Privacy Notice

Welcome to OneZero-me’s Privacy Notice. OneZero-me respects your privacy and is committed to protecting your personal data. This notice describes how we collect and use that personal data when you visit our website or use our services along with the reasons why we may need to disclose your personal data to others and how we store your personal data securely and in a way which is compliant with applicable law. This website is not intended for children and we do not knowingly collect data relating to children.

It is important that you read this privacy notice together with any other privacy notice or fair processing policy we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This privacy notice supplements other notices and privacy policies and is not intended to override them.

About us

Our mission

Ways of collecting your personal data

The type of data we may collect

How we use your data

Data Retention

Data Security

Changes to this Privacy Notice

Who has access to your personal data?

List of APIs we use

Use of Cookies

Links to other websites

Your rights

Contacting us

About us

OneZero-me.com and any platforms we make available (together the "Site") are owned and operated by OneZero-me Limited ("We" or "OneZero-me") a company registered in England and Wales as a limited company under registration number 11241759 and our registered office is at Kemp House, 160 City Road, London, United Kingdom, EC1V 2NX.

OneZero-me is the data controller and is responsible for your personal data.

We have appointed a data protection officer (DPO) who is responsible for overseeing questions in relation to this privacy notice. If you have any questions regarding this notice or would like further information about the personal data we hold on you and the way in which we may process that data, please contact the DPO using the details set out below.

Full name of legal entity:

OneZero-me Limited

DPO:

Chief Data Officer

Email address:

DPO@OneZero-me.com

Postal address:

61-63 Rochester Place London, NW1 9JU

Telephone number:

+44 20 7632 7559

You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

Our mission

We believe that the data you generate online belongs to you - and that you are entitled to benefit from it right now.

In order to achieve this, we share with you certain observations about your data. These observations can be fun facts about your personality or behaviour. They can also provide what we believe to be valuable information to help you to establish trust with third parties. This includes, for example, verifying that you are a genuine person with an active online presence.

We enable you to share these observations with third parties in a return for an improved service. This can be, for example, a discount or a free trial. We do so in a secure way - while keeping your private raw data safe.

Ways of collecting your personal data

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

We may collect personal data directly from you, for example, through:

  • The creation of an account by you on the Site;
  • Any questions you answer through the Site;
  • Your interactions with any chatbot or with us directly through the Site;
  • Your interactions with any of our widgets on third-party sites.

As you interact with our website, we may automatically collect technical data about your equipment, browsing actions and patterns. We collect this data by using cookies, server logs and other similar technologies.

We may also collect data from third parties on your behalf where we have obtained explicit consent from you. For example:

  • We may ask you to share some of your data from Facebook, Twitter or other social media platforms. In doing so, we will direct you from the Site to these platforms where we will ask you for explicit authorisation for us to retrieve the requested data via their Application Programming Interfaces (API).
  • We may also ask you to give consent for us to receive data from services without an API. In this case, we will tell you what data we wish to obtain, the purpose for which it will be used and for how long we will retain it.

Other data we collect about you from third parties may include that from analytics providers, advertising networks, search information providers or information from publicly available sources such as the Electoral Register.

The type of data we may collect

We may ask for different types of information, including:

  • Identity Data such as name, date of birth and gender;
  • Contact Data such as email address and telephone number;
  • Behavioural Data such as self-declared preferences submitted via one of our questionnaires, the types of products bought on e-commerce sites, loans you have made or insurance-related claims you have made;
  • Social Media data such as Facebook posts and likes, tweets, playlists on Spotify or career-related history from LinkedIn;
  • Financial Data such as your recent transactions and related data including those from your bank/lender;

We will always ask for your explicit consent before obtaining any of the types of data mentioned above.

In addition, we may also collect the following types of data which are used to help us to improve the usability of the Site:

  • Usage Data such as the way in which you use the Site and our services; and
  • Technical Data such as your internet protocol address, your login data, browser type and version, time zone setting and location, operating system and platform and other technology on the devices you use to access the Site.

We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy.

We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.

Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.

