Privacy Notice

Most recent update: May 1, 2024

Thanks for stopping by this part of our website or platform! At Baselime, we take data protection seriously, and this Privacy Notice explains how we process your personal data when you use our products and services.

Read this Privacy Notice carefully, because it's packed with important info about our personal data processing activities, your rights, our contact details, and how to make a complaint if you need to.

This Privacy Notice is divided into the following sections:

  1. Who we are
  2. About this Privacy Notice
  3. Definitions
  4. Our collection and use of your personal data
    • For the Website
    • For the Platform
  5. Our legal basis for processing your personal data
  6. Who we share your personal data with
  7. Data Controllership
    • Controller
    • Processor
  8. Keeping your personal data secure
  9. How long we keep your data for
    • Storage of ingested datasets
    • Storage of user account details
  10. Children's Privacy
    • Age limit
  11. Do we sell your data?
  12. International Data Transfers
  13. Cookies and other tracking technologies
  14. Advertising
  15. Marketing
  16. Your rights
  17. Privacy information for US Residents
  18. Changes to this Privacy Notice
  19. How to contact us

1 Who we are

This website and platform is operated by Baselime Ltd. with registered address at 86-90 Paul Street, London, EC2A 4NE, United Kingdom.

For more information go to https://baselime.io/.

When you visit our website or use our services we may process your personal data. We care a lot about treating your data responsibly and we’re committed to protecting your data. At Baselime we follow and implement regulatory requirements under the California Consumers Protection Act 2018 (CPRA), UK General Data Protection Regulation (UK GDPR), UK DPA 2018, UK PECR and EU General Data Protection Regulation (EU GDPR).

2 About this Privacy Notice

This Privacy Notice relates to your use of our website, see https://baselime.io/ and support channels, such as our open Slack channel, and our platform.

Throughout our website we may link to other websites owned and operated by certain trusted third parties to make additional products and services available to you. These other third-party websites may also gather information about you in accordance with their own separate privacy notices. For privacy information relating to these other third-party websites, please consult their privacy notices.

3 Definitions

For this Privacy Notice:

Term
Definition
Consumer
means a natural person who is a California resident.
Data Controller
means the natural or legal person, which, alone or jointly with others, determines the purposes and means of the processing of personal data.
Data Processor
means a natural or legal person, body which processes personal data on behalf of the controller.
Data Protection Act 2018
controls how your personal information is used by organizations, businesses, or the government. The Data Protection Act 2018 is the UK's implementation of the General Data Protection Regulation (GDPR), also called DPA18.
Data Protection Regulation
are the legislations that set guidelines for the collection and processing of personal data from individuals, such as GDPR and CPRA.
Data subject
means an identified or identifiable natural person to whom the data in question belongs to.
EU GDPR
European Union General Data Protection Regulation (EU GDPR) – Regulation (EU) 2016/679.
Household
means a group, however identified, of consumers who cohabitate with one another at the same residential address and share use of common devices or services.
PECR
the PECR (Privacy and Electronic Communications (EC Directive) Regulations 2003) is a UK law that is derived from derived from the EU's ePrivacy Directive (Directive 2002/58/EC) and gives people specific rights to electronic communications.
Personal data
means any information that can be linked to an individual and identify them no matter if on its own or when combined with other data. Examples of personal data are name, ID number, location data, health information, political or economic interests, online identifiers, and IP addresses.
Personal information
means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.
Processing
are any activities where we use personal data, both through electronic and manual means. This includes (without limitation) collecting, recording, storing, organizing, adapting, altering, using, disclosing, and erasing personal data.
Sell
means selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal information by the business to a third party for monetary or other valuable consideration.
Sharing
means “disclosing, disseminating, making available, transferring, a consumer’s personal information by the business to a third party for cross-context behavioural advertising, whether or not for monetary or other valuable consideration.
UK GDPR
means the Data Protection Act 2018 is the UK's implementation of the General Data Protection Regulation (GDPR).
You
means the user or potential user of the Baselime platform.
We, us, Baselime
means Baselime, the makers behind the Baselime platform.

4 Our collection and use of your personal data

4.1 For the Website

We may collect your personal data when you access our website, register with us, contact us or send us feedback.

