Privacy Policy
We take your privacy very seriously. Please read this privacy policy carefully as it contains important information on who we are and how and why we collect, store, use and share your personal data. It also explains your rights in relation to your personal data and how to contact us or supervisory authorities in the event you have a complaint.
​
Our use of your personal data is subject to your instructions, the EU General Data Protection Regulation (GDPR), and other relevant UK and EU legislation (including the Data Protection Act 1998).
Key terms
It would be helpful to start by explaining some key terms used in this document:
We, us, our
Icondesk Limited, trading as “IconDesk” of 2 Kilburn Park Road, NW6 5UY
Personal data
Any information relating to an identified or identifiable individual
Special category personal data
Personal data revealing racial or ethnic origin, political opinions, religious beliefs, philosophical beliefs or trade union membership
Genetic and biometric data
Data concerning health, sex life or sexual orientation
What personal data we collect
Personal information provided by you
The personal information we collect about you may include:
· First and last name
· Instagram Username
· Email address
· Phone number
· Your device’s ID
· Address
· Date of birth
· Icondesk defined Interests
· Instagram ID
· Facebook ID
· Financial details including bank account details for payout purposes only
· IP-address
· Location
· Photos you upload; Photos of you
· Your public Instagram data, which includes audience demographics, locations and interests
· Any other personal information you provide to us directly
Personal information provided by third parties
Occasionally we may receive information about you from other sources (such as credit reference agencies), which we will add to the information we already hold about you in order to help us provide our services to you.
Sensitive personal information
If we ever request Special category personal data from you, we will explain why we are requesting it and how we intend to use it.
This includes information relating to:
• your ethnic origin
• your political opinions
• your religious beliefs
• whether you belong to a trade union
• your physical or mental health or condition
• your sexual life, and
• whether you have committed a criminal offence
​
We will only collect your sensitive personal information with your explicit consent.
Monitoring and recording communications
We may monitor and record communications with you (such as email correspondence) for the purpose of training, quality assurance, fraud prevention and the improvement of our services.
Use of cookies
​
A cookie is a small text file which is placed onto your computer (or other electronic device) when you use our website. We use cookies on our website.
For example, we may monitor how many times you visit the website, which pages you go to, traffic data, location data and the originating domain name of a user's internet service provider. This information helps us to build a profile of our users. Some of this data will be aggregated or statistical, which means that we will not be able to identify you individually.
​
For further information on our use of cookies, please see our Website cookie policy.
​
How and why we use your personal data
​
Under data protection law, we can only use your personal data if we have a proper reason for doing so, e.g.:
• to comply with our legal and regulatory obligations;
• for the performance of our contract with you or to take steps at your request before entering into a contract;
• for our legitimate interests or those of a third party; or
• you have given consent.
​
A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests.
The table below explains what we use (process) your personal data for and our reasons for doing so:
What we use your personal data for
Our reasons
To provide our services to you, and to facilitate the use of the website/app
For the performance of our contract with you or to take steps at your request before entering into a contract
To identify you and manage any account you hold with us
For the performance of our contract with you or to take steps at your request before entering into a contract
To process any requests you make through our app/site
For the performance of our contract with you or to take steps at your request before entering into a contract
To carry out user profiling
For our legitimate interests or those of a third party
To improve our services
For our legitimate interests or those of a third party
To market and promote our services
For our legitimate interests or those of a third party
To gather and provide information required by or relating to audits, enquiries or investigations by tax or other regulatory bodies
To comply with our legal and regulatory obligations
To detect and prevent fraud and to enforce our terms and conditions
For our legitimate interests or those of a third party
Marketing
We would like to send you information by email about our services, competitions and special offers which may be of interest to you.
We have a legitimate interest in processing your personal data for promotional purposes (see above ‘How and why we use your personal data’). This means we do not usually need your consent to send you promotional communications. However, where consent is needed, we will ask for this consent separately and clearly.
We will always treat your personal data with the utmost respect and never share it with other organisations outside our corporate group for marketing purposes.
