Privacy & Cookie Policy

What information we collect and why

Chattermill is a customer insight and analytics platform. This policy applies to your use of the site/service(s) (the "platform") owned and operated by us.

Under GDPR, there is a distinction between a “controller” and “processor” of personal data. 

Where a Customer shares personal information with us, we are the processor of personal data and the Customer is the data controller.

In some circumstances, we may be the controller of personal information, for example in relation to usage information on our platform.


This policy explains what information we collect when you access our platform, how the information is used, and how you can control the processing, correction and/or deletion of such information.

Capitalised terms used, but not defined here have the meaning set out in our data processing agreement and our software-as-a-service agreement ("SaaS Agreement").

1.     What data we process

For the purpose of Data Protection Laws, we distinguish between two forms of data, "Authorised User Data" and "Customer End User Data", as set out in our data processing agreement.

This policy covers the personal data we process in relation to individuals who either i. access our website; or ii. are authorised to use our software/service (as "Authorised Users") under the terms of the SaaS Agreement, entered into by a Customer with us.

2. Personal data we collect

Chattermill collects personal data about you when you provide it to us, or when personal data about you is automatically collected in connection with your use of the platform. We collect the following personal data in connection with your use of the platform:

  • Usage Data: information related to transactions you conduct on the platform, for example the functionality you use and the links clicked on our platform.

  • User Account Information: information that identifies you to the platform, such as your name, email address, password, and IP address. For example, we use this information to authenticate you when you log in to the platform, and use the IP address to help maintain your web session security while using the platform. 

  • User Content: to the extent that you choose to input personal data as part of such content, images, comments, and other content, information, and materials that you post to or through the service. Please do not provide us with any sensitive personal data whilst using the platform.

  • Log Data: information automatically recorded by the platform about how a person uses our platform, such as IP addresses, device and browser type, operating system, the pages or features of our platform to which a user browsed, the time spent on those pages or features, the frequency with which the platform is used by a user, search terms used by a user, the links on the platform that a user clicked on or used, and other statistics.

  • Marketing and Communications: information we collect to identify or contact you such as your name and email address as well as your marketing and communication preferences.

We also collect and use statistical data derived from personal data, but which is not considered personal data in law as this data will not directly or indirectly reveal the individual identity ("Aggregated Data"). For example, we may aggregate your Usage
Data to calculate the percentage of users accessing a specific feature on our platform.

3. How we collect personal data

We collect personal data when a user (i) creates an account (a "User Account"); (ii) logs into the platform; (iii) interacts with the platform; (iv) communicates with us; and (v) responds to a communication or interaction from us. Some of the methods and tools we use to collect personal data are:

Unique Identifiers: We use unique identifiers such as cookies, e-mail or your pseudonymised customer ID to track individual usage behaviour on our platform, such as the length of time spent on a particular page and the pages viewed during a particular log-in period. Unique identifiers collect information about a user’s use of our platform on an
individual basis.

Cookies, Web Beacons, and Other Tracking Tools: We and our third party service providers collect information about you, your device, and your use of the platform through cookies, clear gifs (a.k.a. web beacons/web bugs) ("Web Beacons"), and other tracking tools and technological methods (collectively, "Tracking Tools").

Tracking Tools collect information such as:

  • computer or device operating system type;

  • IP address;

  • browser type;

  • browser language;

  • mobile device ID;

  • device hardware type;

  • the website or application visited or used before or after accessing our service;

  • the parts of the service accessed;

  • the length of time spent on a page or using a feature; and

  • access times for a webpage or feature.

These Tracking Tools help us learn more about our users and analyse how
users use the service, such as how often users visit our service, what features
they use, what pages they visit, what emails they open, and what other sites or
applications they used prior to and after visiting the service.

Cookies Like many websites and mobile application operators, we collect certain information through the use of "cookies" - small text files (made up of letters and numbers) that are saved by your browser when you access our service. Cookies can either
be "session cookies" or "persistent cookies".

Session cookies are temporary cookies that are stored on your device while you are visiting our website or using our service, whereas persistent cookies are stored on your device for a period of time after you leave our website or service.

We use persistent cookies to store your preferences so that they are available for the next visit, and to keep a more accurate account of how often you visit our platform, and how your use of it varies over time.

