We respect the privacy of every person who visits or registers with www.userreplay.com (the “Site”) and we are further committed to ensuring a safe online experience.

We also respect the privacy of every person who uses the products and services that we make available to our clients or who engages with us to use the products or services that UserReplay provides (be it through the Site or not) (our “Services”) or whose personal information we may process as a result of providing the Services, or who applies to work at UserReplay.


Purpose of this policy

This privacy policy (“Privacy Policy”) explains our approach to any personal information that we might collect from you or which we have obtained about you from a third party and the purposes for which we process your personal information. This Privacy Policy also sets out your rights in respect of our processing of your personal information.
This Privacy Policy will inform you of the nature of the personal information about you that is processed by us and how you can request that we delete, update, transfer and/or provide you with access to it.
This Privacy Policy is intended to assist you in making informed decisions when using the Site and our Services and/or to understand how your personal information may be processed by us as a result of providing the Services to others or when you apply to work at UserReplay. Please take a moment to read and understand it. Please note that when using the Site it should be read in conjunction with our Website Terms and Conditions.

 


Who are we?

The Site and our Services are operated by User Replay Limited and its subsidiary in the United States, User Replay, Inc. (together “UserReplay”, “we”, “us” or “our”).

The data controller responsible for your personal information processed via the Site or in relation to the Services is User Replay Limited.

User Replay Limited is a private limited company registered in England and Wales under company number 06891730 and whose registered office is Asmec Centre, Brunel Road, Theale, Reading, RG7 4AB.

UserReplay is registered with the Information Commissioner’s Office with registration number: Z3581835


How to contact us

If you have any questions about this Privacy Policy or want to exercise your rights set out in this Privacy Policy, please contact us by sending an e-mail to privacy@userreplay.com.


What personal information do we collect and how do we use it?

Our primary goal in collecting personal information from you may be to:

(i) verify your identity;
(ii) help us deliver our Services;
(iii) improve, develop and market new Services;
(iv) carry out requests made by you on the Site or in relation to our Services;
(v) comply with any applicable law, court order or the requirements of a regulator;
(vi) enforce our agreements with you;
(vii) provide support for the provision of our Services;
(viii) recruitment purposes; and
(ix) use as otherwise required or permitted by law.

To undertake these goals we may process the following personal information:

If you are a visitor to the Site:
• Name and job title.
• Contact information including email address.
• Demographic information such as postcode.
• Other information relevant to provision of Services.

If you are a customer in receipt of our Services or prospective customer:

• Name and job title.
• Contact information including email address.
• Other information relevant to provision of Services.

If you are a potential employee of UserReplay:
• Name and job title.
• Contact information including email address.
• Curriculum vitae, education, employment history and similar information that you may provide to us as part of the application process
• Other information relevant to potential recruitment for a job at UserReplay.
In particular, we may use your personal information for the following purposes:

Provision of Services

We collect and maintain personal information that you voluntarily submit to us during your use of the Site and/or our Services to enable us to perform the Services. Please note also that our Terms and Conditions also apply when we provide the Service.

What is our legal basis?
It is necessary for us to use your personal information to perform our obligations in accordance with any contract that we may have with you or it is in our legitimate interest to use the personal information to ensure we provide the Services in the best way that we can.

Customer Services

Our Site allows you to request information about our Services. Contact information may be requested in each case, together with details of other personal information that is relevant to your enquiry. This information is used in order to enable us to respond to your requests.

What is our legal basis?
It is in our legitimate interests to use your personal information in such a way to ensure that we provide the very best customer service we can to you or others.

Business administration and legal compliance

We may use your personal information for the following business administration and legal compliance purposes:

-to comply with our legal obligations;
-for internal training and administration purposes;
-to enforce our legal rights;
-protect rights of third parties; and
-in connection with a business transition such as a merger, acquisition by another company, or sale of all or a portion of our assets.

Who do we share your personal information with for these purposes?
We may share your personal information with professional advisers such as lawyers and accountants and/or governmental or regulatory authorities.

What is our legal basis?
Where we use your personal information in connection with a business transition, to enforce our legal rights, or to protect the rights of third parties it is in our legitimate interest to do so. For all other purposes described in this section, it is our legal obligation to use your personal information to comply with any legal obligations imposed upon us.

Recruitment

We use your personal information for the following recruitment purposes:
-To assess your suitability for any position for which you may apply at UserReplay whether such application has been received by us online, via email or by hard copy or in person application.

Who do we share your personal information with for these purposes?
We will share your personal information with any third parties who assist us in carrying out our recruitment activity.

What is our legal basis?
Where we use your personal information in connection with recruitment it will be in connection with us taking steps at your request to enter into a contract we may have with you or it is in our legitimate interest to use personal information in such a way to ensure that we can make the best recruitment decisions for UserReplay.  We will not process any special data except where we are able to do so under applicable legislation or with your explicit consent.

Client insight and analysis

We analyse your contact details with other personal information that we observe about you from your interactions with our Site, our email communications to you and/or with our Services.

Where you have given your consent (where lawfully required), we use cookies, log files and other technologies to collect personal information from the computer hardware and software you use to access the Site, or from your mobile device.

