PRIVACY NOTICE FOR LIMITLESS EXPERTS &
GIGAGENTS
Last Update: April 2025
Version 8.0
Limitless has developed a set
of cloud-based tools including apps and web applications (the "Platform")
to provide customer experience services to a range of organisations ("Clients").
The Platform enables members of the public who are customers of Clients ("Customers")
to ask questions and queries in relation to the products and services of the
Clients (the Questions ). In addition, the Platform enables the
distribution of tasks for resolution (the Tasks ). The Platform also
enables individuals to use their expertise to answer these Questions and
resolve the Tasks and queries raised by Customers these individuals are known
as Ambassadors or Experts or GigAgents (collectively Experts )
To provide these services, Limitless requires some information about its
Clients, Customers, GigAgents, Experts and others.
This Privacy Notice applies to Limitless Experts and sets out your rights, and
how we will use your personal data when you visit and use the Platform,
regardless of where your visit it from. A description of the types of personal
data we will process about you can be found
in section 3.
Whilst this Privacy Notice may get updated from time to time, Experts
should read it in conjunction with the document entitled Terms and Conditions
for Engagement of Experts to provide Services .
2.
KEY DEFINITIONS
Terms used in this Privacy Notice are defined
below.
Aggregated Data: Statistical or demographic data that may be
derived from your personal data but is not considered personal data in law as
this data does not directly or indirectly reveal your identity. For example, we
may aggregate your Usage Data to calculate the percentage of Experts accessing
a specific website feature. However, if we combine or connect Aggregated Data
with your personal data so that it can directly or indirectly identify you, we
treat the
Client: A
customer of Limitless.
Customer: A
customer of a client e.g. a member of the public.
Data Controller: The natural or legal person, public authority,
agency or any other body which alone or jointly with others determines the
purposes and means of the processing of personal data; where the purposes and
means of processing are determined by national or community laws or
regulations. Limitless Technology Group Limited (Limitless) is the
Data Controller and responsible for your personal data (referred to as
"Limitless", we , us or our in this Privacy Notice.
Data Processor: The natural or legal person, public authority,
agency or any other body which processes personal data on behalf of the Data
Controller.
Data Subject: The individual about whom the personal data
relates e.g. an Expert. An identifiable natural person who can be identified,
directly or indirectly, reference to an identifier such as a name, IP address
or location.
Expert: An individual who uses their expertise to answer
Questions and Tasks raised by Customers and Clients.
GigAgent: An individual who uses their expertise to
answer Questions and Tasks raised by Customers and Clients with access to
Limitless Secure Desktop and where approved, Client Systems and/or Customers
Personal Information. GigAgents may be required to pass additional identity
verification and other Client requested checks, as appropriate for the
Questions and Tasks being answered.
Personal Data: The Privacy Policy uses the UK GDPR s
definition of personal data - personal data means any
information relating to an identified or identifiable natural person ( data
subject ); an identifiable natural person is one who can be identified, directly
or indirectly, in particular by reference to an identifier such as a name, an
identification number, location data, an online identifier or to one or more
factors specific to the physical, physiological, genetic, mental, economic,
cultural or social identity of that natural person
Special Categories of Personal Data: Data
revealing racial or ethnic origin, political opinions, religious or
philosophical beliefs, trade union membership, genetic data, biometric data,
health data or data concerning a natural person s sex life or sexual
orientation.
Processing: Any operation or set of operations performed
on personal data or on sets of personal data, whether or not by automated
means, such as collection, recording, organisation, structuring, storage,
adaptation or alteration, retrieval, consultation, use, disclosure by
transmission, dissemination or otherwise making available, alignment or
combination, restriction, erasure/destruction.
3.
WHAT PERSONAL DATA DOES LIMITLESS COLLECT ABOUT YOU?
