Privacy Policy for High Jump Digital

At High Jump Digital, accessible from https://www.highjumpdigital.com, your privacy matters to us. This Privacy Policy explains what personal information we collect through our website and our client portal/app (together, the “Platform”), why, how we use and share it, and your rights.

If you have questions or want to exercise a privacy right, contact us at [email protected].

Who we are

We operate through three companies. The one responsible for your information (the “controller”) depends on which you deal with:

  • High Jump Digital Limited (UK) — company no. 10546211, 71–75 Shelton Street, Covent Garden, London WC2H 9JQ — under the UK GDPR and Data Protection Act 2018.
  • High Jump Digital Pty Ltd (Australia) — ABN 90 631 556 360, Suite 110, 50 St Georges Terrace, Perth WA 6000 — under the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
  • High Jump Digital Company Limited (Thailand) — reg. 0105562065125, The Park Building, 88 Ratchadaphisek Road, Klongtoey, Bangkok 10110 — under the Personal Data Protection Act B.E. 2562 (PDPA).

Who this policy covers

This policy applies to visitors to our website, people who contact us or complete our forms, users of our client portal/app, people who review and electronically sign our quotes/agreements, and representatives of our business clients. If we provide services to you or your organisation, the entity named on your quote/MSA is the relevant controller; otherwise the UK entity operates the public website. Where we handle personal data on a client’s behalf to deliver services, see “When we act on behalf of a client” below.

Information you give us

Depending on how you interact with us, this includes:

  • Contact / enquiry details — name, email, phone, company, and the content of your message.
  • Account details — when you or your organisation are set up with a portal account: name, company, email, phone and role.
  • Quote-signing details — your name, job title, email, the company you sign for, any comments or order reference, your electronic signature (a typed name or, if you choose, a drawn-signature image), and your confirmations that you agreed to sign electronically and to the attached terms.

Information we collect automatically

When you use the Platform we also collect:

  • Server logs — IP address, browser/device type, pages requested and timestamps, kept for security and to operate the Platform.
  • Cookies — see the Cookies section below.
  • E-signature audit record — when a quote is signed we record, as evidence the agreement was made: the signer’s name and email, IP address and browser/user-agent, the timestamps of each step, the email one-time-code verification, and we generate and store the signed PDF and a cryptographic hash (fingerprint) of it.

Information from others, and business outreach

We may receive your details from a client’s representative. We also carry out business-development outreach: where we contact a business representative using contact details obtained from public or professional sources, we process limited business-contact data for that purpose. You can object at any time (see Your rights).

How we use your information

We use personal information to:

  • provide and operate the Platform and our services;
  • create, verify and keep evidence of signed agreements (the audit record and stored signed document);
  • communicate with you about enquiries, accounts, quotes and engagements;
  • maintain security, prevent fraud, and meet legal, tax and accounting obligations;
  • send marketing where the law allows (see below).

Our legal basis

For UK/EU data, our basis is: performance of a contract (operating the Platform and services, and the signature/name/email in a signed quote); our legitimate interest in establishing, evidencing and defending the validity of agreements (the evidentiary IP/device metadata in the audit record); our legitimate interest in running and securing our business (communications, security); legal obligation (tax/accounting); and consent for marketing where required. We do not sell your personal information.

If you are in Australia: we collect personal information only where reasonably necessary for our functions (APP 3) and use or disclose it for the purpose collected or a related purpose you would reasonably expect (APP 6). APP 5 notice — we collect the information above to operate the Platform, deliver and evidence our services and communicate with you; if you do not provide it we may be unable to create your account, process a signed quote or provide the services; we may disclose it to the overseas recipients and countries described under International transfers; and you can access, correct or complain as described under Your rights.

If you are in Thailand: the PDPA is consent-led. We rely on your consent for marketing and any non-essential cookies, and on contract performance and our basis to establish and defend legal claims for operating the Platform and keeping the e-signature evidence record. You may withdraw consent at any time.

