TAHORA APP PRIVACY NOTICE

Tahora is committed to protecting the privacy and security of your personal information.  This privacy notice describes how we collect and use personal information about you in accordance with data protection law.  Please read it carefully.

Data protection law says that the personal information we hold about you must be:

• Used lawfully, fairly and in a transparent way.
• Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
• Relevant to the purposes we have told you about and limited only to those purposes.
• Accurate and kept up to date.
• Kept only as long as necessary for the purposes we have told you about.
• Kept securely

If you have any questions about this notice or how we collect and use personal information about you please contact us by emailing support@tahora.com.

1 INFORMATION ABOUT US

1.1 We are Tahora Ltd and we are the creators of the Tahora app. Our registered office is at  71-75 Shelton Street, London, Greater London, United Kingdom, WC2H 9JQ and our registered company number is 12430540.

1.2 If you have any questions regarding this privacy notice, please contact our data compliance team by emailing support@tahora.com.

2 INFORMATION WE COLLECT AND HOW WE USE IT 

2.1 Employer provided information 

Access to Tahora is sponsored by your employer, organisation or other third party who contracts with us to make Tahora available to you and others (“your employer”). Your employer will provide us with their contact details together with email addresses and names for all of those within its organisation who are eligible to access Tahora. You do not need to use Tahora but if you do your personal data will be used in accordance with this privacy notice. We will retain the email addresses and other employer provided information for the duration of our contract with your employer (and for up to 12 months thereafter) and use it to fulfil that contract and for our legitimate interests in providing and administering Tahora and related products and services.  

2.2 Registration and profile information 

Where you register to use Tahora you will need to provide us with your name and email address and will have the option to provide other information such as your office location, home location, job title, health interests and goals. We will use this information together with any other information you save to your profile in order to provide you with access to Tahora and to maintain your profile. You can change your registration and profile details at any time within the profile page of the app or by emailing support@tahora.com.

We will keep and use the information provided by you and collected by us in relation to your use of Tahora in order to carry out our contract with you / your employer, to comply with any legal requirements for us to maintain certain records or carry out certain verifications and checks, and/or for our legitimate interests in preventing fraud, dealing with a complaint or enquiry and administering your or your employer’s account or order and any services we offer, as well as to review and improve our offerings, including troubleshooting, data analysis, testing, research, statistical and survey purposes.

2.3 Community and content information 

Where you join a Tahora community or post content (such as comments, reviews, responses, testimonials, photographs and videos) to a Tahora community, your membership of that community and the content of your posts may be visible to members of that community and other users of Tahora including your employer. You should not join a community or post content if you do not wish that information to be publically available. We are not responsible for how third parties use your content.

We may display and publish your content (and, if relevant, attribute it to you) on Tahora as necessary for our legitimate interests in providing content and for promotional purposes (or, in some circumstances, because you have specifically consented to us doing this).  This information is kept and published or displayed by us for as long as we consider it relevant for those purposes.  You can ask us to remove or delete your content at any time (subject to any agreements about our right to use it) by contacting us.  If we are displaying or publishing the information based on your consent, you have the right to withdraw that consent at any time. Where we delete your content we may at our discretion either delete it in full or remove any personally identifying features and retain the content linked to an unidentified member. 

We also have the right to disclose your identity to any third party who is claiming that any content posted or uploaded by you to Tahora constitutes a violation of their intellectual property rights, or of their right to privacy. 

2.4 Marketing preferences 

If you have opted to receive newsletters and other marketing we will use your profile information together with other information you provide to us, or which we gather from your use of Tahora, in order to send you those newsletters and other marketing.   

You will have the ability to opt out of receiving our newsletters and other marketing at any time by changing your profile settings or by clicking the unsubscribe link in the email. 

We may retain your details on our marketing list until you opt out at which point we add you to our suppression list.  We keep that suppression list indefinitely to comply with our legal obligations to ensure we don’t accidentally send you any more marketing.

You may also have the ability to sign up to receive emails from our content providers and other third party partners of Tahora. These emails will be provided by those third partner partners and will not be under Tahora’s control. You should contact them directly for more information about how they will use your data. 