If you are interested in becoming and/or become a Limitless Expert,
Limitless may collect, use, store and transfer different kinds of personal data
about you which we have grouped together as follows:
o
Identity Data which includes first name,
last name and title, birth date, education and professional background,
government or social security identification information.
o
Contact Data which includes email address,
mobile telephone number(s) and residential address.
o
Eligibility Data includes
information acquired from third parties to determine your ability and
eligibility to use the Platform and
o
Usage Data includes information and details about your visits to and use of the
Platform including, but not limited to, advice provided via the Platform,
o
Technical Data includes internet
protocol (IP) address, your login data, browser type and version, time zone
setting and location, browser plug-in types and versions, operating system and
platform, Device Name and unique identifiers, Device system data, Device events
and Device logs.
o
Profile Data includes your username and
password, profile picture, country of residence, membership history, account
preferences and any Platform research related feedback and survey responses.
o
Marketing and Communications Data includes your preferences in receiving marketing from us and our third
parties and your communication preferences.
o
Financial Data includes payment account
details
o
Transaction Data includes details
about payments to and from you.
We do not collect any Special
Categories of Personal Data about you. However, we do collect
information about criminal convictions and offences (unspent or otherwise) as
detailed in the Terms and Conditions for Engagement of Experts to provide Services
Agreement.
Experts must be 18 years of age or over, this is
set out in the Terms and Conditions for Engagement of Experts to provide Services
Agreement. As part of the sign-up process to the Platform you are asked to
declare that you are over the age of 18. The Platform is not intended to be
used by anyone under the age of 18 and accordingly we do not knowingly collect
or process the personal data of anyone under 18 years of
It is important that the personal data we hold about you is accurate and
current. Please keep us informed if your personal data changes during your
relationship with us by updating your profile information on the Platform.
4.
HOW IS YOUR PERSONAL DATA GATHERED
To enable You (an Expert) to use our Platform we need to obtain some
personal information about you. Your personal data will be collected via the
Platform and in accordance with the Terms and Conditions for Engagement of
Experts to provide Services document. The information we will process about You
has been described in the section entitled 'What Personal Data does Limitless
collect about you?' in this document.
We will obtain your data from and about you via the methods outlined
below:
Direct interactions: You may give us information relating to your Identity, Contact,
Eligibility, Profile and Financial Data by filling in forms or by corresponding
with us via our Expert Support service. This includes personal data you provide
when you:
o
submit an application to join the Platform as an
Expert;
o
create and manage your Expert profile account on
our Platform, including the set-up of Multi-Factor Authentication or Secure
Access;
o
subscribe to our publications;
o
request marketing to be sent to you;
o
enter a survey; or
o
give us some feedback
Automated technologies or
interactions: As you interact with our Platform,
depending on your location you may be given the option to accept, reject or
modify the cookies and similar technologies in use. These enable us to gather
Third party or publicly
available sources of data. We may receive personal
data about you from various third parties and public sources as set out below:
o
Technical Data from analytics providers such as
o
Identity, Contact and Eligibility Data
o
Identity, Contact, Financial and Transaction
Data from providers of technical, payment and delivery services.
Third party applications. Where
access to Third party applications we use as part of the Platform is provided,
these applications may also collect Usage and Technical Data about your
equipment, browsing actions and patterns of use. You should refer to those third-party
applications for their terms and Privacy Policy settings.
5.
WHY DOES THE COMPANY NEED TO COLLECT, PROCESS AND USE YOUR PERSONAL DATA
AND HOW LONG IS IT KEPT FOR?
We have listed below the relevant lawful bases that we rely upon when
processing personal data under the UK GDPR. These are:
o
Consent: We will rely on this lawful basis if you give us
consent to the processing of your data for one or more specific purposes.
