Privacy

Last updated - 3 March 2026

This Privacy Policy applies to the processing of personal information by Nimble Tech Ltd (“Nimble Tech,” “we,” “us” or “our”) that is connected via our web-based application FixMyTime (the “Service”).

DISCLOSURE REGARDING CUSTOMER DATA

This Privacy Policy does not apply to the personal information that we process on behalf of our customers pursuant to a written agreement we have entered into with such customers (“Customer Data”). Our customers’ respective privacy policies govern their collection and use of Customer Data. Our processing of Customer Data is governed by the contracts that we have in place with our customers, not this Privacy Policy. Any questions or requests relating to Customer Data should be directed to our customer.

1.  UPDATES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time in our sole discretion. If we do, we will let you know by posting the updated Privacy Policy on our website, and/or we may also send other communications.

2.  PERSONAL INFORMATION WE COLLECT

We collect personal information that you provide to us, personal information we collect automatically when you use the Service, and personal information from third-party sources, as described below.

A.  Personal Information You Provide to Us Directly

We may collect personal information that you provide to us, including:

  • Account Information. We may collect personal information in connection with the creation or administration of your account. This may include your name, email address, phone number, organisation name, role, and other information you store with your account.

  • Your Communications with Us. We, and our service providers, may collect the information you communicate to us, such as through email or a web chat tool.

  • Surveys. We may contact you to participate in surveys. If you decide to participate, we may collect personal information from you in connection with the survey.

  • Conferences, Trade Shows, and Other Events. We may collect personal information from individuals when we attend or host conferences, trade shows, and other events.

  • Business Development and Strategic Partnerships. We may collect personal information from individuals and third parties to assess and pursue potential business opportunities.

  • Job Applications. If you apply for a job with us, we will collect any personal information you provide in connection with your application, such as your contact information and CV.

  • Job Applications. If you apply for a job with us, we will collect any personal information you provide in connection with your application, such as your contact information and CV.

B. Personal Information Collected Automatically

We may collect personal information automatically when you use the Service, including:

  • Device Information. We may collect information about your device, such as your Internet protocol (IP) address, user settings, cookie identifiers, other unique identifiers, browser or device information, Internet service provider, and location information (including approximate location derived from IP address).

  • Usage Information. We may collect information about your use of the Service, such as the pages that you visit, items that you search for, the types of content you interact with, information about the links you click, the frequency and duration of your activities, and other information about how you use the Service.

  • Cookie Notice (and Other Technologies). We, as well as third parties, may use cookies, pixel tags, and other technologies (“Technologies”) to automatically collect personal information through your use of the Service.

    • Cookies. Cookies are small text files stored in device browsers. We use session and persistent cookies to operate and provide the Service.

    • Pixel Tags/Web Beacons. A pixel tag (also known as a web beacon) is a piece of code embedded in the Service that collects information about use of or engagement with the Service. The use of a pixel tag allows us to record, for example, that a user has visited a particular web page. We may also include web beacons in e-mails to understand whether messages have been opened, acted on, or forwarded.

See “Your Privacy Choices and Rights” below to understand your choices regarding these Technologies.

C.  Information Collected Through Third-Party Integrations

The Service is designed to integrate with existing legal software and practice management systems used by law firms. When you enable an integration, we may collect information from or about your use of those connected services in order to generate time entries and billing records, including:

  • Activity and Calendar Data. Details of meetings, appointments, and other calendar events, including timestamps and duration.

  • Communication Logs. Metadata relating to calls, emails, and messages (such as timestamps and duration), where you have connected a communication platform to the Service. We do not access the content of private communications.

  • Matter and Client References. Matter identifiers and client references passed from integrated practice management systems, used solely to associate time entries with the correct matter.

Information collected through integrations is used solely to generate time entries for your activities. Once those time entries have been created, all underlying raw data is promptly discarded and not retained.

  1. HOW WE USE PERSONAL INFORMATION

We use personal information for a variety of business purposes, including to provide the Service, for administrative purposes, and to provide you with marketing materials, as described below.

  1. Provide the Service

We use personal information to fulfil our contract with you and provide the Service, such as:

  • Managing your information;

  • Providing access to certain areas, functionalities, and features of the Service;

  • Answering requests for support;

  • Communicating with you;

  • Sharing personal information with third parties as needed to provide the Service; and

  • Processing applications if you apply for a job we post on our Service.

