Hashrupt Limited Privacy Policy
Last updated: December 2024
1. Introduction
Hashrupt Limited ("we", "our", "us") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit our website, hashrupt.com, and use our services, including the Verity platform.
We are registered in England and Wales and fully comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. For the purposes of data protection legislation, we are the data controller responsible for your personal data.
2. Information We Collect
We collect and process various types of personal data depending on your interaction with us:
2.1 Information You Provide
- Identity & Contact Data: Name, email address, company name, and phone number when you contact us or register.
- Account Data: Account credentials (username and encrypted password) when you create an account.
- Communication Data: Records of correspondence when you email or chat with us.
- Other Data: Any other information you choose to provide (e.g., feedback or support tickets).
2.2 Information Collected Automatically (Technical Data)
- Device & Usage Data: Device and browser type, operating system, IP address, and approximate location.
- Navigation Data: Pages visited, time spent on pages, referral source, navigation paths, and date/time of visits. This data is primarily collected using cookies.
3. How We Use Your Information and Legal Basis
We are required by UK GDPR to state the lawful basis for each use of your personal data.
| Purpose of Processing | Description of Use | Lawful Basis under UK GDPR |
|---|---|---|
| Service Delivery | To provide, maintain, and improve our services (e.g., managing your Verity account and access). | Contract |
| Communication & Support | To respond to your enquiries, provide customer support, and manage our relationship with you. | Contract or Legitimate Interests (when not tied to a specific contract) |
| Security & Fraud Prevention | To protect against fraud, unauthorised access, and illegal activities, and to maintain system security. | Legitimate Interests (Necessary for running our business and protecting our systems) |
| Analytics & Improvement | To understand how our services are used, measure traffic, and improve website functionality and user experience. | Legitimate Interests (To study how customers use our products/services to develop them) |
| Legal Compliance | To comply with applicable laws, legal processes, or governmental requests (e.g., tax reporting). | Legal Obligation |
| Marketing | To send you promotional communications about our services and offers. | Consent (where required) or Legitimate Interests (for existing customers about similar services) |
4. Data Sharing and Disclosure
We may share your information with the following categories of recipients where necessary:
- Service Providers: Third-party vendors who provide essential services to us, such as cloud hosting (e.g., AWS, Azure), analytics services (e.g., Google Analytics), and email delivery platforms.
- Business Partners: Trusted partners with whom we collaborate to deliver specific services or solutions.
- Legal Requirements: When required by law, court order, or governmental authority.
- Business Transfers: In connection with a merger, acquisition, or sale of all or part of our assets.
We do not sell your personal data to third parties. Any third parties with whom we share data are contractually obligated to process it only on our instructions and to protect your information appropriately.
5. International Transfers
Your information may be transferred to and processed by our third-party service providers in countries outside the UK, including the European Economic Area (EEA) or the United States.
When we transfer your data internationally, we ensure at least one of the following safeguards is implemented:
- Transfer to countries deemed to provide an adequate level of protection for personal data by the UK Government.
- The use of Standard Contractual Clauses (SCCs) approved by the UK Information Commissioner's Office (ICO) and complemented by any necessary additional safeguards.
6. Data Retention
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including to satisfy any legal, accounting, or reporting requirements.
Our retention periods are determined by the following criteria:
- Contract and Account Data: Retained for the entire duration of your active account with us. We will delete or anonymise this data within 90 days after your account is closed, unless a longer retention period is required for legal reasons (e.g., defending against potential claims).
- Financial and Transaction Data: Retained for 7 years after the end of the financial year in which the transaction occurred, to comply with UK tax and accounting laws.
- Marketing Consent: We retain evidence of consent (and withdrawal) for 5 years to demonstrate compliance.
When data is no longer required, it is securely deleted, destroyed, or fully anonymised (so that it can no longer be associated with you).
7. Your Rights (Data Subject Rights)
Under UK data protection law, you have the following rights regarding your personal data. We will respond to all requests within one month.
| Right | Description |
|---|---|
| Right of Access | Request a copy of the personal data we hold about you (Subject Access Request). |
| Right to Rectification | Request correction of inaccurate or incomplete data we hold about you. |
| Right to Erasure | Request deletion of your personal data (Right to be Forgotten) in certain circumstances. |
| Right to Restrict Processing | Request the limitation of how we use your data. |
| Right to Data Portability | Receive your data in a structured, machine-readable format and have it transferred to another controller. |
| Right to Object | Object to processing based on our legitimate interests or for direct marketing purposes. |
| Right to Withdraw Consent | Withdraw your consent at any time where processing is based on consent. |
To exercise any of these rights, please contact us at privacy@hashrupt.com.
8. Cookies and Tracking Technologies
We use cookies and similar tracking technologies to collect technical and usage data. These include:
- Strictly Necessary Cookies: Essential for the website to function securely and properly.
- Analytics Cookies: Help us understand visitor interactions to improve our website.
- Functionality Cookies: Remember your preferences and settings.
Your Consent
For any non-essential cookies (Analytics and Functionality), we obtain your explicit, informed consent via a cookie consent banner before these cookies are placed on your device. You have the ability to accept or decline non-essential cookies. You can also control cookies through your browser settings.
9. Security, Children's Privacy, and Changes
Security
We implement appropriate technical and organisational measures (e.g., encryption, access controls, pseudonymisation) to protect your personal data. While we strive to protect your data, no method of transmission over the internet can be 100% secure.
Children's Privacy
Our services are not directed to individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have inadvertently collected information from a child, please contact us immediately.
Changes to This Policy
We will notify you of any material changes to this Privacy Policy by posting the updated version on our website with a revised "Last updated" date. We encourage you to review this policy periodically.
10. Contact Us and Lodging a Complaint
If you have any questions about this Privacy Policy or our data practices, please contact us:
You have the right to lodge a complaint at any time with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues. (Contact details available at ico.org.uk).