We collect this personal data from you either directly, such as when you register with us, or indirectly, such as your browsing activity while on our website (see ‘Cookies’ below). The personal data we collect about you depends on the activities carried out through our website. This information includes:

  • your name, email, and phone number
  • details of any feedback you give us by phone, email, post or via social media
  • chat history if you contact us on Slack or social media We use this personal data to:
  • customise our website and its content to your preferences
  • notify you of any changes to our website or to our services that may affect you
  • improve our services

4.2 For the Platform

We may collect your personal data when you access our platform, register with us, contact us or send us feedback.

We collect this personal data from you either directly, such as when you register with us, or indirectly, such as your user activity when using our platform.

The personal data we collect and process about you depends on the activities carried out:

  • Registration: full name, email address and username.
  • Client onboarding: during our automated client onboarding process, we may process your full name, email address and time of use.
  • Account management: full name, email address, financial data and place of work.
  • Product development: full name, email address, place of work, IP address, time and duration of use of the platform and user behaviour.
  • Sales: full name, email address, place of work, user behaviour.

We use this personal data to:

  • Register your account
  • Communicate with you
  • Provide services for you
  • Process your payment transactions
  • Customize our platform and its contents according to your preferences
  • Notify you of any changes to our products or to our services that may affect you
  • Help you fix any inconveniences, such as unpredicted bugs
  • Improve our services

The Baselime platform does not store any bank or card payment details.

5 Our legal basis for processing your personal data

When we use your personal data, we are required to have a legal basis for doing so. There are various legal bases on which we may rely on, depending on what personal data we process and why.

The legal bases we may rely on include:

  • Consent: where you have given us clear consent for us to process your personal data for a specific purpose
  • Contract: where our use of your personal data is necessary for a contract we have with you (read our Terms and Conditions here), or because you have asked us to take specific steps before entering a contract
  • Legal obligation: where our use of your personal data is necessary for us to comply with the law (not including contractual obligations)
  • Legitimate interests: where our use of your personal data is necessary for our legitimate interests or the legitimate interests of a third party (unless there is a good reason to protect your personal data which overrides our legitimate interests)

6 Who we share your personal data with

We share your personal data with third parties outside Baselime under the very limited circumstances and specific purposes below:

  • Vendors: We may share personal data with third-party vendors, such as cloud providers (e.g.: AWS and Google Drive), communication tools (e.g.: Slack), and management tools (e.g.: HubSpot and Google Workspace).
  • National Security Authorities or Law Enforcement: Baselime may share personal data to comply with laws and protect our rights and the rights of others. We may disclose your information when we, in good faith, believe disclosure is appropriate to comply with the law, a court order or a subpoena. We may also disclose your information to prevent or investigate a possible crime; to protect the security of the Services; to enforce or apply our online Terms of Service or other agreements; or to protect our own rights or property or the rights, property, or safety of our users or others.
  • In the event of a merger, sale, change in control, or reorganization of all or part of our business.

We will not share your personal data with any other third party without your consent.

7 Data controllership

Baselime can be both the Controller and Processor in the relationship you, users of the website or customers of our products and services, have with us.

7.1 When we are the Data Controller

Baselime is the data controller for some data processing activities, meaning that we determine the purposes and means of the processing of your personal data. In some regulations data controller may be described as "data owner" or similar terms.

We are the controller of your personal data when:

  • You are a visitor of the website,
  • You communicate with us on Slack/ support channel/ social media,
  • Subscribe to receive newsletters,
  • You go through onboarding for the Baselime platform,
  • You have a user account with the Baselime platform

In accordance with this notice and our Terms of Service, we put the greatest effort to ensure the responsible use of your data and in compliance with data protection regulations that cover jurisdictions we operate in.

7.2 When we are the Data Processor

Baselime is the Data Processor of your personal data when we process personal data on your behalf. In some regulations the Data Processor may be referred to as vendor or service provider.

Baselime is the data processor of the data you add or ingest on the platform. We only access data we need to in order to provide our services, and we will only process your data according to this Privacy Notice and our Terms of Service. When you connect your AWS account with the Baselime platform, you are in control of what data you want to ingest in Baselime. Baselime does not have write access beyond what is necessary to aggregate telemetry data from your AWS account.

