Moki

Privacy Policy - Moki Users

This Privacy Notice tells you what you can expect if you are using a Moki Band as an individual and/or are part of a Group, School or Organisation that is using Moki Technology products.

About Moki

“Moki” and “Moki Bands” are registered trademarks and products of Moki Technology Limited, a Company registered in England & Wales (Company number: 11266496) with it’s registered offices at, Unit 10, 1 Luke Street, London, UK, EC2A 4PX

Data Protection Officer (DPO) Contact Details

Moki Technology Limited is the Data Controller for all personal information that we process unless stated otherwise.

Moki Technology is registered with the Information Commissioner's Office - registration number: ZA439656

Entry details can be found here:
https://ico.org.uk/ESDWebPages/Entry/ZA439656

You can contact our Data Protection Officer directly using the following methods:

Email:
dataprotection@moki.technology

Post:
Data Protection Officer
Moki Technology Ltd.
Unit 10, 1 Luke Street,
London, EC2A 4PX
United Kingdom

Our Legal Basis for Processing

Under the General Data Protection Regulations (GDPR) there are various legal basis for processing of personal data.  

The legal basis that Moki uses is either Consent or Legitimate Interests.

This means that the Customer of Moki Technologies (in most cases a school, sport clubs or centre for education) have consented for their details to be Processed by Moki.

Using the Legitimate Interest legal basis of Processing individuals who will be using the Moki Services will have their data added to the Moki Application, users will be grouped together within Classes and Schools based on the Customers requirements.

Where we rely on Legitimate Interest as our legal basis of processing we will have conducted appropriate LIA’s (Legitimate Interest Assessments) and DPIA’s (Data Privacy impact Assessments) to ensure Privacy is at the forefront of how we process any data and highlight and effectively manage any identified risks to individuals.

We usually do not rely on Consent as our legal basis for processing Moki users data, Consent and acceptance of these terms is always made by our Customer and to fulfil our core services we rely on Legitimate Interest to Process Users data within the Moki Application.  

Marketing Communications

Informed consent is always used for marketing communications which you are able to withdraw consent from at any time if you are subscribed.

Privacy by Design

Moki has been developed using a Privacy by Design approach, this means that Privacy of our users and Information Security has been at the heart of the Moki solution through all areas of development and we do not request, hold nor process any data that is not essential to the delivery of the core service.  

Any data that we do collect about our users is Encrypted at the local level (within the Moki Application) in the classroom and/or school environment or is Encrypted during transit and at rest.  

Personal Data - What Information Do We Collect?

Personal Data means any any information relating to natural persons who:

Personal Data is received by Moki in various different ways depending on how you interact with us.

In order to carry out our day to day operations and offer the benefits to Moki users we obtain the following information, either directly from the User or the Customer.

This is the maximum information that will be collected, in some cases only part of this data will be collected depending on what level of service is requested:

Data Subject

(Whose data is this?)

Data Category

(What data is obtained?)

Description of the Data Collected

How is data captured and where is it stored?

Security if data is transmitted to Moki servers

The individual who will wear the Moki band

Forename

The Forename of the individual

Provided by Customer, Stored within the local application using AES encryption

Data not transferred

The individual who will wear the Moki band

Surname

The Surname of the individual

Provided by Customer, Stored within the local application using AES encryption

Data not transferred

The individual who will wear the Moki band

DOB

The date of birth of the individual

Provided by Customer, Stored within the local application using AES encryption

Date transferred is only month and year of birth. Encrypted (AES) within the application and secured in transit and at rest. Encryption key held by DPO

The individual who will wear the Moki band

Gender

The gender of the individual

Provided by Customer, Stored within the local application using AES encryption

Encrypted (AES) within the application and secured in transit and at rest. Encryption key held by DPO

The individual who will wear the Moki band

Group / Class

The Group or Class that the individual  is linked to (for example - class 4R)

Provided by Customer, Stored within the local application using AES encryption

Data not transferred

The individual who will wear the Moki band

Organisation / School

The Organisation that the individual  is linked to (for example - Beachwood School)

Provided by Customer, Stored within the local application using AES encryption

Data not transferred

The individual who will wear the Moki band

Step Data

The number of steps that the individual makes

Provided by Customer, Stored within the local application using AES encryption

Encrypted (AES) within the application and secured in transit and at rest. Encryption key held by DPO

The individual who purchases Moki bands on behalf of their Organisation / Group (The Customer)

Forename

The Forename of the individual

Provided by Customer, Stored within the local application using AES encryption

Encrypted (AES) within the application and secured in transit and at rest. Encryption key held by DPO

The individual who purchases Moki bands on behalf of their Organisation / Group (The Customer)

Surname

The Surname of the Customer

Provided by Customer, Stored within the local application using AES encryption

Encrypted (AES) within the application and secured in transit and at rest. Encryption key held by DPO

The individual who purchases Moki bands on behalf of their Organisation/Group (The Customer)

