4.7 Sometimes we may anonymise personal information so that you can no longer be identified from it and use this for our own purposes. In addition, sometimes we may use some of your personal information together with other people’s personal information to give us statistical information for our own purposes. Because this is grouped together wither other personal information and you are not identifiable from that combined data we are able to use this.
4.8 Under data protection laws we can only use your personal information for the purposes we have told you about, unless we consider that the new purpose is compatible with the purpose(s) which we told you about. If we want to use your personal information for a different purpose which we do not think is compatible with the purpose(s) which we told you about then we will contact you to explain this and what legal reason is in place to allow us to do this.
5. Details of how we collect personal information and special information
5.1 We usually collect Identity Information, Contact Information, Payment Information, Transaction Information, Survey Information, Marketing Information directly from you when youfill out a form, survey or questionnaire, purchase goods, services and/or digital content from us, contact us by e-mail, telephone, in writing or otherwise. This includes the personal information which you provide to us when you subscribe to our mailing list or enter a competition or survey.
5.2 We may receive some of your personal information from third parties or publicly available sources. This includes:
(a) Contact Information and Payment Information from our selected third-party suppliers;
(b) Identity Information and Contact Information from selected data brokers;
(c) Identity Information and Contact Information from publicly available sources (like Companies House and others);
(d) Website, Device and Technical Information from third parties such as analytics providers (like Google, Meta and others);
6. Details about who personal Information may be shared with
6.1 We may need to share your personal information with other organisations or people. These organisations include:
(a) Other companies in our group (who may might act as joint data controllers or as data processors on our behalf) for e.g. IT services and management;
(b) Third parties who are not part of our group. These may include:
(i) Suppliers: such as IT support services, payment providers, administration providers and marketing agencies who are based in globally;
(ii) Government bodies and regulatory bodies: such as HMRC, fraud prevention agencies who are based globally;
(iii) Our advisors: such as lawyers, accountants, auditors, insurance companies who are based globally;
Our bankers who are based globally
(iv) Credit Reference Agencies who are based globally;
(v) E-mail and marketing platforms who are based globally.
(c) any organisations which propose to purchase our business and assets in which case we may disclose your personal information to the potential purchaser.
6.2 Depending on the circumstances, the organisations or people who we share your personal information with will be acting as either Data Processors or Data Controllers. Where we share your personal information with a Data Processor we will ensure that we have in place contracts, which set out the responsibilities and obligations of us and them, including in respect of security of personal information.
6.3 We do not sell or trade any of the personal information which you have provided to us.
7. Details about transfers to countries outside of the EEA
If any transfer of personal information by us will mean that your personal information is transferred outside of the EEA then we will ensure that safeguards are in place to ensure that a similar degree of protection is given to your personal information, as is given to it within the EEA and that the transfer is made in compliance with data protection laws (including where relevant any exceptions to the general rules on transferring personal information outside of the EEA which are available to us – these are known as ‘derogations’ under data protection laws). We may need to transfer personal information outside of the EEA to other organisations within our group or to the third parties listed above in section 6 who may be located outside of the EEA.
7.1 The safeguards set out in data protection laws for transferring personal information outside of the EEA include:
(a) where the transfer is to a country or territory which the EU Commission has approved as ensuring an adequate level of protection;
(b) where personal information is transferred to another organisation within our group, under an agreement covering this situation which is known as “binding corporate rules”;
(c) having in place a standard set of clauses which have been approved by the EU Commission;
(d) compliance with an approved code of conduct by a relevant data protection supervisory authority (in the UK, this is the Information Commissioner’s Office (ICO);
(e) certification with an approved certification mechanism;
(f) where the EU Commission has approved specific arrangements in respect of certain countries, such as the US Privacy Shield, in relation to organisations which have signed up to it in the USA.