This includes the following:
-an IP address to monitor Site traffic and volume;
-a session ID to track usage statistics on our Site;

Our web pages and e-mails contain cookies, web beacons or pixel tags (“Tags”). Tags allow us to track receipt of an e-mail to you, to count users that have visited a web page or opened an e-mail and collect other types of aggregate information. Once you click on an e-mail that contains a Tag, your contact information may subsequently be cross-referenced to the source e-mail and the relevant Tag. In some of our e-mail messages, we use a “click-through URL” linked to certain website administered by us or on our behalf.

Please see our Cookie Policy for further information.

By using this information, we are able to measure the effectiveness of our content and how visitors use our Site and our Services. This allows us to learn what pages of our Site are most attractive to our visitors, which parts of our Site are the most interesting.

Who do we share your personal information with for these purposes?
We share your personal information with a variety of third party service providers to assist us with client insight analytics. These providers include Google Analytics, Powerfront for our chat tool and Hubspot for our email marketing.

What is our legal basis?
Where your personal information is completely anonymised, we do not require a legal basis to use it as the information will no longer constitute personal information that is regulated under data protection laws.  However, our collection and use of such anonymised personal information may be subject to other laws where your consent is required. Please see our Cookie Policy for further details.

Where your personal information is not in an anonymous form, it is in our legitimate interest to use your personal information in such a way to ensure that we provide the very best products and services to you and our other clients.

Marketing Communications

We carry out the following marketing activities using your personal information:

Postal marketing
We use your name and address to send you marketing communications by post.

Our postal marketing will include personalised and non-personalised postal marketing.

Personalised marketing is marketing which has been specifically tailored to you. For example, our personalised postal marketing will feature those of our Services that we think are most likely to appeal to you. Non-personalised marketing is marketing about our Services generally and is not tailored to any particular individual.

Where we are sending you personalised postal marketing, we also use information that we observe about you from your interactions with our Site, with our email communications to you and/or with our Services in order to decide what sort of personalised marketing communications to send you.

Who do we share your personal information with for these purposes?
We may share your personal information with a variety of third party postal providers who assist us in delivering our postal marketing campaigns to you.

What is our legal basis?
Where your personal information is not in an anonymous form, such as your postal address, it is in our legitimate interest to use your personal information for postal marketing.

Email marketing

We use your name and email address to send you marketing communications by email, where you have consented to receive such marketing communications or where we have another lawful basis to do so.

Our email marketing will include personalised and non-personalised email marketing. Personalised marketing is marketing which has been specifically tailored to you.

For example, our personalised email marketing will feature those of our Services that we think are most likely to appeal to you. Non-personalised marketing is marketing about our Services generally and is not tailored to any particular individual.

Where we are sending you personalised email marketing, we will also use information that we observe about you from your interactions with our Site, with our email communications to you and/or with our Services in order to decide what sort of personalised marketing communications to send you.

Who do we share your personal information with for these purposes?
We share your personal information with our third party email marketing providers who assist us in delivering our email marketing campaigns to you.

What is our legal basis?
Where your personal information is completely anonymised, we do not require a legal basis to use it as the personal information will no longer constitute personal information that is regulated under data protection laws. However, our collection and use of such anonymised personal information may be subject to other laws where your consent is required.

Please see our Cookie Policy for further details.Where your personal information is not in an anonymous form, it is in our legitimate interest to use your personal information for marketing purposes.

We will only send you marketing communications via email where you have consented to receive such marketing communications, or where we have a lawful right to do so.

Any other purposes for which we wish to use your personal information that are not listed above, or any other changes we propose to make to the existing purposes will be notified to you using your contact details.


How do we obtain your consent?

Where our use of your personal information requires your consent, you can provide such consent:
• at the time we collect your personal information following the instructions provided; or
• by informing us by e-mail, post or phone using the contact details set out in this Privacy Policy.


Our use of cookies and similar technologies

Our Site uses certain cookies, pixels, beacons, log files and other technologies of which you should be aware. Please see our Cookie Policy to find out more about the cookies we use and how to manage and delete cookies.


Third party contractors and controllers

As mentioned above, we may appoint sub-contractor data processors as required to help us to deliver the Services.

Where we do so, they will process personal information on our behalf and at our direction. We conduct an appropriate level of due diligence and put in place necessary contractual documentation in relation to any sub-contractor to ensure that they process personal information appropriately and according to our legal and regulatory obligations.


How long do we keep your personal information for?

Regarding visitors to the Site, we will retain relevant personal information for at least 12 months from the date of our last interaction with you and in compliance with our obligations under the EU General Data Protection Regulation or for longer where we are required to do so according to our regulatory obligations.

Regarding personal information we have processed as part of providing the Services to any customer, we will retain relevant personal information for at least three years from the date of our last interaction with that customer and in compliance with our obligations under the EU General Data Protection Regulation or for longer where we are required to do so according to our regulatory obligations.

See our Terms and Conditions for further details.
If personal information is only useful for a short period e.g. for specific marketing campaigns, we may delete it.


