Privacy Policy

We are Imaginaery Ltd trading as ‘Survaey’ a company registered in England & Wales, with address at One Croydon, 12-16 Addiscombe Road, Croydon, CR0 0XT and company number 012344567. ("us", "we", or "our").

The provide an online Platform which allows users to upload images and have them annotated by human annotators or machine learning algorithms. The Platform also provides tools for managing and analysing the annotations and the creation and delivery of templated reports and their distribution to multiple user types (colleagues, specialists or clients).

You may be given access to Survaey if either you or someone has purchased a subscription licence (Client) or you have been designated a user of the platform (Permitted User) by a Client.

In order to make use of our services, from time to time we may need to process Personal Data (that is information which can be used to identify someone). This Personal Data may be about you or other people. This policy explains how we will use the Personal Data we hold.

We hold Personal Data about 4 groups of people.

Client Data: that is Personal Data about our Client (including key contact data);

Prospective Client Data: that is Personal Data about prospective clients (including their key contact data) who have not entered into a contract for services with us;

Permitted User Data: that is Personal Data about Permitted Users; and

 Customer Data: that is Personal Data uploaded by a Permitted User on to the Survaey Platform (other than Client Data).

The Survaey Platform enables users to share information with other people. This policy only deals with our use of Personal Data. Recipients are not bound by this privacy policy. It is up to you to make sure the recipient of any Personal Data you’ve sent will use the information as you intend.

We might need to change this privacy policy from time to time. If we do, we will let you know. So please do keep an eye on our policy before sending us any Personal Data or uploading it on to the Survaey Platform.

If you have any questions about the policy, feel free to send us an email to hello@survaey.io.

(a) We are a Controller in respect of any Client Data (Personal Data about our Clients and prospective clients and their key contacts) we hold. This means that we take decisions about what types of Personal Data we think we need to collect about our Clients and prospective clients and how to use it to make our business work.

(b) We are a Controller in respect of any Prospective Client Data (Personal Data about prospective clients and their key contacts) we hold. This means that we take decisions about what types of Personal Data we think we need to collect and retain about prospective clients and how to use such information for the purposes of our business.

(c) We will hold Permitted User Data (Personal data about Permitted Users given to us by our Client) as both a Controller and Processor. Which one will depend on the data and the processing activity. For more information on this, have a look at paragraph 6 below.

(d) We are a Processor in respect of any Customer Data (Personal Data uploaded by a Permitted User). This means that we are only processing that data at the request of the Permitted User and we’re not making decisions about what data to collect and how it should be used.

We might store Personal Data about you which has been collected in the following ways:

1. (i) Information which you give us if you request further information about our services, purchase a user licence, or when you use the Survaey Platform. This might include:
   • Your name and contact details
   • Your financial details
   • Your account preferences and settings
   • Messages or comments you send using the Survaey Platform
   • Details about surveys you've carried out
2. (ii) If you are designated as a Permitted User by our Client, we may also receive information about you from our Client (who purchased the user license to use the Survaey Platform). This might include:
   • Your name, contact information (including an email)
   • Your administrative rights
3. (iii) Information which other Permitted Users upload onto the Survaey Platform about you. This might include:
   • Details about a survey carried out
   • Any other opinions expressed by a Permitted User in content uploaded
4. (iv) We may also use cookies to collect information about:
   • How you use the Survaey Platform (including your user preferences and interests)
   • Any in-app purchases you make
   • Details about user visits
   • Details about the device you use to access the Survaey Platform
   For more details about our Cookies Policy, please see here.

Clients

We hold and process Client Data as a Controller, which means we must have a 'lawful basis' for doing so. We have set out how we use Client Data along with our lawful basis below:

