Engine by Starling Privacy Notice

Version 1.0

This privacy notice describes how we collect and use the personal data of individuals such as those who work for or on behalf of our clients, suppliers and advisors. It covers all the possible ways you can interact with us, e.g. when you visit our websites, you get in touch with us or you license an Engine product/service from us. You do not have to transfer your information to us, however, if you do not it will severely limit your ability to use our products and services.

This notice explains:

Our websites may, from time to time, contain links to and from the websites or other links or apps of our partner networks and our affiliates. These links and destinations have their own privacy policies and we do not accept any responsibility or liability for these. Please check these policies before you submit any information via these links or destinations.

Who is the data controller and updates

  1. For the purposes of the data protection laws, the data controller is Engine by Starling Limited company number 13925405 and we have our registered office at 5th Floor, London Fruit & Wool Exchange, Duval Square, London, E1 6PW. Our UK ICO registration number is ZB358234.
  2. This notice may be updated by us from time to time. Any updates we make to this notice will become effective immediately on posting on our websites - you should check our website periodically for such changes. If such an update is significant we will provide you with notice of this via a service email or another method we think is suitable.

What information we collect

In short, we collect and use information about you that is picked up when you interact with us such as through our websites, if you get in touch with us or if you license and use an Engine product/service. We may also collect and use information about you that is provided by third parties (such as your employer who we are doing (or potentially going to do) business with).

If you want more detail, here is the information that we may collect about you:

  1. information from you or your employer when getting in contact with us (through our website or by phone (and we monitor and record calls), email, at conferences and events or otherwise) and information you provide when you register or use our websites, transact, use or request information about Engine services, for Engine due diligence purposes, when you engage in feedback research or similar, participate in discussion boards or other social media platforms or when you report a problem with our websites or our services. Examples of this information are your name, work address, email addresses and phone number, financial and credit and debit card information, employment information, personal description and photographs, videos or audio files;
  2. technical information, including the Internet protocol (IP) address used to connect your computer or device to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, device (identification) information, mobile phone network;
  3. information about your visit to our websites, including the full Uniform Resource Locators clickstream to, through and from our websites (including date and time), products and services you viewed, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page - our websites may also use cookies (please refer to our Cookie Policy for detailed information on this: www.enginebystarling.com/legal/cookie-policy/);
  4. telephone log information, such as your phone number, calling-party number, forwarding numbers, time and date of calls, duration of calls, SMS routing information and types of calls, any phone number used to call us and the content of those calls;
  5. information about where you are located which is provided through our technology by using details like your IP address or GPS sensors;
  6. we also work closely with third parties (including, for example, business partners, subcontractors in delivery services, advertising networks, analytics providers, search information providers) and may receive information about you from them; and
  7. From time to time, on rare occasions we may process your special category data. We’ll only process this information when we absolutely need to. For example, if you let us know you need extra assistance attending meetings due to a disability.

How we use your information and the lawful basis

In short, we use your information in order to carry out our operations as a service provider and provide products and services, to make sure we do not breach any contracts, to keep Engine and you secure, to provide you or others with information about products and services and to comply with the law.

If you want more detail, we use your information in the following ways:

How do we use your information?Our lawful basis
3.1

For our operations as a service provider and to provide products and services including:

  1. to ensure our websites, content and services are as effective and relevant as possible and give you the best experience they can;
  2. to administer our business, including troubleshooting, fraud detection, data analysis, testing, research, marketing, statistical and survey purposes, to identify and assist you and to keep our business, websites and our systems safe and secure;
  3. to ensure that we comply with the law and regulations, for regulatory purposes generally as well as to help detect or prevent fraud or other crimes, and for tax, legal, reporting and auditing obligations;
  4. in case we need to check we have carried out your instructions correctly or to resolve queries or issues;
  5. for staff training purposes where we may monitor or record conversations; and
  6. to assess if you are suitable to work with or for us.

We have a legitimate interest in providing products and services, operating and improving Engine, providing service messages about our products and services to you and others and being as efficient as we can about complying with legal duties, obligations and regulations that apply to us and keeping our records up to date.