2.5 Other correspondence or interaction 

Where we have any correspondence or interaction with you (for example by email, telephone, post, SMS or via our website) we will use the personal information (such as names and contact details) contained in that correspondence.  This may include enquiries, reviews, follow-up comments or complaints lodged by or against you and disputes with you or your organisation. We may retain this information as necessary to resolve disputes, provide customer support and troubleshoot problems, as permitted by law. 

We may also collect details of phone numbers used to call our organisation and the date, time and duration of any calls.  Please note that if we record your calls to or from us, we will inform you of this.

2.6 Professional information 

If you work for one of our sponsors, content providers, customers, suppliers or business partners, the information we collect about you may include your contact information, details of your employment and our relationship with you.  This information may be collected directly from you, or provided by your organisation.  Your organisation should have informed you that your information would be provided to us, and directed you to this policy.  We use this as necessary for our legitimate interests in managing our relationship with your organisation.  If we have a business relationship with you or your organisation, we may receive information about you from your organisation. 

2.7 Social media

If we engage with you on social media, we may use information you share with us (including your social media handle or profile) or which is available from your account to inform our correspondence with you.

If you visit our Facebook page, Facebook may be a joint controller with us in relation to information Facebook collects about you regarding your visit to interaction with our page or its content. Facebook will provide us with Page Insights, which are aggregated data to help us understand how people are engaging with our page. Page Insights do not show us details of individual visitors. For more information on the responsibilities of Facebook and us in relation to our Facebook page, please see https://www.facebook.com/legal/terms/information_about_page_insights_data. For more information about how Facebook uses your information, please see https://en-gb.facebook.com/privacy/explanation.

2.8 Third party websites 

Tahora may, from time to time, contain links to third party websites, plug-ins and applications.  Clicking on those links or enabling those connections may allow third parties to collect or share data about you.  We do not control these third party websites and are not responsible for their privacy statements.  When you leave Tahora, we encourage you to read the privacy notice of every website you visit.

2.9 Cookies and usage information

We may collect information about you and your use of Tahora via technical means such as cookies, webpage counters and other analytics tools.  This may include but not be restricted to your IP address, login data, app usage time, survey responses, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access Tahora.  

The cookies we use on the Tahora app fall into the following categories:

Strictly necessary cookies. These are cookies that are required for the operation of our app. They include, for example, cookies that enable you to log into secure areas of our app.

Analytical/performance cookies. They allow us to recognise and count the number of visitors and to see how visitors move around our app when they are using it. This helps us to improve the way our app works, for example, by ensuring that users are finding what they are looking for easily.

Functionality cookies. These are used to recognise you when you return to our app. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).

Advertising cookies. We, or third party advertisers, may also use cookies to serve adverts on you.  Where those adverts are targeted, this may involve using app information and information we (or our third party advertisers) have obtained from third parties and an automated decision-making process based on information about your interests or status.  This won’t include information such as your name or contact details.

We use the data collected via our cookies for our legitimate interests in administering and improving Tahora and its content, to ensure it operates effectively and securely, and to develop our business and inform our marketing strategy.  We may also create aggregate statistical data from that information (for instance, overall numbers of visitors) which is not personal information about you and may share this with your employer and other third parties. Where our adverts are displayed to you using your information, your information is used as necessary for our legitimate interests in marketing to you.

We keep this cookie information for up to five years from when it is collected or the relevant cookie expires. We may also keep aggregate statistical data indefinitely. 

The mobile device which you use to access the Tahora app will have settings that allow you to control whether third party advertising partners can use your mobile apps to show ads to you. On iOS devices, this setting is called ‘Limit ad tracking’ and on Android devices, this setting is called ‘Opt out of ads personalisation’. 

3 Special Categories of data

Tahora enables members to join communities based on your interests, goals and characteristics. The nature of these communities means that you may provide sensitive personal information about yourself. This type is information is known as “special category” data and includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data, as well as information about criminal convictions and offences. You are not obliged to provide this information but where you do it will be handled by us in accordance with this privacy notice. 

3.1 Where we collect “special categories” of particularly sensitive personal information this information requires higher levels of protection and by law we need to have further justification for collecting, storing and using this type of personal information.  We may process special categories of personal information in the following circumstances:

3.1.1 Where you have made the information public by joining a Tahora community or posting content on Tahora.

3.1.2 In limited circumstances, with your explicit written consent.

3.1.3 Where it is needed in the public interest.

3.1.4 Where it is needed in relation to legal claims or where it is needed to protect your vital interests (or someone else’s vital interests) and you are not capable of giving your consent.

