Privacy policy
& GDPR

A24 Privacy Policy

  Who we are: Our website address is: https://a24.io

 I. Introduction / II. Overview / III. Privacy Principles / IV. Data collections and uses / V. Choice and transparency / VI. Legal information

I. Introduction

When you use A24, you trust us with your personal data. We’re committed to keeping that trust. That starts with helping you understand our privacy practices.

This notice describes the personal data (“data”) we collect, how it’s used and shared, and your choices regarding this data. We recommend that you read this along with our privacy overview, which highlights information about our privacy practices and provides summaries of the data we collect and how we use it.

II. Overview

A. Scope

This notice applies to users of A24’s websites, and other services globally.

This notice describes how A24 and its affiliates collect and use data. This notice applies to all A24 users globally, unless they use a service covered by a separate privacy notice. This notice specifically applies to:

  • Users: those who request or receive IT and related services via their A24 account.

  • Order recipients: those who request or receive A24 IT services via their A24 account. This includes those who use guest checkout features to access services without creating and/or logging into their account.

  • Guest users: those without an A24 account who receive services ordered by other A24 account owners.

All those subject to this notice are referred to as “users” in this notice.

Our privacy practices are subject to applicable laws in the places in which we operate. This means that we engage in the practices described in this notice in a particular country or region only if permitted under the laws of those places.

In addition, please note the following:

  • For users in Australia: You may contact A24 here regarding our compliance with the Australian Privacy Principles. Such contacts will be addressed by A24’s customer service and/or relevant privacy teams within a reasonable timeframe. You may also contact the Office of the Australian Information Commissioner here with concerns regarding such compliance.

  • For users in the European Economic Area (“EEA”), and the United Kingdom (“UK”): Due to data protection and other laws in these regions, including the European Union’s General Data Protection Regulation (“GDPR”), A24 does not perform certain of the data collections and uses described in this notice in the EEA or UK. Such data collections and uses are indicated herein with an asterisk (*)

  • For users in Japan: A24’s privacy practices cover the following data protection laws:

·       Japanese Act on the Protection of Personal Information (Act No. 57 of 2003 as amended in 2020) (‘APPI’)

·       Japanese Act on the Use of Numbers to Identify a Specific Individual in the Administrative Procedure (Act No. 27 of 2013 as amended) (‘the My Number Act’)

Please contact us here with any questions regarding our practices in a particular country or region.

III. Privacy Principles

When you use A24’s services, you trust us with your personal data. We’re committed to keeping that trust, and that starts with helping you understand our privacy practices. Our Privacy Principles set the foundation for how we approach privacy at A24.

We do the right thing with data

Responsible data management is a prerequisite for continuous innovation. We maintain the value of personal data for A24 and our users by handling data the way users expect, keeping it accurate and complete, and properly destroying it when it is no longer needed. This improves our services, earns and keeps our users’ trust, and differentiates us in the market.

We build privacy into our services from start to finish

Privacy is an important component for building world-class services, from inception to rollout and beyond. Performing privacy reviews on new and changed technologies, and services makes sure they fulfill users’ expectations and forms the bedrock of an exceptional customer experience. This is called “privacy-by-design.”

We collect only what we need

We have a specific objective in mind when collecting, using, or handling personal data that is consistent with our objectives and values. We collect and use only the amount of personal data we need for approved and lawful purposes.

We are transparent about our data practices

We are forthright about the personal data we collect and how we’re using and sharing it. We do what we say.

We give users choices about their data

We give users clear choices about their privacy and controls that are easy to use so that they can manage their data.

We safeguard personal data

We provide reasonable and appropriate safeguards to prevent loss, and unauthorised use or disclosure, of personal data.

IV. Data collections and uses

A. The data we collect

A24 collects data: 

  1. provided by users to A24

  2. created during use of our services

  3. from other sources

Please see below for a summary of the data we collect and how we use it.