Where it is necessary for the adequate performance of contracts with you or your company and to take steps requested by you prior to you or your company entering into contracts with us.

Where it is necessary to comply with a legal obligation we are subject to.

3.2

To carry out our obligations arising from any contracts entered into between you and us.

Where it is necessary for the adequate performance of contracts with you or your company and to take steps requested by you prior to you or your company entering into contracts with us.

3.3

To provide you or others, directly or via third party platforms (such as social media platforms): information, products and services that are requested from us; other information, products and services we offer or our business partners offer; and notice about changes to our products or services.

We have a legitimate interest in undertaking activities to offer products or services that may be of interest to you or your company or that you have expressed an interest in hearing about, given our legitimate interest in providing products and services, operating and improving Engine and being as efficient as we can about complying with legal duties, obligations and regulations that apply to us and keeping our records up to date.

Where it is necessary for the adequate performance of contracts with you or your company and to take steps requested by you prior to you or your company entering into contracts with us.

3.4

To measure, understand and improve the effectiveness of any functionality or access to, or the commerciality of, any products or services we offer or to which we provide access and to inform our marketing communications, and we use social media platforms and other communication platforms, analytics and search engine providers to assist us in marketing and the improvement and optimisation of our websites and our business generally.

We have a legitimate interest in operating and improving Engine, marketing our products and services to you/ your company and others and providing products and services.

Where it is necessary for the adequate performance of contracts with you or your company and to take steps requested by you prior to you or your company entering into contracts with us.

3.5

To market our products and services to you or others, directly or via third party platforms in a business capacity.

Where we have a legitimate interest in undertaking such activities.

Special category personal data: If there is special category personal data for any of the purposes set out above in Section 2 we will process that data on the following grounds: (1) where we have your explicit consent; or (2) it is necessary for: (i) the protection of your vital interests or of another person, or (ii) reasons of substantial public interest, or (iii) the establishment, exercise or defence of legal claims.

Who we share your information with

In short, sometimes we share your information with: our affiliates, those we do business with, our professional advisors, regulators and other parties if the information is aggregated (and so cannot identify you specifically).

If you want more detail, we may share your information in certain circumstances, including:

  1. with our affiliates to ensure we can do the things set out above in the section “HOW WE USE YOUR INFORMATION AND THE LAWFUL BASIS?”;
  2. with business partners, professional advisors, suppliers and subcontractors, social media platforms and other related service providers, with companies, organisations or individuals outside Engine (such as analytics providers) for the performance of any contract we enter into with them or you (or your company) or for the uses set out in the section “HOW WE USE YOUR INFORMATION AND THE LAWFUL BASIS?”;
  3. If we are under a duty to disclose or share your information in order to comply with any legal obligation, or in order to enforce or apply any agreement with you or our suppliers or professional advisors, to protect the rights, property or safety of Engine, our clients or others, or our affiliates. This includes:
    1. exchanging information with other companies and organisations for the purposes of due diligence and credit risk reduction;
    2. with tax authorities; or
    3. with the police and other law enforcement bodies.

Where we process and store your information

In short, we generally process your information through servers in the UK and EEA and we will store the data for no longer than is necessary, e.g. normally from the date our relationship ends plus six years but longer if required by law. Sometimes the information goes outside the UK and EEA but we try and keep this to a minimum and we put safeguards in place as far as possible.

If you want more detail,

  1. We process your information and store it on servers managed by our hosting providers.
  2. Those servers are located across several secure data centres in the UK and EEA. Our server environment is highly secure and there is very limited personnel access. Any information will be encrypted at rest.
  3. We try to ensure that we do not send your information outside the UK and EEA. However, this is not possible in all cases as for a very small number of our suppliers or professional advisors, your information may be transferred to, and stored at, a destination outside the UK and EEA as well as processed by staff operating outside the UK and EEA who work for them. We will ensure that suitable safeguards are in place before your information is transferred outside the UK and EEA as required by law and we will take all steps reasonably necessary to ensure that information about you is treated securely and in accordance with this notice.
  4. Unfortunately, the transmission of your information via the Internet can never be 100% secure. Although we will do our best to protect your information, we cannot guarantee the security of information about you transmitted to us and so any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

Your rights

In short, you have certain rights under the law and under this notice to request access to your information, to manage it, to withdraw consent, and to request us to delete or transfer information about you or restrict the way it is used. You also have a right to complain. If you want to exercise any of your rights please email us at: privacy@enginebystarling.com.

