Privacy Policy

Last Updated:

Tent is an online community platform, which is owned, and the service provided, by Impact Box Limited (“Impact Box” below), Company Number 09914362, a limited company registered in England and Wales.

About the Tent platform

Every user on the Tent platform is either a Member or part of a Host Organisation (we refer to these users here as Hosts). Hosts invite Members to join a Tent Community, either through a named invite or an open registration link.

This policy outlines how we as a data controller gather, use and protect the personal data of those using the Tent platform . It applies to both Hosts and Members as well to users of the Tent marketing site.

Our contact details

Registered Address: 35 Southampton Way, London, SE5 7SW

Email: privacy@impactbox.co.uk

Website: tent.software

1. General Information

We collect personal data to conduct our business, provide and market our services and products, and meet our legal obligations. We may also collect personal data for other purposes, which we would describe in more detail to you at the point we collect the personal data.

You may refuse to provide us with some or all of your personal data; however, this may limit the ways in which we can interact with you, including providing you with our services.

2. The types of personal data we collect and how we use it

For users of the Tent platform (Members and Hosts)

  1. User information: As a Tent user, we will keep a record of your name and email address, and any other information you provide in contexts such as user support. We use this personal data to provide access to the Tent platform.
  2. Cookies: We may also store information about you using cookies (files which are sent by us to your computer or other access device), or other tracking technologies. Some of the Third Party Providers we use to provide our services also use cookies and other tracking technologies. Please see our Cookie Policy for more information.
  3. Mailing list (Hosts only): If you are a Tent Admin we will automatically add you to our Product Update mailing list which we manage through MailChimp (see details below).

For visitors to the Tent marketing site

  1. Contacting us: When you contact us we collect your email address, name, organisation and any other information you choose to include in the body of your email or form input. We store this personal information on our Salesforce platform and Google Workspace, and use it solely to handle our contact with you.
  2. Mailing lists: If you sign up to our mailing list to receive newsletters and updates, we will store your name and email address, with your consent. We manage our mailing lists and mass email communications through a third party provider, MailChimp. You may unsubscribe at any time by clicking the unsubscribe link in the emails. This will automatically remove your details from all mailing lists in MailChimp. You can also unsubscribe by emailing privacy@impactbox.co.uk, and we will remove you from the mailing list as soon as is practicable. Where you have signed up to a mailing list, we will retain your data until such time as consent is withdrawn by you.
  3. Website analytics: We use Plausible Analytics to provide analytics on our website traffic. We use Plausible because they do not use cookies, and do not collect any personal data or personally identifiable information. The goal of Plausible is to track overall trends in website traffic, it is not to track individual visitors. All of the data that is collected through Plausible is aggregated and contains no personal information. For more information on the data that Plausible collects, please visit: https://plausible.io/data-policy.

3. How we share personal information

We will respect and protect your privacy as set out in this Privacy Policy. We do not, and will not, sell your personal data to any third parties.

We employ third party service providers to perform functions on our behalf. These third party service providers have access to personal information needed to perform their functions, but may not use it for other purposes. Examples of where we may employ third party service providers include; sending communications, processing payments, analysing data, customer relationship management, and providing host and cloud services. The third party service providers we use are listed in Annex 1 of this Privacy Policy.

We will share personal data as we are required by law, such as to comply with any court order, or other law or legal process, when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a governmental or regulatory request.

We may also share personal data to enforce our rights arising from any contracts entered into between you and us and for billing and collection.

You might find links to third party websites on our website. If you click a link to a third-party website and visit that site, you may be allowing that site to collect and share certain data about you. These websites should have their own privacy policies, which you should check. We do not accept any responsibility or liability for their policies whatsoever.

5. International transfers

We are located in the United Kingdom. When we share data, it may be transferred to, and processed in, countries outside of the European Economic Area (EEA), such as to the United States, where some of our third party service providers are located. We ensure that any third party service providers we share information with have safeguards in place to ensure your personal data remains protected.

Where your personal data is transferred outside the EEA, it will only be transferred to a third party where we have approved transfer mechanisms in place to protect your personal data – e.g., by entering into the European Commission’s Standard Contractual Clauses. For further information, please contact us using the details set out in the Contact us section below.

6. Our policy on children

Tent should not be used by children under the age of 13 and therefore we do not collect data for children under 13. Children over the age of 13 may use the Tent platform and we will therefore process their personal data with their consent. We will process data in accordance with the ‘Age appropriate design code’.

It is the customer’s responsibility to ensure they do not invite children under 13 years old to use the platform.