This means it is your responsibility to:

  • manage who has what access permissions in your Baselime team account,
  • control what datasets are shared with Baselime,
  • manage and control data scrubbing of keys that contain personal and sensitive data and are not automatically scrubbed by Baselime. For a full list go here, and
  • understand and manage retention of datasets, including potentially personal data of your customers.

As a data processor, Baselime provides the technology to enable you to manage your activities on the platform.

8 Keeping your personal data secure

At Baselime, safeguarding the personal data of our customers and users is of utmost importance. To ensure maximum protection, we employ robust technical, organisational, and administrative measures to safeguard the data stored through the Baselime website and platform against unauthorised access, loss, misuse, modification, or destruction.

Examples of organisational measures we take, include:

  • Policies that outline how personal data will be collected, processed, and protected, such as this one,
  • Conduct data protection impact assessments (DPIAs) to identify and mitigate privacy risks associated with data processing activities, and
  • Limit access to personal data to employees who need it to perform their duties.

Examples of technical measures we take, include:

  • Automated scrubbing and deletion of data from the datasets that we handle for you through our services,
  • Encrypting personal data in transit and at rest to prevent unauthorised access and to ensure the confidentiality and integrity of the data,
  • Implementing access controls, such as passwords, to limit access to personal data,
  • Regularly backing up data to prevent data loss or corruption,
  • Implementing firewalls, intrusion detection systems, and other security measures to prevent unauthorised access to the organisation's systems and networks, and
  • Regularly updating software and security patches to ensure that systems are protected against known vulnerabilities.

9 How long we keep your data for

The period for which data is retained varies according to the purpose for which the data is processed. Personal data is being kept only for the time necessary to fulfil the processing purpose, according to our internal Data Retention and Destruction Policy. In addition, there may be legal requirements that determine certain data to be retained for a minimum period.

9.1 Storage of Ingested Datasets

Any data sets you ingest in Baselime platform is stored for 30 days by default. Retention periods can be customised if you’re on a paid plan.

9.2 Storage of User Account Details

We retain your user account information for the duration of your usage of the Baselime platform.

To completely delete your account, kindly reach out to us at [email protected]. Please note that all your account details will be permanently deleted upon account deletion, except for telemetry data, which will be removed within 30 days.

10 Children’s Privacy

Baselime does not process children’s personal data knowingly and adheres to the Children's Online Privacy Protection Act (“COPPA”). COPPA is a law in the United States that regulates the way in which online websites may collect and use information from children. Our data processing is done accordingly to the COPPA.

10.1 Age limits

We care about the safety of children. Baselime’s services are not directed towards children under the age of 18, therefore they are not allowed to register with us, use our services, or disclose any personal data without appropriate parental or legal guardian approval. Baselime requires parental consent to use the platform until the child turns 18 years old regardless of the pre-defined age categories.

We do not knowingly contact or engage with children under the age of 18 without said parental consent (or consent from your legal guardian). If you have reason to believe that a child under the said age has provided us with their personal data, please contact us at us [email protected] and we will endeavour to delete that data from our databases.

11 Do we sell your personal data

We never sell your personal data.

12 International Data Transfers

We are a global business. The personal data we collect from our customers and users may be transferred internationally to third party’s vendors, consultants, or server providers located in a foreign country, such as Google Workspace, AWS and Microsoft, with headquarters in the United States.

This means we may transfer your personal data to other countries that have different data protection rules. When transferring data across borders, we take measures to comply with applicable data protection laws related to such transfer.

Where applicable law requires a data transfer mechanism, we use one or more of the following:

  • UK International Data Transfer Agreements with a data recipient outside of the UK,
  • Verification that the recipient has implemented Binding Corporate Rules, or
  • Other legal methods available to us under applicable law.

For transfers to third countries, we have entered into International Data Transfer Agreements approved by the UK Parliament or Standard Contractual Clauses, approved by the European Commission, to ensure an adequate level of protection for the transfer of your Personal Data to those entities outside the EEA.

Your personal data is always going to be protected in accordance with this Privacy Notice wherever it is possible.

13 Cookies and other tracking technologies

A cookie is a small text file which is placed onto your device (e.g: computer, smartphone or another electronic device) when you use our website or platform. We use cookies on our website and on the Baselime platform as it helps us recognise you and your device, and store some information about your preferences or past actions.

For further information on cookies, our use of cookies, when we will request your consent before placing them and how to disable them, please see our Cookie Policy.