A24 collects the following data from these sources:

1. Data provided by users. This includes:

  • Comments information/Contact forms: When visitors leave comments in the Contact forms on the site, we collect the data shown in the form, and also the visitor’s IP address and browser user agent string to help spam detection. Visitor comments may be checked through an automated spam detection service.

  • Media information: If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

  • Account information: We collect data when users create or update their A24 accounts, or place orders via guest checkout features. This includes first and last name, email, phone number, login name and password, address/location, payment or banking information (including related payment verification information), and user settings.

2. Data created during use of our services. This includes: 

  • Usage data: We collect data about how users interact with our services. This includes access dates and times, app features or pages viewed, browser type, and app crashes and other system activity.

  • Device data: We collect data about the devices used to access our services, including the hardware models, device IP address or other unique device identifiers, operating systems and versions, software and preferred languages.

3. Data from other sources. These include:

·       users participating in our referral programs. For example, when a user refers another person, we receive the referred person’s data from that user.

·       A24 account owners who request services for or on behalf of other users (such as Sales fulfilment or Professional Services), or who enable other users to request or receive services through their business accounts.

·       users or others providing information in connection with claims or disputes.

·       A24 business partners through which users create or access their A24 account, such as payment providers, or social media services, who A24 uses. 

·       A24 business partners in connection with debit or credit cards issued by a financial institution in partnership with A24 to the extent disclosed in the terms and conditions for the card.

·       service providers who help us verify users’ identity, background information, and eligibility to work, detect fraud, and screen users in connection with sanctions, anti-money laundering, or know-your-customer requirements. 

·       publicly available sources.

·       marketing partners and service providers, and data resellers.

·       law lenforcement officials, public health officials, and other government authorities.

 

B. How we use data

A24 uses data to enable reliable and convenient products and services. We also use data:

  • to enhance the safety and security of our users and services

  • for customer support 

  • for research and development 

  • to enable communications between users 

  • for marketing and advertising

  • to send non-marketing communications to users

  • in connection with legal proceedings

Please see below for a summary of the data we collect and how we use it. 

A24 uses the data we collect:

1. To provide our services. A24 uses data to provide, personalise, maintain, and improve our services.

This includes using data to:

  • create/update accounts.

  • process payments, and enable payments.

  • personalise users’ accounts. For example, we may present users with personalised recommendations based on their prior orders and delivery location.

  • facilitate insurance, invoicing, or financing solutions.

  • inform users of changes to our terms, services, or policies.

  • perform necessary operations to maintain our services, including to troubleshoot software bugs and operational problems.

    A24 performs the above activities on the grounds that they are necessary to fulfill the terms of our agreements with users, are compatible with such uses, or are necessary for purposes of A24’s and its users’ legitimate interests.

2. Fraud protection and security. We use data to help maintain the safety, security, and integrity of our services and users. This includes:

  • verifying users' accounts, identity or compliance requirements.

    For example, we review staff background checks (including criminal history where required or permitted by law) to verify their identities and eligibility to provide A24 services.

    We may also perform order identity verification using names, date of birth, emails, telephone numbers, payment information, and third party wallets, to help deter use of our services by fraudulent accounts.

    We also require verification of user identity to use payment methods, and receive deliveries of sensitive products like Hardware Security Modules. We may process user profile pictures, government-issued identification photos and numbers, or other user-submitted photographs to perform this verification, including in some regions through use of facial recognition technology. We also use such technology to prevent fraudulent use of identification photos, or to prevent users from creating multiple accounts.

    We may also use facial recognition technology to prevent fraudulent use of A24 accounts by those other than the account owner.

  • using customer service information, device data, transaction, and usage data to identify potential customer insights.

  • using account, device, location, usage, transaction, wireless carrier, and other data, including communications and metadata, to prevent, detect, and combat fraud, including by guest users. 

  • using reported comments and incidents, and other feedback to encourage safe use of A24’s platform and compliance with our terms.

    A24 performs the above activities on the grounds that they are necessary to fulfill the terms of our agreements with users, and/or for purposes of the legitimate security interests of A24, our users and members of the general public.