3.2 As with the other information you provide, we retain “special category” information until you close your account or until our relationship with your employer comes to an end. We may then at our discretion either delete the information in full or remove any personally identifying features and retain the content linked to an unidentified member.

4 WHY elsE DO WE USE YOUR INFORMATION?

4.1 Common uses of your information.  We will only use your personal information when the law allows us to do so.  Although in limited circumstances we may use your information because you have specifically consented to it, we generally use your information in the ways set out in this notice because:

4.1.1 we need to perform a contract we have entered into with you.

4.1.2 we need to comply with a legal obligation.

4.1.3 it is necessary for our legitimate interests (or those of a third party) and your interests and rights do not override those interests.

4.1.4 we need to protect your interests (or someone else’s interests) or where it is needed in the public interest (although these circumstances are likely to be rare).

4.2 Change of purpose.  We will only use your personal information for the purposes for which we collected it as set out in this notice, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.  If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

5 Information we receive from third parties

5.1 We may also receive information about you from the following sources:

5.1.1 Our service providers.  We work closely with third parties (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers and credit reference agencies) who may provide us with information about you, to be used as set out in this privacy notice.

5.1.2 Businesses we have bought.  If we have acquired another business, or substantially all of its assets, which originally held your information, we will hold and use the information you provided to them, or which they otherwise held about you, in accordance with this privacy notice.  If we are reviewing whether to acquire a business, or substantially all of its assets, which holds your personal data (whether you are a customer or employee of that business or otherwise) we may receive limited personal data about you from that business or professional advisors involved in the transaction, as necessary for our legitimate interests in making decisions about that acquisition.  If we do not acquire that business, any information we receive about you will be deleted as soon as practicable following the decision not to acquire.

6 SHARING YOUR INFORMATION

6.1 We may share information with your employer. We will let your employer know which of their authorised employees have signed up to use Tahora. We may also share with your employer aggregated details of office locations, departments, job titles, interests and health goals. We may also share anonymous, statistical usage data with your employer. If we become aware that any content you contribute to Tahora does not comply with our content standards, we may notify your employer and provide them with a copy of that material and other information in relation to that non-compliance. You acknowledge that your membership of communities and any content you post on Tahora may be seen by other users of Tahora, which may include your employer. 

6.2 We never sell your data to third parties. But we may need to share your information with third parties, including third-party service providers and other entities in our group.  Third parties are required to respect the security of your personal information and to treat it in accordance with the law.  

6.3 Why might we share your personal information with third parties? We may share your personal information with third parties if we are under a duty to disclose or share your personal information in order to comply with any legal obligation, or in order to enforce or apply our agreements with you, or to protect the rights, property, or safety of us, our customers, or others or where we have another legitimate interest in doing so.  This may include exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

6.4 Which third-party service providers process your personal information? We may need to share your personal information with third-party service providers (including contractors and designated agents) so that they can carry out their services. We may use third-party service providers in relation to the following types of activity: legal advice, contract administration, IT services, payment processing, analytics.

6.5 When might we share your personal information with other entities in the group? We may share your personal information with other entities in our group as part of our regular reporting activities on company performance, in the context of a business reorganisation or group restructuring exercise, and for system maintenance support and hosting of data.

6.6 How secure is your information with third-party service providers and other entities in our group? All our third-party service providers and other entities in the group are required to take appropriate security measures to protect your personal information.  Where third parties process your personal information on our behalf as “data processors” they must do so only on our instructions and where they have agreed to treat the information confidentially and to keep it secure.

6.7 What about other third parties? We may share your personal information with other third parties, for example with potential buyers and professional advisers in the context of the possible sale or restructuring of the business where necessary in connection with the purposes which your information was collected for.  We may also need to share your personal information with a regulator or to otherwise comply with the law.

7 WHERE WE STORE YOUR INFORMATION

7.1 Our office headquarters and our main data centre is based in London, England.  However, where required to perform our contract with you or for our wider business purposes, the information that we hold about you may be transferred to, and stored at, a destination outside the UK and the EU.  It may also be processed by staff operating outside the UK and EU who work for us or for one of our service providers. 

7.2 We will take all steps reasonably necessary to ensure that your personal information is treated securely and in accordance with this privacy notice.

