At High Jump Digital, accessible from https://www.highjumpdigital.com, your privacy matters to us. This Privacy Policy explains what personal information we collect through our website and our client portal/app (together, the “Platform”), why, how we use and share it, and your rights.
If you have questions or want to exercise a privacy right, contact us at [email protected].
We operate through three companies. The one responsible for your information (the “controller”) depends on which you deal with:
This policy applies to visitors to our website, people who contact us or complete our forms, users of our client portal/app, people who review and electronically sign our quotes/agreements, and representatives of our business clients. If we provide services to you or your organisation, the entity named on your quote/MSA is the relevant controller; otherwise the UK entity operates the public website. Where we handle personal data on a client’s behalf to deliver services, see “When we act on behalf of a client” below.
Depending on how you interact with us, this includes:
When you use the Platform we also collect:
We may receive your details from a client’s representative. We also carry out business-development outreach: where we contact a business representative using contact details obtained from public or professional sources, we process limited business-contact data for that purpose. You can object at any time (see Your rights).
We use personal information to:
For UK/EU data, our basis is: performance of a contract (operating the Platform and services, and the signature/name/email in a signed quote); our legitimate interest in establishing, evidencing and defending the validity of agreements (the evidentiary IP/device metadata in the audit record); our legitimate interest in running and securing our business (communications, security); legal obligation (tax/accounting); and consent for marketing where required. We do not sell your personal information.
If you are in Australia: we collect personal information only where reasonably necessary for our functions (APP 3) and use or disclose it for the purpose collected or a related purpose you would reasonably expect (APP 6). APP 5 notice — we collect the information above to operate the Platform, deliver and evidence our services and communicate with you; if you do not provide it we may be unable to create your account, process a signed quote or provide the services; we may disclose it to the overseas recipients and countries described under International transfers; and you can access, correct or complain as described under Your rights.
If you are in Thailand: the PDPA is consent-led. We rely on your consent for marketing and any non-essential cookies, and on contract performance and our basis to establish and defend legal claims for operating the Platform and keeping the e-signature evidence record. You may withdraw consent at any time.
We only send electronic marketing where the law allows — in the UK, with consent or under the PECR “soft opt-in”; in Australia, with consent and a working unsubscribe and sender identification (Spam Act 2003); in Thailand, with your consent (PDPA). You can opt out at any time via the unsubscribe link or by emailing us.
Electronic signatures are recognised in the UK, Australia and Thailand. To make your signature reliable and binding we keep the audit record and your signature and consents described above. We rely on this as evidence of the agreement and keep it for as long as needed for that purpose (see How long we keep it).
We use only strictly-necessary cookies: the secure login cookies (access_token and refresh_token) that keep you signed in to the portal. These are required for the portal to work and are exempt from consent requirements. We do not use analytics, advertising or other tracking cookies on our Platform. If we add analytics in future, we will first add a consent mechanism and update this policy.
We share personal information only as needed, with:
We operate from the UK, Australia and Thailand, and some providers (including Railway and Resend) are in the United States, so your information may be transferred across borders. We apply the safeguards required by the applicable law — for UK data, the UK International Data Transfer Agreement / Addendum to the EU SCCs; for Australian data, APP 8-compliant arrangements (and we remain accountable under APP 8.1 for what an overseas recipient does with it); for Thai data, the cross-border safeguards under ss.28–29 of the PDPA. You can request a copy of the relevant safeguards by emailing us.
When we deliver services — for example running campaigns or managing a client’s website or social accounts — we may handle personal data on that client’s behalf. The client is then the controller and we act as a processor under the data-protection terms of our services agreement; this policy describes our own handling rather than the client’s.
We keep personal information only as long as needed:
We use appropriate technical and organisational measures — encryption in transit (HTTPS/TLS), encryption at rest of sensitive stored secrets (such as integration credentials) and hashing of one-time codes, access controls, and secure hosting. Other stored records (including signed PDFs and audit data) are protected by access controls and our host’s safeguards. No system is completely secure, but we work to protect your information and to respond appropriately to any incident.
Depending on where you are and which entity holds your data, your rights may include: to access a copy of your data; to correct it; to erase it; to restrict or object to processing (including an absolute right to object to direct marketing); to data portability; and to withdraw consent at any time (without affecting earlier processing). In Thailand, your PDPA rights also include access, copy, correction, erasure, restriction, objection, portability and withdrawal of consent, subject to the PDPA’s conditions.
Please contact us first at [email protected]; we will respond within the time the law allows (generally one month, extendable for complex requests), free of charge. If you are not satisfied you can complain to your regulator: the Information Commissioner’s Office (ICO) in the UK, the Office of the Australian Information Commissioner (OAIC) in Australia, or the Personal Data Protection Committee (PDPC) in Thailand.
We do not make decisions about you that have legal or similarly significant effects based solely on automated processing.
The Platform is for businesses and is not directed at children. We do not knowingly collect children’s personal information. If you believe a child has given us personal information, contact us and we will delete it.
We may update this policy from time to time. We will post the updated version here with a new date; material changes take effect when posted.
For any questions, requests or complaints about privacy, contact us at [email protected].