Privacy policy

TinyBoat keeps its privacy policy under regular review and places any updates on this web page. This privacy policy was last updated on 30 August 2019.

Privacy Policy

This Privacy Policy explains what type of personal information we collect from people who visited our website or contact with us, why do we need it, how we use it, who is the data controller, how we protect your data and the conditions under which we may disclose your data. Also this statement shows how the data complies with General Data Protection Regulation (GDPR) which came into effect on May 25th 2018.

We may change this policy from time to time, so please check this page occasionally to ensure that you are happy with the changes. By using our Website, you’re agreeing to be bound by this policy.

This Privacy Policy applies to the use of our services, products and our sales, but also marketing and client contract fulfilment activities. It also applies to individuals seeking a job at TinyBoat.

But attention: TinyBoat website may have links to other websites. Our privacy policy applies only to our website, so if you click a link to another website, you should read their own privacy policy.

Who we are

TinyBoat website is part of the Tinyboat Ltd, a web development company that specializes in different technologies and offers clients software design and development services, such as application development, design firm and digital consulting. Our company is headquartered in London, England.

We are committed to ensuring the security and protection of the personal information that we process, and to provide a compliant and consistent approach to data protection. We have always had a robust and effective data protection program in place which complies with existing law and abides by the data protection principles. However, we recognise our obligations in updating and expanding this program to meet the demands of the GDPR and the UK’s Data Protection Bill.

TinyBoat is dedicated to safeguarding the personal information under our remit and in developing a data protection regime that is effective, fit for purpose and demonstrates an understanding of, and appreciation for the new Regulation. Our preparation and objectives for GDPR compliance have been summarised in this statement and include the development and implementation of new data protection roles, policies, procedures, controls and measures to ensure maximum and ongoing compliance.

Our compliance with GDPR

TinyBoat already has a consistent level of data protection and security across our organisation to be fully compliant with the GDPR. Our guidelines include:

  • Policies & Procedures – data protection policies and procedures to meet the requirements and standards of the GDPR and any relevant data protection laws, including:
    1. Data Protection – our main policy and procedure document for data protection has been conceived to meet the standards and requirements of the GDPR. Accountability and governance measures are in place to ensure that we understand and adequately disseminate and evidence our obligations and responsibilities; with a dedicated focus on privacy by design and the rights of individuals.
    2. Data Retention & Erasure – we have formulated our retention policy and schedule to ensure that we meet the ‘data minimisation’ and ‘storage limitation’ principles and that personal information is stored, archived and destroyed compliantly and ethically. We have dedicated erasure procedures in place to meet the new ‘Right to Erasure’ obligation and are aware of when this and other data subject’s rights apply; along with any exemptions, response timeframes and notification responsibilities.
    3. Data Breaches – our breach procedures ensure that we have safeguards and measures in place to identify, assess, investigate and report any personal data breach at the earliest possible time. Our procedures are robust and have been disseminated to all employees, making them aware of the reporting lines and steps to follow.
  • Privacy Notice/Policy – our Privacy Notice(s) was based on compliance with the GDPR, ensuring that all individuals whose personal information we process have been informed of why we need it, how it is used, what their rights are, who the information is disclosed to and what safeguarding measures are in place to protect their information.
  • Obtaining Consent – we have made our consent mechanisms for obtaining personal data, ensuring that individuals understand what they are providing, why and how we use it and giving clear, defined ways to consent to us processing their information. We have developed stringent processes for recording consent, making sure that we can evidence an affirmative opt-in, along with time and date records; and an easy to see and access way to withdraw consent at any time.
  • Direct Marketing – we are constantly revising the wording and processes for direct marketing, including clear opt-in mechanisms for marketing subscriptions; a clear notice and method for opting out and providing unsubscribe features on all subsequent marketing materials.
  • Processor Agreements – where we use any third-party to process personal information on our behalf (i.e. Payroll, Recruitment, Hosting etc), we have drafted compliant Processor Agreements and due diligence procedures for ensuring that they (as well as we), meet and understand their/our GDPR obligations. These measures include initial and ongoing reviews of the service provided, the necessity of the processing activity, the technical and organisational measures in place and compliance with the GDPR.
  • Special Categories Data – where we obtain and process any special category information, we do so in complete compliance with the Article 9 requirements and have high-level encryptions and protections on all such data. Special category data is only processed where necessary and is only processed where we have first identified the appropriate Article 9(2) basis or the Data Protection Bill Schedule 1 condition. Where we rely on consent for processing, this is explicit and is verified by a signature, with the right to modify or remove consent being clearly signposted.

How we collect and storage your data

We collect data about you when you use our Website, contact us via mail, chat box or form on our Website, while asking about our services or products, to prepare estimation for you or answer your questions.

TinyBoat takes the privacy and security of individuals and their personal information very seriously and take every reasonable measure and precaution to protect and secure the personal data that we process. We have robust information security policies and procedures in place to protect personal information from unauthorised access, alteration, disclosure or destruction and have several layers of security measures, including:

  1. SSL
  2. Data encryption
  3. Restriction

What data we collect

We may collect, store and use the following kinds of personal information:

  1. Information about your computer and about your visits to and use of this Website (including your IP address, geographical location, browser type and version, operating system, referral soucer, length of visit, page views and Web site navigation paths);
  2. Information that you provide to us when you register on our website (including your email address, name, sometimes company’s name, phone number or skype ID);
  3. Information that you provide to us for the purpose of subscribing to our email notifications and/or newsletters (including your name and email address);
  4. Information that you provide to us while using the services on our website, or that is generated in the course of the use of those services;
  5. Information relating to any purchases you make of our services or any other transactions that you enter into through our Website (including your name, address, telephone number, email address);
  6. Information contained in or relating to any communication that you send to us or send through our Website (including the communication contet and metadata associated with communication);
  7. Any other personal information that you choose to send us.

