whatwords Limited (“what3words”, “we” or “us”) is committed to protecting your personal data and respecting your privacy.
In respect of the processing activities described in this Policy, what3words Limited of Studio 301 Great Western Studios, 65 Alfred Rd, London, England, W2 5EU, UK is your data controller.
- INFORMATION WE MAY COLLECT FROM YOU
We may collect and process the following personal data about you:
(A) Information you voluntarily provide to us
If you choose to register for an account on what3words.com (the “Website”) or the Apps (as defined in the Terms and Conditions), we will process your name, country, email address and (if you use “social sign-in”) your Google or Facebook ID, as well as your chosen account password. However, you are not required to provide us with this information to use the Website or our Apps.
Registered account holders in some jurisdictions are also presented with the opportunity to use the “Saved Locations” functionality within our Website and Apps. This means you can save specific 3 word addresses and label them (e.g. “home” or “work”). If you choose not to use the Saved Locations feature, that’s perfectly fine. You can also choose delete your saved locations at any time within your account. We recommend that you do not save any personal information within your labels (such as names, information about another person or health information).
You may provide us with personal data such as your name and email address (and any other information that a sign-up form asks for and/or that you choose to give us) in the following instances:
- if you subscribe to our email newsletter here – note that you can unsubscribe at any time by following the instructions within the newsletter email;
- if sign up to our Squares programme here, so that you can set up an account in order to receive newsletters and other relevant communications (such as event invitations) and interact with the Squares community by joining social media groups;
- if you contact us by phone, email or through the Website or the Apps to ask us a question, to report an issue or for any other reason. We may keep a record of that correspondence in case we need to contact you in relation to the issue for which you contacted us, for operational performance improvement, to resolve a dispute, and/or nuisance caller management;
- if you sign up to complete one of our surveys. Please note that if we do collect your name and email address when you complete a survey for us, this will typically be so that we can contact you in the event that we offer a prize to a lucky winner. We will endeavour to anonymise any surveys retained on our systems within 30 days of the survey closing;
- if you sign up to a competition that we may run from time to time, in which case we will collect contact details in order to notify you if you are a winner (and we will delete them a reasonable time period after you have collected your prize);
- if you sign up for the what3words application programming interface (“API”), you will be asked to provide us with your name, email address and chosen password to set up your account. You may choose to provide us with your job title and industry which we will use to compile statistics on API usage and to provide you with a more relevant experience if we contact you (e.g. for feedback). Your payment details will be stored by our payment provider, Stripe, rather than by us (see Section 3 below);
- if you choose to attend an event with us, we may capture your image (by way of either photograph or video). Please do let us know (either by email in advance or on the day at the event) if you would prefer that your image is not captured and we will let our camera operators know;
- if you join the what3words Beta Tester programme here, so that we can contact you to review what3words products (that are relevant to your experience and the platforms that you can use for testing);
- if you choose to download one of the what3words toolkits available on our Website, we will ask you for your email address and company name. We will use your email address in order to send you your toolkit and your company name to conduct internal analysis on how the toolkit is being used. If you indicate that you are happy for us to do so, we may use your email address to contact you to ask for feedback on how you are using the toolkit (to enable us to make improvements to our products and services in the long term);
- if you choose to download our what3words learning activities, we will ask you for your name and email address so that we can send you the materials. If you choose to provide us with the name of the school at which you work, we use this so we can build up a picture of where and how the resources are being used (in order to improve them in the long term);
- if you agree to take part in a promotional campaign in which you share your story of using what3words services in a form of digital or print media; and/or
- if you apply for a role at what3words as a prospective candidate, the recruitment process may involve us collecting your contact details, CVs and supplementary information, information gathered through interviews or other assessments, video recordings of interviews (where you agree to provide these to us), and references supplied by former employers or agencies. If you are successful in your application, any relevant information collected as part of the recruitment process will be transferred to your personnel file and retained during your employment. If your application is unsuccessful, we automatically delete information 18 months following conclusion of the recruitment process.