Confidentiality and security of your personal information

We are committed to keeping the personal information provided to us secure and we will take reasonable precautions to protect personal information from loss, misuse or alteration. As evidence of this, UserReplay’s Information Security Management System (ISMS) has been awarded certification under ISO 27001:2013 (Information Security), with reference number IS 662212.

As part of this, we have implemented information security policies, rules and technical measures to protect the personal information that we have under our control from:
• unauthorised access;
• improper use or disclosure;
• unauthorised modification; and
• unlawful destruction or accidental loss.

All of our members, employees, workers and data processors (i.e. those who process your personal information on our behalf, for the purposes listed above), who have access to, and are associated with, the processing of personal information, are obliged to respect the confidentiality of the personal information of all visitors to the Site and all users of our Services.


EU-US Privacy

UserReplay complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union to the United States.

UserReplay has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.

In the event of any onward transfers of Personal Information, UserReplay retains responsibility for the processing of personal information it receives under the Privacy Shield and subsequently transfers to a third party acting as an agent on its behalf. UserReplay shall remain liable under the Principles if its agent processes such personal information in a manner inconsistent with the Principles, unless the organization proves that it is not responsible for the event giving rise to the damage.

In compliance with the Privacy Shield Principles, UserReplay commits to resolve complaints about our collection or use of your personal information. EU individuals with inquiries or complaints regarding our Privacy Shield policy should first contact UserReplay at privacy@userreplay.com. UserReplay has further committed to cooperate with EU data protection authorities (DPAs) with regard to unresolved Privacy Shield complaints. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact the EU DPAs for more information or to file a complaint. The services of EU DPAs are provided at no cost to you. A binding arbitration option will also be made available to you in order to address residual complaints not resolved by any other means. UserReplay is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).


How do you access your information and your other rights?

You have the following rights in relation to the personal information we hold about you.

Please note that these rights are subject to certain exemptions which may be applicable to any request you make.

Your right of access

If you ask us, we’ll confirm whether we’re processing your personal information and, subject to any applicable exemptions, provide you with a copy of that personal information (along with certain other details) within the timescales provided for by the GDPR, or where applicable, provide you with an explanation as to why we will not be complying with your request.

Your right to rectification

If the personal information we hold about you is inaccurate or incomplete, you’re entitled to have it rectified. If you are entitled to rectification and if we’ve shared your personal information with others, we’ll let them know about the rectification where possible and where this would not involve disproportionate effort. If you ask us, where possible and lawful to do so, we’ll also tell you who we’ve shared your personal information with so that you can contact them directly.

Your right to erasure

You can ask us to delete or remove your personal information in some circumstances such as where we no longer need it or if you withdraw your consent (where applicable because that was the legal basis on which we were processing your personal information). If you are entitled to erasure and if we’ve shared your personal information with others, we’ll take reasonable steps to inform those others where possible and where this would not involve disproportionate effort. If you ask us, where it is possible and lawful for us to do so, we’ll also tell you who we’ve shared your personal information with so that you can contact them directly.

Your right to restrict processing

You can ask us to stop the processing of your personal information in certain circumstances such as where you contest the accuracy of that personal information or you object to us processing your information. If you are entitled to restriction and if we’ve shared your personal information with others, we’ll let them know about the restriction where it is possible for us to do so. If you ask us, where it is possible and lawful for us to do so, we’ll also tell you who we’ve shared your personal information with so that you can contact them directly.

Your right to data portability

You have the right, in certain circumstances, to obtain personal information you’ve provided us with (in a structured, commonly used and machine readable format) and to reuse it elsewhere or to ask us to transfer this to a third party of your choice.

Your right to object

You can ask us to stop processing your personal information, and we will do so, if we are:

-relying on our own or someone else’s legitimate interests to process your personal information, except if we can demonstrate compelling legal grounds for the processing; or
-processing your personal information for direct marketing.

Your rights in relation to automated decision-making and profiling

You have the right not to be subject to a decision when it’s based on automatic processing, including profiling, if it produces a legal effect or similarly significantly affects you, unless such profiling is necessary for entering into, or the performance of, a contract between you and us.

Your right to withdraw consent

If we rely on your consent (or explicit consent) as our legal basis for processing your personal information, you have the right to withdraw that consent at any time.

Your right to lodge a complaint with the supervisory authority

If you have a concern about any aspect of our privacy practices, including the way we’ve handled your personal information, you can report it to the Information Commissioner’s Office (ICO) in the UK where your concern relates to User Replay Limited. You can find details about how to do this on the ICO website at https://ico.org.uk/concerns/ or by calling their office on 0303 123 1113.If you want to exercise any of these rights you can do so by e-mailing us at privacy@userreplay.com.


Change to this Privacy Policy

We may make changes to this Privacy Policy from time to time.
To ensure that you are always aware of how we use your personal information we will update this Privacy Policy from time to time to reflect any changes to our use of your personal information.

We may also make changes as required to comply with changes in applicable law or regulatory requirements. We encourage you to review this Privacy Policy periodically to be informed of how we use your personal information.

Updated: May 2018