8. Details about how long we will hold your personal information
8.1 We will only hold your personal data for as long as is necessary. How long is necessary will depend upon the purposes for which we collected the personal information (see section 4 above) and whether we are under any legal obligation to keep the personal information (such as in relation to accounting or auditing records or for tax reasons). We may also need to keep personal information in case of any legal claims, including in relation to any guarantees or warranties which we have provided with the goods, services and digital content.
8.2 We have set out above the details of our retention periods for different types of data. You can find them in in section 2 and also in section 3.
9. Automated decision making
9.1 ‘Automated decision making’ is where a decision is automatically made without any human involvement. Under data protection laws, this includes profiling. ‘Profiling’ is the automated processing of personal data to evaluate or analyse certain personal aspects of a person (such as their behaviour, characteristics, interests and preferences).
9.2 Data protection laws place restrictions upon us if we carry out automated decision making (including profiling) which produces a legal effect or similarly significant effect on you.
9.3 We do carry out automated decision making (including profiling) which produces a legal effect or similarly significant effect on you. If we do decide to do this then we will notify you and we will inform you of the legal reason we are able to do this.
10. YOUR RIGHTS UNDER DATA PROTECTION LAW
10.1 Under data protection laws you have certain rights in relation to your personal information, as follows:
(a) Right to request access: (this is often called ‘subject access’). This is the right to obtain from us a copy of the personal information which we hold about you. We must also provide you with certain other information in response to these requests to help you understand how your personal information is being used.
(b) Right to correction: this is the right to request that any incorrect personal data is corrected and that any incomplete personal data is completed.
(c) Right to erasure: (this is often called the “right to be forgotten”). This right only applies in certain circumstances. Where it does apply, you have the right to request us to erase all of your personal information.
(d) Right to restrict processing: this right only applies in certain circumstances. Where it does apply, you have the right to request us to restrict the processing of your personal information.
(e) Right to data portability: this right allows you to request us to transfer your personal information to someone else.
(f) Right to object: you have the right to object to us processing your personal information for direct marketing purposes. You also have the right to object to us processing personal information where our legal reason for doing so is the Legitimate Interests Reason (see section 4 above) and there is something about your particular situation which means that you want to object to us processing your personal information. In certain circumstances you have the right to object to processing where such processing consists of profiling (including profiling for direct marketing).
10.2 In addition to the rights set out in section 10.1, where we rely on consent as the legal reason for using your personal information, you have the right to withdraw your consent. Further details about this are set out in section 4.5.
10.3 If you want to exercise any of the above rights in relation to your personal information, please contact us using the details set out at the beginning of this notice. If you do make a request then please note:
(a) we may need certain information from you so that we can verify your identity;
(b) we do not charge a fee for exercising your rights unless your request is unfounded or excessive; and
(c) if your request is unfounded or excessive then we may refuse to deal with your request.
11.1 You may receive marketing from us about similar goods and services, where either you have consented to this, or we have another legal reason by which we can contact you for marketing purposes.
11.2 However, we will give you the opportunity to manage how or if we market to you. In any e-mail which we send to you, we provide a link to either unsubscribe or opt-out, or to change your marketing preferences. To change your marketing preferences, and/or to request that we stop processing your personal information for marketing purposes , you can always contact us on the details set out at the beginning of this notice.
11.3 If you do request that we stop marketing to you, this will not prevent us from sending communications to you which are not to do with marketing (for example in relation to goods, services and digital content which you have purchased from us).
11.4 We do not pass your personal information on to any third parties for marketing purposes.
If you are unhappy about the way that we have handled or used your personal information, you have the right to complain to the UK supervisory authority for data protection, which is the Information Commissioner’s Office (ICO). Please do contact us in the first instance if you wish to raise any queries or make a complaint in respect of our handling or use of your personal information, so that we have the opportunity to discuss this with you and to take steps to resolve the position. You can contact us using the details set out at the beginning of this privacy notice.
13. Third Party Websites
Our website may contain links to third party websites. If you click and follow those links then these will take you to the third party website. Those third party websites may collect personal information from you and you will need to check their privacy notices to understand how your personal information is collected and used by them.