1. Purpose
Demerzel Solutions Limited (“Nethermind”, “The Company”, “we”, “us”) is a company incorporated and registered in England and Wales. Our company number is 10908862. Our registered office address is at 30 Churchill Place, London, England, E14 5EU.
We are committed to protecting your data when you use our website, products and services. We recognise that when you choose to provide us with information about yourself, you trust us to treat it in a responsible manner.
The purpose of this Privacy Policy is to inform you about how the Company may use data when you visit our website at https://auditagent.nethermind.io/ (“Site”), when you make use of our Services or when you have other interactions with us.
We are the 'controller' in relation to any Personal Data (defined below) that you provide to us, which means we determine the purposes and the way in which your personal data is, or will be, processed and are responsible for it.
This Privacy Policy explains the following:
What information we may collect about you;
How we will use information we collect about you;
Why we collect that information;
Whether the Company will disclose your details to anyone else;
Where we might send your information; and
The use of cookies and analytics on the Company’s Site.
2. Terms of Use
This Privacy Policy forms part of our Terms of Use (the “Agreement”). Any capitalised word not defined in this Privacy Policy shall have the meaning given to it in the Agreement.
3. Definitions
Aggregated Data: High-level data which is created by combining your individual data with that of other individuals e.g. Site usage statistics.
UK GDPR: the UK General Data Protection Regulation (“UK GDPR”) is a regulation in UK law on data protection and privacy, introduced following the UK’s exit from the European Union. The primary aim of the UK GDPR is to give control to individuals over their personal data and to ensure the UK data protection regime remains adequate for the purposes of cross-border data transfers with EU Member States.
Services: as per the Agreement, Nethermind’s Test Audit Agent, any Report it generates, its platform, and its link to any underlying APIs, and any Updates, patches, bug fixes and upgrades that Nethermind provides to you.
Data Protection Law: All legislation and regulations in force from time to time regulating the use of personal data and the privacy of electronic communications including, but not limited to, the UK GDPR and the Data Protection Act 2018, which should be read together.
Encryption or encrypted data: The most effective way to achieve data security. To read an encrypted file, you must have access to a secret key or password that enables you to decrypt it. Unencrypted data is called plain text.
ICO: Information Commissioner’s Office. The supervisory authority for data protection in the UK.
Personal Data: Any information relating to an identifiable person who can be directly or indirectly identified from that information, for example, a person’s name, identification number, location, online identifier. It can also include pseudonymised data.
Personal Data Breach: A breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.
Special Categories of Personal Data: This data needs more protection because it is sensitive. It includes data which relates to an individual’s health, sexual orientation, race, ethnic origin, political opinion, religion, and trade union membership. It also includes genetic and biometric data (where used for ID purposes).
User: Any person accessing our Site.
4. Scope
This Privacy Policy applies only to your Use of the Site and Services.
The Site and Services may contain hyperlinks to websites owned and operated by third parties. These third party websites have their own privacy policies, and are also likely to use cookies. We recommend that you review these policies which will govern the use of Personal Data which you submit when visiting these websites and which may also be collected by cookies. We do not accept any liability for such third party websites and your use of such websites is at your own risk.
When you visit our Site or use the Services, we use the following third party services which may collect personal data for the following purposes:
1. Matomo Cloud
a. Purpose of Processing: To collect and analyse information about how you interact with our Site (web analytics), and to recognize and stop any misuse.
b. Lawful Basis: Legitimate Interest
c. Data Collected:
Anonymised IP address,
Pages visited,
Browser and device used,
Mouse movements,
Anonymised key strokes, and more.
d. Privacy Policy: Link
5. The Collection and Use of Data
5.1. What Information Do We Collect?
When you access the Site or Services, we may receive Personal Data about you.
We may collect, use, store and transfer different kinds of such data about you which we have grouped together as follows:Marketing and
Identity Data: includes your first name, last name, and title.
Contact Data: includes your email address.
Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.
Usage Data includes information about how you use our Site and Services.
Authentication Data includes your Github Auth (OAuth Token) which we will collect where you set up a User Account.
Technical Data includes the following data in an anonymised form: internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access the Site.
Nethermind does not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
5.2. How Do We Collect Information?
We use different methods to collect data from and about you including through:
Direct interactions: You may give us your Identity or Contact Data by setting up a User Account, filling in forms, questionnaires, or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you contact us about our Services.
Technical Data: As you interact with our Site, we will automatically collect Technical Data through technologies.