If you want more detail,

  1. Accessing personal information about you:
    1. You may access your personal information held about you.
  2. Managing your information:
    1. To provide outstanding customer service we need accurate customer information. You can help by informing us whenever your circumstances change.
    2. We may need to ensure that your information is accurate and correct and this may involve a number of further steps.
  3. Deleting your information:
    1. You may request that we delete your information and we will do so but:
      1. only if we do not need to retain it for any of the matters set out in the section “HOW WE USE YOUR INFORMATION AND THE LAWFUL BASIS” above;
      2. your information may be impossible to permanently delete and where this is not possible we will put that information beyond reasonable use;
      3. your information which you have shared with others (e.g. on our websites) may remain publicly available;
      4. please note that your information which you have transmitted to other third parties will be subject to the privacy policies of those third parties.
    2. Generally, we will store your information for no longer than is necessary. Generally this means from the date our relationship ends plus six years but this could be longer if we are required in certain circumstances, including through legal requirements.
  4. Objecting to, withdrawing consent, or restricting use of your information:
    1. You can ask us to stop using all or some of your information, withdraw consent or to limit our use of it.
    2. We will do so but:
      1. only if we do not need to retain or use it for any of the matters set out in the section “HOW WE USE THE INFORMATION AND THE LAWFUL BASIS” above;
      2. your information which you have shared with others (e.g. on our websites) may remain publicly available;
      3. please note that your information which you have transmitted to other third parties will be subject to the privacy policies of those third parties.
    3. Before sending you direct marketing in your personal capacity, we will always obtain your permission to do so. You can update your permissions at any time.
    4. Please note that if you update your marketing preferences, there may be a period of time before the update takes effect and you may be sent marketing communications during this time.
  5. Transferring your information:
    1. You can ask to have transferred elsewhere information about you that you have provided to us:
    2. We will do so but:
      1. we may also need to retain it for any of the matters set out in the section “HOW WE USE YOUR INFORMATION AND THE LAWFUL BASIS” above;
      2. we may be restricted from doing so for the same reasons.
  6. Generally speaking, all individual rights requests will be responded to within 1 calendar month. However, where we receive a number of requests from you or your request is complex, we may take up to 3 months to respond.
  7. You have the right to lodge a complaint if you consider that, in connection with your personal data, we have breached data protection laws. Please email privacy@enginebystarling.com setting out your name and the full details of your complaint and we will take appropriate steps to respond to your complaint and inform you of the outcome of your complaint. If you are unhappy with the outcome of your complaint you can lodge a complaint with the UK Information Commissioner’s Office (go to https://ico.org.uk).

Definitions

The following terms mean:

  1. “affiliates” means from time to time our holding companies, subsidiary companies and all the subsidiary companies of such holding companies;
  2. “data protection laws” means: to the extent the UK GDPR (as defined in section 3(1) (as supplemented by section 205(4) of the Data Protection Act 2018) applies, the law of the United Kingdom or of a part of the United Kingdom which relates to the protection of personal data; or to the extent the General Data Protection Regulation (EU 2016/679) applies, the law of the European Union or any member state of the European Union to which a party is subject, which relates to the protection of personal data, or any associated data protection law applicable from time to time.
  3. “EEA” means the European Economic Area;
  4. “our websites” means https://www.enginebystarling.com/ and all related sites;
  5. “we”, “us”, “our” or “Engine” means Engine by Starling Limited;
  6. “your information” or “information about you” means personal data (as defined in the data protection laws) about you.