Website Privacy Policy

Background

Sports ER Limited understands that your privacy is important to you and you care about how your personal data is used; we too take your privacy very seriously. We respect and value the privacy of everyone and are committed to protecting the security of the personal information of anyone who visits this website (www.sportser.co.uk).

This Privacy Policy applies between you, the ‘user’ of this website, and Sports ER Limited, the owner and provider of this website, and the Data Controller under data protection legislation.

This Privacy Policy explains how we collect any data in relation to your use of the website and any services or systems therein, how we use the personal information you give us and keep it secure, and the conditions under which we may disclose it to others. Our website will collect and use personal data in ways that are described here, and in a way that is consistent with our obligations and your rights under the law.

Our website may also contain links to other websites. Third Parties whose content appears on our website may use third party Cookies. Please note that we have no control over how your data is collected, stored, or used by other websites, or the Cookies activities of such third parties and we advise you to check the privacy policies of any such websites/third parties before providing any data to them.

This Privacy Policy should inform you of everything you need to know, however, you can always contact us if you have any questions. Sports ER Limited has appointed a Data Protection Officer, who can help you with any queries you may have about the information contained within this privacy policy.

This Privacy Policy may be changed from time to time; you should check this page occasionally to ensure you are aware of any changes. Please read this Privacy Policy carefully and ensure that you understand it. By using our website, you agree to be bound by this Privacy Policy.

1. Important information

1.1 This Privacy Policy supplements the other policies (including our terms of use (Terms)) and is not intended to override them.

1.2 Sports ER Limited is the Data Controller and responsible for your personal data.

1.3 To assist you further in understanding this Privacy Policy, we have set out in Part 5 of Schedule 1 a glossary of terms used, examples of types of personal data we collect, how we use it, the lawful basis for processing such data and further details of your rights.

1.4 We have appointed a data privacy manager (DPM). If you have any questions about this Privacy Policy, including any requests to exercise your legal rights, please contact our DPM in writing, either by email, or by post to the appropriate address provided on the website.

1.5 You have the right to make a complaint at any time to the Information Commissioner’s Office (www.ico.org.uk) the UK’s supervisory authority for data protection issues. We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

1.6 It is important that the data we hold about you is accurate and current, therefore please keep us informed of any changes to your personal data.

1.7 Our website may include links to third party websites, plug-ins and applications. By clicking on these links or enabling connections you may be allowing third parties to collect or share your personal data. We have no control these third party websites, plug in or applications and are not responsible for their privacy policies, therefore you should also read their privacy policy to understand what personal data they collect about you and how they use it.

2. The type of data we collect about you

2.1 The type of data and personal information we collect about you depends on the context of your interactions with Sports ER Limited and the choices you make, including your privacy settings.

2.2 The data and personal information we collect from you is limited to what is necessary to enable us to carry out the purposes for which it is collected.

2.3 We may collect, use, store and transfer the types of personal data about you listed in Part 1 of Schedule 1.

2.4 We also collect, use and share aggregated data. However, if we combine aggregated data with your personal data so that it can directly or indirectly identify you, we treat this as your personal data.

2.5 We do not knowingly collect any ‘special category’ or ‘sensitive’ personal data, personal data relating to children, or information relating to criminal convictions and offences.

2.6 If we are required by law, or under the terms of a contract we have with you, to collect your personal data and you fail to provide it, we may not be able to enter into and perform the contract with you and, we may have to cancel a product or service. We will notify you of this at the relevant time.

3. How personal data is collected

3.1 Depending on how you interact with us, we collect personal data in the following ways:

- direct interactions: you might share personal data with Sports ER Limited when you complete online forms or paper

forms, request products/services, subscribe to our services, create a user account, join our mailing list, or otherwise

or correspond with us (by post, phone, text or email), or meet face-to-face, to enable us to deal with your enquiry; all

these channels of communication may not be available to you and will depend on the reason for your contact with us

- automated technology: we automatically collect personal data (technical and usage) when you browse or interact

with our website, by using cookies, server logs and other similar technologies; we use marketing analytics products

and providers to measure the effectiveness of our website, which may entail the collection of personal information in

the form of online identifiers / we may also receive technical data about you if you visit other websites which use our

- publicly available sources: we may collect personal data from publicly availably sources such as Companies House

and the Electoral Register, based inside the UK

- third parties: we may also receive personal data from: (a) analytics providers based outside the UK (such as

Google); (b) advertising networks; and (c) search information providers outside the UK; (d) our suppliers such as

payment providers, delivery services, website support and maintenance providers / we protect data obtained from

third parties according to the practices described in this Privacy Policy, plus any additional restrictions imposed by

the source of the data.