None of the following data will be used for making automated decisions or profiling ads.

Some of the information (such as your email address or telephone number) is necessary to respond to your enquiry, e.g. regarding to our services. If you do not provide such information, you may not receive a reply from us.

Before you disclose to us the personal information of another person, you must obtain that person’s consent to both the disclosure and the processing of the personal information in accordance with this policy.

How we use your data

We use these data to proceed with enquiry and to check how users are using our Website and make the necessary changes to improve your experience with our Website.

In addition, the data may be used to:

  1. Administer our website and business;
  2. Personalise our website for you;
  3. Enable your use of the services available on our website;
  4. Send statements, invoices and paument reminders to you, and collect payments from you;
  5. Send you non-marketing commercial communications;
  6. Send you email notifications that you have specifically requested;
  7. Send you our email newsletter, if you have requested it (you can inform us at any time if you no longer require the newsletter);
  8. Send you marketing communications relating to our business which we think may be of interest to you, by post or, where you have specifically agreed to this, by email or similar technology (you can inform us at any time if you no longer require marketing communications);
  9. Provide third parties with statistical information about our users (but those third parties will not be able to identify any individual user from that information);
  10.  Deal with enquiries and complaints made by or about you relating to our Website;
  11.  Keep our website secure and prevent fraud;
  12.  Verify compliance with the terms and conditions governing the use of our website.

If you submit personal information for publication on our website, we will publish and otherwise use that information in accordance with the licence you grant to us.

Your privacy settings can be used to limit the publication of your information on our website, and can be adjusted using privacy controls on the website.

We will not, without your express consent, supply your personal information to any third party for the purpose of their on any other third party’s direct marketing.

When we can disclose your personal information

We may disclose your personal information to any of our employees insofar as reasonably necessary for the purposes set out in this policy.

We may disclose your personal information:

  1. To the extent that we are required to do so by law;
  2. In conenection with any ongoing or prospective legal proceedings;
  3. In order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk);
  4. To the purchaser (or prospective purchaser) of any business or asset that we are (or are contemplating) selling.

Except as provided in this policy, we will not provide your personal information to third parties.

How long we keep your data

We store personal data for as long as we find it necessary to fulfil the purpose for which the personal data was collected, while also considering our need to answer your queries or resolve possible problems. This helps us to comply with legal requirements under applicable laws, to attend to any legal claims/complaints, and for safeguarding purposes.

This means that we may retain your personal data for a reasonable period after your last interaction with us. When the personal data that we have collected is no longer required, we will delete it securely. We may process data for statistical purposes, but in such cases, data will be anonymized.

What about cookies

We may log information using “cookies”. Cookies are small data files stored on your hard drive by a website. Cookies help us make our website and your visit better.

We may log information using digital images called web beacons on our website or in our emails.

This information is used to make our website work more efficiently, as well as to provide business and marketing information to the owners of the website, and to gather such personal data as browser type and operating system, referring page, path through website, domain of ISP, etc. for the purposes of understanding how visitors use our website. We will use this information to improve our website, its structure and content.

Cookies and similar technologies help us tailor our website to your personal needs, as well as to detect and prevent security threats and abuse. If used alone, cookies and web beacons do not personally identify you.

The following types of cookie files are used within website:

  1. “necessary” cookie files that allow the use of services available within the website, i.e. authentication cookie files used in services requiring authentication within the website,
  2. Cookie files that ensure the safety i.e. used to detect abuse of authentication within the website,
  3. Performance cookie files that allow collection of information on the use of pages within the website,
  4. Functional cookie files allowing remembering of settings selected by user and user interface personalization, i.e. in terms of selected language or region from which user comes from, font size, website looks, etc.
  5. Advertising cookie files, allowing delivery of advertising contents that are adjusted to user’s interests.

In many cases software used to view websites (web browser) automatically allows storage of cookie files in user’s end device. Website users can change these settings at any time. These settings can be changed in particular to block automated acceptance of cookie files in web browser settings or to inform on each storage of cookie files on user’s device. Detailed information about the possibility and methods of cookie files support is available in the software settings (settings of the web browser).

Cookie files are stored on-site user’s end device and may be used by advertisers and partners cooperating with the Service provider, i.e. google, facebook. More information on these cookie files can be found on websites of each third party.

Service provider informs that limitation of the use of cookie files may affect some functionalities available on pages within the website.

What are your data protection rights

TinyBoat would like to make sure you are fully aware of all of your data protection rights. Every user is entitled to the following:

  1. The right to access: you have the right to request TinyBoat for copies of your personal data. We may charge you a small fee for this service.
  2. The right to rectification: you have the right to request that TinyBoat correct any information you believe is inaccurate. You also have the right to request TinyBoat to complete information you believe is incomplete.
  3. The right to disagree: you have the right to withdraw any consent to personal data processing at any time.
  4. The right to erasure: you have the right to request that TinyBoat erase you personal data, under certain conditions.
  5. The right to restrict processing: you have the right to request that  TinyBoat restrict the processing of your personal data, under certain conditions.
  6. The right to object to processing: you have the right to object to TinyBoat’s processing of your personal data, under certain conditions.
  7. The right to data portability: you have the right to request that TinyBoat transfer the data that we have collected to another organization, or directly to you, under certain conditions.

If you make a request, we have one month to respond to you.

If you would like to exercise any of these rights, please contact us by: