This Privacy Notice explains how we, at Maploom, process information about the Users of our websites and in connection with the services we provide through maploom.com and how we meet the requirements of UK GDPR.
Who’s Who and What This Privacy Notice Covers
Firstly we will discuss who we are at Maploom, what we do, and what this Privacy Notice covers.
We are the people behind a variety of products and services designed to allow the use of sophisticated mapping, geographical analysis and visualisation by non-experts. The most notable products in question are:
- maploom core
- Noise Insulation Scheme tools
- FC WIDGET
- Defra Coastal Demonstrator
Maploom is an online platform providing access to a variety of mapping data and functionality. The platform is offered at different usage levels which range from Preview and Free versions to commercial functions which allows for business use.
To keep things simple, in this Privacy Notice we’ll refer to the users of the services as “Users,”
We put together this Privacy Notice to help our Users understand the information we collect about them and how that happens on our Sites. It is published to explain how data is collected via the Sites and how that information is used and disclosed.
Information We Collect About Visitors to Our Sites
This section sets out how we collect, use, and share information about visitors to our Sites. We collect information about visitors to our Sites in a few different ways. We collect certain information that the Users provide to the Site and we also collect some information automatically.
Information a Visitor Provides to a Site
Users provide information to our sites primarily when they type into a text field on a Site, like a sign-up form.
Here are the most common ways in which users directly provides information to a Site:
- User login details: If a User wishes to use the full range of map data and functionality, we require them to register. Through the registration process we require certain information to administer the login, provide account security and to manage the products and services. This is as follows:
- Preview: embedded at Maploom.com – no registration required nor any details stored.
- Free version: email address, password, display name (optional), industry (optional).
- Plan: email address, password, display name, address, preferred contact telephone number, industry (for invoicing purposes), products the User is subscribed to.
- Opt In/Out users who have an account with us automatically opt in to periodic email communications about new releases and product updates. You can unsubscribe at any time.
- Order and Shipment Information: If a User orders a commercial product from our site using ecommerce features we may collect information to process that order such as an address for the invoice (if needed) to the recipient. We do not store any credit card details as these are handled by our payment provider (Braintree – part of PayPal).
- We may also use this information for other purposes for example, to send marketing and other communications to our Users, and to provide our Users with analytics information about their use of our site (e.g., the number of maps generated etc). However, please note that we will only send marketing and other communications when Users have specifically asked to receive them.
- Other Information Entered on the Site: We may also collect other information that a User enters on the Site–such as a search query, data request etc. which helps us adapt and improve our services.
Information We Automatically Collect from the Site
We also automatically collect some information about Users to our sites. The information we automatically collect depends on which of our services the Site uses. We’ve listed examples below:
- Technical Data from a User’s Computer etc: We collect the information that web browsers, mobile devices, and servers typically make available about Users to a Site, such as the IP address, browser type, unique device identifiers, language preference, referring site, the date and time of access, operating system, and mobile network information.
- User Interactions: as described above, such as button clicks, searches etc.
- Location Information: We may determine the approximate location of a User’s device from the IP address but this is not stored directly but collated to give a broader picture of the location of our user base. We collect and use this information to, for example, understand how many people visit the Sites from certain geographic regions and to understand demands and server loading.
Other Information Provided by Our Users
How We Use Visitor Information
We use information about Site visitors in order to provide our Services to our Users this includes optimising our architecture (servers and resources) to offer a better user experience.
We may also use and share information that has been aggregated or reasonably de-identified, so that the information could not reasonably be used to identify any individual. For instance, we may publish aggregated statistics about the use of our services.
How We Share Visitor Information
We may share information collected about Site Users in the limited circumstances spelled out below:
- Subsidiaries, Employees, and Independent Contractors: We may disclose Site User information to our subsidiaries, our employees, and individuals who are our independent contractors that need to know the information in order to help us provide our services to our Users, or to process the information on our behalf. We require our subsidiaries, employees, and independent contractors to follow this Privacy Notice for information about Users that we share with them.
- Third Party Vendors: We may share User information with third party vendors who need to know this information in order to provide their services to us. This group includes vendors that help us provide our services to our Users and their Sites. We require vendors to agree to privacy commitments in order to share information with them.
- Legal Requests: We may disclose User information in response to a subpoena, court order, or other governmental request.
- To Protect Rights, Property, and Others: We may disclose User information when we believe in good faith that disclosure is reasonably necessary to protect the property or rights of Maploom, our Users, third parties, or the public at large. For example, if we have a good faith belief that there is an imminent danger of death or serious physical injury, we may disclose information related to the emergency without delay.
- Business Transfers: In connection with any merger, sale of company assets, or acquisition of all or a portion of our business by another company, or in the unlikely event that Maploom goes out of business or enters bankruptcy, User information would likely be one of the assets that is transferred or acquired by a third party. If any of these events were to happen, this Privacy Notice would continue to apply to User information and the party receiving this information may continue to use this information, but only consistent with this Privacy Notice.
How Long We Keep Visitor Information
While we will retain user logins, passwords etc. stored within the user profile as long as the account is active; if we are not legally required to keep it, we generally discard information about Site visitors when no longer needed for the purposes described in the “How We Use Visitor Information” section above.
In addition, the information we collect about users is routinely aggregated. For example, we keep the web server logs (for approximately 30 days) that record information about a visitor to our sites and statistics about these, but we do not correlate this with visitor information. This is because we do not keep specific visitor’s IP addresses but generate statistics about user-base location. We retain the logs for this period of time in order to, among other things, investigate issues if something goes wrong on a site.
How can I request my personal data are deleted?
Users may request to have all their personal data deleted. If you you wish and have your personal data deleted, please send an email to firstname.lastname@example.org with the subject “Request deletion of my personal data” and include your Facebook account name (if relevant). The deletion will be completed and we will notify you that this has been done.
Notification of Data Breaches
In the event of a data breach, we have procedures in place to detect, investigate and report on personal data breaches to meet the GDPR’s 72 hour-deadline for notification.
You can read more about our products and services on our website www.maploom.com.