Privacy Policy - Moki Users
This Privacy Notice tells you what you can expect if you are using a Moki Band as an individual and/or are part of a Group, School or Organisation that is using Moki Technology products.
About Moki
“Moki” and “Moki Bands” are registered trademarks and products of Moki Technology Limited, a Company registered in England & Wales (Company number: 11266496) with it’s registered offices at, Unit 10, 1 Luke Street, London, UK, EC2A 4PX
Data Protection Officer (DPO) Contact Details
Moki Technology Limited is the Data Controller for all personal information that we process unless stated otherwise.
Moki Technology is registered with the Information Commissioner's Office - registration number: ZA439656
Entry details can be found here:
https://ico.org.uk/ESDWebPages/Entry/ZA439656
You can contact our Data Protection Officer directly using the following methods:
Email:
dataprotection@moki.technology
Post:
Data Protection Officer
Moki Technology Ltd.
PO Box 4240
Melksham
SN12 9BJ
United Kingdom
Our Legal Basis for Processing
Under the General Data Protection Regulations (GDPR) there are various legal basis for processing of personal data.
The legal basis that Moki uses is either Consent or Legitimate Interests.
This means that the Customer of Moki Technologies (in most cases a school, sport clubs or centre for education) have consented for their details to be Processed by Moki.
Using the Legitimate Interest legal basis of Processing individuals who will be using the Moki Services will have their data added to the Moki Application, users will be grouped together within Classes and Schools based on the Customers requirements.
Where we rely on Legitimate Interest as our legal basis of processing we will have conducted appropriate LIA’s (Legitimate Interest Assessments) and DPIA’s (Data Privacy impact Assessments) to ensure Privacy is at the forefront of how we process any data and highlight and effectively manage any identified risks to individuals.
We usually do not rely on Consent as our legal basis for processing Moki users data, Consent and acceptance of these terms is always made by our Customer and to fulfil our core services we rely on Legitimate Interest to Process Users data within the Moki Application.
Marketing Communications
Informed consent is always used for marketing communications which you are able to withdraw consent from at any time if you are subscribed.
Privacy by Design
Moki has been developed using a Privacy by Design approach, this means that Privacy of our users and Information Security has been at the heart of the Moki solution through all areas of development and we do not request, hold nor process any data that is not essential to the delivery of the core service.
Any data that we do collect about our users is Encrypted at the local level (within the Moki Application) in the classroom and/or school environment or is Encrypted during transit and at rest.
Personal Data - What Information Do We Collect?
Personal Data means any any information relating to natural persons who:
- can be identified or who are identifiable, directly from the information in question; or
- who can be indirectly identified from that information in combination with other information.
Personal Data is received by Moki in various different ways depending on how you interact with us.
In order to carry out our day to day operations and offer the benefits to Moki users we obtain the following information, either directly from the User or the Customer.
This is the maximum information that will be collected, in some cases only part of this data will be collected depending on what level of service is requested:
|
Data Subject (Whose data is this?) |
Data Category (What data is obtained?) |
Description of the Data Collected |
How is data captured and where is it stored? |
Security if data is transmitted to Moki servers |
|
The individual who will wear the Moki band |
Forename |
The Forename of the individual |
Provided by Customer, Stored within the local application using AES encryption |
Data not transferred |
|
The individual who will wear the Moki band |
Surname |
The Surname of the individual |
Provided by Customer, Stored within the local application using AES encryption |
Data not transferred |
|
The individual who will wear the Moki band |
DOB |
The date of birth of the individual |
Provided by Customer, Stored within the local application using AES encryption |
Date transferred is only month and year of birth. Encrypted (AES) within the application and secured in transit and at rest. Encryption key held by DPO |
|
The individual who will wear the Moki band |
Gender |
The gender of the individual |
Provided by Customer, Stored within the local application using AES encryption |
Encrypted (AES) within the application and secured in transit and at rest. Encryption key held by DPO |
|
The individual who will wear the Moki band |
Group / Class |
The Group or Class that the individual is linked to (for example - class 4R) |
Provided by Customer, Stored within the local application using AES encryption |
Data not transferred |
|
The individual who will wear the Moki band |
Organisation / School |
The Organisation that the individual is linked to (for example - Beachwood School) |
Provided by Customer, Stored within the local application using AES encryption |
Data not transferred |
|
The individual who will wear the Moki band |
Step Data |
The number of steps that the individual makes |
Provided by Customer, Stored within the local application using AES encryption |
Encrypted (AES) within the application and secured in transit and at rest. Encryption key held by DPO |
|
The individual who purchases Moki bands on behalf of their Organisation / Group (The Customer) |
Forename |
The Forename of the individual |
Provided by Customer, Stored within the local application using AES encryption |
Encrypted (AES) within the application and secured in transit and at rest. Encryption key held by DPO |
|
The individual who purchases Moki bands on behalf of their Organisation / Group (The Customer) |
Surname |
The Surname of the Customer |
Provided by Customer, Stored within the local application using AES encryption |
Encrypted (AES) within the application and secured in transit and at rest. Encryption key held by DPO |
|
The individual who purchases Moki bands on behalf of their Organisation/Group (The Customer) |
DOB |
The date of birth of the Customer |
Provided by Customer, Stored within the local application using AES encryption |
Encrypted (AES) within the application and secured in transit and at rest. Encryption key held by DPO |
|
The individual who purchases Moki bands on behalf of their Organisation / Group (The Customer) |
Gender |
The gender of the individual Customer |
Provided by Customer, Stored within the local application using AES encryption |
Encrypted (AES) within the application and secured in transit and at rest. Encryption key held by DPO |
|
The individual who purchases Moki bands on behalf of their Organisation / Group (The Customer) |
Postal Address |
The Postal address of the Customer |
Provided by Customer, Stored within the local application using AES encryption |
Encrypted (AES) within the application and secured in transit and at rest. Encryption key held by DPO |
|
The individual who purchases Moki bands on behalf of their Organisation / Group (The Customer) |
Payment Card Details |
The payment details used to purchase Moki |
Provided by Customer, Stored within the local application using AES encryption |
Encrypted (AES) within the application and secured in transit and at rest. Encryption key held by DPO |
|
The individual who purchases Moki bands on behalf of their Organisation / Group (The Customer) |
Email Address |
The Email address of the individual |
Provided by Customer, Stored within the local application using AES encryption |
Encrypted (AES) within the application and secured in transit and at rest. Encryption key held by DPO |
|
The individual who purchases Moki bands on behalf of their Organisation Group (The Customer) |
Telephone Number |
The Telephone Number of the individual |
Provided by Customer, Stored within the local application using AES encryption |
Encrypted (AES) within the application and secured in transit and at rest. Encryption key held by DPO |
How We Process Your Personal Information
We will only use your personal data when the law allows us and only for the following purposes:
- To the extent that is required for us to carry out the full services on behalf of our Customer based on the Agreement we have with them.