Generally, we do not rely on consent as a lawful basis for processing your
personal data other than in relation to sending our newsletters and/or
marketing to you via email or text message. You have the right to withdraw
consent to newsletters and other marketing at any time by unsubscribing to the
newsletter.
o
Contract: We will rely on this lawful basis where the
processing of your personal data is necessary for the performance of a contract
to which you will be a party (as an Expert), or to take steps at your request
prior to entering into the contract.
o
Legal Obligation: We will rely on this lawful
basis where it is necessary to process your personal data to comply with a
legal or regulatory obligation, which may be separate to contractual
obligations.
o
Legitimate Interests: We will rely on this basis
when we need to process your personal data to satisfy our legitimate interests,
for example where we will need to process an Expert s bank account details in
order to pay Experts for services rendered. To rely on this basis, we will need
carry out a Legitimate Interest Assessment (LIA), i.e.:
o
identify a legitimate interest;
o
show that the processing is necessary to achieve
it;
o
balance it against the individual s interests,
rights and freedoms.
Please note that we may rely on more than one lawful basis when
processing your personal data depending on the specific purpose for which we
are using your data. Please contact us if you need details about the specific
lawful basis that we will be relying on to process your personal data where
more than one has been set out.
In the table below we have set out a description of:
o
How we plan to use your personal data,
o
The legal bases being relied upon to process
your personal data, and
o
How long we intend to keep information about
you.
We have also set out where we may rely on legitimate interests grounds,
where appropriate.
|
Purpose/Activity |
Type of Data |
Lawful basis for processing (including basis
of legitimate interest) |
|
|
To
conduct background checks on prospective Experts e.g. criminal record,
history, verification and background data for the purpose of assessing
Experts eligibility |
Identity Data |
Necessary to
comply with a legal obligation |
Identity Data
6 years Contact Data
6 years Eligibility
data 2 years |
|
To
register you as an Expert on the Platform |
Identity Data Technical Data |
|
Identity Data
6 years Contact Data
6 years Eligibility
data 2 years Technical data
6 years |
|
To
assess and register your eligibility as a prospective GigAgent |
Identity Data Technical Data |
|
Identity Data
6 years Contact Data
6 years Eligibility
data 2 years Technical data
6 years |
|
To
carry out Limitless' obligations arising from any contracts entered into
between you and us |
Identity Data Technical Data |
Performance of contract |
Identity Data
6 years Contact Data
6 years Technical data
6 years |
|
To
monitor, develop and improve the Platform, services and your experience |
Identity Data |
Necessary
for our legitimate interests to continually improve our Platform |
Identity Data
6 years Contact Data
6 years Eligibility
data 2 years Technical data
6 years Profile data
6 years Financial data
6 years Transaction
data 6 years |
|
To
ensure that content from the Platform is presented in the most effective
manner for you |
Identity Data |
Performance
of contract |
Identity Data
6 years Contact Data
6 years Usage data 6
years Technical data
6 years Profile data
6 years |
|
To
measure and calculate credits you may earn from your use of the Platform to
answer the questions and queries raised by the Customers of Client
businesses |
Identity Data |
Performance
of contract |
Identity Data
6 years Contact Data
6 years Usage data 6
years Technical data
6 years Profile data
6 years Financial data
6 years Transaction
data 6 years |
|
To
process (via our third party payment service providers) any withdrawal of
rewards requested by you |
Identity Data |
Performance of
contract |
Identity Data
6 years Contact Data
6 years Usage data 6
years Technical data
6 years Profile data
6 years Financial data
6 years Transaction
data 6 years |
|
To
compile and maintain a user profile for you and to automatically calculate
and generate a |
Identity Data |
Performance of
contract |
Identity Data
6 years Contact Data
6 years Usage data 6
years Technical data
6 years Profile data
6 years |
|
To
allow you to participate in the interactive features of the Platform, when
you choose to do so |
Identity Data |
|
Identity Data
6 years Contact Data
6 years Usage data 6
years Technical data
6 years Profile data
6 years |
|
To
process and deal with any complaints or enquiries made by or about you |
Identity Data |
Necessary to
comply with a legal obligation |
Identity Data
6 years Contact Data
6 years Eligibility
data 2 years Usage data 6
years |
|
To
investigate any suspected breach of the Expert Terms and
Conditions or the breach of other terms and conditions otherwise
relating to you and to monitor compliance including by way of checking
postings or submissions via the Platform and using keyword triggers to
investigate usage that may be inappropriate |
Identity Data |
Performance of
contract |
Identity Data
6 years Contact Data
6 years Technical data
6 years Usage data 6
years |
|
To
send you and keep you updated with information by email or telephone about
existing and new services and about special offers from us or about products
and services from selected third parties that may be of interest to you. |
Identity Data |
Consent |
Identity Data
6 years Contact Data
6 years Profile data
6 years Marketing and
Communications data 6 years |
|
To
provide information to Clients who want to keep you updated with information
and promotions about their products |
Identity Data |
Consent |
Identity Data
6 years Contact Data
6 years Profile data
6 years Marketing and
Communications data 6 years |
You have the right to not be subject to a
decision that is only based on automated processing, including profiling (i.e.