For more information on cookies, including how to control your cookie
settings and preferences, visit http://ec.europa.eu/ipg/basics/legal/cookies/index_en.htmhttps://ico.org.uk/for-the-public/online/cookies/ and http://www.allaboutcookies.org/ 


Here is a list of the cookies that we use on our platform.

Web BeaconsWeb Beacons help us better
manage content on our platform by informing us what content is effective. Web
Beacons are embedded in, or otherwise associated with, certain emails or other
communications that you may receive from us. Web Beacons help us track your
responses and interests and deliver relevant content and services to you. For
example, they may let us know when you take actions based on the emails we
send.

4. How we use personal data

Chattermill uses personal data to: (i) provide, administer, and improve our service; (ii) better understand your needs and interests; (iii) fulfil requests you make (including customer support queries); (iv) personalise your experience; (v) provide service announcements; (vi) protect, investigate, and deter against fraudulent, harmful, unauthorised, or illegal activity and (vii) comply with legal obligations.

For example, we use personal data to:

·       Operate and improve the platform;

·       Learn more about our users and their internet behaviours;

·       Facilitate communications among and between users;

·       Evaluate eligibility of customers for certain offers, products, or services;

·       Evaluate the types of offers, products, or services that may be of interest to users;

·       Communicate with users regarding support, security, technical issues, commerce, marketing, and transactions;

·       Facilitate marketing, advertising, surveys and promotions;

·       Administer the service and carry out our legal/contractual obligations; and

·       Identify usage trends, which may be derived from personal data.

5. Lawful basis for processing personal data

We will only use personal data if we have a lawful basis for doing so. Lawful bases for processing include consent, contractual necessity, and our “legitimate interests” or the legitimate interest of others, as further described below.

Contractual Necessity: We process the following
categories of personal data because we need to process the data in order to
provide our service to you. When we process data due to contractual necessity,
failure to provide such personal data will result in your inability to use some
or all portions of the service that require such data:

  • Contact Information

  • User Account Information

  • Usage Information

Legitimate Interest: We process the following categories of personal data when we believe doing so furthers our legitimate interest or that of third parties:

  • Contact Information

  • User Account Information

  • Usage Information

  • Log Data

Examples of these legitimate interests include:

  • Operation and improvement of our business, products, and services

  • Marketing of our products and services

  • Provision of customer support

  • Protection from security threats

  • Compliance with legal obligations

Consent: In some cases, we process personal data based on the consent you expressly grant to us at the time we collect such data. When we process personal data based on your consent, it will be expressly indicated to you at the point and time of collection.

Other Processing Grounds: From time to time we may also need to process personal data to comply with a legal obligation, if it is necessary to protect the vital interests of you or other data subjects, or if it is necessary for a task carried out in the public interest.

6. Opting out

Web Browser Controls: You can prevent the use of certain Tracking Tools, such as cookies, on a device-by-device basis using the controls in your web browser. These controls can be found in the Tools > Internet Options (or similar) menu for your browser, or as otherwise directed by your browser’s support feature.

Through your web browser, you may be able to:

  • Delete existing Tracking Tools

  • Disable future Tracking Tools

  • Set your browser to provide you with a warning each time a cookie or certain other Tracking Tools are being set

Do Not Track ("DNT"):  DNT is a privacy preference that users can set in certain web
browsers. DNT is a way for users to inform websites and services that they do
not want certain information about their webpage visits collected over time and
across websites or online services.

Emails: You can opt-out of non-essential emails such as marketing emails by clicking on the unsubscribe link at the bottom of each such email. Note that you cannot opt-out of emails that are essential to providing Chattermill services relating to customer service, security, billing, or pursuant to legal/contractual obligations.

Withdrawing consent: Where you have consented to Chattermill’s processing of your
personal data, you may withdraw that consent at any time and opt out of further
processing by contacting us here.

If you would like to object to the use of your personal data for certain purposes, such as for marketing purposes, or if you would like to ask us to restrict further processing of your
personal data, please contact
us here.

7. International Transfers

Where we transfer personal data out of the UK/EEA, we ensure a similar degree of
protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  1. We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission

  2. Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe.

For further details, see our data processing agreement.

8. Accessing, correcting and deleting your data

You have the right to request a copy of some or all of your personal data — please us here to do so. We also want to make sure that your personal data is accurate and up-to-date, so please email us if you would like to amend or delete it.

