Thank you for visiting Count.
This Notice provides you with information about how we use your personal data, which we might receive in connection with your use of Count, our website count.co (the Site), or otherwise in connection with our business. When we refer to you we mean any individual outside our business - you could be one of our users, a supplier, a referrer or anyone else. We've tried to make things as clear as we can, but if you would like to clarify anything please get in touch.
We or us means Count Technologies Ltd, a company formed under the laws of England & Wales with registration number 10061321 and its registered office address at Finsgate, 5-7 Cranwood Street, London, United Kingdom, EC1V 9EE.
a data controller determines the purposes for which personal data is to be collected and used, and the means of handling of that personal data. When we hold your data for our own purposes (like corresponding with you, or managing user accounts), we act as a data controller;
a data processor handles personal data on the instructions of and for the purposes of a data controller. When we host data for users in our data collaboration tool, Count, we are acting for their purposes as a data processor. We don't use that data for our own purposes.
Full details are set out in the relevant sections of this Notice below, but keeping it brief:
we normally receive your personal data from you;
we use your personal data to conduct our business, keep appropriate records and meet our legal obligations;
we only provide your personal data to third parties for our business purposes or as permitted by law. We don't share your data with third party advertisers;
we store personal data for specified periods for our limited business purposes;
you have legal rights in relation to your personal data which you can exercise on request;
you can contact us to enquire about any of the contents of this Notice.
1. Our use of personal data
1.1 If you are a registered user of Count, we may handle personal data such as your name, contact details, information about your business, and documents and correspondence relating to the services provided by us (such as emails to and from you). We call all of this service data, and we use it for the purposes of providing our services and for record-keeping and user management purposes.
1.2 When you communicate with us, or vice versa, and whether by letter, email, through the Site, through social media, signing up for one of our mailing lists, or otherwise, we may handle personal data contained in or relating to that communication. This may include content and metadata associated with the communication, as well as any contact details you provide to us such as your name, email address, phone number, job title, address or social media username. We call all of this communication data, and we use it for the purposes of communicating with you and record-keeping. If you are a user or prospective user, then we may also use communication data to provide you with occasional news about our business and services: you can opt out of receiving further news at any time.
1.3 We may handle personal data relating to transactions, such as bank account details, contact details, transaction data or associated documents (POs, bills, invoices) in relation to payments made by us to you or by you to us (transaction data). We use this to make and receive payments and to keep proper records of the relevant transactions. We do not collect or process your credit or debit card details when you make payments through the Site. We use Stripe as a payment processing service provider in connection with Count and it is Stripe who will collect and process your card details. For more information, see https://stripe.com/gb/privacy.
1.4 We will receive and handle certain personal data in order to open, maintain and administer your Count account, such as your login details. We call this account data, and we process it for the purposes of administering your account.
1.5 We may collect data about your use of the Site (usage data). This may include your geographical location, browser type and version, IP address, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your use. We process usage data for the purpose of improving our Site and analysing how it is visited and used. Generally, usage data is anonymised and does not constitute personal data.
1.6 In relation to registered users of Count we may collect user metrics, which might include (for example, and as a non-exhaustive list) subscription and revenue data, which Count features are being used by particular organisations or users, how often users are active, whether users are completing or dropping from particular flows (like sign-up or configuration flows), how long it takes users to adopt new features or how quickly features are abandoned. We call all of this metric data, and it is used by us to improve Count and our business processes. When we collect metric data, we will not view any of the contents of the data hosted by Count in your workspaces or notebooks. For example: our metric data might tell us that a user's notebook contains a number of image files or charts, which helps us know how often those features are used, but it will not show us the contents of an image or chart.
Personal data we obtain from others
1.7 Your personal data may be provided to us by someone other than you: for example if your employer has a Count account under which they manage a workspace, and they wish to add you to their team, then they might input your personal information in connection with their use of that account. Normally this data will be communication data or service data as described above and will be processed by us for the purposes described above.
2. Our purposes and legal basis of processing
2.1 We have set out below a description of all the ways we may use your personal data. We're also required by law to identify the legal basis on which we handle personal data. These legal bases are set out in Article 6 of the General Data Protection Regulation (GDPR). When we process personal data on the basis of our legitimate interests then we also need to identify those legitimate interests and have done so below.
