Last Revised: 08/12/2023
To view our archived Notice, click here.
This Data Protection and Privacy Notice (“Notice”) describes Heart Internet’s core data protection and privacy practices.
As described below,
you can always reach us at privacy@heartinternet.uk or by mail at the addresses listed under ‘Contact Us’ at the end of this notice to exercise your rights.
Data Covered by this Notice
This notice covers personal data when we act as the data controller.
This notice does not apply when you process personal data for your own benefit. For example, when you send email for your business purposes that includes personal data, you are acting as the controller. When you act as the controller, we act as the processor and process Personal Data only in accordance with your instructions or as required by law.
This notice also does not apply to third-party applications offered through our services or linked through our website. Please review the data protection or privacy notice of any third-party service or website before using it.
Core Data Protection and Privacy Rights
We recognize several core data protection and privacy rights:
We promptly review requests to exercise data protection and privacy rights. If we need more information to process your request, we will contact you by email or, if we do not have an email address on file for you, by the same method you made your request.
If we do not honor your request for legal or other reasons, we will explain why we did not honor your request, your right to appeal, and your right to file a complaint.
Personal Data We Collect
Use of Personal Data
We use personal data to operate our business and provide services. Examples of how we use personal data include:
No Sale of Personal Data
We do not sell personal data.
Disclosures to Others
We disclose personal data:
Controller
When you use services offered by Heart Internet, the data controller will be Heart Internet Limited.
Legal Basis for Individual Processing Activities
We use personal data primarily to provide you the services you request. We also use personal data to comply with our legal obligations and protect our legitimate interests, including providing you personalized services, communicating with you, improving our services, and detecting fraudulent and illegal activity. With your prior consent, we also may use your personal data to send you marketing materials and offers.
Cookies, Web Beacons, and Other Tools
We use three main types of “identifiers” on our website and in our services: cookies, web beacons, and scripts.
We manage some identifiers directly. Other identifiers are managed by third parties. For example, we use Google Analytics to monitor site performance and visitor engagement.
We use identifiers to provide customized services, measure website performance, provide customer support, and deliver personalized advertising. Examples of how we use identifiers include, but are not limited to:
Identifier Management
You can manage identifier settings by using ‘Manage your cookies’ above in this notice. Customers can manage their identifier settings for our website and our services through their customer account. We use optional and mandatory cookies and other identifiers.
Optional cookies and other identifiers are used for support, website performance, and advertising. We seek your consent before using optional cookies and identifiers.
Mandatory cookies and other identifiers are used for account verification, service continuity, security, and other functions necessary to provide our website and services. Your consent is not required for use of mandatory cookies.
In addition to our ‘Manage your cookies’ options, many web browsers allow users to block cookies (directly or through plugins and extensions). Some cookies, however, are essential for our website and services to function. If you set your browser to block all cookies, you may not be able to use our services.
"Do Not Track" and other Preference Signals
Some web browsers provide a “Do Not Track” feature. There are no generally accepted standards for this feature and we do not respond to “Do Not Track” signals.
We also do not recognize any universal opt-out mechanism, such as the Global Privacy Control, which is still under development.
Marketing and Advertising Preferences
You can manage your marketing and advertising preferences, including whether you wish to receive customized marketing and advertising:
Through this notice by using ‘Manage your cookies’ above
If you are a customer, through your Contact Preferences
Storage
We store personal data on our own systems and with trusted service providers, including Amazon Web Services.
International Transfers
We transfer personal data internationally to operate our business and provide services. We comply with applicable law when making international transfers.
Length of Retention
We retain personal data for our business needs and to comply with law. If we no longer need personal data, we may either delete it or de-identify it so that it no longer identifies a specific person. Factors we consider when deciding when to delete or de-identify your personal data include: (1) if you still have an account, (2) if we are required to retain personal data to comply with law, or (3) if the personal data is needed for tax other business purposes.
Security
We use risk-based measures to protect personal data, including appropriate security controls and employee training. We also require that our service providers, business partners, and advertisers use appropriate risk-based controls to protect personal data.
No Collection of PII about Children
We do not knowingly collect personal data about anyone under 18 without permission from their legal guardian. Please contact us at privacy@heartinternet.uk if you believe we have collected information from a child without permission from their legal guardian.
Legal Basis for Processing
We process personal data with your consent, to fulfill our contract with you, based on our legitimate interest, or other lawful bases. The specific basis of processing depends on the services you are using, the data being processed, the place where the processing occurs, and the place where you live. If you have questions about our basis for processing your personal data, please contact us at privacy@heartinternet.uk.
International Data Transfers
Personal data you provide may be transferred from your country to the United States or to another country where we do business. We make these transfers when necessary to provide our services, to perform our contract with you, or when we have your consent to transfer your personal data to another country.
We transfer personal data outside the UK, the EU/EEA, and Switzerland to countries that have been determined to offer an adequate level of data protection.
For transfers from the UK to countries that have not been deemed to offer an adequate level of data protection, we transfer personal data pursuant to a data protection addendum consistent with the requirements of the UK International Data Transfer Agreement issued by the UK Information Commissioner, Version B1.0.
For transfers from the EU/EEA and Switzerland to countries that have not been deemed to offer an adequate level of data protection, we transfer personal data pursuant to a data protection addendum with standard contractual clauses and appropriate supplementary measures including, appropriate technical and organizational measures.
For transfers to the United States, certain of our subprocessors (including affiliated companies) have certified their compliance with the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the UK Extension to the EU-U.S. DPF (“UK-U.S. Data Bridge”), and/or the Swiss-U.S. Data Privacy Framework (“Swiss-U.S. DPF”) as set forth by the U.S. Department of Commerce. Where available, we transfer Personal Data to these subprocessors pursuant to the applicable DPF framework or extension.
EU Article 27 Representative
Our EU Article 27 Representative is:
Heart Internet Ltd
Unit 4-5
Tristram Centre
Brown Ln W
Holbeck
Leeds
LS12 6BF
Non-Discrimination
We will not discriminate against you for exercising your privacy rights.
No Financial Incentives
We do not provide any financial incentives for providing personal data to us.
Policy Changes
We may revise this notice by posting a revised statement at the same location as this notice or on another location on our website. If we change this notice, it will apply to personal data collected prior to adoption of the new statement only to the extent as the new statement does not reduce the rights of affected data subjects.
Complaints to Data Protection Authorities
In the UK, you have the right to lodge a complaint with the Information Commissioner's Office.
In the EU/EEA, you have the right to lodge a complaint with your local data protection supervisory authority.
In Switzerland, you have the right to lodge a complaint with the Federal Data Protection Information Commissioner.
Contact Us
If you have any questions, you can contact at privacy@heartinternet.uk or by mail at:
We respond to all questions or concerns within 30 days.