No fee usually required

You will not have to pay a fee to access your personal data (or to exercise any of your other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

What we may need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

Time limit to respond


We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

9. How long we keep personal data

We are required under UK tax law to keep your name, contact details and billing data for a minimum of 6 years (after which it will be destroyed). Other data will be deleted as and when there is no longer is a lawful basis for processing it.

10. How and when we disclose your data

We will only use your personal data for the purposes for which we collected it, unless we
reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.

If we need to use your personal data for an unrelated purpose, we will notify you and we will
explain the legal basis which allows us to do so.

Please note that we may process your personal data without your knowledge or consent where this is required or permitted by law.

Disclosure to comply with the law

We may disclose personal data or other information if required to do so by law or in the good-faith belief that such action is necessary to comply with applicable laws or to otherwise cooperate with law enforcement or other governmental agencies.

We also reserve the right to disclose personal data or other information that we believe, in good faith, is appropriate or necessary to (i) take precautions against liability, (ii) protect ourselves or others from fraudulent, abusive, or unlawful uses or activity, (iii) investigate and defend ourselves against any third-party claims or allegations, (iv) protect the security or integrity of the platform and any facilities or equipment used to make the services available, or (v) protect our property or other legal rights, enforce our contracts, or protect the rights, property, or safety of others.

Disclosure to third parties

We may share personal data with:

  • third party providers who provide us with support, hosting, and database management services;

  • outside professional advisors (such as lawyers and accountants) for purposes related to the operation of our business such as auditing, compliance, and corporate governance; and

  • our subsidiaries.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We only permit them to process your personal data for specified purposes and in accordance with our instructions.

11. How long will personal data be retained for?


We will only retain personal data for as long as reasonably necessary, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements.

By law we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they cease being customers for tax purposes.

In some circumstances you can ask us to delete personal data that we process on your
behalf.

12. How we store and protect your data

If you are a Customer located outside the UK and choose to provide information to us, be advised that personal data will be processed in accordance with the terms of our data processing agreement.

Customer End User Data is stored securely on the Google Cloud Platform and hosted in Ireland.

13. Visiting other websites

This website may include links to third-party. Clicking on those links may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.

14. Applying for a role with us

If an individual applies for a role at Chattermill, it will be necessary for us to use personal information provided as part of the recruitment process.  

If you apply for a job with us, we may collect the following categories of personal information – 

  • Personal details (name, title, address, contact details and emergency contact)

  • Email address

  • Employment history

  • Education history

  • Any personal information you provide in your CV, application form or other correspondence

  • Any personal information you provide to us at interview

If you apply for a job with us, we may also collect personal information about you from the following sources –  

  • Directly form you (for example, information provided on CVs, application forms and during interviews)

  • Right to work documents (for example, passports and visas)

  • Recruitment agencies

  • Referees and former employers

  • Disclosure and Barring Service in respect of criminal convictions

  • Publicly available information

We use and store personal information relating to applicants to decide whether they are suitable for employment with Chattermill. This will involve using personal information to do the following –

  • Assess skills, qualifications, and suitability for a role

  • Establish right to work

  • Carry out background and reference checks, where applicable

  • Communicate with you about the recruitment process

  • Keep records related to our hiring processes

  • Comply with legal or regulatory requirements

Our main legal ground for using your personal information is that it is necessary to take steps at your request to decide whether to enter into a contract of employment.  

Where we use your personal information for reasons other than entering into a contract with you, we will only do so on the legal ground that doing so is necessary for the purposes of the legitimate interests of our business.

We will retain personal information collected for the recruitment process for a period of two years after we have told an applicant our decision about whether or not to appoint them to a role.

15. Changes to this Policy

Please revisit this page periodically to stay aware of any changes to this policy, which we may update from time to time. Your continued use of the service after the revised policy has become effective indicates that you have read, understood and agreed to the current version of the policy.

16. Security

We will process personal data in a manner that ensures appropriate security of the personal data, including protecting against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.

All information you provide to us is stored on our secure servers - see our security policy for further details.

17. Contacting Us

Chattermill Analytics Limited ("Chattermill")  is a company registered in England and Wales with company number 09604448 and it's registered office at 68 Hanbury Street, London, England, E1 5JL. 

If you have any questions, comments or want to raise issues about this policy, please contact us here.

Last updated: 10 May 2021

 







TechCrunchTechCrunch
TelegraphTelegraph
DeloitteDeloitte
TechNationTechNation
FinancialTimesFinancialTimes