Marketing

We only send electronic marketing where the law allows — in the UK, with consent or under the PECR “soft opt-in”; in Australia, with consent and a working unsubscribe and sender identification (Spam Act 2003); in Thailand, with your consent (PDPA). You can opt out at any time via the unsubscribe link or by emailing us.

The e-signature record

Electronic signatures are recognised in the UK, Australia and Thailand. To make your signature reliable and binding we keep the audit record and your signature and consents described above. We rely on this as evidence of the agreement and keep it for as long as needed for that purpose (see How long we keep it).

Cookies

We use only strictly-necessary cookies: the secure login cookies (access_token and refresh_token) that keep you signed in to the portal. These are required for the portal to work and are exempt from consent requirements. We do not use analytics, advertising or other tracking cookies on our Platform. If we add analytics in future, we will first add a consent mechanism and update this policy.

Who we share it with

We share personal information only as needed, with:

  • Service providers (processors) acting only on our instructions — application and website hosting (Railway), email delivery (Resend), and accounting/invoicing (Xero);
  • Professional advisers and authorities, where required by law or to establish or defend legal claims;
  • A buyer (or the relevant part) if we restructure or sell part of our business.

International transfers

We operate from the UK, Australia and Thailand, and some providers (including Railway and Resend) are in the United States, so your information may be transferred across borders. We apply the safeguards required by the applicable law — for UK data, the UK International Data Transfer Agreement / Addendum to the EU SCCs; for Australian data, APP 8-compliant arrangements (and we remain accountable under APP 8.1 for what an overseas recipient does with it); for Thai data, the cross-border safeguards under ss.28–29 of the PDPA. You can request a copy of the relevant safeguards by emailing us.

When we act on behalf of a client

When we deliver services — for example running campaigns or managing a client’s website or social accounts — we may handle personal data on that client’s behalf. The client is then the controller and we act as a processor under the data-protection terms of our services agreement; this policy describes our own handling rather than the client’s.

How long we keep it

We keep personal information only as long as needed:

  • Enquiry / contact messages — while we deal with your enquiry, then a short period.
  • Account data — while your account is active, then deleted or anonymised.
  • Signed agreements and the e-signature audit record — for the life of the agreement and the limitation period that applies afterwards.
  • Invoicing / accounting records — the statutory minimum required by tax law.
  • Marketing data — until you withdraw or object, then on a suppression list only.

Security

We use appropriate technical and organisational measures — encryption in transit (HTTPS/TLS), encryption at rest of sensitive stored secrets (such as integration credentials) and hashing of one-time codes, access controls, and secure hosting. Other stored records (including signed PDFs and audit data) are protected by access controls and our host’s safeguards. No system is completely secure, but we work to protect your information and to respond appropriately to any incident.

Your rights

Depending on where you are and which entity holds your data, your rights may include: to access a copy of your data; to correct it; to erase it; to restrict or object to processing (including an absolute right to object to direct marketing); to data portability; and to withdraw consent at any time (without affecting earlier processing). In Thailand, your PDPA rights also include access, copy, correction, erasure, restriction, objection, portability and withdrawal of consent, subject to the PDPA’s conditions.

Please contact us first at [email protected]; we will respond within the time the law allows (generally one month, extendable for complex requests), free of charge. If you are not satisfied you can complain to your regulator: the Information Commissioner’s Office (ICO) in the UK, the Office of the Australian Information Commissioner (OAIC) in Australia, or the Personal Data Protection Committee (PDPC) in Thailand.

Automated decisions

We do not make decisions about you that have legal or similarly significant effects based solely on automated processing.

Children

The Platform is for businesses and is not directed at children. We do not knowingly collect children’s personal information. If you believe a child has given us personal information, contact us and we will delete it.

Changes to this policy

We may update this policy from time to time. We will post the updated version here with a new date; material changes take effect when posted.

Contact us

For any questions, requests or complaints about privacy, contact us at [email protected].