How we use your data

We will only use your personal data where we are permitted to do so by law. This will most commonly include using data for the following purposes which describe the lawful basis we rely on for the processing of your personal data. Where you have given us consent to process your personal data, you have the right to withdraw this consent at any time by contacting us:

  • To fulfil the terms of a contract with you;
  • Where use of the data is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests;
  • Where we are required to comply with a legal obligation.

More specifically, we may use your data to:

1. Share with you observations about your data

Observations are statements that we make based on evaluations of data you have shared with us. They can be informal, for personal use (e.g. a fun fact about your personality as reflected by your data). Or relate to facts about you which may have potential value for third parties. We facilitate a way for you to share some of your observations with third parties in return for benefits. We will never share your observations without your explicit consent

2. Improve our services

In order to improve our existing observations and generate new ones, we may pseudonymise the personal data so that it can no longer be associated with you. We will then aggregate the pseudonymised data and perform analysis to develop new types of observations. For example, we might link music genres collected from Spotify with answers to personality questionnaire to create a personality model based on Spotify data.

3. Enable additional deals with new partners

In order to get value from third parties based on observations we need, from time to time to prove the accuracy of our observations to third parties. This is accomplished via a ‘calibration exercise' where we share some pseudonymised observations with the third party such that they are able to validate their effectiveness and provide appropriate services in return.

In addition to the above, we may use your personal or anonymous data in order to:

  • Provide you with any other products and services that you have requested;
  • Administer your account;
  • Provide customer support, including any customer related information you may request;
  • Notify you about changes to our services, products, terms and conditions and this privacy notice;
  • Notify you about new products and services about which you have consented to be contacted for such purposes;
  • Optimise our marketing campaigns through the use of third party data. For example, we may use Facebook pixel to find consumers from Facebook who are likely to be interested in our services and products;
  • Verify your identity (we will use third-party services for that purpose. For example, your Facebook login); and
  • Improve our product and services.

We may also process your personal data without your knowledge or consent, in accordance with this notice, where we are legally required or permitted to do so.

We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.

Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.

Purpose/Activity

Type of data

Lawful basis for processing including basis of legitimate interest

To register you as a new customer

(a) Identity

(b) Contact

Performance of a contract with you

To provider our services to you

 

 

(f) Social Media

(a) Performance of a contract with you

 

To manage our relationship with you which will include:

(a) Notifying you about changes to our terms or privacy policy

(b) Asking you to leave a review or take a survey

(a) Identity

(b) Contact

(a) Performance of a contract with you

(b) Necessary to comply with a legal obligation

(c) Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services)

To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)

(a) Identity

(b) Contact

(c) Technical

(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)

(b) Necessary to comply with a legal obligation

To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you

(a) Identity

(b) Contact

(c) Profile

(d) Usage

(f) Technical

Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy)

To use data analytics to improve our website, products/services, marketing, customer relationships and experiences

(a) Technical

(b) Usage

Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)

To make suggestions and recommendations to you about goods or services that may be of interest to you

(a) Identity

(b) Contact

(c) Technical

(d) Usage

(e) Profile

Necessary for our legitimate interests (to develop our products/services and grow our business)

Data Retention

Your personal and pseudonymised Data is retained for as long as required by the purpose they have been collected for.

  • Identity, Contact and Profile Data is retained for as long as your user account is active.
  • Pseudonymised data shared with us is retained for as long as the user account is active. This enables us to provide you with a one-click access to all our observations.
  • Aggregated Data is kept for the period required to complete the specific analysis it was aggregated for.
  • Other data collected in relation to a particular exercise, such as calibration data is retained only for the period required to conclude the exercise.

Data may be retained for a longer period if required by any:

  • Contractual obligations between you and OneZero-me
  • Relevant legitimate interests

Once the retention period expires, the personal data shall be deleted and hence all relevant rights regarding e.g. access of data cannot be enforced.

Data Security

The security of your data is very important for us - we took reasonable security measures to prevent your data from being accidentally lost or accessed in an unauthorised way.