3. Customer support. We use the information we collect (which may include call recordings) to provide customer support, including to investigate and address user concerns and to monitor and improve our customer support responses and processes.

A24 performs the above activities on the grounds that they are necessary to fulfill the terms of our agreements with users or for purposes of A24’s legitimate interests in monitoring and improving its customer support services.

4. Research and development. We use data for analysis, or service development, research, and testing. This helps us make our services more convenient and easy-to-use, enhance the safety and security of our services, and develop new services and features.

A24 performs the above activities on the grounds that they are necessary for purposes of A24’s legitimate interests in improving and developing new services and features.

5. Marketing and Advertising. A24 uses data (other than guest users’ data) through its customer relationship management (CRM) system to market its services, and those of A24 partners.

We use account, approximate country location, device and usage data, to provide ads and marketing communications that are personalised based on users’ observed or inferred location.

This includes using this data to:

  • send emails, text messages, push notifications, or other communications marketing or advertising A24 products, services, features, offers, promotions, news and events. For example, we may send push notifications suggesting products or merchants similar to those a user has previously ordered.

  • display A24 marketing on third-party websites. 

  • display third-party advertising in connection with our services. For example, we display ads for partners’ products or services that are available through A24. These ads may include recommendations that are personalised based on users’ country location and order histories.


We also measure the effectiveness of A24’s ads, and of third-party ads displayed in connection with our services.

A24 performs the above activities on the grounds that they are necessary for purposes of A24’s legitimate interests in informing users about A24 services and features or those offered by A24 partners. See the sections titled “Choice and transparency” and “Marketing and advertising choices” for information on users’ choices regarding how A24 may use their data for marketing and advertising.

6. Non-marketing communications. A24 may use data to send surveys and other communications that are not for the purpose of marketing the services or products of A24 or its partners. For example, we may send surveys to determine the satisfaction with our services or events we host with our partners.

A24 performs the above activities on the grounds that they are necessary to fulfill the terms of our agreements with users, or for purposes of A24’s and its users’ legitimate interests in informing users about events that may have an impact on their use of A24’s services.

7. Legal proceedings and requirements. We use data to investigate or address claims or disputes relating to use of A24’s services, to satisfy requirements under applicable laws, regulations, operating licenses or agreements, insurance policies, or pursuant to legal process or governmental request, including from law enforcement.

A24 performs the above activities on the grounds that they are necessary for purposes of A24’s legitimate interests in investigating and responding to claims and disputes relating to use of A24’s services and features, and/or necessary for compliance with applicable legal requirements.

C. Cookies and third-party technologies

A24 and its partners use cookies and other identification technologies on our websites, emails, and online media for purposes described in this notice, and A24’s Cookie Policy.

Cookies are small text files that are stored on browsers or devices by websites, apps, online media, and ads. A24 uses cookies and similar technologies for purposes such as:

  • authenticating users

  • remembering user preferences and settings

  • determining the popularity of content

  • delivering and measuring the effectiveness of advertising campaigns

  • analysing site traffic and trends, and generally understanding the online behaviours and interests of people who interact with our services

We may also allow others to provide audience measurement and analytics services for us, or for other companies’ products and services on our websites, and to track and report on the performance of those ads. These entities may use cookies, web beacons, and other technologies to identify the devices used by visitors to our websites, as well as when they visit other online sites and services.

Please see our Cookie Policy for more information regarding the use of cookies and other technologies described in this section.

 

D. Data sharing and disclosure

Some of A24’s services and features require that we share data with other users, or at users’ request or with their consent. We may also share such data with our affiliates, subsidiaries, and partners, for legal reasons or in connection with claims or disputes.

A24 may share data:

1. With other users

This includes sharing:

  • customer order recipients’ name and order details, including items ordered, delivery address, and order information (with other relevant A24 staff or partners to help fulfill the order. We may also share other information to the extent required by law, for order enquiries, to verify product trade restrictions and avoid trade sanctions, with our partners.

