whatwords Limited (“what3words”, “we” or “us”) is committed to protecting your personal data and respecting your privacy.
This Privacy and Cookies Policy (this “Policy”) details the personal data we collect in relation to you and explains how we handle that personal data.In respect of the processing activities described in this Policy, what3words Limited of Dewmead House, Hinxworth, Baldock, SG7 5HD is your data controller.
1. INFORMATION WE MAY COLLECT FROM YOU
We may collect and process the following personal data about you:
(A) Information you voluntarily provide when you contact us
You may provide us with your name, address, telephone number and email address in the following instances:
- if you contact us by phone, email or through the Website or the Apps (as defined in the Terms and Conditions), to report an issue or for any other reason. We may keep a record of that correspondence in case we need to contact you in relation to the issue for which you contacted us, for operational performance improvement, to resolve a dispute, and/or nuisance caller management;
- when signing up to complete one of our surveys. Please note that if we do collect your name and email address when you complete a survey for us, this will typically be so that we can contact you in the event that we offer a prize to a lucky winner. We will endeavour to anonymise any surveys retained on our systems within 30 days of the survey closing.
If you choose to attend an event with us, we may also collect your image (by way of either photograph or video). Please do let us know (either by email in advance or on the day at the event) if you would prefer that your image is not captured and we will let our camera operators know.
(B) Information we collect about you and your device when you interact with our services
If you choose to become a registered user of our services, we will process your name, contact details, and email address, as well as your what3words password. However, you are not required to provide us with this information to use the Website or our Apps.
Registered users in some jurisdictions are also presented with the opportunity to use the “Saved Locations” functionality within our Apps. This means you can save specific what3words addresses and label them (e.g. “home” or “work”). If you choose not to use the Saved Locations feature, that’s perfectly fine. You can also choose delete your saved locations at any time within the App.
When you use the Website and/or the Apps to access our services, we may use technology such as (but not limited to) that provided by Google (Google Analytics and Google Firebase) and Matamo (see Section 3 below) to collect information about your visit to our Website and use our Apps. In essence, Google Analytics and Firebase enables us to analyse how you and others interact with our Website and Apps. The information we collect may include:
- your IP address;
- your device ID;
- the type of browser you use (e.g. are you using the Chrome or Safari browser?);
- the number of sessions per browser on each device;
- the type of device (eg Samsung) and operating system (eg Android) you are using;
- referrer information;
- time zone;
- user preferences;
- which 3 word address locations you searched or landed on the App or Website. In addition we would receive the text of anything you type incorrectly into the search bar;
- which 3 word address locations you have saved;
- user content including photographs, videos and other content that you choose to share on our Website or Apps and any associated content including comments that you post to our Website and/or Apps;
- which pages you visited on the website; and
- analytics information in relation to your interactions with the newsletter (e.g. click rates) and
- if you elect to join our squares community (subject to our Squares Terms), we may hold any personal data you choose to share within any social media group (including Facebook and Slack) set up by us for the purpose of engaging the community. In addition, if you choose to share your unique what3words download link, we may also track the number of downloads which resulted from that link.
The reasons we collect this data are:
- to ensure that content from our site is presented in the most effective manner for you and for your device;
- to improve the services we provide in the short-term, for example by providing you with more relevant search results;
- to improve the services we provide over the longer-term by understanding how you and other users interact with our services;
- serving recommendations to you around those functionalities of the App or Website which are most relevant to you, based on your use of those platforms;
- to notify you about any important changes to our services;
- to ensure that we continue to provide relevant information to recipients of our newsletters.
We may utilise cookies to achieve some of the above. Furthermore, we may use pixel tags within our emails in order to measure the success of our direct marketing campaigns (including out newsletter), and to compile statistics about usage of the services. More information on the cookies we utilise and why is set out in the Cookies section below.
If you are a business which uses the what3words application programming interface (“API”), we collect the following pieces of personal data in respect of each API call made:
- content of the API call (for example, the three word address searched);
- timestamp; and
- IP address from which the call was made.
The reasons we collect this data are:
- to deliver the GPS co-ordinates which correspond with the three word address searched; and
- to analyse and better understand how our API is being used.
(C) Information we collect about you when you contact us for business to business marketing purposes
As a prospective (or existing) business customer of what3words we may collect:
- your name, email address and telephone number;
- the name of the business you own or represent and your business title; and
- the address of the business you own or represent.
We may collect this information directly from you, or from publicly available sources such as LinkedIn and, subject to any local law restrictions, may use this information to contact you directly for the purpose of informing you about our products and services and discussing any potential partnership. Should you not wish to be contacted by us after we have reached out to you, please do not hesitate to let us know.
