This privacy notice tells you what to expect when Myki through its website, application or otherwise collects personal information.
Myki has unilaterally chosen to adhere to the guidelines of data protection set forth by the European Union in the General Data Protection Regulation - Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, we have adapted the following notice mirroring guidelines from the UK Information Commissioners Office (ICO) and other industry best practices.
In scope, sources of personal information include:
- Visitors to our website
- People who use our services
- Job Applicants as well as our current and former employees
Visitors to our website
When someone visits the Myki website, we use third-party services, such as Google Analytics, to collect standard internet log information and details of visitor behavior patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is processed anonymously, if we collect personally identifiable information through our website, we will do so explicitly and with proper consent.
A cookie is a small piece of data that is sent to your browser or device by our website, mobile applications, and advertisements that you access or use. This data is stored on your browser or device and helps us remember things about you. We recognize cookies as containing personally identifiable information and handle them accordingly.
Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.aboutcookies.org or www.allaboutcookies.org.
We use third-party providers, such as MailChimp, to deliver our newsletters. We gather statistics around email opening and clicks using industry standard technologies including clear GIFs to help us monitor and improve our services. For more information, please see associated privacy notice.
All our newsletters offer clear and simple to use opt-out notices.
We use a third-party service, ghost.org, to publish our blog, and some of our microsites. These sites are hosted on Myki servers. We use a standard Ghost service to collect anonymous information about users' activity on the site, for example the number of users viewing pages on the site, to monitor and report on the effectiveness of the site and help us improve it.
Online Reporting Tool
We collect information volunteered by our members or those who have opted to hear from us using an online reporting tool hosted by Google Form Surveys. Google is a data processor for Myki and only processes personal information in line with our instructions.
Security and Performance
Myki’s world class security team keep a vigilant eye on our systems, but we also employ third-party services to help maintain the security and performance of our offerings to ensure our users privacy and our clients security.
People who contact us via social media
We use a third-party provider, Hootsuite to manage our social media interactions. If you send us a private or direct message via social media the message will be stored by Hootsuite for three months. It will not be shared with any other organizations.
People who email us
Any email sent to us, including any attachments, may be monitored and used by us for reasons of security and for monitoring compliance with office policy. Email monitoring or blocking software may also be used. Please be aware that you have a responsibility to ensure that any email you send to us is within the bounds of the law.
People who use Myki services
We have to hold the details of the people who have requested the service in order to provide it. However, we only use these details to provide the service the person has requested and for other closely related purposes. For example, we might use information about people who have installed the Myki app to carry out a survey to find out if they are happy with the level of service they received. When people do subscribe to our services, they can cancel their subscription at any time and are given an easy way of doing so.
We collect anonymized analytics and usage information in order to improve our services. This information is used in order to provide us with aggregate information to know what features to focus on the most and which features we need to improve.
Example of information includes:
- How many users come from advertisements that we run
- How many users properly go through the initial onboarding
- How many users purchase pro features
- How many users use the share passwords feature
- How many users use Myki on more than one device
- How many users are backing up their vaults properly
All of this usage information can be disabled from our privacy center page in the Myki app. Opting out of usage analytics will stop sharing any usage information.
Job applicants, current and former Myki employees
When individuals apply to work at Myki, we will only use the information they supply to us to process their application and to monitor recruitment statistics. Where we want to disclose information to a third party, for example where we want to take up a reference or obtain a ‘disclosure’ from criminal records, we will not do so without informing them beforehand unless the disclosure is required by law.
Personal information about unsuccessful candidates will be held for no longer than 12 months after the recruitment exercise has been completed, it will then be deleted as per our data destruction policy. We retain anonymized statistical information about applicants to help inform our recruitment activities, but no individuals are identifiable from that data.
Once a person has taken up employment with Myki, we will compile a file relating to their employment. The information contained in this will be kept secure and will only be used for purposes directly relevant to that person’s employment. Once their employment has ended, we will retain the file in accordance with the requirements of our data retention policy and then delete it.
Complaints or Queries
We use a third-party service to manage all our help desk services to track and respond to any requests through the site or our application. We try to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.
This privacy notice was drafted with brevity and clarity in mind. It does not provide exhaustive detail of all aspects regarding to the collection and use of personal information. However, we are happy to provide any additional information or explanation needed.
Access to Personal Information
Myki tries to be as open as it can be in terms of giving people access to their personal information. Individuals can find out if we hold any personal information by making a ‘subject access request’ through our help-desk portal, if we do hold information about you we will:
- give you a description of it
- tell you why we are holding it
- tell you who it could be disclosed to
- let you have a copy of the information in an intelligible form
Disclosure of Personal Information
In most circumstances, we will not disclose personal data without consent. However, when we investigate a complaint, for example, we will need to share personal information with the organization concerned and with other relevant bodies.
You can also get further information on:
- Agreements we have with other organizations for sharing information
- Circumstances where we can pass on personal data without consent for example, to prevent and detect crime, conduct research and to produce anonymized statistics
- How we check that the information we hold is accurate and up to date
Links to Other Websites
This privacy notice does not cover the links within this site linking to other websites. We encourage you to read the privacy statements on the other websites you visit.
Changes to this privacy notice
How to contact us
Glossary of Terms
Data Controller – The person who (either alone or with others) decides what personal information (insert name of org) will hold and how it will be held or used.
Data Protection Officer – The person(s) responsible for ensuring that Myki follows its data protection policy and complies with relevant local laws concerning data protection.
Individual/Service User/Data Subject – The person whose personal information is being held or processed by Myki for example: a client, an employee, or supporter.
Explicit consent – is a freely given, specific and informed agreement by an Individual/Service User in the processing of personal information about her/him. Explicit consent is needed for processing sensitive data.
Notification – Notifying the relevant authorities about the data processing activities of Myki, as certain activities may be exempt from notification.
Processing – means collecting, amending, handling, storing or disclosing personal information.
Personal Information – Information about living individuals that enables them to be identified – e.g. name and address. It does not apply to information about organizations, companies and agencies but applies to named persons, such as individual volunteers or employees within Myki.
Sensitive data – refers to data about:
- Racial or ethnic origin
- Political affiliations
- Religion or similar beliefs
- Trade union membership
- Physical or mental health
- Criminal record or proceedings