TouchStack Logo

TouchStack

Get started

Privacy Policy

Data Controller

TouchStack LTD
(referred to as the "Controller")

This Policy applies to the data processing carried out by the Controller's website and other instances where the Controller is the data controller, including situations where Users test the Controller's apps and platforms without entering third-party data. It does not apply where the Controller is merely a data processor. In certain cases, an additional or different privacy notice may be provided for specific processing activities.

Types of Data Collected

Among the types of Personal Data that our website ("Website") collects, by itself or through third parties, there may be:

First name, last name, email address, cookies, and usage data. When Users sign up for our services, we typically collect the User's first name, last name, email address, job title, and company name to create an account.

We also gather system logs and other usage data, including:

  • Users' IP addresses, or domain names of the computers utilized by Users who use the Controller's services
  • URI (Uniform Resource Identifier) addresses
  • Time of requests
  • Methods used to submit requests to the server
  • Sizes of files received in response
  • Numerical codes indicating the status of the server's answer (e.g., successful outcome, error)
  • Country of origin
  • Browser and operating system details
  • Time spent per page, sequence of pages visited, and similar usage details
  • Other parameters about the device operating system and/or the User's IT environment

Legal Basis of Processing

The Controller may process Personal Data relating to Users if one of the following applies:

Consent:

Users have given their consent for one or more specific purposes (e.g., allowing non-essential cookies or for direct marketing). Consent can be withdrawn at any time by contacting the Controller. Withdrawal of consent does not affect any earlier processing.

Contractual Necessity:

Provision of Data is necessary for the performance of an agreement with the User and/or for any pre-contractual obligations.

Legal Obligation:

Processing is necessary for compliance with a legal obligation to which the Controller is subject.

Legitimate Interests:

Processing is necessary for the legitimate interests pursued by the Controller or by a third party. These interests may include cybersecurity, traffic analytics, backup and restore, marketing, or the making and defense of claims.

Data Transfers

Depending on the User's location, data transfers may involve transferring the User's Data to a country other than their own. Where such transfers include countries outside the EU/EEA, the Controller will rely on safeguards permitted under applicable data protection laws (e.g., adequacy decisions such as the EU-US Data Privacy Framework and its UK extension, standard contractual clauses, or other acceptable measures under the UK and EU General Data Protection Regulation (GDPR)).

Retention Time

Personal Data shall be processed and stored for as long as required by the purposes for which it was collected. Specifically:

  • Performance of a contract: Data collected to fulfill a contract with the User will be retained until the contract has been fully performed.
  • Legitimate interests: Data processed for the Controller's legitimate interests will be retained as long as needed to fulfill those purposes. This includes holding backups for a reasonable duration and retaining data relating to potential claims until the expiration of relevant limitation periods (up to six years).
  • Consent-based processing: If processing is based on the User's consent, the Controller may retain Personal Data as long as such consent is not withdrawn.
  • Legal obligations: The Controller may also retain Personal Data for a longer period if required to do so for compliance with a legal obligation (e.g., mandatory business record keeping).

Purposes of Processing

Data concerning the User is collected to allow the Controller to provide its services and to achieve the purposes outlined in this Privacy Policy, including contacting the User and analyzing usage (analytics). Additional purposes may arise from the legitimate interests mentioned above.

Detailed Information on the Processing of Personal Data

Personal Data may be shared with the following types of recipients:

  • Analytics and feedback tool providers (for heatmaps, session recordings, feedback widgets) to better understand user behavior
  • Security and anti-fraud service providers
  • Customer support and communications platforms (e.g., for live chat or helpdesk services)

The Rights of Users

Under applicable data protection laws in the UK and/or EU (including the GDPR), Users may exercise certain rights regarding their Personal Data. In particular, Users have the right to:

Withdraw Consent at Any Time

Users can withdraw previously given consent to the processing of their Personal Data.

Object to Processing

Users can object to the processing of their Personal Data if such processing is carried out for profiling or direct marketing purposes.

Access Their Data

Users have the right to learn if their Data is being processed, obtain disclosure about certain aspects of the processing, and obtain a copy of the Data undergoing processing.

Verify and Seek Rectification

Users can verify the accuracy of their Data and request updates or corrections.

Restrict the Processing of Their Data

Under certain circumstances, Users can request the Controller to restrict the processing of their Data. In such cases, the Controller will process the Data only for storing it.

Request Erasure

Under certain circumstances, Users can request the Controller to erase their Data.

Receive and Transfer Their Data

Users have the right to receive their Data in a structured, commonly used, and machine-readable format and to have it transferred to another controller if technically feasible, provided that the processing is based on consent, a contract with the User, or pre-contractual obligations, and is carried out by automated means.

Lodge a Complaint

Users have the right to bring a complaint before their relevant data protection authority. In the UK, the authority is https://ico.org.uk.

How to Exercise These Rights

Users can direct any requests to exercise their rights to the Controller by referencing the registered company number provided in this Policy. Such requests can be exercised free of charge and will be addressed as promptly as possible and always within one month.

Changes to This Privacy Policy

The Controller reserves the right to make changes to this Privacy Policy at any time by posting an updated version on this page. Users are encouraged to check this page regularly and to note the date of the last modification indicated below.