- Terms
- Master Services Agreement
- Acceptable Use Policy
- Privacy
- Data Processing Agreement
- Privacy Notice
- List of Subprocessors
- Cookies policy
- Security
- Security Addendum
- Compliance and Ethics
- Code of Conduct
- Modern Slavery Statement
- Business Conduct Principles
Last updated: July 18th, 2024
Welcome to SurrealDB’s Privacy Policy. We are committed to protecting your privacy. This Privacy Policy explains how we process your Personal Data when you visit our Websites linked to this Privacy Policy (such as, surrealdb.com) or use SurrealDB’s products and services.
In addition to the activities described in this Privacy Policy, we may process Personal Data on behalf of our commercial customers when they use the Services. When we do so, we process such Personal Data as a data processor of our Customers, which are the entities responsible for the data processing. To understand how a Customer processes your Personal Data using the Services, please refer to that Customer's privacy policy.
Controller
SurrealDB Ltd., trading as SurrealDB, is the data controller and is responsible for your Personal Data (collectively referred to as “SurrealDB”, “we”, “us”, or “our” in this Privacy Policy). We are registered under, and process personal data in accordance with, the United Kingdom’s data protection laws, in particular the UK General Data Protection Regulation (“UK GDPR”) and the Data Protection Act 2018.
If you have any questions about this Privacy Policy, please contact us using the details set out below.
Contact Details
Full name of legal entity: SurrealDB Ltd, trading as SurrealDB
Email address: info@surrealdb.com
Postal address: 1 Ashley Road, 3rd Floor, Altrincham, Cheshire, WA14 2DT, United Kingdom
1 Interpretation and Definitions
Definitions
The following definitions shall have the same meaning regardless of whether they appear in singular or in plural. For the purposes of this Privacy Policy:
1.1 ‘You’ means the individual accessing this Website or Services (as defined below), or otherwise contacting the Company.
1.2 ‘Company’ (referred to as either “the Provider”, “the Company”, “We”, “Us” or “Our” in this Agreement) refers to SurrealDB Ltd, whose registered office is at 1 Ashley Road, 3rd Floor, Altrincham, Cheshire, United Kingdom, WA14 2DT.
1.3 ‘Customer’ means the entity which makes use of the Services provided by the Company.
1.4 ‘Customer Service’ refers to the account set up by the Customer on the Company’s website which makes use of the Services.
1.5 ‘Website’ refers to the SurrealDB website, accessible from https://surrealdb.com.
1.6 ‘Service Provider’ means any natural or legal person who processes the data on behalf of the Company.
1.7 ‘Services’ means the Company’s products and services.
1.8 ‘Third-party Social Media Service’ refers to any website or any social network website through which a user can interact with the Website.
1.9 ‘Personal Data’ is any information that relates to an identified or identifiable individual. For the purposes of the UK GDPR, Personal Data means any information relating to you such as a name, an identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity.
1.10 ‘Cookies’ are small files that are placed on your computer, mobile device or any other device by a website, containing the details of your browsing history on that website among its many uses.
1.11 ‘Device’ means any device that can access the Services such as a computer, a cellphone or a digital tablet.
1.12 ‘Usage Data’ refers to data collected automatically, either generated by the use of the Websites and/or Services or from the Websites/Services infrastructure itself (for example, the duration of a page visit).
2 Collecting and Using Your Personal Data
2.1 Types of Data Collected
2.1.1 Personal Data. When you use our Website or Services or otherwise contact Us, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you. Personally identifiable information may include, but is not limited to: email address, first name and last name, bank account information in order to pay for Services, and Usage Data. When you pay for Services via bank transfer, we may ask you to provide information to facilitate this transaction and to verify your identity. Such information may include, without limitation: date of birth, passport or National ID card, bank card statement, other information linking you to an address.
2.1.2 Usage Data. Usage Data is collected automatically when using the Websites/Services. Usage Data may include information such as your Device’s Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Services that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.
When you access the Website or Services by or through a mobile device, we may collect certain information automatically, including, but not limited to, the type of mobile device you use, your mobile device unique ID, the IP address of your mobile device, your mobile operating system, the type of mobile Internet browser you use, unique device identifiers and other diagnostic data.
We may also collect information that our browser sends whenever you visit our Services or when you access the Service by or through a mobile device.
2.1.3 Information from Third-Party Social Media Services. The Company may allow you to interact with features of the Website or Services by logging in to Third-party Social Media Services such as Google, Github, LinkedIn. If you decide to register through or otherwise grant us access to a Third-Party Social Media Service, we may collect Personal Data that is already associated with your Third-Party Social Media Service’s account, such as your name, your email address, your activities or your contact list associated with that account. You may also have the option of sharing additional information with the Company through your Third-Party Social Media Service’s account. If you choose to provide such information and Personal Data, during registration or otherwise, you acknowledge that it will be processed in a manner consistent with this Privacy Policy.