3.2 You have choices about some of the personal data we collect. When you are asked to provide personal information, you may decline to provide the information; you may still access certain areas of our website without providing any personal data at all. However, to use all features and functions available on our website you may be required to submit or allow for the collection of certain data. Note that if you choose not to provide personal information that is necessary to enable us to carry out your request we may not be able to fulfil that request.

4. How we use your personal data

4.1 There are various ways in which we may use or process your personal data and we will only use it as the law

allows.

4.2 Most commonly, we will use your personal data:

- to perform the contract, we are to enter into or have entered into with you (or a contract made with someone else

which requires us to provide goods or services to you, such as a training course) and to fulfil and complete your

orders for goods and services and other transactions entered into with us

- to respond to any correspondence you send us and fulfil the requests you make to us, both before and after

purchase and carry out reasonable administration of your order or booking

- to fulfil your request to make a payment to us and to carry out reasonable administration of your payment, which

could include thanking you and confirming your direct debit details with you

- to comply with a legal obligation and our legal requirements; and where it is necessary,

- to carry out activities which are in our legitimate interests (or those of a third party) and your interests and

fundamental rights do not override those interests / the main legitimate interests we rely on are: (i) to fulfil a training

course, (ii) to operate lawfully and effectively and to administer all aspects of our business, and (iii) to sustain and

raise the profile of our company through careful marketing and other activities

4.3 You may choose to give us feedback on any of your experiences with Sports ER Limited; your feedback together with any personal information you provide will be used to analyse, evaluate and improve your customer experience and to respond to you as appropriate.

4.4 We may process personal information for crime prevention and detection purposes and to keep our staff, and those participating in a training course, safe, for example, some of the premises where we deliver training at have CCTV cameras.

4.5 Part 2 of Schedule 1 sets out the lawful basis we will rely on to process your personal data.

4.6 Where you have provided your consent, we may use and process your personal information to contact you from time to time about our services, events and products or provide information which we reasonably think may be of interest to you. You can withdraw your consent at any time by contacting us.

4.7 With your permission and/or where permitted by law, we may also use your personal data for marketing purposes, which may include contacting you by email, telephone, text message or by post with information, news, and offers on our services.

4.8 We may have to share your personal information with third parties, as described in Section 5.

4.9 We will not share your personal data with third parties for their marketing purposes.

4.10 You will not be sent any unlawful marketing or ‘spam’; any communications will be aligned to the consent you have given us.

4.11 We will always work to fully protect your rights and comply with our obligations under the Data Protection Legislation and the provisions of the Privacy and Electronic Communications (EC Directive) Regulations 2003 as amended by the Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011, and you will always have the opportunity to opt-out at any time.

4.12 We do generally only rely on consent as a legal basis for processing your personal data to send email and SMS marketing communications and you have the right to withdraw your consent at any time by contacting us. Please note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your information.

4.13 We may process your personal information to identify and record when you have received, opened or engaged with our website or electronic communications. Please see Section 10 (“Cookies”) for more information.

4.14 We may analyse your personal data and undertake market analysis and research (including contacting you with customer surveys) so that we can better understand you as a customer and provide tailored information, products and services that we think you will be interested in. You will only receive marketing communications from us about our own products, services and any other information, if you have requested information from us or purchased services from us, if you consent to marketing at the time we collect your personal data and you have not subsequently opted out or withdrawn your consent or if we have another basis to send you the marketing communications (and in ways the law allows). We may send you marketing information from time to time after you have purchased a product or service from us or made a purchasing enquiry or requested other information of interest in a business context. We may also contact you from time to time with marketing information (unless you object) if you are acting on behalf of a business. In relation to any such information we send by email or SMS, we will include an option allowing you to object to receiving future messages by unsubscribing.

