Our collection and use of your personal information
We collect personal information about you when you access our website, contact us or provide us with services and products.
We collect this personal information from you either directly or indirectly, such as your browsing activity while on our website (see ‘Cookies’ below).
The personal information we collect about you depends on how we interact with you. Such information may include:
• your name, address and contact details
• your bank account or payment details
• details referring to your geographical location when visiting our website
We use this personal information to:
• verify your identity
• receive goods and services from you
• administer and manage our contractual relationship with you
• respond to enquiries you have made
• monitor usage of and improve our website
We do not knowingly collect or use personal information relating to children.
Our legal basis for processing your personal information
When we use your personal information, we are required to have a legal basis for doing so. These include:
• consent: where you have given us clear consent for us to process your personal information for a specific purpose
• contract: where our use of your personal information is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract
• legal obligation: where our use of your personal information is necessary for us to comply with the law (not including contractual obligations)
• legitimate interests: where our use of your personal information is necessary for our legitimate interests or the legitimate interests of a third party (unless there is a good reason to protect your personal information which overrides our legitimate interests)
Who we share your personal information with
We may share certain categories of personal data (e.g. your name and contact details) with third parties where necessary, (for example, IT and financial service providers) for business management purposes. This data sharing enables them to provide, for example, network security and payroll services to us.
Some of those third-party recipients may be based outside the European Economic Area — for further information including on how we safeguard your personal data when this occurs, see ‘Transfer of your information out of the EEA’
We will share personal information with law enforcement or other authorities if required by applicable law.
We will not share your personal information with any other third party.
Transfer of your information out of the EEA
Wherever possible, we will not transfer your personal data outside of the European Economic Area (EEA). However, some of our third party contractors and suppliers are based outside of the EEA and there may be occasions when the processing of your personal data requires it to be transferred to regions outside of the EEA, in particular to the United Stated of America. Personal data transfer outside of the EEA is carried out in accordance with the requirements of the General Data Protection Regulation and in doing so, we aim to ensure a similar degree of protection is afforded to your data by abiding by the following safeguards:
• We will only transfer your personal data to non-EU countries that have been deemed to provide an equivalent level of protection by the European Commission (For more information, see here).
• When collaborating with providers based in the US, we may transfer data to them if they are part of the Privacy Shield framework, which aims to provide companies in the US with a mechanism to comply with the data protection requirements of the European Union. (For more information, please see here).
If you would like further information, please contact us (see ‘How to contact us’ below).
A cookie is a small text file which is placed onto your device (e.g. computer or smartphone) when you use our website. A session cookie is formed when you access our website and is erased whenever you close your browser. A cookie is also formed to help recognise you and your device and store some information about your preferences or past actions, as well as provide browsing information for Google Analytics.
We use Google Analytics to collect information about the use of our website. Google Analytics collects information such as how often users visit our website, which pages they view, and how they arrived at our website. Google Analytics collects only an IP Address from users accessing our website, which can be used to determine the approximate geographical location from which our website is being viewed. The IP address collected by Google Analytics is not linked to any identifying information, such as your name, and we do not combine this IP Address with any personally identifiable information. Only Google may use the cookies associated with Google Analytics. To find out more about Google Analytics and for the option to opt-out of this service, please click here.
For further information on cookies generally visit www.aboutcookies.org or www.allaboutcookies.org.
We do not use your information for marketing purposes. If this changes, we will let you know.
You have a number of important rights, including to:
• fair processing of information and transparency over how we use your use personal information
• access to your personal information
• require us to correct any mistakes in your information which we hold
• require the erasure of personal information concerning you in certain situations
• receive the personal information concerning you which you have provided to us
• object to or restrict our continued processing of your information in certain circumstances
Keeping your personal information secure
We have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
Further information or queries
Please contact our Privacy Manager at firstname.lastname@example.org if you have any questions about this policy, and we will do our best to answer them. You also have a right to lodge a complaint with a supervisory authority. In the UK, the supervisory authority is the Information Commissioner, who may be contacted at https://ico.org.uk/concerns/.