Hastee Pay respects your privacy and is committed to protecting your personal data. We want to be transparent with you about what personal data we collect and why. We do not and will not sell your data to third parties. The prime purpose of collecting your data is to allow you to get access to your earned income when you need it via the Hastee mobile application (“Hastee App“).
It relates to any Personal Data you might provide to us through your use of the Hastee App or our website (together, the “Hastee Technology”) or which your Employer might provide to us in relation to our provision of the services to them (“Services”) which enable you to get access to your earned income through our Hastee App. It also sets out the choices you can make about the Personal Data we collect and the legal rights you have in relation to your Personal Data.
If you are:
- a shareholder, an employee or supplier of Hastee or are otherwise engaged in working for us or applying to work for us; or
- a visitor to our website who is not a registered user of the Hastee App by virtue of a contract between Hastee and your Employer;
THIS STATEMENT DESCRIBES:
- Who We Are and Important Information
- How To Contact Us
- Your Rights and Choices
- The Types of Personal Data We Collect
- The Legal Bases and Our Purposes for Using Personal Data
- How We May Share Your Personal Data
- Data Storage and Transfer
- Keeping Your Personal Data Secure
- Retention of Your Personal Data
- Third Party Links
WHO WE ARE AND IMPORTANT INFORMATION
For the purpose of the Data Protection Act 2018, Hastee is:
- the Controller responsible for all Personal Data that you voluntarily provide to us (when creating an account with us, using the Hastee App and/or by corresponding with us by email, phone or other means, for example when you might need assistance using the Hastee App) and also of the Personal Data we obtain about you automatically from your use of the Hastee Technology. A breakdown of this Personal Data is set out in sections 2 and 3 of Schedule 1 respectively; and
- the Processor of all Personal Data that your Employer (as Data Controller) provides to us or which we collect from your Employer in order to provide them with the Services. A breakdown of this Personal Data is set out in section 1 of Schedule 1.
It is important that the Personal Data we hold about you is accurate and current. Please keep us informed if your Personal Data changes during our relationship with you.
HOW TO CONTACT US
Our address is: Hastee Pay Ltd, Thomas House, 84 Eccleston Square, London SW1V 1PX.
YOUR RIGHTS AND CHOICES
By law you have the right to:
- Request access to your Personal Data that we process or control. This enables you to receive a copy of the Personal Data we hold about you and to check that we are lawfully processing it.
- Request correction of any inaccuracies in your Personal Data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected, though we may need to verify the accuracy of any new data you provide to us.
- *Request erasure of your Personal Data. This enables you to ask us to delete or remove Personal Data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your Personal Data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your Personal Data to comply with any law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
- *Object to processing of your Personal Data. This right exists where we are relying on a legitimate interest (or those of a third party) as the legal basis for our processing and there is something about your particular situation that makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your Personal Data for direct marketing purposes. In some cases we may be able to demonstrate that we have compelling legitimate grounds to process your information which overrides your rights and freedoms.
- *Request the restriction of processing of your Personal Data. This enables you to ask us to suspend the processing of your Personal Data for reasons such as wanting to establish the accuracy of the Personal Data, needing us to hold the Personal Data even if we no longer require it so you can establish or exercise a legal claim or where you have objected to our use of your Personal Data but we need to verify whether we have overriding legitimate grounds to use it.
- Request the transfer of your Personal Data. We will provide to you, or a third party Controller you have chosen, your Personal Data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
- *Withdraw consent. This right only exists where we are relying on consent to process your Personal Data. If you exercise your right of consent withdrawal, we may not be able to provide you with access to the certain specific functionalities of the Hastee Technology. We will advise you if this is the case at the time you withdraw your consent. Please note that even if you withdraw consent for use to use your Personal Data for a particular purpose, we may continue to rely on other legal bases for other purposes. We will tell you if this is the case. It will not affect the lawfulness of any processing carried out before you withdrew your consent.
- The right to ask us not to process your Personal Data for marketing purposes.
*Please note that the provision of certain categories of your Personal Data is necessary for us to comply with our obligations to you under the Hastee App User Terms and for you to have access to the full functionality of the Hastee App. Without your consent to use certain Personal Data, we will be unable to approve Cash Out Requests or make Cash Out Payments to you on your Employer’s behalf. We will make this clear to you upon any request by you to exercise your right to withdraw consent.