14 Advertising

Baselime may work with several companies that assist in marketing our services to you on third party websites, mobile apps, and online services. These third parties may use cookies, web beacons or other tracking technologies to collect information about your use of certain parts of the Services and your activities across other websites and online services, which they may associate with persistent identifiers.

Their activities and your choices regarding their use of your information to personalise ads to you are subject to and set out in their own policies. We neither have access to, nor does this Privacy Policy govern, the use of cookies or other tracking technologies that may be placed on your computer, mobile phone, or other device by non-affiliated, third-party providers. As described below, these providers may offer you a way to opt-out of the collection of information that is used for our interest-based advertising to you. We cannot guarantee that these instructions will not change, or that they will continue to be available; they are controlled by each third-party service provider, not us.

We do not use Child Activity Information to direct or personalise advertisements, do not advertise to children, and do not present third-party advertising within the Services.

If you are interested in more information about interest-based advertising and how you can generally control cookies other tracking technologies from being put on your computer to deliver such advertising, you may visit the Network Advertising Initiative’s Consumer Opt-Out link, or the Digital Advertising Alliance’s (DAA’s) Consumer Opt-Out link. To opt out of the display of interest-based advertising from Google, please visit the Google Ads Settings page.

15 Marketing

We would like to send you information about products and services, and special offers, which may be of interest to you. Where we have your consent or it is in our legitimate interests to do so, we may do this by email.

If you have agreed to being contacted in this way, you can unsubscribe at any time by clicking on the unsubscribe button on the e-mail or contact us here.

16 Your rights

You have certain rights when it comes to the use of your data. At Baselime we make this a global commitment and treat all our users equally. These are:

  1. Right to be Informed:You have the right to be informed about all data processing activities performed on your personal data at the point of collection.
  2. Right of Access:Also knows as Data Subject Access Requests (“DSARs” or “SARs”), you have the right to request information relating to you, and to receive a copy of your personal data.
  3. Right to Rectification:You have the right to request the rectification or completion of inaccurate or incomplete personal data concerning you.
  4. Rights to Erasure, Restriction, Data Portability and to Object:In certain circumstances you have the right to:
    • Request and obtain the erasure of personal data concerning you,
    • Request and obtain the restriction of processing of personal data concerning you,
    • Request to have your personal data transmitted to another controller without hindrance, where technically feasible (data portability),
    • Object at any time to data processing carried out in our legitimate interests or carried out for direct marketing purposes.
    Have in mind that we can still store some of our users' anonymised personal information, as it is not possible to directly link to the data back to their identity. We may also retain some personal information that is strictly necessary to comply with legal or governmental obligations.
  5. Automated Decision Making:You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal or similarly significant affects concerning you.
  6. Facilitating Your Rights:Baselime is required to provide within one month of receipt, information on the action we have taken to facilitate the request, or where applicable, the reasons for not taking action. This must include your right to lodge a complaint with the ICO and to seek a judicial remedy.

Requirements for Children

Any requests made by children younger than 18 years must be made on behalf of a parent or legal guardian.

If you would like to exercise any of those rights, please contact us through [email protected].

How to make use of your rights

To make use of your rights as stated above, you can make a direct request with us. Click here and submit your request concerning US data protection legislation, and concerning UK GDPR click here. Once you submitted your request, our team will get in touch with you within:

  • European and UK citizens: 30 days upon request,
  • US citizens: 45 days upon request,
  • Any other user/citizen: 30 days upon request.

The UK GDPR and US data protection legislation allows Baselime to extend this period by further two months in certain circumstances.

Other Jurisdictions

For residents of other jurisdictions, to exercise your data protection rights or to receive more details in connection with them, you can submit requests via [email protected]. You may be required to provide additional information necessary to confirm your identity before we can respond to your request. We will consider all such requests and provide our response within the period required by applicable law.

Please note, however, that certain information may be exempt from such requests, for example if we need to keep the information to comply with our own legal obligations or to establish, exercise, or defend legal claims. Your rights and our responses will vary based on your state or country of residency.

Please note that you may be in a jurisdiction where we are not obligated, or are unable, to fulfil a request. In such a case, your request may not be fulfilled. If applicable, you may make a complaint to your local data protection supervisory authority in the country where you are based. Alternatively, you may seek a remedy through local courts if you believe your rights have been breached.