  • for those who participate in A24’s referral program, we may share certain data of referred users, such as the lead’s name, with the user or partner who referred them as necessary to determine a referral bonus, or partner discount.

2. At users’ request or with users’ consent

This includes sharing data with:

  • A24 business partners. For example, if a user requests a service through a partnership or promotional offering made by a third-party, A24 may share certain data with those third parties. This may include, for example, other products or services with which we integrate; or other A24 business partners and their users in connection with specialised services.

  • Emergency services. We offer features that enable users to share their data with police, fire, and ambulance services in the event of an emergency or after certain incidents. For more information, please see “Choice and Transparency” and “Emergency Data Sharing” below. 

  • Insurance companies. If a user has reported or submits a claim to an insurance company relating to A24’s services, A24 will share certain data with that insurance company for the purpose of adjusting or handling the user’s insurance claim.

  • General public. Questions or comments from users submitted through public forums such as A24 social media pages may be viewable by the public, including any data included in the questions or comments submitted by a user. 

3. With A24 subsidiaries and affiliates

We share data with our subsidiaries and affiliates to help us provide our services or conduct data processing on our behalf. For example, A24 processes and may store such data in the United Kingdom, Japan or Australia on behalf of its international subsidiaries and affiliates.

4. With A24 service providers and business partners

These include the third-parties, or categories of third-parties, listed below. Where a third-party is identified, please see their linked privacy notices for information regarding their collection and use of personal data.

  • payment processors and facilitators.

  • background check, identity verification and risk solutions providers.

  • cloud storage providers.

  • customer support platform and service providers. 

  • social media companies, including Instagram, LinkedIn and X (formerly Twitter), in connection with A24’s use of their websites. 

  • marketing partners and marketing platform providers, including social media advertising services, advertising networks, third-party data providers, and other service providers to reach or better understand our users and measure advertising effectiveness.

    This includes advertising intermediaries, that enable A24 to display and/or measure the effectiveness of personalised ads for third-party products provided by our partners. We share data -- including advertising, order information, and other interaction data -- with these intermediaries to enable their services and for such other purposes as are disclosed in their privacy notices. Users may opt out from ad personalisation here. For more information regarding these intermediaries’ privacy practices, including how to submit requests to them relating to their handling of personal data, please see their privacy notices linked above.

  • research partners, including those performing surveys or research projects in partnership with A24 or on A24’s behalf.

  • service providers that assist A24 to enhance the security of A24 services.

  • service providers that provide us with artificial intelligence or machine learning tools and services.

  • accountants, consultants, lawyers, and other professional service providers.

  • insurance and financing partners.

  • insurance companies, in connection with insurance claims made or reported by a user relating to A24’s services, and for the purpose of adjusting or handling the insurance claim.

5. For legal reasons or in the event of a dispute

A24 may share users’ data if we believe it’s required by applicable law, regulation, operating license or agreement, legal process or governmental request, insurance policy, or where the disclosure is otherwise appropriate due to safety or similar concerns.

This includes sharing data with law enforcement officials, public health officials, other government authorities, insurance companies, or other third parties as necessary to enforce our Terms of Service, user agreements, or other policies; to protect A24’s rights or property or the rights, safety, or property of others; or in the event of a claim or dispute relating to the use of our services. In the event of a dispute relating to use of another person’s credit card or payment identifier, we may be required by law to share a user’s data, including order information, with the owner of that credit card or payment identifier.

This also includes sharing data with others in connection with, or during negotiations of, any merger, sale of company assets, consolidation or restructuring, financing, or acquisition of all or a portion of our business by or into another company.

6. With consent

A24 may share a user’s data other than as described in this notice if we notify the user and they consent to the sharing.

 

E. Data retention and deletion

A24 retains user data for as long as necessary for the purposes described above. Users may request account deletion through the A24 websites. 

