Privacy

We believe in privacy and managing responsibly any data entrusted to us. We uphold GDPR standards on principle and in practice.

Company and contact

Qaracta is a membership society provided by Qaracta Limited, a company registered in England no. 05567873, with registered office at 2 St Mary’s Road, Tonbridge, TN9 2LB.

You may view the company’s entry with the UK Information Commissioner’s Office, registered under the UK Data Protection Act of 1998, with number ZB389771.

In this document, the ‘service’ refers to Qaracta the society, the Connect app (the ‘app’), the public website, and other elements of the offering to members and/or prospective members. When we refer to ‘Qaracta’, ‘we’, ‘us’, or ‘our’, we mean Qaracta Limited, the data controller for the service.

If you have any questions about this document, our Privacy Policy, or how we collect and process your data, or would like to exercise your statutory rights or make a complaint, please contact us as the data controller, in the first instance by email.

Privacy principles

We collect only personal information that you have voluntarily provided to us or which we have recorded from your usage of the service.

Depending on how you interact with us, we may collect your name and other personal data, contact information, technical data such as IP address, or other content you provide to us.

We use your personal information:

– to provide you with Qaracta membership;

– to analyse, enhance, and promote the service.

We will ask you before processing your personal data in other ways.

We may use anonymised personal data, from which you cannot be identified, to prepare statistics that allow us to improve the service. This may include, for example, how many people access the app each day.

We share your personal information only with our declared data processors, which allows us to provide you with the service.

We do not sell, rent, or give away your personal data to other third parties.

We may transfer your data to authorised data processors outside the EEA, where we make sure appropriate safeguards are in place. By voluntarily submitting your personal data you consent to these transfers.

We keep your information only for as long as needed to provide the service, to ensure the safety of our members, or as required by applicable legislation or regulations. We delete or anonymise your data when you ask us to do so unless any of the above applies.

We use appropriate technical and organisational measures to ensure the safety, security, and accuracy of your personal data.

We do not knowingly request or store sensitive personal information, save for biometric data as set out below and for which we seek explicit consent.

We do know knowingly request or store children’s personal information.

Our practice with respect to your personal data is guided by the seven key data protection principles recommended under the UK GDPR.

You have important rights in relation to the use of your personal data, set out below.

Scenarios

Below we set out in plain English various scenarios where you provide us with personal data and explain how we process that data to make the service available to you.

Browse our website

We do not monitor visitors to our public ‘www’ website, through Google Analytics, screen capture, or other technologies. When you browse the site, you do so anonymously. The website does not use tracking or advertising cookies.

Forms on our website may use cookies to pass data to, for example, our customer relationship management system; we do not require consent for these necessary cookies.

Send us enquiry

We encourage you to send enquiries by email in the first instance. You will find our public key on the Contact page if you wish to send us an encrypted message.

At our end, messages are stored with zero-access encryption and are seen only by people working on behalf of Qaracta Limited.

If you ring us, or if we talk on a video or conference call, we will not record the call unless both sides agree to do so.

We use data you provide by email or on a call only to respond to your enquiry or for other purposes agreed with you at the time. You may ask us to delete message history under the terms of this policy.

Apply for membership

You enter on our application form your email address, name, and other data such as member referral or invite code. We store and use this data to process your application and to communicate with you by email.

All email messages include a link for you to instruct us to end your application. You can also reply to any message with questions or to request us to stop the process and delete your data.

Verify your identity

For a more positive experience, we verify the age and identity of all our members. This ensures that everyone is who they say they are, and encourages accountability in interactions online and in the real world. We send an email inviting you to verify your identity.

If you choose to use our identification portal, you take and upload photos of your face and of a government-issued identity document such as a passport or driving licence.

If you already have a Yoti or UK Post Office EasyID digital ID, simply scan our QR code, by which you provide us with your name, sex, date of birth, nationality, and Remember Me ID. We retain this data.

We run AI and human checks to ensure your document is not a fake and that it belongs to you. If you use our portal, after we have verified your document, we delete images and personal data, apart from your name, sex, date of birth, and nationality or the country where your document is issued. We retain a copy of the verification results, including tests passed, decision, and time.

We create an account on Qaracta Connect, the app via which you interact with us and with other members, when we have successfully verified your identity.

In setting up your Connect account, we typically use your first and last names to create a visible username; we may make minor changes to ensure the username is unique. You may change the username when you first log on.

We add your email address to your Connect profile; this email address field is not visible to other users. You may update your email address at any time.