2.1.4 Tracking Technologies and Cookies. We use Cookies and similar technologies to ensure that our Websites functions properly, to improve the Services and to assist with marketing campaigns. Cookies are small text files containing a string of alphanumeric characters. We and third-party partners collect information using cookies, pixel tags, or similar technologies. You can instruct your browser to refuse all Cookies or to indicate when a Cookie is being sent. However, if you do not accept Cookies, you may not be able to use some parts or features of our Website and/or Services. We and third-party service providers may use the following Cookies:
2.1.4.1 Strictly Necessary Cookies. Some Cookies are strictly necessary to make our Website and Services available to you, such as to authenticate users. We cannot provide you with the Website and Services without this type of cookie.
2.1.4.2 Functional Cookies. These Cookies allow us to remember choices you make when you use the Website and Services, such as remembering your login details or language preference. The purpose of these Cookies is to provide you with a more personal experience and to avoid you having to re-enter your preferences every time you use the Website or Services.
2.1.4.3 Analytics Cookies. We use cookies for website analytics purposes in order to operate, maintain and improve our Services and to track website traffic and use of our Services. We work with third parties such as Google Analytics. We may also use these Cookies to test new advertisements, pages, features or new functionality of the Website/Services to see how our users react to them.
2.1.4.4. Advertising Cookies. We may work with third party advertising partners to show you ads that we think may interest you when you visit the Website or third-party sites. These advertising partners may set and access their own Cookies and may otherwise collect or have access to information about you which they may collect over time and across different online services.
2.1.5 Your Choices Regarding Cookies. If you prefer to avoid the use of Cookies on the Website and/or Services, you must first disable the use of Cookies in your browser and then delete the Cookies saved in your browser associated with this Website/Services. You may use this option for preventing the use of Cookies at any time. If you do not accept our Cookies, you may experience some inconvenience in your use of the Website and some features may not function properly. If you’d like to delete Cookies or instruct your web browser to delete or refuse Cookies, please visit the help pages of your web browser.
2.1.5.1 For the Chrome web browser, please visit this page from Google.
2.1.5.2 For the Internet Explorer web browser, please visit this page from Microsoft.
2.1.5.3 For the Microsoft Edge web browser, please visit this page from Microsoft.
2.1.5.4 For the Firefox web browser, please visit this page from Mozilla.
2.1.5.5 For the Safari web browser, please visit this page from Apple.
For any other web browser, please visit your web browser’s official web pages.
2.2 Use of Your Personal Data
2.2.1 The Company may use Personal Data for the following purposes:
- To provide and maintain the Website and Services, including to monitor the usage of the Website and Services.
- To manage your account and your registration as a user of the Services: We may require your Personal Data to give you access to different functionalities of the Service that are available to you as a registered user.
- For the performance of a contract: The development, compliance and undertaking of the purchase contract for the products, items or services you have purchased or of any other contract with Us through the Service.
- To contact you: To contact you by email, telephone calls, SMS, or other equivalent forms of electronic communication, such as a mobile application’s push notifications regarding updates or informative communications related to the functionalities, products or contracted services, including the security updates, when necessary or reasonable for their implementation.
- To provide you with news, special offers and general information about other goods, services and events which we offer that are similar to those that you have already purchased or enquired about unless you have opted not to receive such information.
- To manage your requests: to attend and manage your requests to us.
2.2.2 We may share your Personal Data in the following situations:
- With Service Providers: we may share your Personal Data with Service Providers to enable, monitor and analyse the use of our Services, for example for payment processing, or to contact you.
- For business transfers: we may share or transfer your Personal Data in connection with, or during negotiations of, any merger, sale of Company assets, financing, or acquisition of all or a portion of our business to another company.
- With affiliates: we may share your information with our affiliates, in which case we will require those affiliates to honour this Privacy Policy. Affiliates include any parent company and other subsidiaries, joint venture partners or other companies that we control or that are under common control with us.
- With business partners: we may share your information with our business partners to offer you certain products, services or promotions.
- With other users: when you share Personal Data or otherwise interact in the public areas with other users, such information may be viewed by all users and may be publicly distributed outside. If you interact with other users or register through a Third-Party Social Media Service, your contacts on the Third-Party Social Media Service may see your name, profile, pictures and description of your activity. Similarly, other users will be able to view descriptions of your activity, communicate with you and view your profile.
2.3 Retention of Your Personal Data
2.3.1 The Company will retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.
2.3.2 The Company will also retain usage data for internal analysis purposes. Usage data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of our Website or Services, or we are legally obligated to retain this data for longer time periods.
2.4 Transfer of Your Personal Data
2.4.1 Your information, including Personal Data, is processed at the Company’s operating offices and in any other places where the parties involved in the processing are located. If we need to transfer your Personal Data to a country outside of the UK or Europe, we will comply with applicable data protection laws. In particular we will rely on (i) an EU Commission, UK or Swiss government adequacy decision, (ii) contractual protections for the transfer of your Personal Data, or (iii) another valid data transfer mechanism. If you are located in Europe, you may contact us as specified below, at the end of this Privacy Policy, for more information about the safeguards we use to transfer Personal Data outside of Europe.
