Workbench Privacy Policy

Temporall Ltd respects your privacy and is committed to protecting your personal data

This privacy policy (“Policy”) (together with the terms of any agreement between us and a customer (“Customer”) to provide services aims to give the Customer and all data subjects (“you”/”your”), whose personal information is provided to us by the Customer in the course of providing our services, information on how we collect, hold and process such personal data on our Workbench software platform at https://app.temporall.com, (“Platform”).

We will only collect and use personal data in ways that are described here, and in a manner that is consistent with our obligations and your rights under the law. Where we receive personal information from a Customer in relation to you in the course of providing our services, we expect the Customer to have complete responsibility for ensuring that the contents of this Privacy Policy are brought to your attention and that the Customer has obtained your consent in the process.

It is important that you read this privacy policy together with any other privacy notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This privacy notice supplements the other notices and is not intended to override them.

When a Customer purchases our services, the Customer’s acceptance of this privacy policy is deemed to occur upon entry into an agreement with us.

You’re in Control

You decide what data is synched to our platform, who manages it and who can surface insights with our inbuilt advanced privacy controls.

Enterprise-grade security
We take security seriously. Our data protection policy and enterprise security measures are in line with industry best practice. We are GDPR compliant and work with some of the world’s largest brands – we are trusted to deliver a market leading platform.

Our Platform is operated by TEMPORALL LTD, a limited company registered in England under company number 10633878, whose registered address is at 2nd Floor 167-169 Great Portland Street, London, United Kingdom, W1W 5PF (“we/us/our”).

Our Data Protection Officer is Sanjay Patel, and he can be contacted at dpo@temporall.com 167-169 Great Portland Street, London, W1W 5PF, +44(0)207 118 1151.

Personal data, or personal information, means any information about a living individual from which that person can be identified (directly or indirectly).

Personal data covers obvious information such as your name and contact details, but it also covers less obvious information such as identification numbers, electronic location data, and other online identifiers. It does not include data where the identity has been removed (anonymous data).

Personal data, or personal information, means any information about a living individual from which that person can be identified (directly or indirectly).

Personal data covers obvious information such as your name and contact details, but it also covers less obvious information such as identification numbers, electronic location data, and other online identifiers. It does not include data where the identity has been removed (anonymous data).

3. Your Rights
As a data subject, you have the following rights under the UK GDPR, which this Policy and our use of personal data have been designed to uphold:

  • The right to be informed about our collection and use of your personal data;
  • The right of access to the personal data we hold about you (see section 10);
  • The right to rectification if any personal data we hold about you is inaccurate or incomplete (please contact us using the details in section 13);
  • The right to be forgotten – i.e. the right to ask us to delete any personal data we hold about you; (We only hold your personal data for a limited time, as explained in section 5 but if you would like us to delete it sooner, please contact us using the details in section 13);
  • The right to restrict (i.e. prevent) the processing of your personal data;
  • The right to data portability (obtaining a copy of your personal data, which is processed using automated means, to re-use with another service or organisation);
  • The right to object to us using your personal data for particular purposes; and
  • Rights with respect to automated decision making and profiling. (We do not use your personal data in this way.)

If you require any information about our use of your personal data or exercising your rights as outlined above, please contact us using the details provided in section 13.

Further information about your rights can also be obtained from the UK’s supervisory authority, Information Commissioner’s Office or your local Citizens Advice Bureau.

If you have any cause for complaint about our use of your personal data, please contact us using the details provided in section 12 and we will do our best to solve the problem for you.

If we are unable to help, you also have the right to lodge a complaint with the Information Commissioner’s Office. We would, however, appreciate the chance to deal with your concerns before you approach the Information Commissioner’s Office, so please contact us in the first instance.

Depending upon the Customer’s use of our Platform and/or our products and services, we may collect, use, store and transfer some or all of the following personal data:

  • Name;
  • Business/company name;
  • Email address;
  • Country, region, city and office location;
  • Job title / position / level;
  • Username / password;
  • Personal data you submit to us in response to an organisational survey /assessment which we email to you;
  • Technical Data, including internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our Platform Usage Data, including information about how you use our Platform, products and services; and Communications Data, including your preferences in receiving communication from us and;


We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.

Where we need to collect personal data by law, or under the terms of a contract we have with the customer and the customer fails to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with the customer (for example, to provide the Customer with products or services). In this case, we may have to cancel a product or service the Customer has with us but we will notify the Customer if this is the case at the time.