2.2 Note that we may process your personal data on more than one legal basis depending on the specific purpose for which we are using your data.
We process service data and account data to manage the provision of our services. Our legal bases for processing that data are: i) performance of a contract with you, or taking steps at your request prior to entering into a contract with you (Art 6.1(b) GDPR); and/or ii) our legitimate interests (Art 6.1(f) GDPR) in properly administering our services, and record-keeping.
We process correspondence data to communicate with you. If you have indicated your interest in our services then we may also process correspondence data to provide you with occasional news about our services and marketing communications (although you will be free to unsubscribe at any time). Our legal bases for processing are: i) our legitimate interests in properly administering our business and communications, and record-keeping; ii) our legitimate interests in developing our business (where correspondence data relates to marketing); and/or iii) the performance of a contract with you.
We process transaction data to receiving and making payments from and to users and suppliers. Our legal bases for processing are: i) the performance of a contract with you; and ii) our legitimate interests in properly administering our business and record-keeping.
We process usage data and metric data to analyse the use of, and improve, our site and services, conduct security monitoring and fraud detection and to ensure our site and services are presented in the most effective manner. Our legal basis for processing is our legitimate interest in delivering and improving our website and Count platform, and ensuring their security.
We may process any personal data in our control for the purposes of legal compliance (e.g. maintaining tax records). Our legal basis for processing is compliance with our legal obligations (Art 6.1(c) GDPR).
We may process any personal data in our control for the purposes of bringing and defending legal claims. Our legal basis of processing is our legitimate interest in being able to conduct and defend legal claims to preserve our rights and those of others.
We may process any personal data in our control for the purposes of record-keeping and hosting, back-up and restoration of our systems. Our legal basis of processing is our legitimate interest in ensuring the resilience of our IT systems and the integrity and recoverability of our data.
3. Providing your personal data to others
3.1 We may disclose your personal data to our insurers and/or professional advisers to take professional advice and manage legal disputes.
3.2 We may disclose personal data to our service providers in connection with the uses we've described above. For example, we may disclose:
any personal data in our possession to suppliers which host the servers on which our data is stored, or freelancers working for us (such as Google Cloud, Airtable);
communication data to providers of email or email marketing services (such as Mailchimp;
transaction data to our payment processing service providers (such as Stripe);
metric data to providers of user or revenue insight services (such as Intercom); and
transaction data and other relevant personal data to third parties for the purposes of fraud protection, credit risk reduction and debt recovery.
3.3 We do not allow our data processors to use your personal data for their own purposes. We only permit them to use your personal data for specified purposes, in accordance with our instructions and applicable law.
3.4 We may also disclose your personal data where necessary to comply with law.
3.5 If any part of our business is sold or transferred, your personal data may be disclosed to the new owner.
4. International transfers of your personal data
4.1 Some of the service providers discussed above may be located outside the EEA or may transfer your personal data to their own service providers located outside the EEA. We will ensure that transfers made by our data processors will only be made in accordance with law, to territories in respect of which the European Commission has made a finding of adequacy, or using appropriate safeguards, such as the use of standard contractual clauses approved by the European Commission. You may contact us if you would like further information.
4.2 We may also transfer personal data outside the EEA from time to time:
with your consent; or
where required by your instructions (for example, if you choose to make content hosted on Count available to users outside the EEA).
5. Data Security
We have put in place appropriate security measures to protect your personal data (more information on some of the measures we use can be found in our security page). We also have procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where required by law.
6. Retaining and deleting personal data
6.1 We will delete personal data when it's no longer needed, and in particular:
service and transaction data will be retained for seven (7) years after the end of the relevant contractual relationship;
communication data will be retained for the period of the enquiry or chain of correspondence, (or if you are on one of our mailing lists, for as long as you have elected to receive the relevant emails) and then deleted after twelve (12) months. If communication data relates to a contractual relationship with you then it will be retained for a period of seven (7) years after the end of the relevant contractual relationship;
account data will be retained for as long as your account is open, and will be deleted within thirty (30) days after account closure;
usage data or metric data which is anonymised, and therefore not personal data, may be retained by us indefinitely. Any usage data or metric data which is associated with your account will be retained for as long as your account is open, and it will be anonymised on or shortly after account closure.