B. Administrative Purposes

We use personal information for various administrative purposes, such as:

  • Pursuing our legitimate interests such as direct marketing, research and development (including marketing research), network and information security, and fraud prevention;

  • Detecting security incidents, protecting against malicious, deceptive, fraudulent or illegal activity, and prosecuting those responsible for that activity;

  • Carrying out analytics;

  • Measuring interest and engagement with the Service;

  • Improving, upgrading, or enhancing the Service;

  • Developing new products and services;

  • Creating de-identified and/or aggregated information. If we create or receive de-identified information, we will not attempt to re-identify such information, unless permitted by, or required to comply with, applicable laws;

  • Ensuring internal quality control and safety;

  • Authenticating and verifying individual identities, including requests to exercise your rights under this Privacy Policy;

  • Debugging to identify and repair errors with the Service;

  • Auditing relating to interactions, transactions, and other compliance activities;

  • Enforcing our agreements and policies; and

  • Carrying out activities that are required to comply with our legal obligations.

C. Marketing

We may use personal information to tailor and provide you with marketing and other content. We may provide you with these materials as permitted by applicable law, including where we rely on our legitimate interests in direct marketing or where we have obtained your prior consent.

If you have any questions about our marketing practices, you may contact us at any time as set forth in “Contact Us” below.

D. With Your Consent or Direction

We may use personal information for other purposes that are clearly disclosed to you at the time you provide personal information, with your consent, or as otherwise directed by you.

E. Automated Decision Making

We may engage in automated decision making, including profiling. Nimble Tech’s processing of your personal information will not result in a decision based solely on automated processing that produces legal or similarly significant effects on you, unless: (i) such a decision is necessary as part of a contract we have with you; (ii) we have your explicit consent; or (iii) we are otherwise permitted or required by applicable law. Where we engage in solely automated decision making with significant effects, you have the right to request human review of that decision. If you have questions about our automated decision making, you may contact us as set forth in “Contact Us” below.

F. Legal Bases for Processing (UK GDPR)

Where the UK General Data Protection Regulation (“UK GDPR”) or the Data Protection Act 2018 applies, we process your personal information on the following legal bases:

  • Performance of a contract: where processing is necessary to provide the Service or take steps at your request prior to entering into a contract.

  • Legitimate interests: where we have a legitimate business interest in processing your data (such as improving the Service, preventing fraud, and direct marketing) and those interests are not overridden by your rights.

  • Legal obligation: where processing is necessary to comply with a legal obligation to which we are subject.

  • Consent: where you have given us clear consent to process your personal information for a specific purpose, including certain marketing communications and non-essential cookies. You may withdraw consent at any time without affecting the lawfulness of processing before withdrawal.

  1. PROTECTION MECHANISMS FOR SENSITIVE DATA

We are committed to protecting the privacy and security of sensitive personal information. Sensitive personal information (referred to under UK GDPR as “special category data”) includes information about health, racial or ethnic origin, political opinions, religious beliefs, trade union membership, genetic and biometric data, and sexual orientation.

To safeguard sensitive data, we implement the following data protection mechanisms:

  • Encryption. Sensitive information stored on our servers is encrypted using advanced encryption techniques to ensure that data is protected against unauthorised access.

  • Access Control. Access to sensitive data is strictly restricted to authorised personnel who have a legitimate business need to access the information. We enforce robust access controls and regularly review access permissions.

  • Data Minimisation. We only collect and process sensitive data when it is strictly necessary for the specific purposes outlined in this Privacy Policy and delete or anonymise this information when it is no longer needed.

  1. HOW WE DISCLOSE PERSONAL INFORMATION

We disclose personal information to third parties for a variety of business purposes, including to provide the Service, to protect us or others, or in the event of a major business transaction such as a merger, sale, or asset transfer, as described below.

A. Disclosures to Provide the Service

We may disclose any of the personal information we collect to the categories of third parties described below.

  • Service Providers. We may disclose personal information to third-party service providers that assist us with the provision of the Service. This may include, but is not limited to, service providers that provide us with hosting, customer service, analytics, marketing services, IT support, and related services. We require our service providers to process your personal information only on our instructions and in accordance with applicable data protection law.

  • Analytics Providers. We use analytics services, such as Google Analytics, to help us understand how the Service is used. For more information about how Google uses your personal information, please visit Google Analytics’ Privacy Policy. You may opt out of Google Analytics tracking by using the Google Analytics opt-out browser add-on.

  • Business Partners. We may share your personal information with business partners to provide you with a product or service you have requested. We may also share your personal information with business partners with whom we jointly offer products or services. Once your personal information is shared with our business partner, it will also be subject to our business partner’s privacy policy.

  • Affiliates. We may share your personal information with our corporate affiliates.