HOW TO EXERCISE YOUR RIGHTS
If you would like to exercise any of the rights described above, please contact us by emailing: firstname.lastname@example.org.
If you are doing this to lodge a complaint, we will reply to your complaint as soon as we can. If you feel that your complaint has not been adequately resolved, please note that the Data Protection Act 2018 gives you the right to contact the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (or other competent supervisory authority of an EU member state if the Hastee App is downloaded from outside the UK). Please see https://ico.org.uk/make-a-complaint/ for information on how to do this.
You will not normally be required to pay a fee to access your Personal Data or to exercise any of your other rights above in relation to your Personal Data. However, should we feel that your request is unfounded, excessive or repetitive, we may refuse to comply with your request or reserve the right to charge a reasonable fee.
We may need to request specific information from you to help us confirm your identity and verify your right to access your Personal Data (or to exercise any of your other rights). This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or in the event you have made a number of requests, in which case, we will notify you and keep you updated.
THE TYPES OF PERSONAL DATA WE COLLECT
All the Personal Data we collect: i) from you directly via the Hastee App; ii) from your Employer about you and iii) in relation to you from the Hastee Technology, is set out in Schedule 1.
PERSONAL DATA WE DO NOT COLLECT
We do not collect any special categories of personal data such as details of your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. Nor do we collect any information about criminal convictions and offences.
THE LEGAL BASES AND PURPOSES FOR OUR USING PERSONAL DATA
We will only use your Personal Data where the law allows us to do so and for the purposes for which we collected it as listed in Schedule 2, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.
In respect of each of the purposes for which we use your Personal Data, the Data Protection Act 2018 requires us to ensure that we have a legal basis for that use. Most commonly, we will rely on one of the following legal bases:
Pursuant to contract
- Where the provision of your Personal Data is necessary for us to perform a contract we have entered into with you – namely, to comply with our obligations to you under our Hastee App User Terms and for you to have access to the full functionality of the Hastee App.
- Where it is necessary for our interests in conducting and managing our business to give you the best product and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). More detail about the specific legitimate interests pursued in respect of each purpose we use your Personal Data for is set out in the table below.
Compliance with Law
- Where we need to comply with a legal or regulatory obligation.
“When you create an Account …, you will be deemed to accept your Employer’s offer, made through its participation in these arrangements, to vary your contract with your Employer and oblige your Employer to share such personal data as is required by Hastee in order to enable you to make Cash Out Requests via the Hastee App and for Hastee to provide the Services to your Employer. That variation will accordingly take effect when your Account is created”.
- We will only send you direct marketing communications by email or text if we have your consent. You have the right to withdraw this (or any other) consent at any time by contacting us.
- We will get your express opt-in consent before we share your personal data with any third party for marketing purposes.
We have set out in Schedule 2, the legal bases relied on in respect of the relevant Purposes for which we use your Personal Data.
What are cookies?
We may collect information using “cookies”. Cookies are small data files stored on the hard drive of your computer or mobile device by a website. We use them to distinguish you from other users of the Hastee Technology and to remember your preferences. This helps us to provide you with a good experience when you use the Hastee Technology and also allows us to improve it. We may use both session cookies (which expire once you close your web browser) and persistent cookies (which stay on your computer or mobile device until you delete them) to provide you with a more personal and interactive experience on our Platform.
Categories of cookies
The Hastee Technology uses two broad categories of cookies:
- First party cookies, served directly by us to your computer or mobile device; and
- Third party cookies, which are served by our partners or service providers on our Platform.
Type & purposes of cookie use
The Hastee Technology uses the following types of cookies for the purposes set out below:
- Essential cookies: to provide you with services available through the Hastee Technology to enable you to use some of its features. For example, they allow you to log in to secure areas of the Hastee Technology and help the content of the pages you request to load quickly. Without these cookies, the services that you have asked for cannot be provided, and we only use these cookies to provide you with those services.
- Functional cookies: to allow the Hastee Technology to remember choices you make when you use the Hastee Technology, such as remembering your language preferences, login details and any aspects of the Hastee Technology which you can customise. The purpose of these cookies is to provide you with a more personal experience and to avoid you having to re-enter your preferences every time you visit the Hastee Technology.