(B) Information we collect about you and your device when you interact with our services
When you use the Website and/or the Apps to access our services, we may use technology such as (but not limited to) that provided by Google (Google Analytics and Google Firebase) and Matomo (see Section 3 below) to collect information about your visit to our Website and your use of our Apps. In essence, Google Analytics and Firebase enable us to analyse how you and others interact with our Website and Apps. The information we collect may include:
- your IP address;
- your device ID;
- the type of browser you use (e.g. Chrome or Safari browser);
- the number of sessions per browser on each device;
- the type of device (e.g. Samsung) and operating system (e.g. Android) that you are using;
- referrer information (which website you visited from e.g. a search engine);
- time zone;
- user preferences (e.g. language);
- which 3 word address locations you searched or landed on (including anything you type incorrectly into the search bar);
- which 3 word address locations you have saved using “Saved Location”;
- if you choose to use the photo feature in the Apps, the 3 word address at which a photo was taken (but not the photo itself) and the fact that the “share” button has been pressed (if applicable);
- user content including photographs, videos and other content that you choose to share on our Website or Apps and any associated content including comments that you post to our Website and/or Apps;
- which pages you visited on the Website;
- analytics information in relation to your interactions with the newsletter (e.g. click rates); and
- if you elect to join our Squares community and you choose to share your unique what3words download link, we may also track the number of downloads which resulted from that link.
The reasons we collect this data are:
- to ensure that content from our Website is presented in the most effective manner for you and for your device;
- to improve the services we provide in the short term, for example by providing you with more relevant search results;
- to improve the services we provide over the longer-term by understanding how you and other users interact with our services;
- to serve recommendations to you around those functionalities of the Apps or Website which are most relevant to you, based on your use of those platforms;
- to notify you about any important changes to our services;
- to ensure that we continue to provide relevant information to recipients of our newsletters; and
- (for the audio files only) to permit audio to text transcription through automated methods, after which such files are discarded.
We may utilise cookies to achieve some of the above: in particular, so that we can deliver a seamless experience between our Apps and our Website and so that we can analyse aggregated usage data (e.g. how many people are returning to our Website more than once). Furthermore, we may use pixel tags within our emails in order to measure the success of our direct marketing campaigns (including our newsletter), and to compile statistics about usage of the services (e.g. how many people are opening newsletter emails). More information on which cookies we utilise and why is set out in the Cookies section below.
If you are a business which uses the what3words application programming interface (“API”), we collect the following pieces of data in respect of each API call made:
- content of the API call (for example, the 3word address searched);
- API key (the unique identifier used to authenticate the user/program making a call to the API);
- timestamp; and
- IP address from which the call was made.
The reasons we collect this data are:
- to deliver the GPS co-ordinates which correspond with the 3 word address searched; and
- to analyse and better understand how our API is being used.
(D) Information we collect for business to business marketing purposes
As a prospective (or existing) business customer of what3words we may collect:
- your name, email address and telephone number;
- the name of the business you own or represent and your business title; and
- the address of the business you own or represent.
We may collect this information directly from you or from publicly available sources such as LinkedIn and, subject to any local law restrictions, we may use this information to contact you directly for the purpose of informing you about our products and services and discussing any potential partnership. Should you not wish to be contacted by us after we have reached out to you, please do not hesitate to let us know.
2. LEGAL BASIS FOR PROCESSING
In certain jurisdictions, such as those located within the European Union, we are required to establish legal bases to process your personal data. We have identified our legal basis for processing in respect of each of the processing activities set out below:
(A) Responding to correspondence instigated by you
Where you contact us for any reason, we will process any personal data provided by you for the purposes set out under Section 1(A) above. On balance, we consider that we have a legitimate interest in processing your personal data for those limited purposes, and that it is necessary to do so.
(B) Photographing and recording our events
We consider that we have a legitimate interest in recording the events we host (by way of either photograph or
video). As set out above, please do let us know (either by email in advance or on the day at the event) if you
would prefer that your image is not captured and we will let our camera operators know.
(C) Administering your what3words account, Squares account or API account
When you register for an account on the Website, sign up to the Squares programme or register for an API account, you sign up to specific terms and conditions (here for an account, here for the Squares and here for the API). We process your personal data so that we can provide you with the service we commit to under the relevant terms and conditions. We also store your “saved locations” along with your account details so that you can access those saved locations each time you open the Apps or visit the Website.
(D) Effectively managing our business and improving our services
Where we have determined that, on balance, our legitimate interest in using your personal data to effectively manage our business and improve our services does not outweigh your own rights and freedoms we rely on legitimate interests as the legal basis for processing that personal data. This covers the analysis of the information collected through technical means, as set out under Section 1(B) above. We will always seek to ensure that any data used for analysis purposes is encrypted and / or aggregated, where doing so would not impact the specific purpose we are trying to achieve. For example, it may be necessary to use an un-hashed version of your device ID in order to ensure that the notifications you receive within the App about a new feature are relevant to you.
(E) Electronic direct marketing activities (end users)
Where we have your express, opt-in consent we may contact you by email or other electronic means for the purpose of providing you with marketing information (including our newsletters) relating to our products and services. You may opt-out to receiving such communications at any time by hitting the unsubscribe link at the bottom of any email communication, or by emailing us at firstname.lastname@example.org.