A24 retains user data for as long as necessary for the purposes described above, which varies depending on data type, the category of user to whom the data relates, the purposes for which we collected the data, and whether the data must be retained after an account deletion request for the purposes described below.

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personl information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

For example, we retain data:

  • for the life of users’ accounts if such data is necessary to provide our services. e.g., account data.

  • for 7 years if necessary to comply with tax requirements. e.g., payments to staff.

  • for defined periods as necessary for purposes of fraud prevention.

Users may request deletion of their account through the Privacy page on the A24 website.

Following an account revocation request, we lock the user’s account and data, except as necessary for purposes of security, fraud prevention or compliance with legal requirements, or because of issues relating to the user’s account (such as an outstanding credit or an unresolved claim or dispute). We generally lock or delete data within 90 days of an account revocation request, except where retention is necessary for the above reasons.

V. Choice and transparency

A24 enables users to access and/or control data that A24 collects, including through: 

  • privacy settings

  • device permissions

  • marketing and advertising choices 

A24 also enables users to request access to or copies of their data, make changes or updates to their accounts, request revocation of deletion of their accounts, or request that A24 restrict its processing of user data.

1. Privacy settings

Users may contact our Data Privacy Officer to set or update their preferences regarding location data collection and sharing, and notifications

  • Notifications: news
    Users may enable A24 to send push notifications about news from A24. Users may control whether they receive push notifications via contacting our A24 Data Privacy Officer.

  • Email Communications
    While placing an order in the A24 website, users may opt-in to share their contact details to receive communications from A24. Those who opt-in may choose to cease receiving such communications through the Unsubscribe button in e-mails.

2. Device permissions

Most mobile device platforms (iOS, Android, etc.) have defined certain types of device data that apps cannot access without the device owner’s permission, and these platforms have different methods for how that permission can be obtained. Users should check the available settings on their devices, or check with their provider.

3. Marketing and advertising choices

A24 provides users with the following choices regarding how their data is used for purposes of marketing and advertising:

  • Personalised marketing communications from A24: Users may choose here whether A24 may use their data to send personalised communications (such as, emails or push notifications) about A24 products and services. Users may also choose here whether to receive any marketing emails or push notifications from A24.

  • Data Sharing and Tracking: Users may choose here whether A24 may share their data with third-parties or collect data regarding their visits and actions on third-party websites, for purposes of personalised ads.

  • Cookies and related technologies: For information on how to control A24’s use of cookies and related technologies, including for purposes of displaying personalised ads, please see our Cookie Policy.

4. User data requests

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

A24 provides users with a variety of ways to learn about, control, and submit questions and comments about A24’s handling of their data. In addition to the methods indicated below, users may also submit data requests via our Data Privacy Officer.

·       Data access and portability: Depending on where they are located, users may have the right to “access” their data (meaning, to be informed of the data that A24 has collected about them), and to “portability” of their data (meaning, to receive a copy of such data). Regardless of their location, A24 provides several options for viewing and obtaining copies of the data A24 has collected about them.

·       Users may submit data requests via our Data Privacy Officer.

·       Users can also request access to their own data including their profile data via requesting it through the contacts form on the A24 website.

  • Changing or updating data: Users can edit their name, phone number or email address, via submitting a request through our Data Privacy Officer.

  • Deleting data: Users may request revocation or deletion of their account through A24’s Data Privacy Officer.

  • Objections, restrictions, and complaints: Users may request that we stop using all or some of their data, or that we limit our use of their data. This includes objecting to our use of data that is based on A24’s legitimate interests. A24 may continue to process data after such objection or request to the extent required or permitted by law.

    In addition, depending on their location, users may have the right to file a complaint relating to A24’s handling of their data with the data protection authority in their country. For example, users in the EU, Japan or Australia may submit such requests to the data protection authorities in the country in which they live.

VI. Legal information

A. Data controllers and Data Protection Officer

A24 Limited is controller of the data processed in connection with use of A24’s services globally, except where it is joint controller with other A24 affiliates. 

