We understand that your data is private and, by using our platform, you are trusting us to manage it appropriately. We are committed to upholding that trust and this notice explains how we manage your data.
The Data We Collect
The following table lists out the data we collect and the capacity in which we collect it.
|Identity||first name and last name||controller|
|Contact||physical addresses, email addresses and telephone numbers||controller|
|Financial||payment card details||controller|
|Marketing and Communications||your preferences in receiving marketing from us and your communication preferences||controller|
|Messaging||the mobile phone number, message content and meta data of SMS that you send/receive to/from your users||processor|
|Profile||settings, preferences, feedback and survey responses||controller|
|Technical||internet protocol (IP) address, time zone setting and location, technology on the devices you use to access our website||controller|
|Transaction||details about the payments you make to us and the purchases you make from us||controller|
|Usage||information about how you use our website, products and Service||controller|
Why We Collect Data
The only reason we collect data is to provide the Service, protect it and improve it (aka "legitimate interests"). This includes delivering the Service to you, managing our relationship with you, carrying out core operations (e.g. accounting) as well as detecting, preventing or investigating security incidents, fraud and other misuses/abuses of the Service.
How We Collect Data
We collect data when you fill in our forms, correspond with us and/or interact with our website and Service.
We may also collect it from third party service providers (e.g. telecommunications companies, payment service providers, analytics providers, search information providers etc.) or through publicly available sources (e.g. Companies House, the Electoral Register etc).
Disclosing Your Data
To provide the Service, protect it and improve it, we may have to share your data with third parties such as service providers (e.g. analytics providers), professional advisers (e.g. lawyers, auditors) and regulators.
Please rest assured that we require all third parties to respect the privacy of your data and to treat it in accordance with the law. We only permit them to process your data for specified purposes and in accordance with our instructions, and we do not allow them to use your data for their own purposes.
Whilst some third parties are based outside the EEA (meaning that your data be transferred outside the EEA), we only appoint processors who can provide sufficient guarantees that the requirements of the EU General Data Protection Regulation (GDPR) will be met, such that your rights as a data subject will remain protected.
If our business enters into a joint venture with or is sold to or merged with another business entity, we may disclose your information to our new business partners or owners.
We will never disclose your details to any third party for marketing purposes and, unless required to do so by law, we will not otherwise disclose your data to any third parties without your consent.
Securing Your Data
We have appropriate security measures to prevent your data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
We also have procedures to deal with any suspected data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Retaining Your Data
We will only retain your data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for data, we consider the amount, nature, and sensitivity of the data, the potential risk of harm from unauthorised use or disclosure of your data, the purposes for which we process your data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances we may anonymise your data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
Your Legal Rights
Under certain circumstances, data protection laws give you the right to:
(a) Receive a copy of the data we hold about you and to check that we are processing it lawfully.
(b) Have any incomplete or inaccurate data we hold about you corrected.
(c) Ask us to delete data where there is no good reason for us continuing to process it, where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
(d) Object to processing of your data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your data for direct marketing purposes.
(e) Request restriction of processing of your data. This lets you ask us to suspend the processing of your data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
(f) Request the transfer of your data to you or to a third party in a structured, commonly used, machine-readable format.
(g) Withdraw consent at any time where we are relying on consent to process your data, though this will not affect the lawfulness of any processing carried out before you withdraw your consent.
To exercise any of your rights, please contact us. You will not have to pay a fee, though we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances. We will try to respond to all legitimate requests within one month, though it may take longer if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
If you have any reason to make a privacy-related complaint, please contact us in the first instance so that we can resolve the matter as quickly as possible. Additionally and/or alternatively, you also have the right to complain at any time to the Information Commissioner's Office (ICO).
From time-to-time, we may include links that point to third party websites. Clicking on those links may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy policies. Please read the privacy notice of every website you visit.
Please click here if you require a specific GDPR-compliant data processing agreement.