2. LEGAL BASIS FOR PROCESSING
In certain jurisdictions, such as those located within the European Union, we are required to establish legal bases to process your personal data. We have identified our legal basis for processing in respect of each of the processing activities set out below:
(A) Responding to correspondence instigated by you
Where you contact us for any reason, we will process any personal data provided by you for the purposes set out under Section 1(A) above. On balance, we consider that we have a legitimate interest in processing your personal data for those limited purposes, and that it is necessary to do so.
(B) Photographing and recording our events
We consider that we have a legitimate interest in recording the events we host (by way of either photograph or video). As set out above, please do let us know (either by email in advance or on the day at the event) if you would prefer that your image is not captured and we will let our camera operators know.
(C) Administering your what3words account
When you create an account with us you sign up to our Terms and Conditions. We process your name, contact details, and email address (as well as your what3words password) so that we can provide you with the service we commit to under those Terms and Conditions. We also store your saved locations within along with your account details so that you can access those saved locations each time you open the App.
(D) Effectively manage our business and improve our services
Where we have determined that, on balance, our legitimate interest in using your personal data to effectively manage our business and improve our services does not outweigh your own rights and freedoms we rely on legitimate interests as the legal basis for processing that personal data. This covers the analysis of the information collected through technical means, as set out under Section 1(B) above. We will always seek to ensure that any data used for analysis purposes is encrypted and / or aggregated, where doing so would not impact the specific purpose we are trying to achieve. For example, it may be necessary to use an un-hashed version of your device ID in order to ensure that the notifications you receive within the App about a new feature are relevant to you.
(E) Electronic direct marketing activities (end users)
Where we have your express, opt-in consent we may contact you by email or other electronic means for the purpose of providing you with marketing information (including our newsletters) relating to our products and services. You may opt-out to receiving such communications at any time by hitting the unsubscribe link at the bottom of any email communication, or by emailing us at firstname.lastname@example.org.
We may use the personal data collected through cookies on our Website (as set out under Section 1 (B) above) to show you relevant advertising on third platforms such as Facebook, Instagram and Twitter and consider that, on balance, we have a legitimate interest in doing so. For further information on cookies, including how these can be disabled, please see the Cookies Section below.
(F) Contacting businesses and their representatives
Subject to any specific local laws to the contrary, we consider that we have a legitimate interest processing the contact details other personal data (as set out in Section 1 (C) above of prospective (or existing) business customers for the purpose of introducing them to our products and services and then maintaining a business relationship.
(G) The what3words public API
We consider that we have a legitimate interest in processing the limited personal data we collect through our API (as set out in Section 1 (B) above) which is necessary in order to deliver that service and to analyse and better understand how our API is being used.
3. THIRD PARTIES
We will never share your contact details to third parties to allow them to contact you for direct marketing purposes.
Where we use data processors, we always seek to ensure that they are bound by data processing terms which meet the requirements of applicable data protection legislation and that they only process your personal data upon our instructions.
The following categories of third party may have access to your personal data as a result of your use of the what3words Apps and/or Website:
- a prospective buyer in the event of a sale or purchase of what3words or any of its assets;
- any third party when obliged to do so by law;
- data hosting companies (such as Amazon Web Services and Google Cloud);
- external consultants engaged by us to help improve our business;
- CRM Solution providers (such as Salesforce and Hubspot)
- other IT service providers (such as G Suite for Business);
- providers of data analytics services (such as Matamo, Google Firebase and Google Analytics);
- Website mapping providers. We currently give you the option to choose between the following mapping providers for our website:
We do not collect any personal data through your use of the what3words Amazon Alexa Ride Skill. However, Amazon will collect personal data through your use of its Alexa platform, as set out in its then current Amazon Alexa Privacy Notice.
4. Where we store and transfer your personal data
The personal data that we collect from you may be transferred to, and stored in, a country outside the European Economic Area (“EEA”). It may also be processed by staff operating outside the EEA who either work for us or for one of our suppliers. Countries outside the EEA may not have laws which provide the same level of protection to your personal data as laws within the EEA. Where this is the case we will put in place appropriate safeguards to ensure that such transfers comply with applicable data protection laws.
5. Keeping information secure
Unfortunately, the transmission of information via the internet is not completely secure. Whilst we cannot guarantee the security of your data transmitted to our site, and any transmission is at your own risk, we will use strict procedures and security features to try to prevent unauthorised access. For example, we provide HTTPS to ensure communication to/from what3words is securely encrypted. Our systems are protected behind a firewalled VPC, all hosted in London on Amazon infrastructure, and we follow strict internal policies as to our handling of personal data and conduct regular reviews of our infrastructure and server security.
6. How long we keep your personal data
We will only store your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
We will retain your personal data for at least as long as you use the Website and the Apps and for a reasonable period of time after you cease using the Website and the Apps.