If, when you log on, you choose to specify your sex on your profile, we will from time to time check that this corresponds with the sex on your verified document. You may select ‘Ask me’ if you do not wish to reveal your sex within the community.

You at any time can ask us to delete the personal information you provided to us via the identity verification process; this also ends your membership. We process such requests in accordance with this policy.

Use the Connect app

Our invite-only app Qaracta Connect allows members to interact online. We have mobile apps on Google Play and Apple’s App Store and also a browser version.

The community is closed: it is not possible to link back, from outside the app, to posts, profiles, or other content hosted within the app. Our policy is to discourage members from taking screenshots or other copies of personal data, although it is not possible to enforce this.

Should you choose to use our Connect app to interact with the community we may request and process the following information:

Email address – required, not visible to members. We use this to send app-related messages such as instructions to reset your password. We will not hand your address to third parties unless you have explicitly provided consent for us to do so.

We may send you emails relating to service policies, guidelines, or announcements. From time to time we may send messages about events or initiatives, which may describe ways you can help us promote the service. You may opt out of some of these messages.

Password – required, not visible to members. We create a password when we first set up your account; we encourage you to change this as soon as possible. We store the password in a secure, one-way encrypted format. If you forget your password, you may request that it be reset, whereupon we send instructions by email.

Your name / username – required, visible to members. We ask for a username so that any posts or comments can be attributed to you. Other members can search for you by name. You do not have to use your real name, although we encourage you to do so.

We use your first and last names when we initially set up the account; you may change this when you log on and 30 days after the most recent update; you may ask us to change the name on your behalf.

City / Town – required, visible to members. We ask you to enter your nearest city or town, so members know approximately where you are located. We may also use this information to highlight, for example, events that may be of interest to you. We do not track your specific location in real-time.

Sex – required, visible to members. An ‘Ask me’ option is available if you prefer not to share this information, otherwise please select the sex shown on the identity document we verified. We may from time to time check that data recorded in Connect reflects that shown on your identity document. If you change the sex on your identity document, let us know and we will re-run the verification process and update your data with us.

Profile picture – optional, visible to members. If you add a profile picture this will be shown next to posts and comments you make, on messages you send, and on your profile page. The photo should adhere to our guidelines.

Profile information – Our registration process may offer other fields for you to complete, including gender, what attribute you most value in others, and a general ‘about me’ section. We encourage you to complete as much information as you are comfortable to share.

Posts and community content – After registration, we process posts, comments, likes, and other information that you choose to provide. Bear in mind that any posts and comments may be viewed by other members within the app. Whilst we currently do not allow posts to be made public outside Qaracta, it is impossible to guarantee that these will not be copied and shared in some way by others.

Private messages – You may also send friend requests to other users and, should they accept, you will have the ability to send one-to-one and group messages to them. These messages are private between you and other recipients and are not monitored by us. You may report inappropriate messages through our web app.

IP address – We record the last IP address you accessed the service from so that we can protect the service from malicious access. As part of this we may look up the approximate location of the IP address such as country and city. This information is not available to members.

App usage – As you use the app, we may track what sections you have visited, so that we can highlight to you sections or content that you may be of interest. We also use this data in an aggregated form to understand how popular the app and its different sections are so that we can improve the service. This data is never shared with anyone and is only used for our internal purposes.

Your decision to disclose your personal information to us is entirely voluntary. If you do not provide the personal data necessary, or withdraw your consent for the processing of your personal data, you may not be able to access or use the app or remain a member of the Qaracta society.

Attend event

When you register for a Qaracta event we may use an external system to process your registration and/or take payment. We may give your name or other details to allow the venue to maintain a private guest-list on our behalf. We will not share your contact information or allow a venue, sponsor, or other provider to contact you outside Qaracta.

Where we collect images, videos, recordings, or other media at an event we may share these within Qaracta. We will seek your consent to use outside the society any material in which members feature. We cannot guarantee that other members will not share media in public forums, whilst we discourage them from doing so.

We also take reasonable steps to discourage third parties from sharing outside Qaracta media or other information relating to our events.

Privacy terms

This privacy policy sets out the personal data we may collect, how we securely process and store that data, and the rights you have in relation to your own personal data.

The policy helps you understand what information we collect and process to support membership and account management, and the choices and rights you have in connection with your personal information.

The data controller is responsible for determining the processing purposes of your personal data, and the content and related services made available to you.

The Terms of Service and this policy make up our agreement with you as a member or prospective member of our society and as a user of our app. Please take time to review the contents of both documents and let us know if you have any questions.