We may use the personal data collected through cookies on our Website (as set out under Section 1 (B) above) to show you relevant advertising on third platforms such as Facebook, Instagram and Twitter and consider that, on balance, we have a legitimate interest in doing so. For further information on cookies, including how these can be disabled, please see the Cookies section below.
(F) Contacting businesses and their representatives
Subject to any specific local laws to the contrary, we consider that we have a legitimate interest in processing the contact details or other personal data (as set out in Section 1 (C) above) of prospective (or existing) business customers for the purpose of introducing them to our products and services and then maintaining a business relationship.
(G) The what3words public API
We consider that we have a legitimate interest in processing the limited personal data we collect through our API (as set out in Section 1 (B) above) which is necessary in order to deliver that service and to analyse and better understand how our API is being used.
3. THIRD PARTIES
We will only share your personal data with other organisations where we believe have the right to do so in accordance with this Policy.
We will never share your contact details to third parties to allow them to contact you for direct marketing purposes.
Where we use data processors, we always seek to ensure that they are bound by data processing terms which meet the requirements of applicable data protection legislation and that they only process your personal data upon our instructions.
The following categories of third party may have access to your personal data as a result of your use of the what3words Apps and/or Website:
- a prospective buyer in the event of a sale or purchase of what3words or any of its assets;
- any third party when obliged to do so by law;
- data hosting companies (such as Amazon Web Services and Google Cloud);
- external consultants engaged by us to help improve our business;
- CRM Solution providers (such as Salesforce and Hubspot)
- other IT service providers (such as G Suite for Business);
- providers of data analytics services (such as Matomo, Google Firebase and Google Analytics);
- Website mapping providers. We currently give you the option to choose between the following mapping providers for our website:
We do not collect any personal data through your use of the Amazon Alexa what3words skill (see Terms). However, Amazon will collect personal data through your use of its Alexa platform, as set out in its then-current Amazon Alexa Privacy Notice.
4. Where we store and transfer your personal data
The personal data that we collect from you may be transferred to, and stored in, a country outside the European Economic Area (“EEA”). It may also be processed by staff operating outside the EEA who either work for us or for one of our suppliers. Countries outside the EEA may not have laws which provide the same level of protection to your personal data as laws within the EEA. Where this is the case we will put in place appropriate safeguards to ensure that such transfers comply with applicable data protection laws.
5. Keeping information secure
Unfortunately, the transmission of information via the internet is not completely secure. Whilst we cannot guarantee the security of your data transmitted to our site, and any transmission is at your own risk, we will use strict procedures and security features to try to prevent unauthorised access. For example, we provide HTTPS to ensure communication to/from what3words is securely encrypted. Our systems are protected behind a firewalled VPC, all hosted in London on Amazon infrastructure, and we follow strict internal policies as to our handling of personal data and conduct regular reviews of our infrastructure and server security.
6. How long we keep your personal data
We will only store your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
We will retain your personal data for at least as long as you use the Website and the Apps and for a reasonable period of time after you cease using the Website and the Apps.
Where you have requested that we delete any personal data we hold on you, we will typically continue to process the data for only a short period of time to allow us to process that request and keep a record of your request. See section 7 below for further detail.
7. Your rights
We think it is important that you are able to control your personal data. You have the right to ask us not to process your personal data for marketing purposes. You can exercise your right to prevent such processing at any time by contacting us at email@example.com.
Under applicable data protection laws, you may be entitled to exercise the following rights:
- The right to access personal data that we hold about you.
- The right to require us to update our records to ensure the data we hold is accurate.
- The right to require us to delete your personal data. There will be instances where this right is restricted, such as where it is necessary to continue to process your personal data for the establishment, exercise or defence of legal claims.
- The right to restrict how we process your data (for example, if you dispute its accuracy, we may restrict its processing until your complaint is resolved).
- The right to require us to transfer your data to another organisation.
- The right to object to data processing. There will be instances where this right is restricted, such as where we have an overriding legitimate ground to continue to process your personal data.
- The right not to be subject to the decision of an automated process, such as profiling, when this would have a legal effect (or similarly significant effect) on you.
- The right to withdraw your consent (in our case, only in respect of personal data processed for direct marketing purposes). We will make this a simple and easy process for you through ‘unsubscribe’ links in all of our marketing communications.
Should you wish to exercise any rights in connection with your personal data, please email us at firstname.lastname@example.org. When you submit a request, we may ask you for additional information to confirm your identity and entitlement to submit such a request. If we consider that your request is manifestly unfounded, excessive or repetitive, we reserve the right to charge you an administrative fee.
We will process any request in line with any local laws and our policies and procedures. We aim to respond to enquiries within 3 working days, but may take up to 30 days to comply with valid requests.
