Privacy, Transparency and Security

Last updated 22 May 2018

This document describes the processing of personal data by Noggin Ltd for its services and activities.

Data Processor

Noggin Ltd hereafter 'We/Our/Us' (Registered in England and Wales, Company Number 06363503) is the data processor. Its registered office is Avalon House, Waltham Business Park, Brickyard Lane, Hampshire SO32 2SA. The telephone number for all enquiries is 01489 878268 and emails can be sent to


Our company provides analysis and reporting for non-personal, aggregated city-wide datasets such as footfall, weather and environment. We provide services to access, interrogate and manage these datasets, and we distribute reports on analyses and our research.

We hold personal data only for reasons strictly necessary to carry out our ongoing ordinary business. Your personal data is used and retained by us:

If you ask us to send you a report or single document, we will only use your details to fulfill that request.

If you ask us to send you marketing and ongoing (subscription) material, we will only continue to do so provided we have your explicit ongoing consent. You can withdraw consent at any time by using the unsubscribe facility of our emails.

Service Logins and Usage

Many of our services contain sensitive (non-personal) data, and these are often password-protected to ensure that only those with permission can access this data.

We follow best-practice principles for the security and auditability of this data, which includes the requirement to use individual (i.e. not shared) accounts, and record when those individuals access sensitive data.

When using a password-protected service, you will be required to:

Your display name will be disclosed to all other users of the same service for the purpose of community identification. For instance, if you create an article within the service, your display name will be used to show that you created the article.

Your email address will be disclosed to administrative users of the service. These are users with special permissions to grant access, view access logs and manage the service. This is used to ensure that you are given correct access to data, and that the data is being used correctly.

Your password is never disclosed to any other party, including Our staff. It is stored in a way that prevents it from being revealed (technical bit: hashed & uniquely salted with a high cost setting).

You may be asked to provide further information at any point, such as a picture profile or more detailed biography. These may be shared with other users of the service and are entirely optional.

When you use Our services, including those which are not password protected we will log your IP address and activity for a period not exceeding 24 hours. If you are logged in, we will associate your login with your IP address - again, only for 24 hours. This is to enable us to diagnose issues with our service, understand how it is being used and protect ourselves against abuse by malicious users.

As a user of Our services, we may contact you for important service messages using your provided email address. These are necessary to inform you of service changes, updates to conditions and for service access, such as to assist you in changing your password.

We may also offer you email marketing, service and general updates. We will only send these to you with your explicit consent, and you are free to withdraw this consent at any time using the unsubscribe links in the emails and your account settings.

You may request deletion of your account at any time. This will immediately disable the associated account, and prevent its further use. We will retain minimal information for the lengths of time necessary for logs and auditing. Your information will then be permanently removed.

Exceptionally, if required by legal or other authoritative action, we may need to retain your information for the duration of this action.

Cookies and Third-Party Analytics

We use cookies on our services and our website to retain your login information only. Once you have logged in, we will store a cookie on your computer that allows us to identify you and confirm that you are logged in. The cookie is stored on your computer for your convenience, as it saves you having to login every time you use Our services. If you logout, delete the cookie, use private/incognito mode in your browser or do not use Our services for a prescribed length of time (typically 6 months) this cookie will be removed and you will be required to provide your full login details again.

Certain third-party providers (particularly Google Maps) embedded in Our services use cookies to manage their systems and collect usage data. We do not provide these third parties with your personal data or any means to identify you, nor are we able to access or control how they issue or retain these cookies.

We do not use third-party analytics (such as Google Analytics) or other tracking systems on Our websites and services.

Location, Handling and Security of Personal Data

Our services are hosted in the UK by a reputable, third-party specialist 'cloud' hosting provider. They provide the infrastructure for these servers. We administrate these servers and ensure they are kept up-to-date and correctly configured.

Our email marketing is provided by a UK-based third-party agency, who use a marketing platform (Campaign Monitor) that uses servers outside the European Union. If you give Us explicit consent to send you Our marketing, We will provide your name and email address only to these third-party agencies, who are contracted to use the details provided exclusively for the use of the email marketing you have requested. They will additionally collect information on usage of those emails, for instance when you opened it or if you clicked a link, and will report back to Us on your engagement. If you withdraw consent to marketing at any time, both the marketing agency and email marketing company are required to immediately cease usage of and delete your details.