4.15 You can opt out of email marketing by clicking the unsubscribe button within the marketing email. You can also withdraw your consent to marketing at any time by contacting our Data Protection Manger (DPM).

4.16 Even if you opt out of receiving marketing, we may still use your personal data for other purposes provided we have a lawful basis to do so.

4.17 We may provide links via our website to other websites or you might independently visit the website of a third party who provides services on our behalf / the privacy practices of these third party websites are outside our control and in these cases, you should check the privacy notices of any third party websites before disclosing any personal information.

4.18 We will only use your personal data for the purpose that we originally collected it for, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we do use your personal data for an unrelated purpose we will notify you and explain how the new purpose is compatible with the original purpose for collecting it, and the legal basis which allows us to do so.

4.19 If we need to use your personal data for a purpose that is unrelated to, or incompatible with, the purpose for which it was originally collected, we will inform you and explain the legal basis which allows us to use your personal data in this manner.

4.20 In some circumstances, where permitted or required by law, we may process your personal data without your knowledge or consent in accordance with this Policy. This will only be done within the bounds of the Data Protection Legislation and your legal rights.

5. Disclosure of your personal data / data sharing

5.1 We will not sell or rent your information to third parties, although we may have to share your personal data with third parties, further details of which are set out in Part 4 of Schedule 1. If we do, you can expect a similar degree of protection in respect of your personal information to that provided by us.

5.2 We do not allow our third party service providers to use your personal data for their own purposes; they can only process your personal data for specified purposes and in accordance with our instructions.

5.3 We require all third parties to respect the security of your personal data and to treat it in accordance with the law.

5.4 We may pass your personal information to our third party service providers, including contractors and designated agents, and other associated organisations for the purposes of completing tasks on our behalf (for example to process payments, send you communications, to supply you with goods and services, to resolve product queries or issues and to assist us with marketing analysis). However, when we use third party service providers, we disclose only the personal information that is reasonably necessary to deliver the service.

5.5 In some limited circumstances, we may be under a legal duty to disclose or to share your personal data if we are involved in legal proceedings or complying with legal obligations, a court order, or the instructions of a government authority, or rights to enforce or apply our terms of use, to protect the rights, property or safety of our customers. However, we will aim to protect your privacy.

5.6 We will also share and transfer your personal data with third parties to whom we may choose to sell, transfer, or merge parts or all of our business or assets. Alternatively, we may seek to acquire other businesses or merge with them as part of any business restructuring or re-organisation. If a change happens to our business, any new owner may continue to use your personal data in the same ways that we have used it, as specified in this Privacy Policy.

6. Data transfers to parties outside the EU

6.1 We do not transfer your personal data outside the UK.

6.2 There may be some instances where your personal information is processed or stored outside of the UK. In those instances, we will ensure a similar degree of protection is afforded for that processing and storage as required by applicable law to it by ensuring at least one of the following appropriate safeguards is implemented:

- we will only transfer your personal data to countries that have been deemed to provide an adequate level of

protection for personal data by the European Commission (and there is an adequacy decision by the European

Commission for these countries, which means that they are deemed to provide an adequate level of protection for

your personal information)

- we will use specific contracts approved by the European Commission which give personal data the same protection

it has in Europe with our services providers

- we may transfer data to US-based service providers under the Privacy Shield which requires them to provide similar

protection to personal data shared between the Europe and the US.

6.3 Please contact us if you want further information on the specific mechanism used by us when transferring your personal data.

7. Data security

7.1 We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We also limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know and they can only process your personal data on our instructions and will be subject to a duty of confidentiality.

7.2 We have procedures in place to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

8. Data retention

8.1 The security of your personal data is essential to us and we will take the necessary important measures in order to protect your data and ensure it is treated safely and securely, including the following: (i) limiting access to your personal data to those employees, agents, contractors, and other third parties with a legitimate need to know and ensuring that they are subject to duties of confidentiality, and (ii) procedures for dealing with data breaches (the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, your personal data), including notifying you and/or the Information Commissioner’s Office where we are legally required to do so.

8.2 We will only store or transfer your personal data within the UK. This means that it will be fully protected under the Data Protection Legislation (General Data Protection Regulation (EU Regulation 2016/679) (the “GDPR”) and the Data Protection Act 2018).