1. (i) TO PROVIDE OUR SERVICES: to provide you with the Survaey Platform (which may include support and maintenance of your account on the Survaey Platform). Such processing is necessary for the performance of the contract for the provision of our services or taking steps necessary to enter into a contract.
2. (ii) ADMINISTRATION AND DISPUTE RESOLUTION: We may also need to process Personal Data about you to meet our internal administration requirements and for matters such as dispute resolution. Such processing is necessary for the purposes of our legitimate interest, which is in this case is to function as a business. We consider such use will go no further than a Data Subject would reasonably expect; is likely to align with the Data Subject's interests (by enabling us to provide a sustainable business model) and is unlikely to be detrimental to the fundamental rights and freedoms of you as a Data Subject.
3. (iii) MARKETING: from time to time we might contact our clients by email or telephone about updates to our services, new features or functions or new products we are bringing out. These communications may be tailored on the basis of what we think your interests are (from looking at data collected using cookies and from looking at your past transactions). We will always include the right to opt out in any such correspondence.
   Our lawful basis for such processing is that it is necessary for the purpose of our legitimate interest: namely to continue as a business. We consider such use will go no further than a Data Subject would reasonably expect; is likely to align with a Data Subject's interests and with the easy opt-out option, is unlikely to be detrimental to the fundamental rights and freedoms of the Data Subject.
4. (iv) AGGREGATE DATA: We may collect aggregate data about Permitted Users and about Client transactions or interactions with us. Any such data will be anonymized and used for business and market research purposes.

Prospective Clients

We may use Prospective Client Data for marketing purposes or to take steps to enter into a contract if you have asked us to do so.

1. (i) MARKETING BY ELECTRONIC COMMUNICATIONS : If we have obtained your information in the course of negotiations or discussions about our products, services, and/or events, we may contact you from time to time by email about updates to our services, new features or functions, or new products we are bringing out. These communications may be tailored based on what we think your interests are (from looking at data collected using cookies and from looking at your past transactions). We will always include the right to opt out in any such correspondence. Our lawful basis for such processing is that it is necessary for the purpose of our legitimate interest; namely to grow as a business.
2. (ii) MARKETING BY TELEPHONE: As with most businesses, we want to reach out to find new customers who we think might be interested in what we do. In order to do this, our sales team might carry out some research online, and if we thinkwe've found a good fit, we might contact you by telephone to ask if you are interested in having a chat about our services. In any such call, we will clearly identify who we are and the nature of the call, and if you tell us you don'twant to hear from us again, we will respect that. We regard such processing as being necessary for the purpose of our legitimate interest: namely to continue as a business. We consider such use will go no further than a Data Subject would reasonably expect; is likely to align with a DataSubject's interests, and with the easy opt-out option, is unlikely to be detrimental to the fundamental rights and freedoms of the Data Subject.

We will only use Permitted User Data in the following ways:

1. TO PROVIDE OUR SERVICES: We will use the contact information and details provided to us by our Client for the purpose of providing you with access to the Survaey Platform (which may include support and maintenance of your account on the Survaey Platform). We are doing this solely based on our Client's instructions, and accordingly, we are acting as a Processor in this regard.
2. UPDATES AND NEW FUNCTIONALITY COMMUNICATIONS: From time to time, we may use the contact details we receive from our Clients when they enter into a contract to receive our services to send emails to Permitted Users regarding updates to our services and new functionality available in the Survaey Platform. We inform our Clients about this marketing service before they enter into an agreement with us and give them the right to opt out at that point. If our Client does not opt out, we promptly send an email to each Permitted User to notify them that we have been given their details and that they will receive such communications unless they opt out. Each communication will include an easy opt-out option. We are acting as a Controller in this regard. We rely on the fact that such processing is necessary to achieve our legitimate interest of providing an up-to-date viable survey solution for our Clients and their Permitted Users.

If you would like further details on this use of your Personal Data or if you would like to tell us not to use your Personal Data for that purpose, please contact us at hello@survaey.io.

We may collect aggregate data about how a Permitted User uses our software. This data will be anonymized and will not identify a Permitted User.

We act as a processor in respect of any Customer Data you upload, which means we are processing the data only on the basis of our Client's instructions. Except for technical processes like storage or maintenance purposes, we don'taccess or make any decisions about the uses of Customer Data.

We may collect aggregate data from the information uploaded, but this data will be anonymized so that an individual may not be identified from that data.

The purpose of the Survaey Platform is to enable you to share information with your customers and other Permitted Users. If our Client has requested it, the data which you upload onto the Survaey Platform may be accessible by other Permitted Users.

We may disclose Personal Data to third parties for the following purposes:

• To our licensors, employees, and contracted third parties who help us provide the Survaey Platform and run our business. These third parties will be subject to strict contractual requirements to use Personal Data in accordance with our privacy policy.
• If we are required to disclose or share Personal Data to comply with any legal obligation, enforce our terms of use, protect ourwebsite's operation, or the rights, property, or safety of us, our customers, or others.
• If we sell, transfer, or merge parts of our business or assets. In such cases, the new owners will only be entitled to use Personal Data in accordance with the provisions set out in our privacy policy.