You have the right to opt out of receiving promotional communications at any time by:
• contacting us (see ‘How to contact us’ below).
• using the ‘unsubscribe’ link in emails
Who we share your personal data with
We may disclose your personal data to:
• other companies within our corporate group;
• (where you are a creator/influencer) brands who wish you to promote their brand campaigns;
• our agents and service providers;
• credit reference agents;
• law enforcement agencies in connection with any investigation to help prevent unlawful activity;
• our business partners in accordance with the 'Marketing and opting out' section above.
We only allow our service providers to handle your personal data if we are satisfied they take appropriate measures to protect your personal data.
We may disclose and exchange information with law enforcement agencies and regulatory bodies to comply with our legal and regulatory obligations.
We may also need to share some personal data with other parties, such as potential buyers of some or all of our business or during a re-structuring. Often, such information will be anonymised but this may not always be possible.
Where your personal data is held
Information may be held at our offices and those of our group companies, service providers, representatives and agents as described above (see ‘Who we share your personal data with’).
We store data in our servers in London, EU and the US.
Some of these third parties may be based outside the European Economic Area. For more information, including on how we safeguard your personal data when this occurs, see below: ‘Transferring your personal data out of the EEA’.
How long your personal data will be kept
We will not retain your data for longer than necessary (or as is required by law).
When it is no longer necessary to retain your personal data, we will delete or anonymise it.
Keeping your data secure
​
We will use technical and organisational measures to safeguard your personal data, for example:
• access to your account is controlled by a password and username that are unique to you; and
• we store your personal data on secure servers.
While we will use all reasonable efforts to safeguard your personal data, you acknowledge that the use of the internet is not entirely secure and for this reason we cannot guarantee the security or integrity of any personal data that are transferred from you or to you via the internet. If you have any particular concerns about your information, please contact us (see ‘How to contact us?’ below).
Transferring your personal data out of the EEA
​
To deliver services to you, it may be necessary for us to share your personal data outside the European Economic Area (EEA), e.g.:
• with our offices outside the EEA (if any);
• with your and our service providers located outside the EEA;
• if you are based outside the EEA;
These transfers are subject to special rules under European and UK data protection law.
Where these non-EEA countries do not have the same data protection laws as the United Kingdom and EEA. We will, however, use all reasonable endeavours to ensure the transfer complies with data protection law and all personal data will be secure.
If you would like further information please contact us (see ‘How to contact us’ below).
​
IconDesk's use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.”
Note that apps distributed on Google Play are also subject to the Google Play Developer Distribution Agreement.
You can also find more information in the Limited Use Requirements section of the OAuth API Verification FAQ.
Your rights
You have the following rights, which you can exercise free of charge:
Access
The right to be provided with a copy of your personal data (the right of access)
Rectification
The right to require us to correct any mistakes in your personal data
To be forgotten
The right to require us to delete your personal data—in certain situations
Restriction of processing
The right to require us to restrict processing of your personal data—in certain circumstances, e.g. if you contest the accuracy of the data
Data portability
The right to receive the personal data you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party—in certain situations
To object
The right to object:
—at any time to your personal data being processed for direct marketing (including profiling);
—in certain other situations to our continued processing of your personal data, e.g. processing carried out for the purpose of our legitimate interests.
Not to be subject to automated individual decision-making
The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you
For further information on each of those rights, including the circumstances in which they apply, please contact us or see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals’ rights under the General Data Protection Regulation.
If you would like to exercise any of those rights, please:
• contact us —see below: ‘How to contact us’; and
• let us have enough information to identify you; and
• let us know what right you want to exercise and the information to which your request relates.
How to complain
​
We hope that we can resolve any query or concern you may raise about our use of your information.
The General Data Protection Regulation also gives you right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns.
How to contact us
Please contact us if you have any questions about this privacy policy or the information we hold about you.
If you wish to contact us, please send an email to help@icondesk.co
Changes to the privacy policy
We may change this privacy notice from time to time, when we do we will inform you via email.