DOB

The date of birth of the Customer

Provided by Customer, Stored within the local application using AES encryption

Encrypted (AES) within the application and secured in transit and at rest. Encryption key held by DPO

The individual who purchases Moki bands on behalf of their Organisation / Group (The Customer)

Gender

The gender of the individual  Customer

Provided by Customer, Stored within the local application using AES encryption

Encrypted (AES) within the application and secured in transit and at rest. Encryption key held by DPO

The individual who purchases Moki bands on behalf of their Organisation / Group (The Customer)

Postal Address

The Postal address of the Customer

Provided by Customer, Stored within the local application using AES encryption

Encrypted (AES) within the application and secured in transit and at rest. Encryption key held by DPO

The individual who purchases Moki bands on behalf of their Organisation / Group (The Customer)

Payment Card Details

The payment details used to purchase Moki

Provided by Customer, Stored within the local application using AES encryption

Encrypted (AES) within the application and secured in transit and at rest. Encryption key held by DPO

The individual who purchases Moki bands on behalf of their Organisation / Group (The Customer)

Email Address

The Email address of the individual

Provided by Customer, Stored within the local application using AES encryption

Encrypted (AES) within the application and secured in transit and at rest. Encryption key held by DPO

The individual who purchases Moki bands on behalf of their Organisation Group (The Customer)

Telephone Number

The Telephone Number of the individual

Provided by Customer, Stored within the local application using AES encryption

Encrypted (AES) within the application and secured in transit and at rest. Encryption key held by DPO

 

How We Process Your Personal Information

We will only use your personal data when the law allows us and only for the following purposes:

Moki has been developed with your Privacy in mind and we have taken appropriate technical and organisational measures to protect the confidentiality and integrity of your data during storage, transit and all processing activities.

Sharing Personal Information with Third Parties

We go through a stringent due diligence process when we select any third parties to work with to ensure their ethics, policies and processes are in line with our own.

These Third Parties include:

Type of Service

Reason why we would share data with them

Email Service Provider (ESP)

So that we are able to communicate to our customers and Moki users about the products and services via email

SMS Providers

So that we are able to communicate to our customers and Moki users about the products and services via SMS

Payment Processors

So that we can securely take payments from our Customers

Hosting Providers

So that we can provide our services to Customers and that data can be held within a secure data centre

 

We will only access your personally identifiable information where it is required to supply the services and we will always remain in control of any data that is being processed.

We will only disclose your personally identifiable information to parties not listed in our Privacy Notice in the following circumstances:

Anonymised & Aggregated Data

Processing of Anonymised Aggregated Data by Moki and Third Parties:

In line with the “Personal Data - What Information Do We Collect?” section (available to review within this Privacy Policy) any collected User data that can be reviewed to identify a single individual (either as a standalone piece of data or when reviewed with other data parts) is anonymised and encrypted within the local Moki Application used by the unique Customer - this process occurs automatically before any data is transferred to the Moki servers.  

The collection of the remaining unidentifiable individual activity data is known hereafter as the “Aggregated Data Set” and typically consists of the following data headings:

The Aggregated Data Set may be made available to partner types and customers of Moki who may include, but may not be limited to:

Although there is no risk to any individual in being part of the Aggregated Data Set we are happy to allow this activity to be restricted should you request so.  

If you (as a Moki Customer) wish to object to this activity please email us at:

dataprotection@moki.technology

International Transfers

We do not transfer any personal data outside of the European Economic Area (EEA)

Your Rights

Under data protection law you have rights we need to make you aware of, these are listed below.  

Please contact our Data Protection Officer to discuss any of these rights and how we may assist.

Your right of access

You have the right to ask us for copies of your personal information

Your right to rectification

You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete

Your right to erasure

You have the right to ask us to erase your personal information in certain circumstances

Your right to restriction of processing

You have the right to ask us to restrict the processing of your information in certain circumstances

Your right to data portability

This only applies to information you have given us. You have the right to ask that we transfer the information you gave us from one organisation to another, or give it to you.

Data Retention and Erasure Policy

We will only retain personal information for as long as necessarily required to deliver the services to our Customers safely and securely.

Our data retention policy is based on specific data types that we process;

Type of Information collected & Stored

Can a unique individual be identified by this data?

Retention Period (maximum)

Moki Player Account information

Yes - only with the AES Encryption keys held by our DPO and the Customer

24 months from capture date

Moki band identifier information

No

24 months from capture date

Moki Customer Account information, name of organisation and associated details

Yes - only with the AES Encryption keys held by our DPO and the Customer

12 months from capture date

If a Customer deletes their account then all personal information from the Application will be removed, we may retain part of the non-personal data set within the Anonymised & Aggregated Data.

Changes to our Privacy Policy

This Privacy Policy goes through regular reviews and is updated where appropriate, revised version will be visible on our websites.

Contact Us

Email

dataprotection@mokibands.com

Post

Data Protection Officer
Moki Technology Ltd.
Unit 10,
1 Luke Street,
London, UK,
EC2A 4PX