2.5 Disclosure of Your Personal Data
2.5.1 Business Transactions. If the Company is involved in a merger, acquisition or asset sale, your Personal Data may be transferred.
2.5.2 Law Enforcement. Under certain circumstances, the Company may be required to disclose your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).
2.5.3 Other Legal Requirements. The Company may disclose your Personal Data in the good faith belief that such action is necessary to: comply with a legal obligation; protect and defend the rights or property of the Company; prevent or investigate possible wrongdoing in connection with the Website or Services; protect the personal safety of users of the Website, the Service or the public; protect against legal liability.
3 Detailed information on the processing of your Personal Data
3.1 Analytics
We may use third-party service providers such as Google Analytics to monitor and analyse the use of our Website and Services. You can learn more about Google’s practices by visiting https://www.google.com/policies/privacy/partners/, and opt out of them by downloading the Google Analytics opt-out browser add-on, available at https://tools.google.com/dlpage/gaoptout.
3.2 Payments
3.2.1 Third Party Payment Providers and Terms. We may provide paid products and/or services through the Website and/or Services. In that case, we may use third-party companies to process your payments on your order with us (e.g. payment processors).
3.2.2 Storage. We will not directly store or collect your payment card details. That information is provided directly to our third-party payment processors whose use of your personal information is governed by their Privacy Policy. These payment processors adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands including Visa, Mastercard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of payment information.
3.2.3 Third Party Terms. We may use third Stripe, Lago, or another third-party as payment processors. Stripe’s Privacy Policy can be viewed at https://stripe.com/us/privacy. Lago’s Privacy Policy can be viewed at https://www.getlago.com/company/privacy-policy.
3.2.4 Verification. When you pay for the Services via a bank transfer on our Website or Service, we may ask you to provide information to facilitate this transaction and to verify your identity.
4 UK GDPR
4.1 Legal Basis for Processing Personal Data under the UK GDPR
4.1.1 We may process Personal Data under the following conditions:
- Consent: you have given your consent for processing Personal Data for one or more specific purposes, in particular when you consent to receive certain marketing communications from us.
- Performance of a contract: provision of Personal Data is necessary for the performance of an agreement with you and/or for any pre-contractual obligations thereof.
- Legal obligations: processing Personal Data is necessary for compliance with a legal obligation to which the Company is subject.
- Vital interests: processing Personal Data is necessary in order to protect your vital interests or of another natural person.
- Legitimate interests: processing Personal Data is necessary for the purposes of the legitimate interests pursued by the Company.
4.1.2 Upon request, the Company will help clarify the specific legal basis that applies to the processing, and in particular whether the provision of Personal Data is a statutory or contractual requirement, or a requirement necessary to enter into a contract.
4.2 Your Rights under the UK GDPR
4.2.1 The Company undertakes to respect the confidentiality of your Personal Data and to guarantee you can exercise your rights. You may have certain rights in relation to your Personal Data, including the following:
- Access and Portability. You may ask us to provide you with a copy of the Personal Data we maintain about you, including a machine-readable copy of the Personal Data that you have provided to us, and request information about its processing.
- Rectification and Deletion. You may ask us to update and correct inaccuracies in your Personal Data, or to have the information anonymized or deleted, as appropriate.
- Restriction and Objection. You may ask us to restrict the processing of your Personal Data, or object to such processing.
- Consent Withdrawal. You may withdraw any consent you previously provided to us regarding the processing of your Personal Data, at any time and free of charge. We will apply your preferences going forward and this will not affect the lawfulness of the processing before you withdrew your consent.
- Complaint. You may lodge a complaint with a supervisory authority, including in your country of residence, place of work, or where an incident took place. We would, however, appreciate the chance to deal with your concerns before you approach a supervisory authority, so please contact us in the first instance.
You may exercise these rights by contacting us using the contact details at the end of this Privacy Policy. Before fulfilling your request, we may ask you to provide reasonable information to verify your identity. Please note that there are exceptions and limitations to each of these rights, and that while any changes you make will be reflected in active user databases instantly or within a reasonable period of time, we may retain information for backups, archiving, prevention of fraud and abuse, analytics, satisfaction of legal obligations, or where we otherwise reasonably believe that we have a legitimate reason to do so.
5 Children’s Privacy
6.1 Our Website and Services are not aimed at anyone under the age of 18. We do not knowingly collect personally identifiable information from anyone under the age of 18. If you are a parent or guardian and you are aware that your child has provided us directly with Personal Data, please contact us.
6 Links to Other Websites
6.1 Our Website may contain links to other websites that are not operated by us. If you click on a third party link, you will be directed to that third party’s site. We strongly advise you to review the Privacy Policy of every site you visit.
6.2 We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.
7 Changes to this Privacy Policy
7.1 We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page.
7.2 You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.