8.3 We will only retain your personal information for as long as necessary for the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal information, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your data, the potential risk of harm from unauthorised use or disclosure of your data, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.

8.4 Details of retention periods for different aspects of your personal data are available in our retention policy.

However, we are legally required to keep basic information about our customers (including contact, identity, legal, financial, accounting, reporting and transaction data) for six years after they cease being customers, for tax purposes. For further information about the retention period in a particular case, please contact our Data Protection Officer.

8.5 In some circumstances we may anonymise your personal information (so that it can no longer be associated with you) for research or statistical purposes. We can use anonymised information indefinitely without further notice to you.

9. Your legal rights

9.1 You have certain rights in certain circumstances under data protection law. These are set out in full in Part 3 of Schedule 1. If you want to know what personal data we have about you, you can ask us for details of that personal data and for a copy of it (where any such personal data is held). This is known as a “subject access request”. If you wish to exercise any of your rights, and make a subject access request, please contact our DPM in writing and send to the email or postal addresses shown on the website.

9.2 There is not normally any charge to exercise any of your rights for a subject access request. However, if your request is clearly manifestly unfounded, repetitive or excessive, we may charge a reasonable fee for this information to cover our administrative costs in responding.

9.3 We may request specific information from you to help us confirm your identity when you contact us and ensure we are communicating with the right person. This is a security measure to ensure that personal data is not disclosed to any person who does not have the right to receive it.

9.4 You are advised to contact us if you wish to discuss anything to do with your personal data and data protection, including to make a subject access request. We will try to respond to all legitimate requests for subject access request within one month of receiving it. Normally, we aim to provide a complete response, including a copy of your personal data within that time. In some cases, however, particularly if your request is more complex, more time may be required up to a maximum of three months from the date we receive your request. In this case, we will notify you and keep fully informed of our progress.

9.5 In addition to your rights under the Data Protection Legislation, when you submit personal data via our website, you may be given options to restrict our use of your personal data. In particular, we aim to give you strong controls on our use of your data for direct marketing purposes at the point of providing your details and by managing your account.

9.6 If you have any cause for complaint about our use of your personal data, you have the right to lodge a complaint with the ICO. However, in the first instance, we would welcome the opportunity to resolve your concerns ourselves, so please contact us first.

9.7 If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please send a written request to our Data Protection Officer by email or by post marked for the attention of the Data Protection Officer.

9.8 We will ask you for information to confirm your identity and, where applicable, to help us search for your personal information. Except in rare cases, we will respond to you within 30 days after we have received any request (including any identification documents requested).

9.9 For more information about our use of your personal data or exercising your rights as outlined above, please contact us at the email address or postal address which is posted on our website.

10. Cookies

10.1 A Cookie is a small text file containing a small amount of data which is downloaded to your computer or device by our website (by the web browser while browsing our website) when you visit certain parts of our site and/or when you use certain features of our site. They were designed for websites to perform many essential functions, for example, to remember preceding events or user interactions information to record the user's browsing activity, including clicking particular buttons, logging in, or recording which pages were visited in the past. They can also be used to remember pieces of information that the user previously entered into ‘form fields’, such as names, addresses and passwords.

Cookies which are placed directly, set and used only by us are called ‘first-party’ Cookies. By using our website, you may also receive certain third party Cookies on your computer or device. Third party Cookies, are those from a domain which is different than the domain of the website you are visiting and are placed by websites, services, and/or parties other than us, and are commonly used to compile long-term records of individuals' browsing histories. These Cookies are not integral to the functioning of our website and your use and experience of our website will not be impaired by refusing consent to them.

10.2 Some Cookies are deemed “strictly necessary” (by Cookie Law) to help us to keep our website secure, identify if a user who is logged in, authenticate which account they are logged in with, and ensure the site can work properly, for example, allowing us to direct you to the right web page. These Cookies do not store any personal data. You can set your web browser to block these Cookies, but some parts of our website will not then function.

10.3 Performance Cookies are used to help us to analyse, measure and improve the performance of our website’s. They help us to count the number of ‘visits’ and traffic sources, know which pages are the most and least popular and see how ‘visitors’ move around the site. All the information from these Cookies is aggregated and therefore anonymous. These Cookies are optional, however, and if you do not allow these Cookies we will not know when you have visited our site, will not be able to monitor its performance or improve how our website works.