- Analytics and performance cookies: to collect information about traffic to the Hastee Technology and how it is used. The information gathered via these cookies does not “directly” identify any individual user. However, it may render such visitors “indirectly identifiable”. This is because the information collected is typically linked to a pseudonymous identifier associated with the device you use to access the Hastee Technology. The information collected is aggregated and anonymous. It includes the number of visitors to the Hastee Technology, the websites that referred them, the pages they visited, what time of day they visited it, whether they have visited the Hastee Technology before, and other similar information. We use this information to help operate the Hastee Technology more efficiently, to gather broad demographic information and to monitor the level of activity on the Hastee Technology.1. We use Google Analytics for this purpose. Google Analytics uses its own cookies. It is only used to improve how the Hastee Technology works. You can find out more information about Google Analytics cookies here: https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage
2. You can find out more about how Google protects your data here: google.com/analytics/learn/privacy.html
- Targeting Cookies: these will collect information about your browsing habits and allow us to deliver content and functionality that best suits you and your interests while you are browsing our site and other sites on the Internet.
- Social Media Cookies: these cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit.
You can typically remove or reject cookies via your browser settings. In order to do this, follow the instructions provided by your browser (usually located within the “settings”, “help” “tools” or “edit” facility). Many browsers are set to accept cookies until you change your settings.
If you do not accept our cookies, you may experience some inconvenience in your use of the Hastee Technology. For example, we may not be able to recognise your computer or mobile device and you may need to log in every time you visit the Hastee Technology.
Further information about cookies, including how to see what cookies have been set on your computer or mobile device and how to manage and delete them, visit www.allaboutcookies.org and www.youronlinechoices.com.uk.
You can also prevent the use of Google Analytics relating to your use of the Hastee Technology by downloading and installing the browser plugin available via this link: http://tools.google.com/dlpage/gaoptout?hl=en-GB
HOW WE MAY SHARE YOUR PERSONAL DATA
The table below describes who we share your Personal Data with, what we share and why we share it. Any processing of your Personal Data by your Employer will be done pursuant to its own privacy policies and practices and we do not accept any responsibility or liability for these.
|RECIPIENTS||CATEGORIES OF PERSONAL DATA SHARED||REASON SHARED||LOCATION|
|Your Employer(s)||Transaction Data||We share, with your Employer, details of the i) Cash Out Payments you have received from us on your Employer’s behalf and ii) any associated Charges to enable them to make the appropriate deductions from your income in each pay period.||Within Europe|
|Service Providers||Identity Data|
|So that survey, hosting, analytics, search engine and other technical assistance providers can assist us in the improvement and optimisation of the Hastee Technology and our provision of Services to your Employer. Survey companies are only permitted to use your Personal Data to request a review from you in the context of your use of the Hastee Technology. They may not use it for any other purpose.Our IT service providers provide us with software development, business analyst and system administration services.||Within Europe|
|Communication Partners||Identity Data|
|Our third party partners provide live chat and facilitate communication (like email, chat and phone), in order to provide you with the full functionality of the Hastee Technology||Within Europe|
|Transaction Processing Partners||Identity Data|
|So that these third party partners may process transactions on our behalf.||Within Europe|
|Professional advisers||Identity Data|
|To our lawyers, bankers, consultants, auditors and providers of banking, legal, insurance and accountancy services if such disclosure is reasonably required to comply with any legal obligation; to enforce any contract entered into with you or your Employer; to protect the rights, property or safety of Hastee or our customers (including by exchanging information with other organisations for the purposes of fraud protection and credit risk reduction).||Within Europe|
|Hastee Group Companies||Identity Data|
|Hastee may change its group structure from time to time as the business grows. We can transfer your Personal Data to subsidiaries of Hastee, any ultimate holding company of Hastee and any of its other subsidiaries to enable the provision of Services to your Employer and the Hastee Technology to you.||Within Europe|
|Purchaser of Hastee and/or any member of the Hastee Group||Identity Data|
|Any entity which purchases all or part of Hastee and/or any member of the Hastee Group, upon completion of which transaction, Personal Data held by Hastee about its users will be one of the transferred assets (whether transferred via a business or share sale) .|
More information on the data protection policies of Feefo, our current review company (of company registration number 7191962; registered office Feefo Barn, Heath Farm, Heath Road East, Petersfield, Hampshire, GU31 4HT), can be found here: https://www.feefo.com/business/application/files/6215/2327/3409/GDPR_eBookCS4_final5.pdf
DATA STORAGE AND TRANSFER
The Personal Data that we obtain about you is stored on third party servers. We generally process such Personal Data on servers located within the United Kingdom, however, it is possible that the Personal Data we collect in relation to you may be transferred, stored and/or processed outside the European Economic Area. In connection with such transfers, we endeavour to ensure that the entities or people to whom we provide Personal Data hold it subject to appropriate safeguards and controls. Whenever we transfer your Personal Data out of Europe to countries that have not been deemed to provide an adequate level of protection for Personal Data by the European Commission, we ensure a similar degree of protection is afforded to it by implementing the following safeguards:
- We use specific contracts approved by the European Commission which give Personal Data the same protection it has in Europe. For further details, see European Commission: Model contracts for the transfer of Personal Data to third countries.