a decision taken without any human intervention) which produces legal effects
i.e. something which adversely affects someone's legal rights. That is, you
have the right to obtain an explanation of a decision made by automated means
and to challenge it.
As part of our operation of the Platform certain
decisions may be solely based on the automated processing of your personal data
e.g.
Whilst we may automatically generate a "
7.
When you download our mobile app or use the web browser to access your
Platform account and have consented to location services, we will collect Usage
data and Technical Data. For example:
o
Your geolocation using your IP address
o
Your device, including a unique identifier for
your device
This information will be collected (through the use of cookies ) only
when you consent to location services. We need this information to provide you
with location-based services or other personalized content. Some of our
services may not function as designed if location services are disabled.
8.
Limitless may have to share your personal data with the following
parties for the purposes indicated:
o
External Third
Parties
o
Service providers who provide IT and system
administration services as part of the Platform, such as data hosting and
storage (data centres), payment processing (accountants or payment providers), research
and analytics (CRM providers);
o
Agencies that provide identify checking services
o
Clients who require you to use their own
applications to provide the service under your contract;
o
Professional advisors including lawyers,
bankers, auditors and insurers who provide consultancy, legal, banking,
accounting and insurance services; or
o
Regulators and Authorities such as the ICO, HM
Revenue & Customs, regulators or their authorities who require reporting of
processing in certain activities.
Third parties to whom we may choose to sell, transfer or merge parts of
our business or assets. Alternatively, we may seek to acquire other businesses
or merge with them. If a change happens to our business, then the new owners
may use your personal data in the same way as set out in this privacy notice.
A full list of
third parties with whom your personal data may be shared is detailed in the
table below. We require all third parties to respect the security of your
personal data and to treat it in accordance with the applicable law. We do not
allow our third-party service providers to use your personal data for their own
purposes and only permit them to process your personal data for specified
purposes and in accordance with our instructions.
|
Name |
Address |
Processing
Type |
Location
of Processing |
|
AWS |
Amazon Web Services, Inc. |
Compute and store data in the
Limitless platform |
EU |
|
ESSPRO |
Esspro |
IT software engineering services |
India |
|
Gateway |
Gateway Technology Labs B/81, Corporate House Judges Bunglow Road Bodakdev |
IT software engineering services |
India |
|
MailChimp |
The Rocket Science Group, LLC |
Processing of communication to
Experts |
UK |
|
Paypal |
Whittaker House |
Processing of Expert payments |
Global |
|
Web Purify |
WebFurther, LLC |
Filtering of sensitive content
from messages |
EU |
|
Google Cloud |
Google LLC |
Compute and store data in the
Limitless platform |
EU |
|
Microsoft Azure |
Microsoft Corporation One Microsoft Way Redmond |
Compute and store data in the
Limitless platform |
EU |
|
Microsoft 365
Forms |
Microsoft Corporation One Microsoft Way Redmond |
Collection of survey data |
EU |
|
Trulioo |
Trulioo Information Services Inc 1200-1055 West Hastings Street, Vancouver, BC Canada V6E2E9 |
Provision of Expert identification and
verification services |
Global |
|
Remoteli |
UK Office 86-90 Paul Street, Ghana Office GNAT Heights, |
Expert Management |
Europe EU Ghana |
|
Open AI |
3180 18th St, San Francisco, California 94110, US |
Question content |
US |
|
Thinscale |
382 Pearse Street, Sallynoggin, Dun Loaghaire, Co.Dublin, Ireland |
Secure Access Solution - desktop |
EU |
|
Nord Ltd |
Unit 52.11, Woolyard, 52 Bermondsey Street, London, SE1 3UD |
Secure Access Solution - VPN |
Global |
|
FChain |
Financial Chain Corporation PC 14-16 Churchill Way, Cardiff, Wales, CF102DX, UK |
Expert Management |
EU |
9.