Purpose of service

The purpose of the Qaracta service is to bring you rich ways to socialise with like-minded people online and in the real world.

Where we collect your data

We collect personal data about you directly from you, i.e., information you voluntarily provide in electronic or other forms. We do not collect personal data about you:

– from an agent or third party acting on your behalf;

– through publicly available sources such as public social media.

Data we collect and why

We only collect the information we need to enable us to undertake the specific information processing activities set out in this policy.

We collect and process two distinct kinds of information:

Personal information – such as email address, username, contact details, IP address and approximate location, and any optional data you choose to provide as you use the service;

Non-personal information – such as the pages you access, which helps us learn how many people use the service or its constituent parts. This information does not tell us anything about who you are or where you live; it simply allows us to monitor and improve the service.

Legal basis

The legal basis we have for processing your data is the consent you have voluntarily provided us as a member of Qaracta.

Sensitive personal data

GDPR Article 9 specifies a set of special categories which are considered to be ‘sensitive personal data’ (e.g. racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership) and which require special consideration by data controllers.

We collect biometric data during our identity document verification process and seek your consent to process this at that time. We retain in our records the name, sex, date of birth, and nationality or country of doc document origin, to safeguard you and other members. You may ask us to delete this data and end your membership at any time.

Our service does not knowingly collect or process other sensitive personal information unless you have chosen to voluntarily disclose and share such information during your use of the service (such as by speaking at an event or by posting in the Connect app).

Children’s personal data

This service, and any offerings available from it, are not directed to people under the age of 18. We have no facility for people under the 18 to join with parental or guardian consent. Our identity verification process is designed to prevent from joining any person who is not recorded as being over the age of 18 years.

If you learn that a user under the age of 18 has provided us with their personal information, with or without parental or guardian consent, please contact us immediately so we can take appropriate action.

User data rights

As prescribed within the EU General Data Protection Regulation, you have several rights connected to the provision of your personal information to us from using the service.

1. The right to be informed

You have the right to be provided with clear, transparent, and easily understandable information about how we use your information and about your rights. This is why we providing you with the information in this privacy policy.

2. The right of access

You have the right to obtain access to your personal information (insofar as we are processing it), and certain other information such as the reasons why we are processing or storing it. This is so you are aware and can check that we are using your personal information in accordance with data protection legislation and your agreement with us.

3. The right to rectification

You are entitled to request that your personal information be promptly corrected if it is identified as being inaccurate or incomplete.

4. The right to erasure

This is also known as ‘the right to be forgotten’. In simple terms, this allows you to request the deletion or removal of your information under certain circumstances where there is no compelling reason for us to keep using it. This is not a general right to erasure; there are exceptions.

5. The right to restrict processing

You have rights to ‘block’ or suppress further use of your personal information. When processing is restricted we can still store your information but may not be able to process it further. We maintain lists of people who have asked for further use of their personal information to be ‘blocked’ to make sure the restriction is respected in future.

6. The right to data portability

You have rights to obtain and reuse your personal data for your own purposes across different services. For example, if you decide to switch to a new provider, this enables you to move, copy, or transfer your information easily between our systems and theirs safely and securely, without affecting its usability.

7. The right to object to processing

You have the right to object to certain types of personal data processing, including processing for direct marketing activities.

8. The right to lodge a complaint

You have the right to lodge a complaint about the way we have handled or processed your personal data with your national data protection regulator. In the UK, this is the Information Commissioner’s Office, which may be contacted via their website ico.org.uk or by telephone on +44 303 123 1113.

9. The right to withdraw consent

If you have given your consent to anything we do with your personal data, you have the right to vary or withdraw your consent at any time. If you do so, this does not mean that anything we have done with your personal data with your consent up to that point is unlawful. This includes your right to withdraw your consent to our using your personal data for marketing purposes.

Subject access request

You may submit a subject access request at any time. We typically act on validated requests and provide the requested information or activity free of charge.

By law we are allowed to charge a reasonable fee to cover our administrative costs of providing the information for baseless, excessive, or repeated requests, or further copies of the same information. Alternatively, there may be reasons why we are entitled to refuse to act on the request.

Please consider your request responsibly before submitting it. We will respond as soon as we can, and generally within one month from when we receive your validated request. If the request will take longer to complete, we will let you know.

If we do not address your request or fail to provide you with a valid reason why we are unable to do so, you have the right to contact the Information Commissioner’s Office to make a complaint.