- Where we use service providers based in the U.S., we may also transfer data to them if they are part of the Privacy Shield, which requires them to provide similar protections to Personal Data shared between Europe and the U.S. For further details, see European Commission: EU-U.S. Privacy Shield.
KEEPING YOUR PERSONAL DATA SECURE
We have put in place appropriate security measures to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
We limit access to your Personal Data to those employees and other staff who have a business need to have such access. All such people are subject to a contractual duty of confidentiality.
We have put in place procedures to deal with any actual or suspected Personal Data breach. Where we are legally required to do so, we shall notify you of any breach affecting your Personal Data.
The transmission of information by the internet is not completely secure. Although we will endeavour to protect your Personal Data, we cannot guarantee the security of your data transmitted via the Hastee Technology; any transmission is at your own risk. Once we have received your information, we will use security features to try to prevent unauthorised access.
RETENTION OF YOUR PERSONAL DATA
We will retain your Personal Data for so long as we reasonably need to use it for the purposes set out above unless a longer retention period is required by law (e.g., for tax, regulatory or future potential claims purposes). The table below shows our standard retention practices:
|CATEGORY OF PERSONAL DATA||RETENTION PERIOD|
|Usage Data||For the duration of our contract with your Employer (to provide the Services to them which enable you to submit Cash Out Requests and receive Cash Out Payments from Hastee on behalf of your Employer), subject to your right to be forgotten. If you exercise this right by writing to us as above, we shall anonymise your data.|
The Hastee Technology is not intended for children below 16 and we do not knowingly collect personal data relating to such children.
THIRD PARTY LINKS
THE TYPES OF PERSONAL DATA WE COLLECT AND HOW WE COLLECT IT
We may collect, use, store and transfer different kinds of Personal Data as follows.
|SECTION||CATEGORY OF PERSONAL DATA COLLECTED||SOURCE||DESCRIPTION|
|1||Personal Data provided by your Employer to Hastee (to enable you to submit Cash Out Requests / receive Cash Out Payments via the Hastee App).|
|Identity Data||Your Employer||Salutation; first name; last name; maiden name; title; worker identification number or national insurance number; address only if provided by your Employer|
|Contact Data||Email address|
|Financial Data||Pay or salary information (being salary or hourly rate as appropriate)|
|Employment Data||Rota, time & attendance data (including job ID; location; venue; approved start and end information and/or check-in time and check-out time); dates of engagement and termination; any other information provided by or on behalf of your Employer which is necessary for Hastee to provide the Services to your Employer|
|2||Personal Data that you voluntarily give us by: registering to use and creating an account on the Hastee App, entering it via the Hastee Technology; corresponding with us by email, telephone call or other means; sharing via the Hastee App social media function; entering into any competition, promotion or survey or reporting a problem with the Hastee App.|
|Identity Data||You||Hastee App log-in details (username or similar identifier), occupation.|
|Contact Data||Alternative email address; mobile number|
|Financial Data||Bank account number, sort code and payment information|
|Employment Data||Employer name, occupation, job title|
|Marketing and Communications Data||Your preferences in receiving marketing from us and our third parties and your communication preferences|
|Identity Data||Hastee (by Hastee Technology)||Registration code|
|Transaction Data||Transaction and usage information including details of payments made to you by Hastee on behalf of your Employer and charges associated with such payments.|
|Device Data||Mobile device type and model, mobile device identifier, mobile network information, operating system and platform and other technology on the devices you use to access the Hastee Technology, internet protocol (IP) address used to connect your computer to the internet, your login information, browser type and version, time zone setting and location, browser and browser plug-in types and versions|
|Usage Data||Information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from the Hastee App (including date and time); the pages you viewed; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page.|
|Location Data||We use GPS technology on your device to determine your current location to support the time and attendance functionality of the Hastee App (you will confirm the activation of the collection of such location data via a pop up in the Hastee App). Please note that you can withdraw your consent to your location data being used for this purpose by changing the settings in the Hastee App.|
|Camera Data||Data collected from your phone’s camera where the camera is used as part of the “check in” and “check out” functionality of the Hastee Pay Services (for example to collect QR code data).|
PURPOSE AND LEGAL BASIS FOR PROCESSING PERSONAL DATA
|TYPE OF PERSONAL DATA||PURPOSE FOR COLLECTING||LAWFUL BASIS FOR PROCESSING|
|Account creation, transfer and use:|
To enable Hastee to invite you to use the Hastee Technology, to then install the Hastee App and register you as a new user, to submit Cash Out Requests and receive Cash Out Payments on the basis of the Employment and Financial Data provided.