As professionals, we understand the importance of confidentiality and have implemented various security procedures to safeguard and secure the data you upload onto the Survaey Platform. These procedures include:

• Strict confidentiality agreements that all staff members must enter into and abide by.
• Protection of your content and treating your reports and uploaded data as strictly confidential.
• Robust security measures such as encryption, firewalls, and access control.
• Hosting data on a UK cloud server that offers a high level of security.
• Working with hosting companies that are accredited by industry standard bodies for information security and environmental management.
• Using third-party services that are contractually bound to implement high standards of security measures.

To further protect your data, we recommend taking the following steps:

• When contacting us with a query or complaint, provide your work details instead of personal contact details.
• When sending financial details or sensitive information, consider sending them in separate emails or encrypted, password-protected documents.
• Keep your Survaey account passwords secure.

The data you upload using the Survaey Platform is stored on a cloud server located in the European Economic Area (EEA). We do not transfer this data outside the EEA unless requested by you or strictly required to provide our services.

If you are located outside the EEA and would like more information about where we store your data, please contact us via email at hello@survaey.io.

For Client Data:

• (i) Financial transaction data may be stored for up to 7 years for accounting and tax purposes.
• (ii) Data related to negotiations, contracts, payments, disputes, and software usage may be archived for up to 6 years to protect against disputes.
• (iii) Aggregate data that does not identify individuals may be stored indefinitely.

Permitted User Data and Customer Data will be retained only as long as your user license for the Survaey Platform is valid. After termination, such data will be securely deleted within 30 days.

Aggregate data related to the use of the Survaey Platform by Permitted Users may be retained without limitation, provided it is anonymized and does not identify individuals.

Prospective Client Data may be retained for up to one year from collection. If you request to be added to our mailing list or if negotiations are ongoing, the data may be held for a longer period. We will delete such data promptly upon receiving a request from you to do so.

As a Data Subject, you have the following rights regarding the Personal Data held about you:

• (a) Right to be informed: You have the right to know what Personal Data the Controller collects, stores, and uses about you.
• (b) Right of access: You have the right to request a copy of the Personal Data held about you and to obtain information about the processing purposes, categories of personal data, recipients of the data, storage duration, and the source of the data if it was not collected directly from you.
• (c) Right of rectification: You have the right to request the correction of inaccurate or incomplete Personal Data held about you.
• (d) Right to be forgotten: In certain circumstances, you have the right to request the erasure of Personal Data held about you.
• (e) Right to restriction of processing: You have the right to request the restriction of processing of your Personal Data under certain circumstances, such as when you believe the data is inaccurate and needs to be reviewed.
• (f) Right of portability: You have the right to request the transfer of your Personal Data held by the Controller to another organization in a structured, commonly used, and machine-readable format.
• (g) Right to object to direct marketing: You have the right to object to the processing of your Personal Data for direct marketing purposes, including profiling.
• (h) Right to object to automated processing: You have the right not to be subject to a decision based solely on automated processing, including profiling, if it produces legal effects or significantly affects you.

If you wish to exercise any of these rights, you should contact the Data Protection Officer at hello@survaey.io.. If Survaey is not the Controller, your request will be transferred to the Controller with your consent. Please note that we may require evidence of your identity to ensure compliance with data protection laws.

If you no longer want Survaey to process Personal Data about you for specific purposes or altogether, you can notify us. However, this may impact the services you receive, such as accessing the Survaey Platform, as we may not be able to identify you without processing your Personal Data.

Requesting to stop receiving direct marketing will not affect your access to the Survaey Platform.

If Survaey holds your Personal Data as a Processor, we may need to pass your request to the Controller to facilitate it. This will be done only with your consent.

If you have any questions or concerns about Survaey's use of Personal Data about you, you should contact our Data Protection Officer at hello@survaey.io. or our registered address. If Survaey is processing Personal Data about you on behalf of a Client, your complaint will be passed to the Client with your consent.

If you wish to lodge a complaint about Survaey's handling of Personal Data, you can lodge a complaint with the InformationCommissioner's Office using the following link: here.

Throughout the privacy policy, certain terms are defined and capitalized. For a complete understanding of these terms, you can refer to the glossary provided at the end of the policy.