Updated October 2022
1. Name and contact data of the data controller
MONOLITH AI LIMITED
Unit 2.05 12-18 Hoxton Street
London N1 6NG
2. The type of personal information we collect and how we collect it
We may collect the following types of personal information about website visitors and/or platform users:
- Basic identifying information, such as your name and surname;
- Contact information, such as your email address;
- Professional information, such as your place of work; and
- Identifiers and device information, such as your IP address and associated location, device ID, operating system, and website navigational information, such as information about your interaction with the Website.
This information can be collected in the following ways:
Information you give us: You may give us information about yourself by filling in forms on the website or by corresponding with us by phone, e-mail or otherwise. The information you give us may include your name, e-mail address, employment details, and phone number. When you submit such forms on the website, we’ll gather internet protocol (IP) address information in addition to the information provided.
Information we may automatically collect about you: With regard to each of your visits to the website, we may automatically collect the following information:
Visit information: including the full URL clickstream to, through, and from the website (including date and time), page response times, errors, length of visits to certain pages, page interaction information, actions taken within the application, and methods used to navigate away from the page.
Technical information: Including the Internet Protocol address used to connect your device to the Internet, your login information, browser type, and version, geographical location, browser plug-in types, and versions and operating system.
Information from other sources: We are working closely with third parties (including, for example, business partners, sub-contractors in technical and payment services, intelligence providers, and analytics providers) and may receive information about you from them.
3. How we store your personal Information
We may store and disclose your personal information in the following ways / to the following persons:
Storage of customer information:
When Monolith is hosting the Platform for a customer, this is hosted on AWS. When users register onto the Platform they provide basic identifying information, such as their name and surname, as well as contact information such as an email address. These details are stored in databases on AWS. There are strict 2FA permissions in place in order to access AWS, which only a limited set of Authorized Employees can access. Within the platform only invited licensed users can access the Platform and see the basic identifying information of other users. No contact information is shared with other users within the Platform.
Storage of information within Monolith:
We limit access to your personal information to employees who reasonably need to process such information as described under this policy. In this situation, we:
- Take commercially reasonable steps to ensure the reliability and appropriate training of any Authorized Employee.
- Ensure that all Authorized Employees are made aware of the confidential nature of Personal information and have executed confidentiality agreements that prevent them from disclosing or otherwise Processing, both during and after their engagement with Processor, any Personal information except in accordance with their obligations in connection with the Services.
- Take commercially reasonable steps to limit access to Personal information to only Authorized Individuals.
Disclosure of information to particular contractors, service providers, and third parties:
We may disclose your personal information to the following: To contractors, service providers such as HubSpot and Freshworks, Xero (for billing), and other third parties we use to support our business. These entities are bound by contractual obligations and NDAs prior to working with Monolith to keep personal information confidential and can use it only for the purposes for which we disclose the information to them.
a) notify the user if it receives any complaint, notice or communication which relates directly to the processing of Personal information, or to either party's compliance with information Protection Laws, and shall fully cooperate and assist the Client in relation to any such complaint, notice, communication or non-compliance; and b) before disclosing Personal Information to any processor, enter into a contract with that processor under which the processor agrees to comply with obligations equivalent to those set out in these GDPR Terms; and c) before disclosing Personal information to any of its employees and representatives, and the employees and representatives of each of its processors, in each case who have access to the Personal information, ensure that those persons:
- have undergone appropriate training in information protection and the care and handling of Personal information;
- are bound to hold the information in confidence to at least the same standard as required under this Agreement (whether under a written agreement or otherwise)
Disclosure of information in certain circumstances:
We may also disclose your personal information:
- in the event we sell or buy any business or assets, in which case we may disclose your personal information to the prospective seller or buyer of such business or asset;
- if we or substantially all of our assets are acquired by a third party, in which case personal information held by us about our customers will be one of the transferred assets; or
- if we are under a duty to disclose or share your personal information in order to comply with any legal obligations, or in order to enforce or apply our terms for use of the Monolith platform or services; or to protect the rights, our customers or others.
Beyond this, Monolith will not share your personal information with any other person without your formal consent.
5. How we use personal information
We may use the collected personal information (described in section 1) for the following purposes:
Information you give us:
- to provide you with information and services that you request or subscribe to;
- to update our records and generally maintain your account with us;
- to provide you with special offers, promotions, surveys and other information about services we feel may interest you, where you consent to receiving such information;
- for research and development purposes to evaluate and enhance the website; and
- to deal with your queries, complaints or concerns.
Information we may automatically collect about you:
- to provide our service to you;
- to present content from the website in an effective manner to you;
- to administer the website and for internal operations, including troubleshooting, information analysis, testing, research, statistical and survey purposes;
- as part of our efforts to keep the website safe and secure;
- to enforce compliance with our Terms of Service and applicable law;
- to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you; and
- to make suggestions and recommendations to you and other users of our site about services that may interest you or them.
Information from other sources:
- to evaluate our client relationships, or potential client relationships, and the benefit, or potential benefit, obtained from the website;
- we may also combine this information with the above information and use this information for the purposes set out above.
We shall not process personal information for any other purpose, unless such purpose is expressly communicated to you at the point your personal information is being collected. Under the UK General information Protection Regulation (UK GDPR), the lawful bases we rely on for processing this information are:
(a) Your consent. You are able to remove your consent at any time. You can do this by contacting email@example.com.
(b) We have a contractual obligation.
(c) We have a legal obligation.
(d) We have a vital interest.
(e) We need it to perform a public task.
(f) We have a legitimate interest.
6. Your information protection rights
Under information protection law, your rights include:
- Your right of access - You have the right to ask us for copies of your personal information.
- Your right to rectification - You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
- Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.
- Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal information in certain circumstances.
- Your right to object to processing - You have the right to object to the processing of your personal information in certain circumstances.
- Your right to information portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.
You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.
Please contact us at firstname.lastname@example.org if you wish to make a request and include ‘Privacy Request’ in the message title.
7. How to raise a concern regarding your personal information
If you have any concerns about our use of your personal information, you can make a complaint to us at email@example.com.
You can also complain to the Information Commissioner’s Office (ICO) if you are unhappy with how we have used your information.
The ICO’s address:
Information Commissioner’s Office
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk
Monolith is registered with the ICO, registration number ZB104721