Our services are provided over a secure connection to avoid impersonation and interference. We regularly audit our servers and procedures to ensure they are up to date and maintain security. We use and encourage strong passwords throughout and use encryption liberally to protect our work and the data we hold.

If required, we may transfer your data to a relevant authoritative body in the course of legal or other investigative action, and only where obliged by law.

We do not otherwise transfer personal data to any other organisation, except for these reasons above. We do not sell personal data.

Should We be acquired by another company, or enter a partnership with another company that may cause your details to be transferred or shared in future We will contact you to obtain your consent to transfer.

Collection of Data for Analysis

We provide services for the collection and analysis of data in town & city centres. We collect data from our own sensors and third party providers. This data is not personally identifiable and we have no plans to use personal data as part of this analysis.

We make use of our own phone counting sensors to determine how many people are in an area at any time. Each sensor counts the number of mobile devices nearby in the course of a short period of time (typically 1 minute to 1 hour) and send Us only the total count received. The unique identifier for each mobile device is stored in volatile (temporary) memory on the sensor for this period of time only and is never transmitted. This counting is continuous and automated.

We use phone counting sensors to periodically run surveys of mobile devices for more advanced analyses, such as origin-destination and dwell. For each survey period (no greater than 24 hours), a randomised string is generated and distributed securely to each sensor. As the sensor collects unique idenitifers from mobile devices, this identifier is first 'hashed' using the randomised string. Part of the hash is further destroyed. The resulting partial hash and timestamp is sent to our servers, where we aggregate the data collected to provide a final result (such as average dwell, or numbers counted between two points). Once this result has been obtained, all other collected data is permanently destroyed. The randomised string used to generate hashes is never retained once distributed and used for the limited period. The processes of creating a randomised string, secure distribution and analysis are entirely automated and, save for exceptional administrative requirements by Our authorised staff only, is never intercepted by a human being. All advanced analyses are subject to individual data processing assessments before and during their execution to ensure that no personal data is actively or inadvertantly collected during such surveys.

We use data collected by third party providers such as footfall camera and wifi providers. We do not accept personal data from these third parties, even if they collect it. For instance, open wifi providers often collect social media profiles of their users to understand their audiences. This personal data collected by the third party is used to build aggregate profiles, such as telling us the breakdown of age groups in an area. We only ever acquire and use data in aggregate form that cannot identify individuals.

We provide tools for Our users to collect data about their places, such as property information. We only provide this for non-personal data collection, and do not permit Our users to collect personal data on Our services (such as private landlord data). If you use Our services for the collection of personal data (except for strictly necessary administrative purposes, such as user management, as described above) We may suspend or delete your access to Our services at any time without notice.

Data Breaches and Notifications

If you believe Our services are subject to a data breach or issue relating to security or personal data, please contact Us immediately on 01489 878268 or email us.

We will treat your concerns with urgency and take all necessary action as quickly as We can.

Your Rights as a Data Subject

To exercise your rights as a data subject - for example, Subject Access Request or deletion - please contact us preferably by email.

Please note that, in case of account holders, we provide a number of tools and options within your account area specifically for accessing, controlling and removing any data we hold about you and it may be quicker to use these tools to satisfy your request.


This policy may be changed from time to time to reflect legislation updates, service changes or additional information. The latest policy will be available at this page and we will notify you by reasonable means (such as notice on web pages) when changes apply.


We must be transparent, fair and reasonable in our use of personal data. This is particularly important for public spaces, in which we operate, and we believe strongly & firmly that useful data about our places should be collected and used responsibly with full respect for individuals' rights and privacy. This is never moreso true than in recent times, where our streets are filling with sensors & cameras, and our mobile phones are ever more involved in our lives. There is a risk that companies, communities and governments can use this data in ways that may not always be reasonable or acceptable - even with good intentions. We at Noggin feel strongly that our work should be based on a principal of openness, trust and duty to protect personal data and we always try to maintain a strong positive position in these respects, but we also (always) need to keep listening as well. If there's anything you'd like to raise with us or discuss about our work or generally, please drop us a line.

Provided by