Last update: 24 January 2023
This is the privacy notice of My Errand Ltd, company number 13142283 (‘we’, ‘our’, or ‘us’).
Our registered office is at 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ
Introduction
This notice describes how we collect, store, transfer and use personal data. It tells Users about their privacy rights and how the law protects them.
In the context of the law and this notice, ‘personal data’ is information that clearly identifies users as an individual or which could be used to identify users if combined with other information. Acting in any way on
personal data is referred to as ‘processing’.
Except as set out below, we do not share, or sell, or disclose to a third party, any information collected through our platform.
Data Protection Officer
We have appointed a data protection officer (‘DPO’) who is responsible for ensuring that our privacy policy is followed.
If you have any questions about how we process your personal data, including any requests to exercise your legal rights, please contact our DPO, at dp@myerrand.co.uk.
Personal data we process
How we obtain personal data
The information we process about you includes information:
Users have directly provided to us
Users have indirectly provided to us
that we gather from third party databases and service providers
as a result of monitoring how users use our platform or our services
Types of personal data we collect directly
When users use our platform, our services or buy from us, [for example, when users create an account on our platform,] we ask users to provide personal data. This can be categorised into the following groups:
- Registration Data: the information provided by Users when they create an account on the My Errand Platform: username and e-mail.
- User Profile Information: the information added by Users on the Platform in order to be able to use the My Errand service; i.e. their mobile phone number and delivery address. Users can view and edit the personal data on their profile whenever they wish. My Errand does not store Users’ credit card details, but these are provided to licensed electronic payment service providers, who receive the data included directly and store it in order to facilitate the payment process for Users and to manage it on My Errand’s behalf. This information is under no circumstances stored on My Errand’s servers. Users may delete the details of the credit cards linked to their account at any time. This will trigger the service provider to delete the information, which will have to be re-entered or selected in order to place new orders through the Platform. Users may request such providers’ privacy policies at any time.
- Personal identifiers, such as their first and last names, their gender, and their date of birth.
- Additional information that Users wish to share: any information that a User could supply to My Errand for other purposes. Examples include a photograph of the User or the billing address in the case of Users who have asked to receive invoices from My Errand.
- Account information, including their username and password
- records of communication between us including messages sent through our platform, email messages, and telephone conversations
- Information on accidents involving any of the parties involved in the provision of services through the Platform for the purpose of making insurance claims or carrying out any other actions with the insurance companies contracted by My Errand.
- Transcription and recording of conversations held between the USER and My Errand for the processing of incidents, queries, or any other consultations that may be made.
- Information on Communications between Customers and Partners: My Errand will have access to the communications exchanged between Users and the Partners that collaborate with the Platform by means of the chat system provided on the Platform.
- Marketing preferences that tell us what types of marketing users would like to receive.
Types of personal data we collect indirectly
- Data arising from the Use of the Platform: My Errand collects the data arising from Users’ Use of the Platform every time they interact with the Platform.
- Data on the application and the device: My Errand stores data on the device and the Application used by Users to access the services. This data is:
- The IP address used by each User to connect to the Internet using his/her computer or mobile phone.
- Information about his/her computer or mobile phone, such as his/her Internet connection, browser type, version and operating system, and type of device.
- The full uniform resource locator (URL) Clickstream, including date and time.
- Data from the User’s account: information on the errand posted by each User, as well as feedback and/or comments made about them by such User.
- Data arising from the User’s origin: if a User arrives at the My Errand Platform through an external source (such as a link from another platform or a social network), My Errand collects data on the source from which the My Errand User arrived. information that confirms their contact information.
- Data resulting from the management of incidents: if a User contacts the My Errand Platform through the Contact Form or on My Errand’s phone number, My Errand will collect the messages received in the format used by the User and may use and store them to manage current or future incidents.unsolicited complaints by other users.
- Data arising from “cookies”: My Errand uses its own and third-party cookies to facilitate browsing by its users and for statistical purposes (see the Cookie Policy).
- information users contribute to our community, including reviews.
- Their replies to polls and surveys.
- Data resulting from external third parties: My Errand may collect personal data or information from external third parties only if the User authorises such third parties to share that information with My Errand.
- Similarly, if a user accesses My Errand through products and services offered by Google, Google may send the User’s browsing data to My Errand, with access to the platform through the links created by Google.
- The information provided by the external third party may be controlled by the User in accordance with the third party’s own privacy policy.
- Geolocation Data: provided that this has been authorised by Users, My Errand will collect data relating to their location, including the real-time geographic location of their computer or mobile device.