If requested, to transfer your Personal Data to another employer or entity who engages you, should you use the Hastee Technology with different employers or entities who engage you from time to time.
To keep transaction records of Cash Out Payments and Charges so that this data can be provided to your Employer at the end of each payroll period.
|Your consent you were advised before installing the Hastee App and creating an account that we needed this Personal Data to enable you to use the Hastee App to submit Cash Out Requests and receive Cash Out Payments.|
Pursuant to contract:
To fulfil our obligations to you under the Hastee App User Terms (which you agreed to as part of the process of creating your Account) and enable you to submit Cash Out Requests and receive Cash Out Payments.
To enable us to fulfil our obligations to your Employer and enforce rights against them arising out of your use of the Hastee Technology and their use of the Services.
To notify you about any changes to the Hastee Technology or Charges for Cash Out Payments.
To the extent your contract of employment or engagement with your Employer allows for the sharing by your Employer of your personal data to providers of employment type benefits.
Legitimate Interest: to the extent our processing of this Personal Data is not overridden by your interests, fundamental rights or freedoms, our legitimate interests in:
The provision of services to your Employer (our client) which enable us to provide the Hastee Technology to you (enabling you to submit Cash Out Requests and receive Cash Out Payments).
The effective and efficient management of our business, including the ability to recover sums owing to us by your Employer(s) in relation to Cash Out Payments and Charges.
Ensuring that your data is accurate and consistent across entities that employ or engage you, so that we can ensure the functionality of the Hastee Technology and security of your Personal Data.
Marketing and Communication Data
|Relationship Management & Marketing|
To enable you to participate in a prize draw, competition or complete a survey.
To deliver content and advertisments to you.
To make recommendations to you about which goods or services may interest you.
|Consent: In relation to marketing, you will only receive such communications if you have opted in.|
Pursuant to contract: to fulfil our obligations to you under the Hastee App User Terms and to advise you if our products or services to your Employer are changing in any way.
Legitimate Interests: of keeping records updated and analysing how customers use our products/ Services)
Necessary to comply with legal obligations (to inform you of any changes to our terms and conditions)
To keep the Hastee Technology operational and secure.
To keep your Personal Data and identity secure.
We have a legitimate interest in ensuring the ongoing security and proper operation of our services, website and associated IT services and networks.
Pursuant to contract:
To fulfil our obligations [to you under the Hastee App User Terms THERE ARE NO CONFIDENTIALITY PROVISIONS IN THIS?? and] to your employer under our contract of services with them that enable us to provide the Hastee Technology and its functionality to you.
|Optimisation and Analytics|
To understand and measure how users use our Hastee Technology and to use this data to improve it.
|Legitimate Interests: |
To ensure content is presented in the most effective manner for your device and the proper operation and improvement of the Hastee Technology.
To allow for participation in interactive features of the Hastee Technology when you choose to do so.
Tto develop our products/ Services and grow our business.
To track issues that might be adversely affecting the operation of the Hastee Technology.
To help you in the event you have a problem with your Account, the Hastee Technology or the submission of a Cash Out Request or receipt of a Cash Out Payment
To enable us to monitor and ensure the proper operation of the Hastee Technology.
Pursuant to contract:
To fulfil our obligations to you under the Hastee App User Terms.