17 Privacy Information for US Residents

The US data protection legislation, as in California Consumer Privacy Act, Colorado Privacy Act, Connecticut Data Privacy Act, Utah Privacy Act and Virginia Consumer Data Protection Act, allows its residents to make certain requests about their personal information as follows:

  1. Right to know

    You can request information about the categories of personal information we collect or disclose about you; the categories of sources of such information; the business or commercial purpose for collecting the personal information; and the categories of third parties with whom we share/disclose personal information.

    Baselime should respond to those requests with details on which personal information was collected within the prior 12 (twelve) months, and under certain circumstances, beyond the prior 12 (twelve) month period.

  2. Right to opt-out

    You have the right to opt-out of businesses selling and sharing your data.

  3. Right to delete

    You can request Baselime to delete your personal information if it is no longer needed, and Baselime has the obligation to request third parties that have bought or received the personal information in question to also delete it.

  4. Right to data portability

    You can request to transfer specific personal information to another entity, when it is possible, and in a structured, commonly used, machine-readable format.

  5. Right to correct information

    You have the right to request Baselime to correct any inaccurate personal information.

  6. Right to limit use and disclosure of sensitive personal information

    You have the right to limit the use and disclosure of your sensitive personal information.

  7. Right to access Information about automated decision making

    You have the right to request meaningful information about the logic involved in the decision-making process, as well as a description of the likely outcome of the process.

  8. Right to opt-out of automated decision-making technology

    You have the right to opt-out of being subjected to automated decision-making processes, including profiling.

You have the right to not be subject to certain negative consequences for exercising data protection rights.

Verifying your identity

We reserve the right to verify your identity before responding to a request, which may include, at a minimum, depending on the sensitivity of the information you are requesting and the type of request you are making, verifying your name, email address, phone number, or other information. You are also permitted to designate an authorised agent to submit certain requests on your behalf.

In order for an authorised agent to be verified, you must provide the authorised agent with signed, written permission to make such requests or a power of attorney. We may also follow up with you to verify your identity before processing the authorised agent’s request.

Please note that certain information may be exempt from such requests under US data protection legislation. For example, we need certain information in order to provide the Services or to comply with legal obligations, so we would need to either reject the request to delete the information or, if we are legally permitted to delete it, we would need to terminate our provision of the Services to the data subject after deleting it.

If you would like further information regarding your legal rights under US data protection legislation or would like to exercise any of them, please email [email protected].

Opt-out

US residents have the right to opt out of the “sale” or “sharing” of their personal information.

The law broadly defines “sale” in a way that may include allowing third parties to receive certain information such as cookies, IP address and/or browsing behaviour for interest-based advertising or related purposes.

Although Baselime does not currently sell personal information in exchange for any monetary consideration, we may share personal information for these purposes in such a way that could be deemed a “sale” as defined by the US data protection legislation.

We also share certain information as set forth in “Cookies and other Tracking Technologies” section. For details on how to opt out of cookies, please see the Cookies Policy.

Please note that we do not knowingly sell Child Activity Information or the personal information of minors under 18 years of age.

18 Busines Transactions

We may assign or transfer this Privacy Notice, as well as information covered by this Privacy Notice, in the event of a merger, sale, change in control, or reorganization of all or part of our business.

19 Changes to this Privacy Notice

As we improve our products and website, we may also update this Privacy Notice from time to time.

It is your responsibility to periodically check this document and maintain yourself informed about eventual changes in our activities regarding personal data.

We will let you know about the privacy updates on our website and platform:

  • by changing the date on top of this document,
  • by sending you an email whenever we update our Privacy Notice and
  • if the change is substantial, a notice will be posted on the site.

The "Most recent update" caption at the top of this page indicates when this Privacy Policy was last revised.

If you would like to see the version of the Privacy Notice that was in effect immediately prior to this version, please contact us at [email protected].

20 How to contact us

Please contact us if you have any questions about this Privacy Notice or the data we hold about you.

If you wish to contact us, please send an email to [email protected].

Start resolving issues today.
Without the hassle.
This website uses cookies 🍪

We use cookies to offer you a better browsing experience, analyze site traffic and personalize content. By using our site, you consent to our use of cookies.