If you want to stop using the Website, the App and the services, you may do so. If you do, you may also want to remove any cookies that we have placed on any device used to access the Website and the Apps.
In the event that you aren’t happy with our processing of your personal data, we ask that you always seek to get in touch in the first instance so that we can help ease your concerns. However, you also have the right to lodge a complaint about how we process your personal data with the supervisory authority in your country.
8. Third party properties accessed from the Website/Apps e.g. other websites
Our Website and Apps may contain links to and from the online properties of third parties. If you follow a link to any of these online properties, please note that these online properties have their own privacy policies which will govern use of any personal data that they process. Please check these policies carefully before you click on any links and/or submit any personal data to these online properties.
Any changes we may make to this Policy will be posted on this page. Where it makes sense because the changes are material, we will notify you by e-mail or in another appropriate manner such as when you next interact with the Website/Apps.
10. Contacting us is easy and we want to hear from you
We really do welcome any questions, comments and requests you may have regarding this Policy. You can contact us by emailing us at email@example.com.
Cookies are small pieces of data that are stored on your computer, mobile phone or other device. Pixels are small blocks of code on web pages that do things like allow another server to measure viewing of a web page and are often used in connection with cookies. HTML5 Local Storage is a small database located inside your browser which web pages can use to store data to speed up their processing. We may use all three technologies from time to time, to help improve your browsing experience.
You have the ability, by toggling with your browser settings, to turn off our utilisation of cookies. This may, however, mean that sections of the Website or Apps are not accessible in the same way or their performance is altered.
Cookies do lots of different jobs, like letting you navigate between pages efficiently, storing your preferences, and generally improving your experience of our Website and Apps. Cookies make the interaction between you and our Website and Apps faster and easier and help us authenticate you to deliver personalised content to you.
We have outlined below the individual cookies we use, along with more on detail on why we use them.
1.Google Inc NID
Google Analytics is a web analytics service provided by Google, Inc.
We use Google Analytics to allow us to evaluate and report on the usage of our Website. Using Google Analytics helps us to understand our visitors’ behaviour and allows us to make improvements to our users’ experience. You can opt out of Google Analytics across all services that utilise it via your browser here.
Hubspot is a CRM (customer relationship management) service provided by Hubspot Inc.
We use Hubspot to facilitate sign-ups for what3words accounts and newsletters, as well as to collect data on interactions with our Website/Apps (e.g. average page views) for internal analytical purposes.
Hotjar is a web analytics service provided by Hotjar Ltd.
We use Hotjar in order to analyse use of the Website, as it provides us with heat maps: (anonymised) colour-coded representations of parts of the Website which people are most or least interacting with. This allows us to plan modifications to our Website that will improve users’ experience.
Matomo is a web analytics service provided by InnoCraft Ltd.
We use Matomo to understand our visitors’ behaviour (by collecting the data set out in Section 1(B) above) and to allow us to plan modifications to our Website that will improve user experience.
Stripe is a payments system provided by Stripe, Inc. (and its affiliates) that we use to take payments for our API. Stripe sets cookies to enable payments to take place effectively and securely by linking your browser to your Stripe credentials.
Branch.io is a web analytics platform provided by Branch Metrics, Inc.
We use Branch.io to provide a seamless experience for users when moving between our Website and our Apps through deep linking (for example, to allow a user to click on a 3 word address, download one of our Apps and for that App to open on the original 3 word address). Using Branch.io also allows us to plan modifications to our products that will improve user experience.
Intercom, Inc. and its affiliates provide a messaging platform (called Intercom) where users can send us questions about what3words and we can respond. Intercom enables us to provide customer support to our visitors.
We use our own strictly necessary cookies to improve functionality on our sites. An authentication cookie is stored by the browser so that our websites can check that a user has been authenticated by our servers. We also store a user’s language preferences, as well as if they are a developer for our developer site. Other cookies remember if a user has completed tutorials or closed the cookie notice on the Website.
9. Other Cookies
In addition to the above cookies, the following sites may create their own cookies whilst browsing our Website:
Because we conduct advertising campaigns on these sites, these cookies allow us to measure the success of our campaigns (e.g. how many people clicked on a what3words advert shown to them on their Facebook page). User behaviour on our Website may also be used to build audiences for our Facebook, Twitter and LinkedIn advertising campaigns. The links above have more information on Facebook, Twitter, LinkedIn’s interest-based advertising and how to opt out or change user preferences.
We also use Google AdWords for remarketing purposes in order to encourage users to return to the site. To do this, we make use of AdWords remarketing tags which set information within a Google AdWords cookie.