PILLION

Effective date: 1st September, 2024

Pillion Ltd Customer Privacy Notice

1. Introduction

Definitions

"Data Processors" means each of Kinde Australia Pty Ltd ("Kinde"), Fly.io, Amazon Web Services ("AWS"), Paddle and Fathom Analytics ("Fathom") and any other external data processor appointed by us from time to time. Each Data Processor has its own privacy notice and links to each privacy notice are detailed in paragraph 7 below;

"Pillion" means Pillion Ltd and "we", "our" and "us" shall be construed accordingly;

"Regulation" means the General Data Protection Regulation which has been applicable since 25 May 2018;

"Service" has the same meaning as defined in our Terms and Conditions;

"Service User" means any person who has obtained our Service via our website and "you" and "your" shall be construed accordingly;

"Terms and Conditions" means the terms and conditions under which we operate our business and which can be found at [insert website link here]; and

"UK" means the united kingdoms of England, Wales, Scotland and Northern Ireland.

Statement

Pillion is committed to protecting and respecting your privacy. This Privacy Notice explains what we may do with your personal information in accordance with your rights under the Regulation.

2. Contact details

Pillion is the data controller responsible for processing personal data shared by you as Service User while using the Service. If you have any questions about this Privacy Notice or our data practices, please contact us at [email protected] .

3. What information we collect, use, and why

We collect or use the following information to provide services and goods:

  • Names and contact details;
  • Purchase or account history; and
  • Payment details (including card or bank information for transfers and direct debits).

Payment details are processed by our payments provider, Paddle, and are not stored on our systems. Please use the link below and read the privacy notice for Paddle to ensure that it meets your requirements.

We collect or use the following information for the operation of customer accounts and guarantees:

  • Email address(es)

We collect or use the following information for service updates or marketing purposes:

  • Email address(es)

We do not knowingly collect or process personal information from individuals under 18 years of age. Our Service is not intended for use by minors, as outlined in our Terms and Conditions.

4. Lawful bases for processing

Our lawful bases for collecting or using personal information to provide services and goods, for the operation of customer accounts and guarantees, and for service updates or marketing purposes are:

  • Contract: Processing is necessary to provide our service to you, as outlined in our Terms and Conditions.
  • Consent: By signing up to use Pillion, you agree to our terms and conditions, and the terms outlined in this Privacy Notice.

5. Where we get personal information from

Pillion only processes personal information provided by you directly.

6. How long we keep information

We will retain your personal data only for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

Data is retained for the lifetime of the account you hold on Pillion in order to continue to deliver the Service to you.

Account closure can be requested by contacting [email protected].

After the account deletion is processed:

  • Most account data will be deleted within 1 calendar month of account closure;
  • Your account login email may be retained for up to 1 year for our financial records and for the purposes of any required fraud prevention;
  • Transaction history and data that we collect may be retained for up to seven years, as required for our financial and tax records. (This does not include billing information processed by our payments provider, Paddle.

We may retain your personal data longer to comply with any applicable laws.

7. Who we share information with

AWS

AWS hosts our application infrastructure and the large language model (LLM) AI technology services required to generate suggestions, content, and analysis on the platform.

https://aws.amazon.com/privacy/

Fathom

Fathom is a privacy-first, PECR and GDPR-compliant analytics provider. Anonymised site usage data is sent to Fathom to enable us to make ongoing improvements to the service.

All data sent to Fathom is anonymised and does not retrieve data from your device or make use of cookies.

https://usefathom.com/legal/compliance

Fly.io

Fly.io hosts our application infrastructure and database systems. This includes account data and data collected for competitive analysis features provided by the application.

https://fly.io/legal/privacy-policy/

Kinde

Kinde manages login and authentication data for the Pillion web app. They capture user email addresses, or connect to third-party single sign-on providers, for the purpose of allowing users to login into the app.

https://docs.kinde.com/trust-center/privacy-and-compliance/privacy-policy/

Paddle

Paddle is our payments processor and handles billing information and payment processing.

https://www.paddle.com/legal/privacy

We cannot be held responsible for any breach of the Regulation by any Data Processor and we recommend that you read each of the privacy notices above to ensure that you agree with its terms.

8. Sharing information outside the UK

Where necessary, our Data Processors may share personal information outside of the UK. When doing so, they comply with the Regulation, making sure appropriate safeguards are in place in accordance with their own privacy notice.

Please contact us for more information.

9. Your data protection rights

Under the Regulation, you have certain rights, including but not limited to:

  • Your right of access - You have the right to ask us for copies of your personal data.
  • Your right to rectification - You have the right to ask us to rectify personal data you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
  • Your right to erasure - You have the right to ask us to erase your personal data in certain circumstances.
  • Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal data in certain circumstances.
  • Your right to object to processing - You have the right to object to the processing of your personal data in certain circumstances.
  • Your right to data portability - You have the right to ask that we transfer the personal data you gave us to another organisation, or to you, in certain circumstances.
  • Your right to withdraw consent – When we use consent as our lawful basis you have the right to withdraw your consent.

You don't usually need to pay a fee to exercise your rights however we do reserve the right to charge an administration fee in accordance with the terms of the Regulation if requests are duplicated or excessive. If you make a request, we have one calendar month to respond to you.

To make a data protection rights request, please contact us using the contact details in paragraph 2 of this Privacy Notice.

How to complain

If you have any concerns about our use of your personal data, you can make a complaint to us using the contact details in paragraph 2 of this Privacy Notice.

If you remain dissatisfied with how we've used your data after raising a complaint with us, you can also complain to the Information Commissioner's Office ("ICO") at:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline number: 0303 123 1113

Website: https://www.ico.org.uk/make-a-complaint

Last updated: 01 September 2024