Third parties or Publicly Available Sources: We may receive Personal Data about you from various third parties and public sources, including but not limited to analytics providers.
5.3. What If You Fail To Provide Personal Data?
Where we need to collect Personal Data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with the Services or to facilitate the operation of the Site). In this case, we may have to withdraw provision of the Services for your benefit, or discontinue your use of the Site, but we will let you know of this in advance.
5.4. How Will We Use The Information?
Depending on your use of our Site, we will use your Personal Data for a number of purposes including:
To administer and protect our business and this Site: including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data.
Type of Data Used
Identity
Contact
Technical
b. Lawful Basis for Processing the Data
Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise);
Necessary to comply with a legal obligation.
To manage our relationship with you which will include: (a) Notifying you about changes to our terms or privacy policy (b) Asking you to leave a review or take a survey; and/or (c) respond to a request for support or information.
Type of Data Used
Identity
Contact
Usage
Marketing and Communications
b. Lawful Basis for Processing the Data
Performance of a contract with you
Necessary to comply with a legal obligation
Necessary for our legitimate interests (to keep our records updated and to study how you use our Services).
Authentication and Access Control: To manage your use of the Services, including your login where you create a User Account.
Type of Data Used
Identity
Contact
b. Lawful Basis for Processing the Data
Performance of a contract with you
Necessary for our legitimate interests.
Marketing and Communication: To send you relevant newsletters, updates, and promotional materials, either directly or indirectly via third parties.
Type of Data Used
Identity
Contact
Usage
Marketing and Communications
Technical
b. Lawful Basis for Processing the Data
Consent
Analytics and Performance Monitoring: To analyse your behaviour to improve functionality of the Site and Services, ultimately enhancing your user experience.
Type of Data Used
Usage
Technical
b. Lawful Basis for Processing the Data
Necessary for our legitimate interests (for running our business, provision of administration and IT services).
We collect and use the Personal Data about you for the purposes described above, because we have a legitimate business interest to do so that is not overridden by your right to have your Personal Data adequately protected. You do not have to provide us with any of the Personal Data described above, but if you choose not to do so, you may not be able to receive certain Services, access certain parts of our Site or receive information from us that you have requested.
We will get your express opt-in consent before we share your personal data with any third party for marketing purposes.
5.5. Change of Purpose
We will only use your Personal Data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.
If we need to use your Personal Data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your Personal Data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
5.6. Data Aggregation
We may collect, use and share Aggregated Data. Aggregated Data could be derived from your Personal Data, but it is not considered Personal Data under the UK GDPR on the basis that it does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific feature of the Site or Services. Nethermind may also share this anonymous data with third-parties.
For the avoidance of doubt, if the Aggregated Data can directly or indirectly identify you, the Company treats the data as Personal Data which will be used in accordance with this Policy.
5.7. Sharing Information With Third Parties
We may send your Personal Data to other affiliates and third parties to help us process your Personal Data for the purposes set out in this policy, such as:
Service Providers - including those who provide: web hosting, IT and system administration services, metrics and analytics, financial services, and marketing services, including but not limited to Matomo and Stripe.
Professional Advisers - including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services.
Corporate Partners - including third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. If a change happens to our business, then the new owners may use your Personal Data in the same way as set out in this privacy notice.
We require all third parties to respect the security of your Personal Data and to treat it in accordance with the law. We do not allow our third-party service providers to use your Personal Data for their own purposes and only permit them to process your Personal Data for specified purposes and in accordance with our instructions.
5.8. Where Do We Send Your Information?
Nethermind may be required to transfer Personal Data to a country/countries around the world including countries in Europe, US, Asia, Africa. If we transfer your Personal Data out of the UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
The country has been deemed to provide an adequate level of protection for Personal Data by the Information Commissioner’s Office (”ICO”).
If we use certain service providers based outside the UK, we may use specific contracts approved by the ICO which give Personal Data the same protection it has in the UK.
In any other case, we will obtain your explicit consent before any transfer takes place.
Please contact us if you want further information on the specific mechanism used by us when transferring your Personal Data out of the UK.
6. Site Analytics and Cookies
6.1. Use of Cookies: Cookies are text files placed on your computer to collect standard internet log information and visitor behaviour information. This information is used to track visitor use of the website and to compile statistical reports on website activity. For further information visit www.aboutcookies.org. You can set your browser not to accept cookies and the above website tells you how to remove cookies from your browser.
While Nethermind does not collect cookies at present, we reserve the right to do so in the future, without any notice given to users. The Privacy Policy will be updated accordingly should this become the case.
