This privacy notice tells you what you can expect and how we may process and look after your data if you are using a Moki Band as an individual or are part of a Group, School or Organisation that is purchasing and using Moki Technology products.

Moki are a controller for personal data, Personal Data means any information relating to natural persons who can be identified or who are identifiable, directly from the information in question; or

who can be indirectly identified from that information in combination with other information which could be available to Moki

To support this Privacy Policy and to ensure transparency to our Users we have put together a Data Protection FAQ section, this can be found here:

Moki Data Protection FAQ

About Moki

Moki Technology Limited (T/A Moki Health), a Company registered in England & Wales (Company number: 11266496) with its registered offices at: Lennox House, 3 Pierrepont Street, Bath, BA1 1LB. We may also trade under the names of “Moki” or “Moki Bands”

Moki Technology are registered with the Information Commissioner's Office - registration number: ZA439656.

Moki ICO Registration Entry

Data Protection Officer (DPO) Contact Details

Moki Technology Limited is the Data Controller for personal information that we collect for our purposes and we can be a Data Processor under certain circumstances.

You can contact our Data Protection Officer directly using the following methods:

Email:
dataprotection@moki.health

Post:
Data Protection Officer
Moki Technology Ltd.
Lennox House
3 Pierrepont Street
Bath
BA1 1LB
United Kingdom

Solution Summary - Privacy by Design

Moki has been designed using a privacy by design approach, this means that data protection has been a driving force in developing the Moki solution at every stage.

Any data that is inputted by the customer about their users, regardless of whether it is deemed as Personal Data or not, is pseudonymised and encrypted at the local level (within the Moki Application) in the classroom and/or school environment or is encrypted during transit and at rest.  

• Moki does not any require personal data from users of the product

• Moki is a Data Controller for our customer who purchase the solution, usually headteachers or school administrators. 
• We have conducted appropriate Data Privacy impact Assessments (DPIA’s) to ensure privacy is at the forefront of how we process any data and highlight and effectively manage and mitigate any identified risks to individuals.

• If the purchasing organisation enters any details which could be classed as Personal Data, Moki identifies as a Data Processor and does so under the instruction of the organisation who have chosen to enter the personal data. It is important to keep in mind that users can receive full features and benefits of the system without entering any Personal Data

• Moki does not collect health data or location data, Moki collects steps attributed to the unique Moki band.

Our Legal Basis for Processing

Under the United Kingdom General Data Protection Regulations (UK GDPR) and the Data Protection Act 2018 there are various legal basis for the processing of Personal Data.

The legal basis that Moki uses is Consent, Legal Requirement or Performance of Contract depending on who you are and your involvement with Moki, these different individual types and the processing basis are detailed within this document.

For example, the “customer” of Moki (in most cases a school, sport clubs or centre for education) will have Consented for their details to be processed by Moki when they sign up for our marketing newsletter or online resources, we will rely on Performance of a Contract to deliver Moki products to them if they make a purchase via our online shop. We may further process your Personal Data for legal or regulatory purposes by using the Legal basis of processing. 

Marketing Communications

Consent is always used for marketing communications which you are able to withdraw consent from at any time if you are subscribed. Unsubscribe links are sent with each and every communication.

Personal Data - What Information Do We Collect?

Personal Data may be received by Moki in various different ways depending on how you interact with us.  We will only use your personal data when the law allows us and only for the following purposes outlined in the table below and to the extent that is required for us to carry out the full services on behalf of our Customer based on the Agreement we have with them. In addition, we will use your personal data where we need to comply with our legal and/or regulatory obligations

Below are details of the types of information that may be collected and the purposes:

Data Subject (Whose data is this?)	The individual who purchases Moki bands on behalf of their Organisation / Group (The Customer)	The individual who purchases Moki bands on behalf of their Organisation / Group (The Customer)	An individual who signs up for email marketing communications from Moki
Data Category (What data is obtained?)	Name, organisation details including contract and delivery information	Payment and transaction details and information	Email address
Description of the information that may be collected	Full name of ordering and receiving individuals. Billing and delivery address, organisational names, appropriate additional contact information including email and phone number	detail of your order and payment methods.	The Email address of the individual
Is Personal data mandatory or required?	Yes	Yes	Yes
How is information captured and where is it stored?	Data entered into Moki online store	Data entered into Moki online store	Data entered into email sign up box
Purpose of data collection	To receive, fulfil and support the products and services purchased from Moki	To receive, fulfil and support the products and services purchased from Moki	To deliver the requested marketing communications
Moki’s legal basis to processing	Performance of Contract	Performance of Contract	Consent

We may anonymise and aggregate data for Moki’s business purposes including reports and research.

Sharing Personal Information with Third Parties 

We go through a stringent due diligence process when we select any third parties to work with to ensure their policies and processes are in line with our own.

We will only share your Personal Data in the following circumstances:

• We have a legal obligation to do so, for example for law enforcement or regulatory bodies.

• To protect our interests or business and help us prevent fraud, detect crime or investigate any form of malicious or other activity which may be against our terms of service.

• Where you give us specific permission to do so by providing consent

• If we are in the process of or have been sold to another organisation 

• Where it is required for Moki to grow or further its business 

Moki also use third parties to provide services to our business such as hosting, email communications, payment and delivery services. These organisations will only process your data under the instructions of Moki unless you are otherwise advised.

Security 

Moki has been developed with your Privacy in mind and we have taken appropriate technical and organisational measures to protect the confidentiality and integrity of your data including encryption of data during storage and transit.

International Transfers

We may transfer your personal data to countries outside the UK. If we do we will ensure that appropriate safeguards are in place. These safeguards may include adequacy decisions or Standards Contractual Clauses. The most common destination will be the European Union or United States of America. 

Your Rights

Under data protection law you have rights we need to make you aware of, these are listed below.  

Please contact our Data Protection Officer to discuss any of these rights and how we may assist.

Your right of access

You have the right to ask us for copies of your personal information

Your right to rectification

You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete

Your right to erasure

You have the right to ask us to erase your personal information in certain circumstances

Your right to restriction of processing

You have the right to ask us to restrict the processing of your information in certain circumstances

Your right to data portability

This only applies to information you have given us. You have the right to ask that we transfer the information you gave us from one organisation to another, or give it to you.

Please see the Data Protection Officer details above to how to request any of the above rights.

Data Retention 

We will only retain personal Data for as long as necessarily required to deliver the services to our customers.

The retention period of personal Data is linked to the services we provide to our customers and therefore the period that we will retains data for will vary according to how long you use our services and stay subscribed to our marketing communications.

For further details or any questions please contact the Data Protection Officer at the details provided in this policy.

Changes to our Privacy Policy

This Privacy Policy goes through regular reviews and is updated where appropriate, revised version will be visible on our websites.

This Privacy Policy was last updated: August 2021