Where you have requested that we delete any personal data we hold on you, we will typically continue to process the data for only a short period of time to allow us to process that request and keep a record of your request. See section 7 below for further detail.
7. Your rights
We think it is important that you are able to control your personal data. You have the right to ask us not to process your personal data for marketing purposes. You can exercise your right to prevent such processing at any time by contacting us at email@example.com.
Under applicable data protection laws, you may be entitled to exercise the following rights:
- The right to access personal data that we hold about you.
- The right to require us to update our records to ensure the data we hold is accurate.
- The right to require us to delete your personal data. There will be instances where this right is restricted, such as where it is necessary to continue to process your personal data for the establishment, exercise or defence of legal claims.
- The right to restrict how we process your data (for example, if you dispute its accuracy, we may restrict its processing until your complaint is resolved).
- The right to require us to transfer your data to another organisation.
- The right to object to data processing. There will be instances where this right is restricted, such as where we have an overriding legitimate ground to continue to process your personal data.
- The right not to be subject to the decision of an automated process, such as profiling, when this would produce a legal effect on you.
- The right to withdraw your consent (in our case, only in respect of personal data processed for direct marketing purposes). We will make this a simple and easy process for you through ‘unsubscribe’ links in all of our marketing communications.
Should you wish to exercise any rights in connection with your personal data, please email us at firstname.lastname@example.org. When you submit a request, we may ask you for additional information to confirm your identity and entitlement to submit such a request. If we consider that your request is manifestly unfounded, excessive or repetitive, we reserve the right to charge you an administrative fee.
We will process any request in line with any local laws and our policies and procedures. We aim to respond to enquiries within 3 working days, but may take up to 30 days to comply with valid requests.
If you want to stop using the Website, the App and the services, you may do so. If you do, you may also want to remove any cookies that we have placed on any device used to access the Website and the Apps.
In the event that you aren’t happy with our processing of your personal data, we ask that you always seek to get in touch in the first instance so that we can help ease your concerns. However, you also have the right to lodge a complaint about how we process your personal data with the supervisory authority in your country.
8. Third party properties accessed from the website/app e.g. other websites
Our Website and Apps may contain links to and from the online properties of third parties. If you follow a link to any of these online properties, please note that these online properties have their own privacy policies which will govern use of any personal data that they process. Please check these policies carefully before you click on any links and/or submit any personal data to these online properties.
Any changes we may make to this Policy will be posted on this page. Where it makes sense because the changes are material, we will notify you by e-mail or in another appropriate manner such as when you next interact with the Website/Apps.
10. Contacting us is easy and we want to hear from you
We really do welcome any questions, comments and requests you may have regarding this Policy. You can contact us by emailing us at email@example.com.
Cookies are small pieces of data that are stored on your computer, mobile phone or other device. Pixels are small blocks of code on web pages that do things like allow another server to measure viewing of a web page and are often used in connection with cookies. HTML5 Local Storage is a small database located inside your browser which web pages can use to store data to speed up their processing. We may use all three technologies from time to time, to help improve your browsing experience.
You have the ability, by toggling with your browser settings, to turn off our utilisation of cookies. This may, however, mean that sections of the Website or Apps are not accessible in the same way or their performance is altered.
We also utilise cookies to record the pages you have visited and the links you have followed. We use this information to make our website and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose.We have outlined below the individual cookies we use and why we use them.
1. Google Inc NID
Google Analytics is a web analytics service provided by Google, Inc. We use Google Analytics to allow us to evaluate and report on the usage of our website. Using Google Analytics helps us to understand our visitor’s behaviour and allow us to make improvements to our users’ experience. You can opt out of Google Analytics across all services that utilise it via your browser here.
Hubspot is a CRM service provided by Hubspot Inc. We use Hubspot to facilitate sign-ups for our user account and newsletters and to allow us to understand more about our visitors.
Hotjar is a web analytics service provided by Hotjar Ltd.
We use Hotjar to understand our visitor’s behaviour and to allow us to plan modifications to our websites that will improve user experience.
Matomo is a web analytics service provided by InnoCraft Ltd.
We use Matomo to understand our visitor’s behaviour and to allow us to plan modifications to our websites that will improve user experience.
5. what3words auth-token
We use our own strictly necessary cookies to improve functionality on our sites. An authentication cookie is stored by the browser so that our websites can check that a user has been authenticated by our servers.
6. Other Cookies
In addition to the above cookies, the following sites may create their own cookies whilst browsing our site:
We also use Google AdWords for remarketing purposes in order to encourage users to return to the site. To do this, we make use of AdWords remarketing tags which set information within a Google AdWords cookie.