B. Disclosures to Protect Us or Others

We may access, preserve, and disclose any information we store associated with you to external parties if we, in good faith, believe doing so is required or appropriate to: comply with law enforcement or other legal requests and legal process, such as a court order or subpoena; protect your, our, or others’ rights, property, or safety; enforce our policies or contracts; collect amounts owed to us; or assist with an investigation or prosecution of suspected or actual illegal activity.

C. Disclosure in the Event of Merger, Sale, or Other Asset Transfers

If we are involved in a merger, acquisition, financing, reorganisation, administration, receivership, purchase or sale of assets, transition of service to another provider, or other similar corporate transaction, your personal information may be disclosed, sold, or transferred as part of such a transaction.

  1. RETENTION AND DELETION OF DATA

A. General Retention

We retain personal information only for as long as is necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. The specific retention period for different types of personal information depends on the nature of the data and our legal obligations. Once a retention period expires, data is securely deleted or anonymised.

B. Integration Data

We do not retain any of the raw information collected through third-party integrations beyond the point at which time entries have been generated. Once time entries are created, all underlying data — including activity logs, communication metadata, and matter references — is immediately discarded.

C. Your Right to Erasure

Users have the right to request the deletion of their personal data in certain circumstances (see Section 7 below). Upon a valid request, Nimble Tech will delete your personal data from our systems in a timely manner and in accordance with applicable legal requirements. This includes all copies of the data, unless retention is required by law or for legitimate business purposes. To request data deletion, please contact us at the details set out in “Contact Us” below.

  1. YOUR PRIVACY CHOICES AND RIGHTS

Your Privacy Choices

The privacy choices you may have about your personal information are described below.

  • Email Communications. If you receive an unwanted marketing email from us, you can use the unsubscribe functionality found at the bottom of the email to opt out of receiving future marketing emails. Note that you will continue to receive transaction-related emails regarding the Service. We may also send you certain non-promotional communications and you will not be able to opt out of those communications (e.g., communications regarding the Service or updates to this Privacy Policy).

  • Cookies. You may stop or restrict the placement of Technologies on your device or remove them by adjusting your preferences as your browser or device permits. However, if you adjust your preferences, the Service may not work properly. Please note that cookie-based opt-outs are not effective on mobile applications.

Your Rights under UK GDPR

Where the UK GDPR applies, you have the following rights in respect of your personal information:

  • Right of access: you have the right to request a copy of the personal information we hold about you.

  • Right to rectification: you have the right to request that we correct any inaccurate or incomplete personal information we hold about you.

  • Right to erasure: you have the right to request that we delete your personal information in certain circumstances.

  • Right to restriction of processing: you have the right to request that we restrict the processing of your personal information in certain circumstances.

  • Right to data portability: you have the right to receive your personal information in a structured, commonly used, and machine-readable format and to transmit it to another controller, where technically feasible.

  • Right to object: you have the right to object to our processing of your personal information where we rely on legitimate interests as the legal basis, or where we process your data for direct marketing purposes.

  • Rights relating to automated decision making: you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal or similarly significant effects, except in limited circumstances.

To exercise any of these rights, please contact us using the details in “Contact Us” below. We will respond to your request within one calendar month, as required by UK GDPR. We may need to verify your identity before we can action your request.

If you are unhappy with how we handle your personal information, you also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK’s supervisory authority for data protection matters. You can contact the ICO at www.ico.org.uk or by calling 0303 123 1113.

  1. INTERNATIONAL TRANSFERS OF PERSONAL INFORMATION

Personal information processed by us may be transferred to, processed, or stored in countries outside the United Kingdom. Where we transfer personal information outside the UK, we ensure that appropriate safeguards are in place to protect your information in accordance with UK data protection law. These safeguards may include:

  • Transfers to countries that have been recognised by the UK Government as providing an adequate level of data protection (known as “adequacy regulations”);

  • Where no adequacy regulation applies, use of the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses, or another lawful transfer mechanism recognised under UK law.

You may request further information about the safeguards we use for international transfers by contacting us using the details in “Contact Us” below.

  1. THIRD-PARTY WEBSITES / APPLICATIONS

The Service may contain links to other websites or applications, and other websites or applications may reference or link to our Service. These third-party services are not controlled by us. We encourage our users to read the privacy policies of each website and application with which they interact. We do not endorse, screen, or approve, and are not responsible for, the privacy practices or content of such other websites or applications. Providing personal information to third-party websites or applications is at your own risk.

10. CONTACT US

Nimble Tech Ltd is the controller of the personal information we process under this Privacy Policy.

If you have any questions about our privacy practices or this Privacy Policy, or to exercise your rights as detailed in this Privacy Policy, please contact us at:

  • Email: info@fix-my-time.com