Types of personal data we collect from third parties
We confirm some of the information users provide to us directly using data from other sources. We also add to the information we hold about users, sometimes to remove the need for users to provide it to us and sometimes in order to be able to assess the quality of the services users offer.
The additional information we collect can be categorised as follows:
- information that confirms their identity
- business information, including their business trading name and address, their company number (if incorporated), and their VAT number (if registered)
- information that confirms their contact information
- reviews and feedback about their business on other platforms through which users sell their services
- unsolicited complaints by other users
Our use of aggregated information
We may aggregate anonymous information such as statistical or demographic data for any purpose. Anonymous information is that which does not identify users as an individual. Aggregated information may be derived from their personal data but is not considered as such in law because it does not reveal their identity.
For example, we may aggregate usage information to assess whether a feature of our platform is useful.
However, if we combine or connect aggregated information with their personal data so that it can identify users in any way, we treat the combined information as personal data, and it will be used in accordance with this privacy notice.
If users do not provide personal data we need
Where we need to collect personal data by law, or under the terms of a contract we have with users, and users fail to provide that data when requested, we may not be able to perform that contract.
In that case, we may have to stop providing a service to users. If so, we will notify users of this at the time.
The bases on which we process information about users
The law requires us to determine under which of six defined bases we process different categories of their personal data, and to notify users of the basis for each category.
If a basis on which we process their personal data is no longer relevant then we shall immediately stop processing their data.
If the basis changes then if required by law we shall notify users of the change and of any new basis under which we have determined that we can continue to process their information.
Information we process because we have a contractual obligation with users
When users create an account on our platform, buy a product or service from us, or otherwise agree to our terms and conditions, a contract is formed between users and us.
In order to carry out our obligations under that contract we must process the information users give us. Some of this information may be personal data.
We may use it in order to:
- verify their identity for security purposes when users use our services
- sell products to users
- provide users with our services
- provide users with suggestions and advice on products, services and how to obtain the most from using our platform
We process this information on the basis there is a contract between us, or that users have requested we use the information before we enter into a legal contract.
We shall continue to process this information until the contract between us ends or is terminated by either party under the terms of the contract.
Information we process with users consent
Through certain actions when otherwise there is no contractual relationship between us, such as when users browse our platform or ask us to provide users more information about our business, including our products and services, users provide their consent to us to process information that may be personal data.
Wherever possible, we aim to obtain their explicit consent to process this information, for example, we ask users to agree to our use of non-essential cookies when users access our platform.
If users have given us explicit permission to do so, we may from time to time pass their name and contact information to selected associates whom we consider may provide services or products users would find useful.
We continue to process their information on this basis until users withdraw their consent or it can be reasonably assumed that their consent no longer exists.
Users may withdraw their consent at any time by instructing us at dp@myerrand.co.uk. However, if users do so, users may not be able to use our platform or our services further.
We aim to obtain and keep their consent to process their information. However, while we take their consent into account in decisions about whether or not to process their personal data, the withdrawal of their consent does not necessarily prevent us from continuing to process it. The law may allow us to continue to process their personal data, provided that there is another basis on which we may do so. For example, we may have a legal obligation to do so.
Information we process for the purposes of legitimate interests
We may process information on the basis there is a legitimate interest, either to users or to us, of doing so.
Where we process their information on this basis, we do after having given careful consideration to:
- whether the same objective could be achieved through other means
- whether processing (or not processing) might cause users harm
- whether users would expect us to process their data, and whether users would, in the round, consider it reasonable to do so
For example, we may process their data on this basis for the purposes of:
- improving our services
- record-keeping for the proper and necessary administration of our organisational
- responding to unsolicited communication from users to which we believe users would expect a response
- preventing fraudulent use of our services
- exercising our legal rights, including to detect and prevent fraud and to protect our intellectual property
- insuring against or obtaining professional advice that is required to manage organisational risk
- protecting their interests where we believe we have a duty to do so
- To comply with the legislation and bring and defend legal actions
- To ensure security and an appropriate environment for the safe supply of services
Information we process because we have a legal obligation
Sometimes, we must process users information in order to comply with a statutory obligation.
For example, we may be required to give information to legal authorities if they so request or if they have the proper authorisation such as a search warrant or court order.
This may include their personal data.
Information we process to protect vital interests
In situations where processing personal information is necessary to protect someone’s life, where consent is unable to be given and where other lawful bases are not appropriate, we may process personal information on the basis of vital interests.