6.2 We maintain system backups for disaster recovery purposes and may retain those backups for up to thirty (30) days. That means that information which is deleted from our live systems may still remain in backup for up to thirty (30) days.
6.3 We may retain your personal data longer where necessary to comply with law or in connection with any legal claim.
7. Your rights
7.1 You have rights under data protection law — they are complex, and subject to exemptions, and you can read guidance from the Information Commissioner's Office at www.ico.gov.uk for a fuller explanation of your rights. In summary, though:
the right to access: you have the right to confirmation as to whether or not we process your personal data and, where we do, to access to the personal data, together with certain additional information;
the right to rectification: you have the right to have any inaccurate or incomplete personal data about you rectified or completed;
the right to erasure: in some circumstances you have the right to the erasure of your personal data (for example, if the personal data are no longer needed for the purposes for which they were processed or if the processing is for direct marketing purposes);
the right to restrict processing: you have the right to restrict the processing of your personal data to limit its use. Where processing has been restricted, we may continue to store your personal data and will observe the restrictions on processing except to the extent permitted by law;
the right to object to processing: you have the right to object to our processing of your personal data on the basis of legitimate interests (discussed above) or for direct marketing purposes and if you do so we will stop processing your personal data except to the extent permitted by law;
the right to data portability: you have the right to receive your personal data from us if the legal basis for our processing is the performance of a contract with you, and such processing is carried out by automated means; and
the right to complain to a supervisory authority: if you consider that our processing of your personal data is unlawful, you have a legal right to lodge a complaint with the ICO.
8. About cookies
8.1 You can think of cookies like stamps. Every time you visit a site, that site puts a stamp on you so they can keep track of how many times you've visited, how long you've spent there, and what you've done. That lets the site show you things which are relevant to you, based on information you've entered and stuff you've looked at. All cookies expire no later than one year after they placed on your browser; some are set to expire earlier.
8.2 We use two types of cookies, 'Session' and 'Persistent' cookies:
We use session cookies to improve our site and give you a better experience. Session cookies let us see where you spend your time, and work out which bits are most (and least) effective.
Persistent cookies let us remember you on future visits, improving your experience of services or functions offered.
8.3 Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies.
8.4 We use these kinds of cookies:
Strictly Necessary Cookies: These are required for the operation of the Site and allow you, for instance, to log into your account or make use of e-payment services.
Analytical/Performance Cookies: These allow us to recognise and count visitors to the Site and analyse their actions and movements on the Site. This helps us improve the Site (for instance by ensuring that users can find key functions easily).
Functionality Cookies: These are used to remember visitors to our Site and choices they have made, allowing us to remember your preferences.
Targeting Cookies: These cookies record your visit to the Site, pages you have visited and links you have followed. We use this information to make the Site (and any advertising on the Site) more relevant to your interests.
8.5 Most browsers allow you to refuse to accept cookies and to delete cookies. The methods for doing so vary from browser to browser, and from version to version. Exactly how to do it depends on your browser or phone settings. Try looking in your 'Help' section, the support pages from your browser operator, or searching for 'How to block cookies'. Unfortunately, except for Analytical Cookies, if you do turn cookies off, you won't be able to log into Count. You will still be able to view anything that's publicly available though.
9. Third parties and security
9.1 The Site may contain links to third party sites and refer to third party service providers and other entities. If you follow a link to any third party website or deal with any third party entity referred to on the Site, then they may have their own privacy and cookie policies, and we are not responsible for their use of any personal data which you may provide to them.
9.2 We do our best to ensure the security of personal data provided to us (and to use only reputable service providers), any transmission of data via the Internet is by its nature insecure and we cannot guarantee the security of any personal data you provide to us.
We may update this Notice from time to time by publishing a new version on the Site. You should check occasionally to ensure you are happy with any changes to this Notice, although we may notify you of material changes to this Notice using the contact details you have given us.
11. Contact us
If you have any questions, comments or requests regarding this Privacy and Cookie Notice or our use of any personal data you provide to us, you can contact us using the contact form or support page on the Site or at [email protected].
Last updated: 4 January 2021