We reserve the right to use cookies that fall into one or more of all the categories below:
Strictly Necessary Cookies – These enable services you have specifically asked for. Without these cookies, certain services you have asked for cannot be provided.
Performance Cookies – These collect information on the pages visited. These cookies collect information about how users use a website, for instance which pages users go to most often, and if they get error messages. These cookies don’t collect information that identifies a visitor. All information these cookies collect is aggregated and therefore anonymous. They are only used to help make improvements to the website for a better user experience.
Functionality Cookies – These remember choices you make to improve your experience. These cookies allow the website to remember choices you make and provide enhanced, more personal features. They may be used to help provide services you have asked for, such as watching a video. The information these cookies collect may be anonymised and they cannot track your browsing activity to other websites.
7. Keeping Data Secure
7.1. How Do We Protect Your Information? We have put in place appropriate security measures to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your Personal Data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your Personal Data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected Personal Data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
7.2. Data Retention
We will only retain your Personal Data for as long as reasonably necessary to fulfil the purposes we collected it for. We may retain your Personal Data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for Personal Data, we consider the amount, nature and sensitivity of the Personal Data, the potential risk of harm from unauthorised use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements. Further details regarding our retention periods are below:
User Data - This includes your name, email, and username. We will retain this data as long as your User Account is active.
Authentication Data - This includes your password and tokens. This will be stored where your User Account is active, and you will be prompted to refresh this on a periodic basis.
Optional Data - Where you provide optional information, this will be stored as long as you keep it on your profile. If you would like it deleted, further details are below.
Analytics Data - This data tracks the performance of the Site. Nethermind will store it for as long as necessary to fulfil this purpose. Typically, this is 12 months, but it can be longer.
In some circumstances you can ask us to delete your data. In some circumstances we will anonymise your Personal Data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you. If you would like to request that your data is deleted, please contact legalnotices@nethermind.io. If appropriate, you will be informed once your data is deleted, or you will be given reasons for the legitimate purpose in continuing to store your data.
8. What Are Your Rights?
Under the UK GDPR, you have the following rights, which Nethermind will always work to uphold:
Right to Access - For a copy of the Personal Data we hold about you, and details about how we are processing your Personal Data. If we provide you with access to the information we hold about you, we will not charge you for this, unless your request is “manifestly unfounded or excessive”. Where we are legally permitted to do so, we may refuse your request. If we refuse your request, we will tell you the reasons why. Any Data Subject Access Requests should be submitted to legalnotices@nethermind.io.
Right to Correct - To have any inaccuracies in your Personal Data corrected.
Right to Erase - To have your Personal Data erased, or for our use of it to be restricted (for example, if your preferences change, or if you don’t want us to send you the information you have requested). Any Data Subject Data Erasure Requests should be submitted to legalnotices@nethermind.io.
Right to Restrict Use - The right to “block” Nethermind from using your data or limit the way in which we can use it.
Right to Data Portability - If we are processing your Personal Data by automated means and on the basis of your consent (see “How do we use it?”, above), for us to provide your Personal Data to you in a structured, commonly-used and machine-readable format. You can also ask us to provide your Personal Data directly to a third party in this format, and, if technically feasible, we will do so.
Right to Object - The right to object to our use of your data including where we use it for our legitimate interests.
8.1. Right to Opt Out
You can request that we stop sending you marketing materials at any time, by contacting us. Where you opt out of receiving these marketing messages, this will not apply to Personal Data provided to us as a result of purchasing a product or service.
8.2. How to Contact Us
This Privacy Policy should tell you everything you need to know, but you can always contact us to ask any questions or if you wish to exercise any of your rights in relation to your Personal Data, using the contact information below: legalnotices@nethermind.io
You will not have to pay a fee to access your Personal Data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your Personal Data (or to exercise any of your other rights). This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within 28 working days. Occasionally it could take us longer, if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
You have the right to make a complaint to the supervisory authority if you are unhappy with how we’ve handled your Personal Data. In the UK, the supervisory authority is the Information Commissioner’s Office (http://www.ico.org.uk).
9. Changes to the Privacy Policy
We may change this Privacy Policy at any time. We encourage you to periodically review this page for the latest information on our privacy practices. If we make any changes, we will change the Last Updated date above.
Any modification to this Privacy Policy will be effective upon our posting of the new terms and/or upon implementation of the changes to the Site (or as otherwise indicated at the time of posting). In all cases, your continued use of the Site or Services after the posting of any modified Privacy Policy indicates your acceptance of the modified terms.