Privacy Notice
Last updated 25 April 2025
1. Introduction
Welcome to Human Native Ltd, a company incorporated in England and Wales with registered number 15609120 at Companies House and whose registered office is 9th Floor 107 Cheapside, London, United Kingdom, EC2V 6DN. We are committed to protecting your privacy and ensuring the security of your personal data. This Privacy Notice explains how we collect, use and protect your information when you use our platform.
We operate a UK-based platform to bring together suppliers of high quality, premium data with reputable AI developers. We comply with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (EU GDPR), the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, the Privacy and Electronic Communication Regulation 2003 as well as other relevant EU and UK data protection requirements.
2. Our role
In some situations, Human Native acts as a Processor and, in others, as a Controller.
When we are a Processor of personal data, we are doing so purely on the instruction of another company (the Controller). To find out more about how your data is protected by them, you should contact them directly.
Human Native does, on occasion, act as a Controller. That will usually be in relation to the data of potential and existing employees, suppliers, customers, investors, website users and technical data when you use some of our services. Being a Controller means that we are trusted to look after and deal with your personal information in accordance with this notice. We determine how we process your data and are accountable for this.
This privacy notice refers only to the data we collect from website users and customers and process as a Controller.
3. Data We Collect
We collect and process the following types of personal data that you voluntarily provide to us, e.g., when you express an interest in obtaining information about our services or products:
Data type
Examples
Lawful Basics
Identity Data
Name, username, company affiliation
Contract (Art. 6(1)(b)), Legitimate Interests (Art. 6(1)(f))
Contact Data
Email, phone number, postal address
Contract (Art. 6(1)(b)), Consent (Art. 6(1)(a)), Legitimate Interests (Art. 6(1)(f))
Usage Data
Page views, site interaction
Consent (Art. 6(1)(a)), Legitimate Interests (Art. 6(1)(f))
Technical Data
IP address, browser type, device ID
Consent (Art. 6(1)(a)), Legitimate Interests (Art. 6(1)(f))
Content Data
Uploaded files, metadata, ownership info
Contract (Art. 6(1)(b)), Legitimate Interests (Art. 6(1)(f))
If an organisation enters an agreement with us to use our services to license content, we also collect the payment details required to carry out our contract with the organisation.
4. How We Use Your Data
We may use your data to:
Facilitate registration and account management.
Process payments.
Provide, maintain, and improve our services.
Comply with licensing agreements.
Respond to inquiries and provide customer support.
Comply with legal and regulatory obligations.
5. Lawful Basis for Processing
We may rely on the following legal bases to process your personal information:
Contractual Necessity – To provide our services and fulfil our agreements with you.
Legitimate Interests – To improve our platform, prevent fraud, and protect intellectual property.
Legal Obligation – To comply with applicable laws, such as financial reporting and data protection regulations.
Consent – Where required, such as for marketing communications. (You have the right to withdraw that consent. Use the contact details below to contact us for information on how to do this.)
6. Data Retention
We retain your data only as long as necessary for the purposes outlined in this notice or as required by law. Financial records may be kept for up to six years for compliance purposes.
If you enter an agreement with us to use our services to licence content, we hold data for the length of time that you are a client of ours, then we may hold it according to limitation periods or as required by a dispute.
7. Your Rights
As a data subject, you have a number of rights over your personal data under the Data Protection Laws.
Right of access: You can request access to a copy of the personal data which we hold about you, as well as details about why and how we use it.
Right to rectification: You can ask us to change or complete any personal data we hold about you which is inaccurate or incomplete.
Right to be forgotten/erasure: You have a right, under certain circumstances, to ask us to delete any personal data we hold about you. Please note that there may be situations where we must retain your personal data after a request for erasure where we have a lawful basis for doing so.
Right of restriction: You can ask us to restrict (i.e. prevent) the processing of your personal data where you have objected to our use of it and we have no lawful basis to continue processing your personal data.
Right of data portability: In certain circumstances, you can ask us to transfer the data we hold about you to another entity. This would be sent in a structured, commonly used, electronic form.
Right to object: You can object to us using your personal data for particular purposes.
Automated decision making: You have a right not to be subjected to automated decision making and profiling in certain circumstances. We do not use your personal data in any automated processes to make decisions about you.
