Data retention policy
This Privacy Notice relates to your use of our website, see https://baselime.io/ and support channels, such as our open Slack channel, and our platform.
Throughout our website we may link to other websites owned and operated by certain trusted third parties to make additional products and services available to you. These other third-party websites may also gather information about you in accordance with their own separate privacy notices. For privacy information relating to these other third-party websites, please consult their privacy notices.
1. Our collection and use of your personal data
1.1 For the Website
We may collect your personal data when you access our website, register with us, contact us or send us feedback.
We collect this personal data from you either directly, such as when you register with us, or indirectly, such as your browsing activity while on our website or platform.
The personal data we collect about you depends on the activities carried out through our website. This information includes:
• your name, email, and phone number, username
• details of any feedback you give us by phone, email, post or via social media
• chat history if you contact us on Slack or social media
• Client onboarding: during our automated client onboarding process, we may process your full name, email address and time of use.
• Account management: full name, email address, financial data and place of work.
• Product development: full name, email address, place of work, IP address, time and duration of use of the platform and user behaviour.
• Sales: full name, email address, place of work, user behaviour.
We use this personal data to:
• Register your account
• Communicate with you
• Provide services for you
• Process your payment transactions
• Customize our platform and its contents according to your preferences
• Notify you of any changes to our website products or to our services that may affect you
• Help you fix any inconveniences, such as unpredicted bugs
• Improve our services
The Baselime platform does not store any bank or card payment details.
2. Our legal basis for processing your personal data
When we use your personal data, we are required to have a legal basis for doing so. There are various legal bases on which we may rely on, depending on what personal data we process and why.
The legal bases we may rely on include:
• Consent: where you have given us clear consent for us to process your personal data for a specific purpose
• Contract: where our use of your personal data is necessary for a contract we have with you (read our Terms and Conditions here), or because you have asked us to take specific steps before entering a contract
• Legal obligation: where our use of your personal data is necessary for us to comply with the law (not including contractual obligations)
• Legitimate interests: where our use of your personal data is necessary for our legitimate interests or the legitimate interests of a third party (unless there is a good reason to protect your personal data which overrides our legitimate interests)
3. Who we share your personal data with
We share your personal data with third parties outside Baselime under the very limited circumstances and specific purposes below:
• Vendors: We may share personal data with third-party vendors, such as cloud providers (e.g.: AWS and Google Drive), communication tools (e.g.: Slack), and management tools (e.g.: HubSpot and Google Workspace).
• National Security Authorities or Law Enforcement: Baselime may share personal data to comply with laws and protect our rights and the rights of others. Data archiving and removal policy
Baselime disposes of data when:
a) the retention period as set out in the Retention Schedule is expired,
b) an individual has made a request to erase their personal data and where Baselime has assessed
c) the request and confirmed the data should be destroyed,
d) the DPO requests the erasure of data where retention is no longer necessary for the purpose of the processing prior to the expiry of the relevant retention period.
Where data is erased at the request of an individual, we may retain a limited amount of data as is reasonably necessary to keep a record of the erasure for the purposes of demonstrating compliance, and enforcing erasure across all business systems, provided appropriate technical and organisational measures have been applied to the retained data in order to protect the risks to rights and freedoms of the data subject.
What Are The Forms Of Data Sanitisation?
Data can be sanitised in these forms:
1. Erase
2. Clear
3. Purge
4. Destroy
You will know which action to take considering your type of data in the chart shown in data storage policy.
Media such as CLOUD, EMAIL, SOFTWARE, AND APPS (such as Slack, Google Workspace, HubSpot) will be sanitised by erasure:
- Manually deletion of all files that no longer serve any purpose to Baselime, deleting it also from the trash folder.
- Where possible, automated deletion of data may be implemented after consultation with system admin and IT department.
- Data which is being fully anonymised for research and insight does not fall under the scope.
Data storage policy
At Baselime, safeguarding the personal data of our customers and users is of utmost importance. To ensure maximum protection, we employ robust technical, organisational, and administrative measures to safeguard the data stored through the Baselime website and platform against unauthorised access, loss, misuse, modification, or destruction.
Examples of organisational measures we take, include:
• Policies that outline how personal data will be collected, processed, and protected, such as this one,
• Conduct data protection impact assessments (DPIAs) to identify and mitigate privacy risks associated with data processing activities, and
• Limit access to personal data to employees who need it to perform their duties.
Examples of technical measures we take, include:
• Automated scrubbing and deletion of data from the datasets that we handle for you through our services,
• Encrypting personal data in transit and at rest to prevent unauthorised access and to ensure the confidentiality and integrity of the data,
• Implementing access controls, such as passwords, to limit access to personal data,
• Regularly backing up data to prevent data loss or corruption,
• Implementing firewalls, intrusion detection systems, and other security measures to prevent unauthorised access to the organisation's systems and networks, and
• Regularly updating software and security patches to ensure that systems are protected against known vulnerabilities.
How long should data be retained or stored for?:
- Administrative
Subject Access Requests (SAR): triggered by date of last action related to the SAR; max retention of 2 years
Baselime user financial transaction details: triggered by upon voluntary termination of the service, or if account remains dormant for a continuous period of two years; max retention of 7 years
-Information Technology
Product development data (full name, email, online behaviour, duration of use, time of use, IP address): triggered by when client connects AWS with Baselime via API; max retention of Until 30 days after termination of contract or subscription. And afterwards the data will be kept but anonymised.
User Behaviour data: triggered by when client deletes Baselime account; max retention of unlimited
Datasets: triggered by when client connects AWS with Baselime via API; max retention of Until 30 days after termination of contract or subscription. And afterwards the data will be kept but anonymised.
- Product
Client onboarding data & User behaviour (full name, email, online behaviour, duration of use, time of use, IP address, occupation, place of work): triggered by when client subscribes to Baselime; max retention of Until termination of contract or subscription
Customer support on app, Slack or social media: triggered by upon termination of conversation with a prospect customer, customer or user, and upon termination of the issue that caused the conversation with the client; max retention of For as long as the conversation; max retention of For as long as the conversation lasts or in anonymised form to improve product and services
Under certain circumstances we may keep personal data for longer than defined above. Such as:
a) the data is required for the exercise or defence of legal claims, and appropriate technical and organisational measures have been applied to the continued retention of the data to protect the risks to rights and freedoms of data subjects, or
b) the data is required by Baselime for statistical purposes and appropriate safeguards (pursuant to Article 89(1) of the UK GDPR) have been applied to the processing for these purposes, to protect the risks to rights and freedoms of data subjects, or
c) the data has been fully and effectively anonymised and data subjects cannot be identified from the anonymised data.
Data center location(s)
Ireland
App/service has sub-processors
yes
Guidelines for sub-processors