7.3 Some countries or organisations outside of the UK and the EU which we may transfer your information to will have an “adequacy decision” in place, meaning the EU considers them to have an adequate data protection regime in place.  These are set out on the European Commission website: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en.

7.4 If we transfer data to countries or organisations outside of the UK and the EU which the EU does not consider to have an adequate data protection regime in place, we will ensure that appropriate safeguards (for example, model clauses approved by the EU or a data protection authority) are put in place where required.  To obtain more details of these safeguards, please contact us.

8 DATA SECURITY

8.1 As well as the measures set out above in relation to sharing of your information, we have put in place appropriate internal security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.  In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know.  They will only process your personal information on our instructions and they are subject to a duty of confidentiality.

8.2 We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where necessary.

9 HOW LONG WILL WE KEEP YOUR INFORMATION FOR?

9.1 We will generally keep your information for the duration of our contract with your employer (and for up to 12 months thereafter) or, if earlier, until you delete your profile on Tahora. Where your profile is deleted we may at our discretion either delete your content in full or remove any personally identifying features and retain the content linked to an unidentified member. 

9.2 In some circumstances, it may be necessary to keep your information for longer than that in order to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

9.3 Where we consider there to be a risk that we may need to defend or bring legal claims, we may retain your personal information as necessary for our legitimate interests in ensuring that we can properly bring or defend legal claims.  We may also need to share this information with our insurers or legal advisers.  How long we keep this information for will depend on the nature of the claim and how long we consider there to be a risk that we will need to defend or bring a claim.

9.4 To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.

9.5 In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.

10 YOUR RIGHTS

10.1 Data protection law gives you a number of rights when it comes to personal information we hold about you.  The key rights are set out below.  More information about your rights can be obtained from the Information Commissioner’s Office (ICO).  Under certain circumstances, by law you have the right to:

10.1.1 Be informed in a clear, transparent and easily understandable way about how we use your personal information and about your rights.  This is why we are providing you with the information in this notice.  If you require any further information about how we use your personal information, please let us know.

10.1.2 Request access to your personal information (commonly known as a “data subject access request”).  This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.

10.1.3 Request correction of the personal information that we hold about you.  This enables you to have any incomplete or inaccurate information we hold about you corrected.

10.1.4 Request erasure of your personal information.  This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it (for instance, we may need to continue using your personal data to comply with our legal obligations).  You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).

10.1.5 Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to us using your information on this basis and we do not have a compelling legitimate basis for doing so which overrides your rights, interests and freedoms (for instance, we may need it to defend a legal claim).  You also have the right to object where we are processing your personal information for direct marketing purposes.

10.1.6 Request the restriction of processing of your personal information.  This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.

10.1.7 Request the transfer of your personal information to another party where you provided it to us and we are using it based on your consent, or to carry out a contract with you, and we process it using automated means.

10.1.8 Withdraw consent.  In the limited circumstances where we are relying on your consent (as opposed to the other bases set out above) to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time.  Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another compelling legitimate interest in doing so.

10.1.9 Lodge a complaint.  If you think that we are using your information in a way which breaches data protection law, you have the right to lodge a complaint with your national data protection supervisory authority (if you are in the UK, this will be the ICO).

If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal information, withdraw your consent to the processing of your personal information or request that we transfer a copy of your personal information to another party, please contact us by emailing support@tahora.com.

10.2 No fee usually required.  You will not have to pay a fee to access your personal information (or to exercise any of the other rights).  However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive.  Alternatively, we may refuse to comply with the request in such circumstances.

10.3 What we may need from you.  We may need to request specific information from you to help us understand the nature of your request, to confirm your identity and ensure your right to access the information (or to exercise any of your other rights).  This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it. If we request any identification from you for this purpose, it is on the basis that it is necessary to comply with our legal obligations, and we will only keep and use this until your identity has been verified.

10.4 Timescale.  Please consider your request responsibly before submitting it.  We will respond to your request as soon as we can.  Generally, this will be within one month from when we receive your request but, if the request is going to take longer to deal with, we will let you know.

11 CHANGES TO THIS PRIVACY NOTICE

Any changes we make to our privacy notice in the future will be posted on this page and, where appropriate, notified to you by e-mail or otherwise.  Please check back frequently to see any updates or changes to our privacy notice.