If you wish to exercise any of your rights, please contact us using the details below.
8. Technical and operational security
All the data we collect and process is protected using various technical and organisational measures (such as passwords and multifactor authentication), it is backed up securely and encrypted when appropriate. All employees are trained in data protection. “Data Privacy by Design and Default” is an integral part of our development processes. All devices are protected by a leading enterprise mobility management technology. For detailed security information please see our trust centre.
9. Data Sharing, processing and Transfers
We do not sell your personal data. However, we may share it with selected third parties to operate our services or meet legal obligations. Some recipients act as data processors on our behalf, under strict contractual terms, while others may be independent data controllers. Where data is transferred outside the UK, we ensure appropriate safeguards are in place.
Recipient Category
Purpose of Sharing
Role
Basis / Safeguards
Payment Processors
To process payments and manage billing
Processor
Contract (Art. 6(1)(b))
Legal Authorities
To comply with legal obligations or lawful requests
Controller
Legal Obligation (Art. 6(1)(c))
Business Partners
To help deliver our services under confidentiality agreements
Controller or Joint Controller
Legitimate Interests (Art. 6(1)(f))
Other Platform Users
For transparency and compliance within the platform
Controller
Legitimate Interests (Art. 6(1)(f)), Legal Obligation (Art. 6(1)(c))
Cloud Computing Services
To host services and store data securely
Processor
Legitimate Interests (Art. 6(1)(f)); SCCs for international transfer
Communication & Collaboration Tools
To support business communications
Processor
Legitimate Interests (Art. 6(1)(f))
Data Analytics Services
To analyse site usage and improve performance
Processor
Consent (Art. 6(1)(a)), Legitimate Interests (Art. 6(1)(f))
Data Storage Providers
For data backup and secure storage
Processor
Legitimate Interests (Art. 6(1)(f))
Finance & Accounting Tools
To manage finances, taxes, and reporting
Processor
Contract (Art. 6(1)(b)), Legal Obligation (Art. 6(1)(c))
Performance Monitoring Tools
To monitor service reliability and uptime
Processor
Legitimate Interests (Art. 6(1)(f))
Product Engineering & Design Tools
To support product development and UX improvements
Processor
Legitimate Interests (Art. 6(1)(f))
Testing Tools
To test system updates and ensure functionality
Processor
Legitimate Interests (Art. 6(1)(f))
User Account & Authentication Services
To manage user registration and access
Processor
Contract (Art. 6(1)(b)), Legitimate Interests (Art. 6(1)(f))
We also may need to share your personal information in the following situations:
Business Transfers. We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.
Affiliates. We may share your information with our affiliates, in which case we will require those affiliates to honour this privacy notice. Affiliates include any parent company, subsidiaries, joint venture partners, or other companies that we control or that are under common control with us.
Business Partners. We may share your information with our business partners who assist in providing our services, subject to confidentiality agreements.
Where data is transferred outside of the UK, we ensure that appropriate protection and mechanisms are in place, for example, Standard Contractual Clauses, the UK IDTA or US Data Privacy Framework. We do not sell personal data we collect to anybody, and we do not share it with anyone other than our contracted processors.
10. Website Analytics and Cookies
We may share your data with Google Analytics to track service usage. We use Google Analytics Demographics and Interests Reporting. To opt out, visit Google's opt-out tool, adjust Ads Settings, or use Network Advertising Initiative options. Learn more at Google's Privacy & Terms webpages.
We may use cookies and other tracking technologies (such as web beacons and pixels) to collect and store your information. For details on how we use these technologies and how to opt out of certain cookies, please see our separate Cookie Notice.
11. Changes to our Privacy Notice
We may update this Privacy Policy periodically. Please check this page regularly for changes. We'll notify you of any significant changes to how we process your personal data.
12. Contact Us
If you have questions or concerns about this Privacy Notice or how we handle your data, please contact us at [email protected].
13. Complaints
If you believe your data protection rights have been violated, you can contact the UK Information Commissioner’s Office (ICO) at www.ico.org.uk. If you live within the EU, our EU Representative can be contacted via: Instant EU GDPR Representative Ltd. Adam Brogden: [email protected] Tel +35315549700. Office 2, 12A Lower Main Street, Lucan, Co. Dublin, K78 X5P8, Ireland [email protected].