All personal data is processed and stored securely, for no longer than is necessary in light of the reason(s) for which it was first collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. Details of retention periods for different aspects of your personal data are available in our retention policy which you can request by contacting us.

Our use of your personal data will always have a lawful basis, either because it is necessary for our performance of a contract with you, because you have consented to our use of your personal data (e.g. by subscribing to emails), or because it is in our legitimate business interests to use it.

Please contact us (using the details provided in section 13) if you need details about the specific legal ground we are relying on to process your personal data.

Legitimate Interest means the interest of our business in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).

You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us (see section 13 below).

  • Providing and managing the Customer’s account;
  • Providing and managing access to our Platform;
  • Supplying our products and services to the Customer;
  • Personalising and tailoring our products and services for the Customer;
  • Communicating with the Customer or you (e.g. responding to emails or calls from the Customer or you);
  • Supplying you with emails that you have opted into (you may unsubscribe or opt-out at any time by clicking on the unsubscribe link in the relevant communication);
  • Market research; Enforcing our contracts and policies, investigating complaints and preventing illegal activity;
  • Complying with our legal obligations;
  • Analysing your use of our Platform and gathering feedback to enable us to continually improve our Platform and the user experience;
  • Logging data to allow system auditing; Supporting network and system security.


We will not send you any unsolicited marketing or spam and will take all reasonable steps to ensure that we fully protect your rights and comply with our obligations under the UK GDPR and the Data Protection Act 2018 and the Privacy and Electronic Communications Regulations 2003 (SI 2003/2426) as amended. We do not share your personal data with any third parties for marketing purposes.

You have the right to withdraw your consent to us using your personal data at any time, and to request that we delete it. Where you opt out of receiving marketing messages, this will not apply to personal data provided to us as a result of a product/service purchase, product/service experience or other transactions (i.e. service emails).

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us (see section 13 below).

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

We only keep your personal data for as long as we need to in order to use it as described above in section 5, and/or for as long as we have your permission to keep it.

Data storage is provided by a Google subprocessor, Global Infrastructure UK Limited (a Google Data Centre), Company no.10031299, registered office, 5 New Street Square, London, EC4A 3TW, whose privacy policy is available at www.infrastructuregroup.com/privacy-cookie-policy/. Google operates and maintains the Google data centers and equipment that stores the data. The Subprocessor does not require access to the Customer data to perform this activity.

Data is not stored or transferred out of the UK save that access to our Platform is permitted to the Customer authorised users of the Platform wherever they may be located.

Data security is very important to us, and to protect your data we have taken suitable security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. For example, access to Workbench is enabled by two mechanisms; OAuth; salted password mechanism that is encrypted with BCrypt algorithm, and communication between the server and client is secured by HTTPS, using the TLS.Tx protocol. All personal data is encrypted with BCrypt algorithm before being stored (AES 256 encryption).

In addition, we limit access to your personal data to those employees, agents and contractors who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

We will not share any of your data with any third parties save for the Customer and authorised users of the Customer and with our Data Storage providers in accordance with paragraph 7 above.

In some limited circumstances, we may be legally required to share certain personal data, which might include yours, if we are involved in legal proceedings or complying with legal obligations, a court order, or the instructions of a government authority.

We may, from time to time, expand or reduce our business and this may involve the sale and/or the transfer of control of all or part of our business. Any personal data that you have provided will, where it is relevant to any part of our business that is being transferred, be transferred along with that part and the new owner or newly controlling party will, under the terms of this privacy policy, be permitted to use that data only for the same purposes for which it was originally collected by us.

You have the right to ask for a copy of any of the personal data held by us about you. Please contact us for more details using the contact details below in section 13.

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive (to cover our administrative costs in responding). Alternatively, we could refuse to comply with your request in these circumstances.

Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

We do not use cookies on our Platform.

We may change this privacy policy from time to time (for example, if the law changes or if we change our business in a way that affects personal data protection).

Any changes will be made available on our website at www.temporall.com/platform-privacy-policy.

It is important that the personal data we hold about you is accurate and current.
Please keep us informed if your personal data changes during your relationship with us.

If you have any questions about this privacy policy, please email us at:

dpo@temporall.com

or mail us at:

Temporall Ltd 167-169 Great Portland Street, London, W1W 5PF +44(0)20 7164 6830.

Please ensure that your query is clear, particularly if it is a request for information about the data we hold about you.

Getting started is easy

Start connecting your data.