the needs of our regulatory requirements
-
make improvements, for example improving site search
-
make performance improvements, for example improving page load time and data usage
-
allow you to our services and make transactions
-
provide you with information about local services
-
monitor use of the site to identify security threats
-
monitor the performance of the site to identify inefficiencies and JavaScript errors
Our legal basis for processing your data
The legal basis for processing personal data in relation to site security is our legitimate interests, and the legitimate interests of our users, in ensuring the security and integrity of the Commodity platform.
The legal basis for processing all other personal data is that it’s necessary:
-
to perform a task in the public interest
-
in the exercise of our meeting the requirements as a government department
What we do with your data
The data we collect may be shared with other government departments, agencies and public bodies. It may also be shared with our technology suppliers, for example our hosting provider.
We will not:
-
sell or rent your data to third parties
-
share your data with third parties for marketing purposes
-
use your data in analytics
We will share your data if we are required to do so by law – for example, by court order, or to prevent fraud or other crime.
How long we keep your data
We will only retain your personal data for as long as:
-
it is needed for the purposes set out in this document
-
the law requires us to
We will keep your email data until you unsubscribe. We will keep your feedback data for 2 years. We will delete access log data after 120 days.
Children’s privacy protection
Our services are not designed for, or intentionally targeted at, children 13 years of age or younger. We do not intentionally collect or maintain data about anyone under the age of 13.
Where your data is processed and stored
We design, build and run our systems to make sure that your data is as safe as possible at all stages, both while it’s processed and when it’s stored.
All personal data is stored in common trading area.
How we protect your data and keep it secure
We are committed to doing all that we can to keep your data secure. We have set up systems and processes to prevent unauthorised access or disclosure of your data – for example, we protect your data using varying levels of encryption.
We also make sure that any third parties that we deal with keep all personal data they process on our behalf secure.
Your rights
You have the right to request:
-
information about how your personal data is processed
-
a copy of that personal data
-
that anything inaccurate in your personal data is corrected immediately
You can also:
-
raise an objection about how your personal data is processed
-
request that your personal data is erased if there is no longer a justification for it
-
ask that the processing of your personal data is restricted in certain circumstances
If you have any of these requests, get in contact with our Privacy Team.
Links to other websites
Our application contains links to other websites.
This privacy notice only applies to the defined applications and does not cover other services and transactions that we link to. These services, have their own terms and conditions and privacy policies.
Following a link to another website
If you go to another website from this one, read the privacy policy on that website to find out what it does with your information.
Contact us or make a complaint
Contact the Privacy Team if you:
-
have a question about anything in this privacy notice
-
think that your personal data has been misused or mishandled
Privacy Team
support@commstack.co.uk
You can also contact our Data Protection Officer (DPO):
Data Protection Officer
support@commstack.co.uk
The DPO provides independent advice and monitoring of our use of personal information.
You can also make a complaint to the Information Commissioner, who is an independent regulator.
Changes to this policy
We may change this privacy policy. In that case, the ‘last updated’ date at the bottom of this page will also change. Any changes to this privacy policy will apply to you and your data immediately.
If these changes affect how your personal data is processed, CommStack Ltd will take reasonable steps to let you know.
Last updated 12 October 2021