Last Update: 13 May 2019
By accessing and continuing to use LLM,
WHO PROCESSES YOUR PERSONAL DATA?
Limitless Technology Limited (Limitless) has developed a cloud-based website / mobile app platform (Platform) through which it provides customer support services to a range of organisations, including Microsoft. The Platform enables members of the public who are customers of these organisations (Customers) to ask questions in relation to the products and/or services of these organisations and these questions can be submitted by the Customers through the use of LLM. Limitless also enables individuals to use their expertise to answer questions and queries raised by Customers – these individuals are known as Ambassadors (Ambassadors).
Limitless operates LLM for and on behalf of Microsoft
WHAT INFORMATION WILL BE COLLECTED WHEN USING LLM?
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identifiers have been removed (anonymous data) or data relating to a corporate entity. When you make use of LLM as a Customer, Limitless, acting for and on behalf of Microsoft, may collect, use, store and transfer a limited amount of different kinds of personal data about you as follows:
- Identity Data includes first name and last name.
- Contact Data includes email address.
- Usage Data includes information and details about your visits to and use of LLM including, but not limited to traffic data, location data, weblogs and other such usage data, including any records of your correspondence with Ambassadors or Limitless via LLM, the Platform or email, as well as your use of LLM for systems administration and quality control purposes.
HOW IS YOUR PERSONAL DATA COLLECTED?
Direct interactions: In the case of using LLM, you may provide your Identity and Contact Data for example by filling in the applicable fields and submitting such personal data through LLM.
HOW IS INFORMATION ABOUT YOU USED?
Your personal data will only be used for the purpose for which it was collected.
In the context of LLM, Microsoft relies on the lawful basis of legitimate interests for processing your personal data for the purpose of providing its customer service to you.
Limitless may obtain information about your use of LLM by using cookies or other such devices. Cookies contain a small amount of data information that is transferred to your computer’s hard drive. This helps Limitless to improve the LLM and to deliver a better and more personalised service.
Cookies which are strictly necessary for the operation of LLM – functional cookies
Some of the cookies Limitless uses are essential for LLM to operate and are already set. These are strictly necessary for the use of LLM by you and without them LLM cannot operate as intended. The types of functional cookies Limitless use are set out in the table below:
|_faf||User verification||When session ends|
|_logged_in_faf||Logged in user||When session ends|
Other uses of cookies (where you have consented to such use): non-functional cookies)
Limitless only uses (and stores) non-functional cookies on your computer’s browser or hard drive if you provide your consent. You have the option turn off the non-functional cookies when using LLM if you desire. Where you consent to Limitless using and storing non-functional cookies as above, Limitless may also use such cookies and other such devices to compile anonymous, aggregated statistics that allow Limitless to understand how Customers access and use LLM and to help Limitless improve LLM (Limitless cannot identify you personally in this way).
The types of non-functional cookies Limitless uses are set out in the table below:
|_ga||Google Analytics||24 Months|
|gadwp_wg_default_dimension||Google Analytics plugin||7 Days|
|gadwp_wg_default_metric||Google Analytics plugin||7 Days|
Find out how to disable/enable cookies by clicking on the “Manage Cookies” section of the Interactive Advertising Bureau UK website on the following link http://www.allaboutcookies.org.
WILL LIMITLESS SHARE YOUR INFORMATION WITH THIRD PARTIES?
For the purposes set out above, Limitless may have to share your personal data with the following parties:
- Microsoft for whom the LLM service is being provided.
- External Third Parties such as service providers who provide IT and system administration services; or, regulators based in the United Kingdom who require reporting of processing in certain activities.
- Specific Third Parties such as:
- Gateway TechnoLabs (Gateway) who are an end-to-end IT solutions provider and work with Limitless primarily from the UK and India to provide software and product technology engineering. Limitless’ work with Gateway involves the processing of personal data outside the European Union (EU).
- Amazon Web Services (AWS) who are the worldwide market leader in providing secure and data protection compliant cloud hosting services on which Limitless operates LLM and the Platform.
Limitless requires all third parties to respect the security of your personal data and to treat it in accordance with the law. Limitless does not allow its third-party service providers to use your personal data for their own purposes and only permits them to process your personal data for specified purposes and in accordance with Limitless’ instructions.