We follow a privacy by design approach where we store different types of data in different databases. We only combine data for a specific purpose and retain such data for a limited time.

In addition, access to your personal data is limited to employees, contractors and other third parties and only to the specific data points they are required to process. Your personal data will be processed only on our instructions and always subject to confidentiality.[YB3] [RC4]

Changes to this Privacy Notice

We may update this privacy notice from time to time. Any changes will be notified to you via our website. In case we make a material change to this privacy notice we may also update you via e-mail if you have provided one. This version was last updated on 8 November 2018.

We will only use your personal data for either the original purpose it was collected for or compatible purposes. If we need to use your personal data for any other reason, we will notify you and explain the legal basis which allows us to do so before doing so.

Who has access to your personal data?

We restrict the access to your personal data to people in the organisation who require access in order for us to fulfil our services.

We may share personal information with third parties where we are required by law, a regulator or have another legitimate interest in doing so (e.g. protect your safety or safety of others, protect or exercise our right).

Some of our activities may be carried out by third parties. These include cloud and IT services, administration services and marketing services. In all cases, the activity is conducted for specific purposes, in accordance with our guidance and required to be taken with appropriate security measures.

Other than that, personal data may be shared in the context of the possible sale or restructuring of the business

We will not transfer the personal data we collect about you outside of the EEA.

For the avoidance of doubt, we will never sell your personal data to third parties for marketing, advertising or other purposes. We will only share, with your explicit consent observations which were derived based on your data.

List of APIs we use

IBM Watson API. This helps us to derive some of the observations we share with you. IBM Watson do not keep any record of the data used to derive these observations. No personally identifiable information is shared with IBM Watson.

Use of Cookies

Our cookies policy is available to view here.

Links to other websites

Our site includes links to third party websites. As we do not have control over the privacy notices on these websites we encourage you to carefully read them before sharing any personal information. We have no control over information shared with these sites and cannot be responsible for the privacy policies or practices of these sites.

Your rights

As a basic principle, we aim to be transparent about the use, processing and services we provide. If, for whatever reason, you are unhappy with our services/use of your personal data, please let us know and we will aim to accommodate any reasonable request you might have.

We will always ask for your explicit consent before receiving or processing your personal data. We will not share your personal data with third parties - we only share, with your explicit consent, our derived observations.

You have the right to withdraw the consent you've given in the past. To withdraw your consent please send an email to DPO@OneZero-me.com. Once we have confirmed your request, we will no longer process your data - unless there is another legitimate basis for doing so under law (e.g. related to an existing contract). If this is the case, we will inform you about this and stop processing any unrelated personal data.

You have the right to ask us to delete and stop using any of your personal data - this is called 'the right to be forgotten'. Unless there are legal reason not to do so, we will delete any of your information within 7 days upon request.

Your other rights include:

  • The right to be informed - you have the right to be informed on any personal data we hold about you and ensure we process it lawfully
  • The right of access - you have the right to get access to any data you shared with us
  • The right to rectification - in case some of the data that we have about you is inaccurate or incomplete you may request us to correct the information we have
  • The right to erasure - you have the right to ask us to delete any of the data we hold about you in case you feel there are no good reasons for us retaining the data. This is also the case if you exercised your right to restrict processing.
  • The right to restrict processing - you have the right to ask us to stop processing your data if you think we have inaccurate information
  • The right to data portability - you have the right to ask us to transfer the personal data you shared with us to other services.  
  • The right to object - you have the right to ask us to restrict processing your personal information for marketing purposes or whenever you feel that you have some particular situation for which we should not process your information for any other purpose.

Please email DPO@OneZero-me.com to exercise any of the rights or ask us any other related questions. Please bear in mind that we might need to ask you to provide us with more information in order to verify your identity before handling your request. Whilst we aim to handle any of these requests (including transfer and access to data) free of charge and quickly, in certain circumstances (e.g. unfounded or excessive requests), we might ask you for a reasonable processing fee to fulfil your request.

Contacting us

Please email DPO@OneZero-me.com for any question you have about this Privacy Notice or any other questions related to the way we process your information.