PoliciesGlobal Privacy Practices

Global Privacy Practices

Our commitment to privacy standards worldwide

Appbox provides the same high standard of privacy protection—as described in our Data Handling Policy—to all our users and customers worldwide, regardless of their country of origin. Appbox is proud of the level of notice, choice, accountability, security, data integrity, access, and recourse we provide.

UK Data Protection Compliance

As a UK-based company, Appbox complies with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We are committed to protecting your data rights under UK law, including:

  • Right to be informed
  • Right of access
  • Right to rectification
  • Right to erasure
  • Right to restrict processing
  • Right to data portability
  • Right to object
  • Rights related to automated decision making and profiling

UK Online Safety Act Compliance

As a UK service provider, Appbox complies with the Online Safety Act 2023 (OSA), which aims to protect users from illegal and harmful content online.

Appbox prohibits the use of our services for any illegal activities or content as defined in the OSA, including terrorism, child sexual exploitation, hate speech, harassment, fraud, and other harmful material. For a comprehensive list of prohibited activities and content, please refer to our Terms of Service.

In compliance with the Online Safety Act 2023, we implement:

  • Comprehensive Risk Assessment: Regular evaluations of our platform for risks related to illegal content and content harmful to children.

  • Robust Safety Measures: Systems and processes to identify, remove, and prevent redistribution of prohibited content.

  • Regulatory Cooperation: Procedures to cooperate with Ofcom in their regulatory duties, including providing information when legally required.

  • Transparency: Annual transparency reports regarding our content moderation practices and safety measures.

  • Balanced Approach: Implementation of safety measures in ways that respect users' freedom of expression and privacy rights.

For detailed information on our content safety policies and reporting procedures, please refer to our Content Abuse Policy and Terms of Service.

Notice

  • We let you know when we're collecting your personal information.
  • In our Data Handling Policy, we let you know what purposes we have to collect and use your information, whom we share that information with and under what restrictions, and what access you have to your data.

Choice

  • We let you choose what happens to your data. Before we use your data for a purpose other than the one for which you gave it to us, we will let you know and get your permission.
  • We will provide you with reasonable mechanisms to make your choices.

Accountability for Onward Transfer

  • If needed, we share only the amount of data with our third-party vendors as is necessary to complete their transaction.
  • For payments, all information is handled by our payment processors.
  • Under no circumstances do we sell your data to third parties, nor our payment processors share their information with us other than verification of payments.

Security

  • We will protect your personal information with all reasonable and appropriate security measures.

Data Integrity and Purpose Limitation

  • We only collect your data for the purposes relevant to providing our services to you.
  • We collect as little information about you as we can unless you choose to give us more.

Access

  • You are always able to access the data we have about you in your Appbox user profile. You may access, update, alter, or delete your information there.

Recourse, Enforcement, and Liability

  • If you have questions about our privacy practices, you can reach us with our ticketing system, and we will respond as soon as possible.
  • We will conduct regular audits of our relevant privacy practices to verify compliance with our promises.
  • We require our employees to respect our privacy promises, and violation of our privacy policies is subject to disciplinary action up to and including termination of employment.

Data Breach Notification Process

In the unlikely event of a data breach affecting your personal information, Appbox will:

  1. Notify the UK Information Commissioner's Office (ICO) within 72 hours of becoming aware of the breach, where feasible
  2. Promptly inform affected users about the breach when it is likely to result in a high risk to their rights and freedoms
  3. Provide clear information about the nature of the breach, likely consequences, and measures taken to address and mitigate potential adverse effects
  4. Document all breaches, including facts, effects, and remedial actions taken

This process complies with UK GDPR requirements and demonstrates our commitment to protecting your data and responding transparently to security incidents.

Legal Basis for Processing

Under UK data protection law, we must have a valid legal basis for processing your personal information. Depending on the context, we rely on the following legal bases:

  1. Contract Performance: Processing necessary to deliver our services to you under our Terms of Service agreement
  2. Legal Obligation: Processing required to comply with our legal obligations under UK law
  3. Legitimate Interests: Processing that serves our legitimate business interests, such as improving our services, preventing fraud, and ensuring network security
  4. Consent: In specific situations where we seek your explicit permission

We do not rely on consent as a legal basis when the law allows us to process your data on another legal ground.

International Data Transfers

As a UK-based hosting company, we may transfer your personal data to countries outside the UK for processing. When we do so, we ensure appropriate safeguards are in place to protect your information:

  1. We prioritize transfers to countries with adequate data protection standards as determined by UK authorities
  2. Where necessary, we implement appropriate transfer mechanisms such as Standard Contractual Clauses (SCCs)
  3. We conduct data protection impact assessments for high-risk transfers
  4. Our agreements with third-party processors include specific data protection obligations

These measures ensure that your data receives equivalent protection when processed internationally as it would in the UK.

Data Protection Contact

For any data protection queries or to exercise your rights under UK data protection legislation, please contact:

Data Protection Team
Email: privacy (at) appbox (dot) co

We aim to respond to all legitimate requests within one month. Occasionally, it may take longer if your request is particularly complex or if you have made numerous requests.