- Where it is necessary for our Legitimate Interests and in line with our Legitimate Interest Assessment and Privacy Impact Assessments (PIA”s) and your fundamental rights and interests do not over ride those interests that we have identified.
- Where we need to comply with our legal and/or regulatory obligations
Moki has been developed with your Privacy in mind and we have taken appropriate technical and organisational measures to protect the confidentiality and integrity of your data during storage, transit and all processing activities.
Sharing Personal Information with Third Parties
We go through a stringent due diligence process when we select any third parties to work with to ensure their ethics, policies and processes are in line with our own.
These Third Parties include:
|
Type of Service |
Reason why we would share data with them |
|
Email Service Provider (ESP) |
So that we are able to communicate to our customers and Moki users about the products and services via email |
|
SMS Providers |
So that we are able to communicate to our customers and Moki users about the products and services via SMS |
|
Payment Processors |
So that we can securely take payments from our Customers |
|
Hosting Providers |
So that we can provide our services to Customers and that data can be held within a secure data centre |
We will only access your personally identifiable information where it is required to supply the services and we will always remain in control of any data that is being processed.
We will only disclose your personally identifiable information to parties not listed in our Privacy Notice in the following circumstances:
- We we have a legal obligation to do so, for example for law enforcement or regulatory bodies
- To protect our interests and help us prevent fraud, detect crime or investigate any form of malicious or other activity which may be against our terms of service.
- Where you give us specific permission to do so by providing consent
Anonymised & Aggregated Data
Processing of Anonymised Aggregated Data by Moki and Third Parties:
In line with the “Personal Data - What Information Do We Collect?” section (available to review within this Privacy Policy) any collected User data that can be reviewed to identify a single individual (either as a standalone piece of data or when reviewed with other data parts) is anonymised and encrypted within the local Moki Application used by the unique Customer - this process occurs automatically before any data is transferred to the Moki servers.
The collection of the remaining unidentifiable individual activity data is known hereafter as the “Aggregated Data Set” and typically consists of the following data headings:
- Date of steps
- Time of steps
- Number of steps
- Gender
- County
- Presence of identifiers such as SEN / Pupil Premium / Free School Meals
The Aggregated Data Set may be made available to partner types and customers of Moki who may include, but may not be limited to:
- University Research Groups,
- Independent research bodies,
- NHS and local health authorities,
Although there is no risk to any individual in being part of the Aggregated Data Set we are happy to allow this activity to be restricted should you request so.
If you (as a Moki Customer) wish to object to this activity please email us at:
dataprotection@moki.technology
International Transfers
We do not transfer any personal data outside of the European Economic Area (EEA)
Your Rights
Under data protection law you have rights we need to make you aware of, these are listed below.
Please contact our Data Protection Officer to discuss any of these rights and how we may assist.
Your right of access
You have the right to ask us for copies of your personal information
Your right to rectification
You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete
Your right to erasure
You have the right to ask us to erase your personal information in certain circumstances
Your right to restriction of processing
You have the right to ask us to restrict the processing of your information in certain circumstances
Your right to data portability
This only applies to information you have given us. You have the right to ask that we transfer the information you gave us from one organisation to another, or give it to you.
Data Retention and Erasure Policy
We will only retain personal information for as long as necessarily required to deliver the services to our Customers safely and securely.
Our data retention policy is based on specific data types that we process;
|
Type of Information collected & Stored |
Can a unique individual be identified by this data? |
Retention Period (maximum) |
|
Moki Player Account information |
Yes - only with the AES Encryption keys held by our DPO and the Customer |
24 months from capture date |
|
Moki band identifier information |
No |
24 months from capture date |
|
Moki Customer Account information, name of organisation and associated details |
Yes - only with the AES Encryption keys held by our DPO and the Customer |
12 months from capture date |
If a Customer deletes their account then all personal information from the Application will be removed, we may retain part of the non-personal data set within the Anonymised & Aggregated Data.
Changes to our Privacy Policy
This Privacy Policy goes through regular reviews and is updated where appropriate, revised version will be visible on our websites.
Contact Us
Post
Data Protection Officer
Moki Technology Ltd.
Unit 10,
1 Luke Street,
London, UK,
EC2A 4PX