Data Recipient
My Errand warrants that all commercial partners, technicians, suppliers or independent third parties are bound by contractually binding promises to process the information shared with them in accordance with My Errand’s indications, this Privacy Policy and the applicable data protection legislation. We will not disclose your personal data to any third party who does not act under our instructions, and no communication will involve selling, renting, sharing or in any other way revealing customers’ personal information for commercial purposes in breach of the commitments made in this Privacy Policy.
When completing an errand, data may be shared with:
- The Partner who carries out the task of collecting and delivering the product.
- The establishment or venue in charge of selling the product, if the User has requested the purchase of a product. If a User contacts the above-mentioned providers directly and gives them his/her data directly, My Errand will not be responsible for the providers’ use of such data.
- The Support team contracted by My Errand for the purpose of warning the User of any possible incidents or asking why negative feedback has been given for the service. My Errand may use the data provided in order to manage any incidents that may occur during the provision of the services.
- The payment Platform and payment service providers so that the amount can be charged to the User’s account.
- Telecommunications service providers, when they are used to send communications regarding orders or incidents relating to orders.
- Providers rendering satisfaction survey services on My Errand’s behalf.
- Sharing User data with third parties
In order to continue providing the services offered through the Platform, My Errand may share certain personal data of Users with
- Service providers: My Errand’s third-party service providers that send parcels, complete errands and/or resolve incidents with errands will have access to Users’ personal information as may be necessary to carry out their functions, but they may not use it for any other purposes. They must process the said personal information as provided in this Privacy Policy and in the applicable data protection legislation. The establishment or venue in charge of selling the product, if the User has requested the purchase of a product. If a User contacts the above-mentioned providers directly and gives them his/her data directly, My Errand will not be responsible for the providers’ use of such data.
- The Support team contracted by My Errand for the purpose of warning the User of any possible incidents or asking why negative feedback has been given for the service. My Errand may use the data provided in order to manage any incidents that may occur during the provision of the services.
- The payment Platform and payment service providers so that the amount can be charged to the User’s account.
- Telecommunications service providers, when they are used to send communications regarding orders or incidents relating to orders.
- Providers rendering satisfaction survey services on My Errand’s behalf.
Job application and employment
If users send us information in connection with a job application, we may keep it for up to two years in case we decide to contact users at a later date.
If we employ users, we collect information about users and their work from time to time throughout the period of their employment. This information will be used only for purposes directly relevant to their employment. After their employment has ended, we will keep their file for six years before destroying or deleting it.
Information obtained from third parties
Although we do not disclose their personal data to any third party (except as set out in this notice), we sometimes receive data that is indirectly made up from their personal data from third parties whose services we use.
No such information is personally identifiable to users.
Third party advertising on our platform
Third parties may advertise on our platform. In doing so, those parties, their agents or other companies working for them may use technology that automatically collects information about users when their advertisement is displayed on our platform.
They may also use other technology such as cookies or JavaScript to personalise the content of, and to measure the performance of their adverts.
We do not have control over these technologies or the data that these parties obtain. Accordingly, this privacy notice does not cover the information practices of these third parties.
Service providers and business partners
We may share your personal data with businesses that provide services to us, or with business partners.
As examples:
- we may pass their payment information to our payment service provider to take payments from users
- we may use fraud prevention agencies and credit reference agencies to verify their identity and we may pass their information to those agencies if we strongly suspect fraud on our platform
- we may pass their contact information to advertising agencies to use to promote our services to users
Referral partners
This is information given to us by users in their capacity as an affiliate of us or as a referral partner.
It allows us to recognise visitors that users have referred to us, and to credit to users commission due for such referrals. It also includes information that allows us to transfer commission to users.
The information is not used for any other purpose.
We undertake to preserve the confidentiality of the information and of the terms of our relationship.
We expect any affiliate or partner to agree to reciprocate this policy.
Personal identifiers from your browsing activity
Requests by their web browser to our servers for web pages and other content on our platform are recorded.
We record information such as their geographical location, their Internet service provider and their IP address. We also record information about the software users are using to browse our platform, such as the type of computer or device and the screen resolution.
We use this information in aggregate to assess the popularity of the webpages on our platform and how we perform in providing content to users.
If combined with other information we know about users from previous visits, the data possibly could be used to identify users personally, even if users are not signed in to our platform.
Re-marketing
Re-marketing involves placing a ‘tracking technology’ such as a cookie, a ‘web beacon’ (also known as an ‘action tag’ or a ‘single-pixel GIF’) to track which pages users visit and to serve users relevant adverts for our services when users visit some other platform.
The benefit of re-marketing technology is that we can provide users with more useful and relevant adverts, and not show users ones repeatedly that users may have already seen.
We may use a third-party advertising service to provide us with re-marketing services from time to time. If users have consented to our use of such tracking technologies, users may see advertisements for our products and services on other platforms.