Data breach reporting

You have the right to be promptly informed by us of any personal data loss, theft, or compromise arising directly or indirectly from the service, and any supporting systems or declared data processors involved with delivering, supporting, maintaining, monitoring, or improving the service. Similarly, we are required to notify the Information Commissioner’s Office promptly, as the supervisory authority for the United Kingdom.

Your login credentials

As a user of the service, you have a responsibility to safeguard and manage your service login credentials securely. This requires you to ensure that they are changed frequently, of sufficient strength and complexity, different from any other passwords you may use, and not recorded in a format which could be accessed or guessed by others.

If you suspect that your credentials have been compromised, you should notify us immediately. We will not be liable for any personal information loss, theft, or compromise where this can be attributed to your failure to secure your service login credentials.

Personal data sub-processors

To allow you to make an informed decision on whether to provide your personal data to us when using this service, we set out below the organisations that act as data sub-processors for us, helping in the provision of the service.

ActiveCampaign – provider of our mailing system and CRM, or customer relationship management platform. ActiveCampaign LLC is registered in Illinois, United States.

Amazon AWS – provider of computing services, such as for our public website. AWS complies with the EU-US Privacy Shield Framework, as set forth by the US Department of Commerce, covering the collection, use, and retention of personal data transferred from the European Union to the United States.

Disciple Media – provider of the Connect technology platform, based in the United Kingdom, registered with the UK Information Commissioner’s Office under the Data Protection Act 1998, registration number ZA147341.

Eventbrite – event booking and payments, based in Delaware, United States, registration no. 4742147; Eventbrite payments may be processed by their affiliates (in Europe by Eventbrite Ireland).

Proton – end-to-end encrypted email and document sharing, based in Switzerland and governed by local privacy laws. Proton AG is located in Geneva, Switzerland.

Stripe – payment processing, mainly for members who subscribe via the web and not through the App Store or Google Play; Stripe Payments UK is registered in England, no. 08480771.

Tresorit – our cloud-based service for storing and sharing documents, using cryptographic end-to-end security. Tresorit is provided by Tresorit AG, registered at Franklinstrasse 27, 8050 Zurich, Switzerland.

Yoti – our digital identity company that makes it safer for members to prove who they are. Yoti Ltd is registered in the United Kingdom, company number 08998951.

Partners may in turn use data sub-processors.

International transfers

As described in our privacy principles, to provide you with the service we may transfer your personal data to partners in countries outside the EEA, such as the United States. These countries’ privacy laws may be different from those in your home country.

Should we transfer data to a country which has not been deemed to provide adequate data protection standards, we will have in place security measures and approved model clauses in place to protect your personal data.

By voluntarily submitting your personal data to us you consent to such international transfers. If you later wish to withdraw your consent, please contact the data controller using the details.

External links

The service includes relevant hyperlinks (posted by us or by Qaracta members) to external websites which are not directly controlled by us. Whilst we exercise all reasonable care in selecting and providing such links, you are advised to exercise caution before clicking any external links.

We cannot guarantee the ongoing suitability of external links, nor do we continually verify the safety or security of the contents which may be provided to you. You are advised, therefore, that your use of external links is at your own risk and we cannot be responsible for any damages or consequences caused by your use of them.

Use of cookies

Cookies are small text files sent by websites to your web browser and sent back to them each time you access or use the site, and may be necessary for the site to function. They are unique to you or your web browser and may contain personally identifiable information as well as technical information, such as your device manufacturer and model, screen resolution, internet service provider, browser, and geo-location data.

Session-based cookies last only while your browser is open and are automatically deleted when you close the browser. Persistent cookies last until you or your browser delete them, or until they expire.

When using this service, you should be aware that the Connect mobile app does not use cookies. We do maintain recognition of log-in, but this is not managed by cookies. In other cases, you may see a request to consent to cookies.

Third-party websites which we, or other members, may link to may use cookies. These are outside our control and we cannot guarantee their behaviour. Sites may use both session-based or persistent cookies.

Changes to policy

We may change this privacy policy from time to time. The latest version may always be found on the privacy page on our website.

If we make substantive changes to the policy, you will be notified at your next available interaction on Connect, at which time you will be provided with the updated policy so you can review and consent to the terms before you continue to use the service.

About this document

Version

2.0

Date

7 September 2023

Qaracta Limited

2 St Mary’s Road
Tonbridge
TN9 2LB
England

Contact us with any questions or requests. We shall initially respond within three business days.