WHERE IS YOUR PERSONAL DATA STORED?
Whenever your personal data is transferred out of the EU, Limitless ensures a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- Limitless will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
- Where Limitless use certain service providers, it may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe.
- Where Limitless use providers based in the US, it may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between Europe and the US.
Please get in contact if you want further information on the specific mechanism used by Limitless when transferring your personal data out of the EU.
SECURITY/HOW IS YOUR INFORMATION PROTECTED?
Limitless endeavours to take all reasonable steps to protect your personal data. Limitless has put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, Limitless limits access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on Limitless’ instructions and they are subject to a duty of confidentiality. Where possible, Limitless uses industry-standard Secure Sockets Layer (SSL) technology to allow for the encryption of any personal data. Unfortunately, the transmission of information via the internet is not completely secure. Although Limitless will do its best to protect your personal data, Limitless cannot guarantee the security of your data transmitted via the internet; any transmission is at your own risk. Once Limitless has received your information, Limitless will use strict procedures and security features to try to prevent unauthorised access.
Limitless has put in place procedures to deal with any suspected personal data breach and will assist with notifying you and any applicable regulator of a breach where Limitless is legally required to do so
Limitless will only retain your personal data for as long as necessary to fulfil the purposes for which it was collected.
Where Limitless has processed your personal data for your use of LLM it will retain your data for 12 (twelve) months.
YOUR LEGAL RIGHTS
Under certain circumstances, data protection laws give you particular rights in relation to your personal data as against the controller (i.e. Microsoft) and these rights are detailed below:
- Request access to your personal data (commonly known as a “data subject access request”) and to check that any such personal data is being lawfully processed.
- Request correction of the personal data held about you. This enables you to have any incomplete or inaccurate data about you corrected.
- Request erasure of your personal data. This enables you to ask for the deletion or removal personal data where there is no good reason for its continued processing. You also have the right to request the deletion or removal of your personal data where you have successfully exercised your right to object to its processing (see below), where the processing of your information has been unlawful or where erasure of your personal data has been required comply with local law.
- Object to processing of your personal data where its processing is relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. In some cases, it may demonstrated that compelling legitimate grounds to process your information exist which override your rights and freedoms.
- Request restriction of processing of your personal data. This enables you to request that the processing of your personal data be suspend in the following scenarios: (a) if you want the data’s accuracy to be established; (b) where the use of the data is unlawful but you do not want it to be erased; (c) where you need the data to be continued to be held even if it is no longer required for processing as you need it to establish, exercise or defend legal claims; or (d) you have objected to the use of your data but it there is a counter need to verify whether there is an overriding legitimate grounds to use it.
- Request the transfer of your personal data to you or to a third party you have chosen in a structured, commonly used, machine-readable format. Note that this is qualified right and only applies to automated information for which you initially provided consent or where the information was used to perform a contract with you.
- Withdraw consent at any time where the processing of your personal data is relying on consent. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, you may not be able to receive certain products or services.
If you wish to exercise any of the rights set out above, please contact Microsoft directly. In the event you are unable to make contact with Microsoft, please get in contact with Limitless for assistance
No fee usually required. Please note that Microsoft (or Limitless acting on Microsoft’s instruction) may need to request specific information from you to help confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. Microsoft (or Limitless acting on Microsoft’s instruction) may also contact you to ask you for further information in relation to your request to speed up the response.
Time limit to respond. The aim is to respond to all legitimate requests within one month. Occasionally it may take longer than a month if your request is particularly complex or you have made a number of requests. In this case, you will be notified and kept updated.
Limitless’ full details are:
Full name of legal entity: Limitless Technology Limited
Company Number: 10056048
Data Protection Officer: Megan Neale
Email address: firstname.lastname@example.org
Postal address: 1-2 Hatfields, Waterloo, London, SE1 9PG, United Kingdom.
Telephone number: + 44 07946322405
You can also email Limitless with any questions, queries or complaints at email@example.com
You have the right to make a complaint at any time to the ICO, the UK supervisory authority for data protection issues (www.ico.org.uk). Limitless would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please make contact in the first instance.