Users may submit requests electronically via email to exercise their rights regarding their data here.

Users may also contact A24's Data Protection Officer by sending mail to A24 Limited, Tower Bridge House, St Katharine's Way, London E1W 1DD, United Kingdom), regarding issues relating to A24's processing of their personal data, and their data protection rights.

B. Legal Framework for Data Transfers

A24 operates, and processes user data, globally. We comply with applicable legal frameworks relating to the transfer of data.

A24 operates, and processes user data, globally. This may result in processing of your personal data in countries, including the United Kingdom, whose data protection laws may differ from those where you live.

This includes processing of your data on A24’s servers in the United Kingdom, Japan or Australia, and transferring or enabling access to your data globally, in order to:

  • provide you services wherever you request them.

  • provide you access to your information, wherever you request it. 

  • respond to requests for information by governments or law enforcement, as necessary.

A24 is committed to protecting our users’ personal data regardless of where they are located or where, or by who, their personal data is processed. This includes implementing global measures to protect users’ data, including: 

  • securing user data when in transit, including through encryption, and at rest.

  • mandating company-wide training regarding privacy and data security. 

  • implementing internal policies and procedures to limit access to, and use of, users’ data.

  • limiting government and law enforcement access to user data, except where required by law, there are imminent threats to safety, or users’ have consented to the access.

When we transfer user data from the EEA, or the UK, we do so on the basis of the necessity to fulfill our agreements with users, consent, adequacy decisions regarding the country of transfer (available herehere or here), and transfer mechanisms such as the Standard Contractual Clauses adopted by the European Commission (and their approved equivalents for the UK and), and the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), and the UK Extension to the EU-U.S. DPF, as set forth by the U.S. Department of Commerce. Such data remains subject to the GDPR or equivalents after such transfer.

N.B. The United States Department of Commerce that adheres to the EU-U.S. Data Privacy Framework Principles regarding the processing of personal data received from EEA member countries in reliance on the EU-U.S. DPF, and from the UK (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. In the event of a conflict between this notice and the Privacy Principles mentioned above, the Principles shall govern. In the event that the EU-U.S. DPF is invalidated, A24 will transfer data that is subject to these certifications in reliance on the other data transfer mechanisms described above.

Please note the following:

  • Scope: A24’s DPF certification applies to data relating to data subjects in the EEA, or UK that it receives from other data controllers. 

  • Access: Users have the right to access their personal data that is subject to A24’s DPF certification. For information on how to exercise this right, please see “Choice and transparency” above.

  • Onward Transfer: A24 is responsible for the transfer of personal data, subject to its certification to third parties. For information regarding the parties to whom A24 may transfer personal data, please see “Data sharing and disclosure” above.

  • Request from law enforcement: A24 is required under applicable law to share user data, including that which may be subject to A24’s certification, pursuant to legal process or governmental request, including from law enforcement. 

  • Investigation and enforcement: A24 is subject to the investigatory and enforcement powers of the relevant UK authorities. 

  • Questions and Disputes: In compliance with the EU-U.S. DPF, and the UK Extension to the EU-U.S. DPF, A24 commits to resolve DPF Principles-related complaints about our collection and use of your personal information. Users may contact A24 here, with questions regarding our compliance with the Privacy Principles mentioned above. They may also refer a complaint to their local data protection authority, and A24 will work with that authority to resolve that complaint. In certain circumstances, the DPF provides the right to invoke binding arbitration to resolve complaints not resolved by other means, as described in Annex I to the DPF Principles.


Users can learn more about the EU-U.S. DPF here.

C. Updates to this Privacy Notice

We may occasionally update this notice. 

We may occasionally update this notice. If we make significant changes, we will notify users in advance of the changes through the A24 website or through other means, such as email. We encourage users to periodically review this notice for the latest information on our privacy practices.

Use of our services after an update constitutes consent to the updated notice to the extent permitted by law.

A24 does not perform the data collections or uses indicated with an asterisk (*) in the EEA or UK.