INTERNATIONAL TRANSFERS OF PERSONAL DATA OUTSIDE THE UK or the EU
The data that Limitless obtains and processes about you will be stored
on servers in the UK and the EU*. However, we may also need to transfer your
personal data to recipients in other countries some of which have not been
granted EU Adequacy status. This is because many of our external third parties
are based outside the UK and EU which means that their processing of your
personal data will involve a transfer of data outside the scope of the GDPR.
When transferring your personal data out of the UK and the EU, we will ensure
that a similar degree of protection is afforded to it i.e. where at least one
of the following safeguards has been implemented:
o
Adequacy Status - where countries have been
deemed to provide an adequate level of protection for personal data.
o
Standard Contractual Clauses (SCCs) - SCCs
contain contractual obligations on us (the data exporter) and the receiver (the
data importer), and rights for you (the individuals whose personal data is
being transferred). This means that you can directly enforce those rights
against the data importer and the data exporter. SCCs are used as an
appropriate safeguard to comply with the restricted transfer rules contained in
the EU GDPR and UK GDPR. Where appropriate, our contracts with relevant third
parties include SCCs.
*The UK is no longer part of the EU. The provisions of the EU GDPR were
incorporated directly into UK data protection law on 01 January 2021 by
regulations under the European Union (Withdrawal) Act 2018. The UK GDPR and DPA
2018 apply to the processing of personal data carried out by organisations
operating within the UK. It also applies to organisations outside the UK that
offer goods or services to individuals in the UK. The EU GDPR applies to
organisations which operate in Europe, offer goods and services to or monitor
the behaviour of individuals in the EU.
Please contact us if you want further information on the specific
mechanism used by us when transferring your personal data out of the UK and/or
EU.
10. HOW DOES LIMITLESS PROTECT
YOUR INFORMATION?
Limitless endeavours to take all reasonable steps to protect your
personal data. We have put in place appropriate security measures to prevent
your personal data from being accidentally lost, used or accessed in an
unauthorised way, altered or disclosed. In addition, we limit access to your
personal data to those employees, agents, contractors and other third parties
who have a specific business need to know. They will only process your personal
data on our instructions and they are subject to a duty of confidentiality.
Where possible Limitless uses industry-standard Secure Sockets Layer (SSL)
technology to allow for the encryption of our personal data. Unfortunately, the
transmission of information via the internet is not completely secure. Although
Limitless will do its best to protect your personal data, Limitless cannot
guarantee the security of your data transmitted to the Platform; any
transmission is at your own risk. Once Limitless has received your information,
Limitless will use strict procedures and security features to try to prevent
unauthorised access.
We have put in place procedures to deal with any suspected personal data
breach and will notify you and any applicable regulator of a breach where we
are legally required to do so.
11. YOUR LEGAL RIGHTS
You have the following rights:
o
Right of access to your personal data
(commonly known as a data subject access request ). This enables you to
receive confirmation as to whether or not your personal data is being processed
by Limitless and, where that is the case, access to a copy of the personal data
we hold about you and to check that we are lawfully processing it. You have a
right to know the purposes of the processing, the categories of personal data
concerned, the recipients or categories of recipient to whom the personal data
have been or will be disclosed, in particular recipients in third countries or
international organisations, where possible, the envisaged period for which the
personal data will be stored, or, if not possible, the criteria used to
determine that period, the existence of the right to request from the
Controller rectification or erasure of personal data or restriction of
processing of personal data concerning the data subject or to object to such
processing, the right to lodge a complaint with a supervisory authority, where
the personal data are not collected from the data subject, any available
information as to their source, and the existence of automated decision-making,
including profiling.