Under the General Data Protection Regulation (GDPR), the lawful bases we rely on for processing this information are:

(a) Your consent. This applies in the cases above where you have consented to us processing your personal data, for example by signing up to a mailing list or applying for a job. You are able to remove your consent at any time. You can do this by contacting privacy@impactbox.co.uk.

(b) We have a contractual obligation. If you are a Tent user, we process your personal data in order to fulfil our contractual obligations to you.

(c) We have a legal obligation. In some cases, we may have a legal obligation to collect or retain personal information.

(d) We have a legitimate interest. In the cases where (a), (b) and (c) do not apply, we will only process personal data where we have a legitimate interest, and this isn’t overridden by your rights.

8. Data retention

We will only retain your personal information for as long as required to fulfil the purposes outlined in this Privacy Policy. We comply with all legislative and regulatory information retention requirements and will securely and permanently delete your personal information where there is no jurisdiction for its further retention, or where you have asked us to delete it. We will not use your personal information for any other purposes.

In the event that you request your data be erased we will comply with your request within 7 days. Our backup service stores all data in encrypted form for 7 days so it may take up to 14 days for your data to be completely erased. For Members we will also comply with any requests from the Host Organisation to erase your data (for example because you have contacted them to request this) in the same manner.

9. Your data protection rights

Under data protection law, you have rights including:

Your right of access - You have the right to ask us for copies of your personal information.

Your right to rectification - You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.

Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.

Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal information in certain circumstances.

Your right to object to processing - You have the right to object to the processing of your personal information in certain circumstances.

Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.

Please contact us at privacy@impactbox.co.uk or write to us at Impact Box, 35 Southampton Way, London, SW9 0FN if you wish to make a request.

10. How to contact us

If you have any concerns about our use of your personal information, you can make a complaint to us at privacy@impactbox.co.uk or write to us at Impact Box, 35 Southampton Way, London, SE5 7SW.

You can also complain to the ICO if you are unhappy with how we have used your data.

The ICO’s address:

Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Helpline number: 0303 123 1113

ICO website: https://www.ico.org.uk

11. Changes to the Policy

This Privacy Policy may be updated from time to time and will note the date of any updates. In the event of any material and significant changes we will endeavor to provide a more prominent notice of the changes to this Privacy Policy.

Annex 1: Third Party Providers

We use the following third party providers to provide our services:

MailChimp

  • Location: US
  • Data Protection Framework: Standard Contractual Clauses
  • What we share: Email address only
  • Why we share it: To send marketing, newsletters and other communications.
  • Privacy Policy: MailChimp Privacy Policy

Filestack

  • Location: US
  • Data Protection Framework: Standard Contractual Clauses
  • What we share: Any personal information included in files uploaded to the Tent platform by users in the 'Resources' section.
  • Why we share it: File storage and management
  • Privacy Policy: Filestack Privacy Policy

Honeycomb

  • Location: US
  • Data Protection Framework: Standard Contractual Clauses
  • What we share: Any personal information included in queries a Tent user sends whilst using the application. For example, when accessing a profile page a query is issued that requests user information including name and email.
  • Why we share it: Monitoring database performance to allow identification of performance issues.
  • Privacy Policy: Honeycomb Privacy Policy

Google Workspace

  • Location: EU
  • Data Protection Framework: EU GDPR, any transfers outside of EU are covered by Standard Contractual Clauses
  • What we share: Names, email addresses, content of emails.
  • Why we share it: To manage our communications effectively
  • Privacy Policy: Google Workspace Privacy Policy

Render

  • Location: EU & US
  • Data Protection Framework: Standard Contractual Clauses
  • What we share: All data in the database that sits behind the Tent platform. The database is encrypted at rest.
  • Why we share it: To provide hosting for the Tent platform as well as automated back-ups.
  • Privacy Policy: Render Privacy Policy

Salesforce

  • Location: EU
  • Data Protection Framework: EU GDPR, any transfers outside of EU are covered by Binding Corporate Rules (BCRs) and Standard Contractual Clauses
  • What we share: Only applies if you express interest in your organisation becoming a Tent customer. Names, email addresses, job titles, organisation name.
  • Why we share it: To provide us with a CRM system we can use to manage customer relationships
  • Privacy Policy: Salesforce Privacy Policy

Sentry

  • Location: US
  • Data Protection Framework: Standard Contractual Clauses
  • What we share: User email address and other identifiable information (including IP address) in the event that the user encounters an error in Tent. All data is stored in encrypted form.
  • Why we share it: To allow efficient monitoring and resolution of bugs and errors in the platform.
  • Privacy Policy: Sentry Privacy Policy