We do not provide their personal data to advertisers or to third-party re-marketing service providers. However, if users are already a member of a platform whose affiliated business provides such services, that affiliated business may learn of their preferences in relation to their use of our platform.
Their rights
The law requires us to tell users about their rights and our obligations to users in regard to the processing and control of their personal data.
We do this now, by requesting that users read the information provided at http://www.knowtheirprivacyrights.org
Use of our services by children
We do not sell products or provide services for purchase by children, nor do we market to children.
If users are under 18, users may use our platform only with consent from a parent or guardian.
We collect data about all users and visitors to these areas regardless of age, and we anticipate that some of those users and visitors will be children.
Encryption of data sent between us
We use Secure Sockets Layer (SSL) certificates to verify our identity to your browser and to encrypt any data you give us.
Whenever information is transferred between us, users can check that it is done so using SSL by looking for a closed padlock symbol or other trust marks in your browser’s URL bar or toolbar.
Delivery of services using third-party communication software
With their consent, we may communicate using software provided by a third party such as Facebook (WhatsApp), Apple (Facetime), Microsoft (Skype) or Zoom Video Communications (Zoom).
Such methods of communication should secure their personal data using encryption and other technologies. The providers of such software should comply with all applicable privacy laws, rules, and regulations, including the GDPR.
If users have any concerns about using a particular software for communication, please tell us.
Data may be processed outside the UK
Our websites and platform are hosted in the UK
We may also use outsourced services in countries outside the UK from time to time in other aspects of our business.
Accordingly data obtained within the UK or any other country could be processed outside the UK.
We use the following safeguards with respect to data transferred outside the UK:
- the processor is within the same corporate group as our business or organisation and abides by the same binding corporate rules regarding data processing.
- the data protection clauses in our contracts with data processors include transfer clauses written by or approved by a supervisory authority.
Control over their own information
It is important that the personal data we hold about users is accurate and up to date. Please inform us if their personal data changes.
When we receive any request to access, edit or delete personal data we first take reasonable steps to verify their identity before granting users access or otherwise taking any action. This is important to safeguard their information.
Please be aware that we are not obliged by law to provide users with all personal data we hold about users, and that if we do provide users with information, the law allows us to charge for such provision if doing so incurs costs for us. After receiving their request, we will tell users when we expect to provide users with the information, and whether we require any fee for providing it to users.
If users wish us to remove personally identifiable information from our platform, users should contact us to make their request.
This may limit the service we can provide to users.
Communicating with us
When users contact us, whether by telephone, through our platform or by email, we collect the data users have given to us in order to reply with the information users need.
We record their request and our reply in order to increase the efficiency of our organisation
We may keep personally identifiable information associated with their message, such as their name and email address so as to be able to track our communications with users to provide a high quality service.
Complaining
If users are not happy with our privacy policy, or if users have any complaint, then users should tell us.
When we receive a complaint, we record the information users have given to us on the basis of consent. We use that information to resolve their complaint.
We aim to investigate all complaints relating to user generated content. However, we may not be able to do so as soon as a complaint is made. If we feel that it is justified or if we believe that the law requires us to do so, we shall remove the content while do so.
If we think their complaint is vexatious or without any basis, we shall not correspond with users about it.
If their complaint reasonably requires us to notify some other person, we may decide to give to that other person some of the information contained in their complaint. We do this as infrequently as possible, but it is a matter for our sole discretion whether we do give information, and if we do, what that information is.
We may also compile statistics showing information obtained from this source to assess the level of service we provide, but not in a way that could identify users or any other person.
If a dispute is not settled then we hope users will agree to attempt to resolve it by engaging in good faith with us in a process of mediation or arbitration.
If users are in any way dissatisfied about how we process their personal data, users have a right to lodge a complaint with the Information Commissioner’s Office (ICO). This can be done at https://ico.org.uk/make-a-complaint/. We would, however, appreciate the opportunity to talk to users about their concern before users approach the ICO.
Retention period
Except as otherwise mentioned in this privacy notice, we keep users personal data only for as long as required by us:
- to provide users with the services users have requested
- to comply with other law, including for the period demanded by our tax authorities
- to support a claim or defence in court
Compliance with the law
Our privacy policy complies with the law in the United Kingdom, specifically with the Data Protection Act 2018 (the ‘Act’) accordingly incorporating the EU General Data Protection Regulation (‘GDPR’) and the Privacy and Electronic Communications Regulations (‘PECR’).
Review of this privacy policy
We shall update this privacy notice from time to time as necessary.