Privacy Policy

The Flagsmith service is operated by Bullet Train Ltd.

Bullet Train Ltd is committed to the protection of any personal data we obtain from you whether you contact us by email or through our website or through any other means.

This Privacy Notice describes the types of information we collect from you, how we use it, how you can manage the information we have about you, and how you can contact us. The information to which our Privacy Notice applies is “personal data” (which is defined in current data privacy law as information which can identify living people). Where we refer to personal data below, we use the term “personal information”.

The contents of our Privacy Notice may change from time to time. Please check it now and again so you are aware of any updates.  This Privacy Notice was last updated on 3 December 2020.

Who Are We?

We are Bullet Train Ltd and we operate the Flagsmith service. We are a company registered in England and Wales. Our registered office address is at 4th Floor, 86-90 Paul Street, London, England, EC2A 4NE. Our registered number at Companies House is 12353266.  We are registered with the UK Information Commissioner’s Office, with number ZA817429.

How do we collect your personal information?

WE DO NOT COLLECT PERSONAL INFORMATION DIRECTLY FROM CHILDREN.

We collect your personal information directly from you in the following ways:

  • if you are seeking information about Bullet Train and what we do, when you contact us through our website or via email or otherwise.
  • if you choose to use our Flagsmith service.
  • if you have consented to receive any marketing communications or if you have accepted cookies on our website (we will ask for your consent before we use your personal information for this purpose).
  • if you work with us as a supplier or a partner.

What personal information do we collect?

Depending on the circumstances of our interaction, the personal information we collect might be all or some of the following:

  • your name;
  • your email address;
  • your phone number(s);
  • your company role/position;
  • the IP address of the computer you use;
  • the internet browser from which you visited our website;
  • the pages you visit on our website and how long you viewed them for;

How we use personal information we collect

We use personal information and other information we collect so that we can provide our Flagsmith service, provide information about our service, improve our service, do business with our suppliers and partners and answer enquiries about our business.

How long do we keep your personal information?

We will only retain your personal information for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal information for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation.

To determine the appropriate retention period for personal information, we consider the amount, nature and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

Security

We take all appropriate technical and organisational measures to ensure the integrity and security of the personal information held by Bullet Train.

Third party links

This policy does not cover third party websites, products, or services even if they link to our services—you should consider their own privacy policies carefully.

Sharing your personal information

We require all third parties who have access to the personal data we hold, to respect the security of your personal data and to treat it in accordance with the law.

In order to deliver the Flagsmith service, we rely on service providers (e.g. infrastructure providers, IT support services, data storage, financial payment management) to provide key functionality both in the operation of our service as well as the operation of our company.  These service providers may have access to your limited personal data where necessary for the provision of their service.  We do not allow our service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

We may also share your personal data with third parties to whom we may choose to sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy policy.

We may also share or reveal personal information if we are obliged or permitted to do so by law, or if it is required by law enforcement, fraud prevention, credit reference agencies, tax authorities or regulatory bodies.

Exporting your personal information out of the UK

Our servers are currently based in the United Kingdom and we don’t currently envisage data moving outside the UK.  However, if we need to transfer data outside of the UK because one of our service providers has a server outside of the UK or for some other lawful reason, we will put in place appropriate safeguards to ensure that all personal data under our control is protected outside the UK to the same standard as if  it were kept within the UK.

Managing personal information

You have the right as an individual to manage the personal information we hold about you and make amendments if this is necessary. You are also able to withdraw any consent you might have given us to receive marketing communications.

You have several rights in relation to your personal information under data protection law.  In relation to most of these, if you exercise them we may ask for information from you to confirm your identity and, where applicable, to help us find your personal information.  We will respond to you within thirty days after we have received a valid request, by which we mean a request that is backed up with any identification documents that we have requested.

You have the following rights:

  • to request a copy or summary of the personal information that we hold about you and to receive it from us within 30 days.
  • to correct and update your personal information.
  • to withdraw your consent (where we rely on it) from receiving any further communications from us which are not necessary or in respect of other matters for which your consent has already been given.
  • to object to certain kinds of processing of your personal information such as automated processing and profiling.
  • to erase your personal information or restrict its use.
  • to complain to the Information Commissioner’s Office (ICO) as our relevant United Kingdom supervisory authority regulating data privacy matters.

Cookies

Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website, and also allows us to improve our site.

A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer if you agree. Cookies contain information that is transferred to your computer’s hard drive.

We use different types of cookies for different reasons.  You don’t have to accept our use of NON-ESSENTIAL COOKIES described below and you can choose to disable these if you wish. The following list sets out the types of cookies we use:

  • Strictly necessary cookies. These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website or make use of e-billing services.
  • Functionality cookies. These are used to recognise you when you return to our website.
  • Analytical/performance cookies (NON-ESSENTIAL). These allow us to recognise and count the number of website visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.

Here are more details about the NON-ESSENTIAL analytical cookies we use, the purposes for which we use them and how you can disable them:

Name: Google Analytics – including Google Tag Manager

Purpose: Analytical/performance – to understand how the website is used.

To Disable: You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our website. https://tools.google.com/dlpage/gaoptout

Contacting us

You can exercise your rights and manage your information by contacting us at: privacy@flagsmith.com

Issues and complaints

If you have an issue regarding how we handle personal information, please do not hesitate to contact us. We will do everything we can to try to resolve your issue. If however you need to make a complaint, the contact details of the ICO are as follows:

Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

Telephone number: 0303 123 1113

Website: https://ico.org.uk/global/contact-us/