o
Right to rectification of the personal
data that we hold about you. This enables you to have any incomplete or
inaccurate data we hold about you corrected without undue delay, though we may
need to verify the accuracy of the new data you provide to us. Taking into
account the purposes of the processing, you shall have the right to have
incomplete personal data completed, including by means of providing a
supplementary statement.
o
Right not to be subject to automated decision-making: You have the right not to be subject to a decision that is only based on
automated processing (i.e. a decision taken without any human intervention) and
that has legal or similar effects on you. As part of our operation of the
Platform certain decisions may be solely based on the automated processing of
your personal data. If you do not agree with these decisions, please let us
know.
o
Right to be informed: You have the
right to be informed about the collection and use of your personal data. This
means that we must provide you with information about the purposes for
processing your personal data, how long we will keep your personal data, and
who it will be shared with. We will provide this information to you at the time
we collect it. If we obtain personal data about you from other sources, we will
let you know about this within a reasonable period of obtaining the data and in
any event no later than one month.
o
Right to erasure of your personal
data (commonly known as right to be forgotten ). You have the right to ask to
have your personal data erased under certain circumstances. We may refuse a
request for erasure, for example, where your personal data is required for
compliance with law or in connection with claims.
o
Right to Object to processing - You have the
right to object to the processing of your personal data. For example, you have
an absolute right to stop your data being used for direct marketing. In other
circumstances, we may be able to continue processing provided we have a
compelling reason to do so, e.g. on the grounds of legitimate interests.
o
Right to request restriction of processing of your personal data. This enables you to ask us to suspend the
processing of your personal data in the following scenarios: (a) if you want us
to establish the data s accuracy; (b) where our use of the data is unlawful but
you do not want us to erase it; (c) where you need us to hold the data even if
we no longer require it as you need it to establish, exercise or defend legal
claims; or (d) you have objected to our use of your data but we need to verify
whether we have overriding legitimate grounds to use it.
o
Right to data portability (transfer) of your personal data to you or to a third party. We will provide to
you, or a third party you have chosen, your personal data in a structured,
commonly used, machine-readable format. Note that this right only applies to
information which you initially provided consent for us to use or where we used
the information to perform a contract with you.
o
Right to withdraw consent at any time where
we are relying on consent to process your personal data. However, this will not
affect the lawfulness of any processing carried out before you withdraw your
consent. If you withdraw your consent, we may not be able to provide certain products
or services to you. We will advise you if this is the case at the time you
withdraw your consent.
If you wish to exercise any
of the rights set out above, please contact us using the contact details below
or via the Limitless app. We may need to request specific information
from you to help us confirm your identity and ensure your right to access your
personal data (or to exercise any of your other rights). This is a security
measure to ensure that personal data is not disclosed to any person who has no
right to receive it. We may also contact you to ask you for further information
in relation to your request to speed up our response.
Time limit to respond. We have a
legal obligation to respond to all legitimate requests within one month of the
initial request
You can contact our Data Protection Officer using the details below:
Full name of
legal entity: Limitless Technology Group Limited
Company Number: 14938684
Email
address: InfoSec@limitlesstech.com.
Postal Address: Ashton,
Hillbrow Road, Esher, Surrey, United Kingdom, KT10
9UD.
You can also
email us with any questions, queries, or complaints at InfoSec@limitlesstech.com
For EU/EAA citizens our EU Representative
contact details are:
Email address: eurep@limitlesstech.com
Postal Address: EU
Representative, IT Governance Europe, The Mill Enterprise Hub, Stagreenan, Drogheda, Co. Louth, A92 CD3D, Ireland
We have appointed a D
13.
HOW TO COMPLAIN
You have the
right to make a complaint at any time to the ICO, the UK supervisory authority
for data protection issues (www.ico.org.uk).
The ICO s address:
Information Commissioner s
Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Helpline number: 0303 123
1113