10.4 Marketing Cookies help to ensure the adverts you see online are more relevant to you and your interests and are optional. These Cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and device.

10.5 When you first visit the website, you will be given a choice about what Cookies are set; thus, you can manage your Cookie settings. You may restrict our use of Cookies. You can edit your Cookie preferences by clicking this button - “Manage Cookies”

10.6 Our website may place and access certain first-party Cookies on your computer or device. We use Cookies to facilitate and improve your experience of our site and to provide and improve our services.

10.7 All Cookies used by the website are used in accordance with the provisions of the Privacy and Electronic Communications (EC Directive) Regulations 2003 as amended by the Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011.

10.8 Sports ER Limited has carefully chosen these Cookies and have taken steps to ensure that your privacy and personal data is protected and respected at all times and is not at risk by allowing them, and uses the Cookies to facilitate certain functions and features of the website. We also use Cookies for analytics purposes. These Cookies track your movements and activities on the website and are designed to give us a better understanding of our users, thus enabling us to improve the website and our services.

10.9 Before the website sets Cookies on your computer or device, you will be presented with a ‘pop up’ requesting your consent to set those Cookies. None of the Cookies set by the website jeopardise your privacy in any way and no personal data is collected. By giving your consent to the setting of our Cookies you are enabling us to provide the best possible experience and service to you through our website. You may, if you wish, deny consent to the placing of Cookies; however certain features of our website may not function fully or as intended. You will be given the opportunity to allow only first-party Cookies and block third party Cookies.

10.10 Certain features of the website depend upon Cookies to function and are deemed, within the law, to be strictly necessary. You will not be asked for your consent to place these Cookies, but it is still important that you are aware of them. However, you may still disable cookies via your web browser’s settings, as set out in sub-clause 10.11.

10.11 In addition to the controls that we provide, you can choose to enable or disable Cookies in your internet browser. By default, your browser will accept Cookies, however this can be altered. Most internet browsers enable you to choose whether you wish to disable all Cookies or only third party Cookies. For further details please consult the help menu in your internet browser or the documentation that came with your device. Disabling Cookies may prevent you from using the full range of services available on the website.

10.12 You may choose to delete Cookies on your computer or device at any time, however you may lose any information that enables you to access our website more quickly and efficiently including, but not limited to, login and personalisation settings.

10.13 It is recommended that you ensure you keep your internet browser and operating system up-to-date and that you consult the help and guidance provided by the developer of your internet browser and manufacturer of your computer or device if you are unsure as to how to adjust your privacy settings.

11. Changes to this Privacy Policy

11.1 Sports ER Limited reserves the right to change this Privacy Policy as we may deem necessary from time to time, if we change our business in a way that affects personal data protection, or as may be required by law. Any changes will be immediately posted on the website and you are deemed to have accepted the terms of the Policy on your first use of the website following the alterations. We recommend that you check this page regularly to keep up-to-date.

12. Changes to Your Personal Information

12.1 It is important that your personal data is accurate and kept up-to-date. If any of the personal data we hold about you changes, please keep us informed as long as we have that data. You can request that we change your contact details by contacting our Data Protection Officer.

Appendix

Schedule 1: Personal Data

Personal data is defined by the General Data Protection Regulation (EU Regulation 2016/679) (the “GDPR”) and the Data Protection Act 2018 (collectively, “the Data Protection Legislation”) as ‘any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier’. In simpler terms, personal data is any information about you that enables you to be identified. It covers obvious information such as your name and contact details, but it also covers less obvious information such as identification numbers, electronic location data, and other online identifiers.

Part 1: Types of personal data

The data we may collect, store and use can include the following:

- account: means an account required to access and/or use certain areas and features of our website

- identity data: first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and

gender

- profile data: your username and password, password hints, log-in details and similar security information for

authentication and account access, purchase history, preferences, interests, feedback and survey responses

- contact data: billing address, delivery/postal address, email address, telephone number

- business data: company name, job title, profession

- payment data: data necessary to process your payment if you purchase one of our services or goods, such as your

payment instrument number (such as a payment card(s) details/number or bank account number) and the security

code associated with your payment instrument

- transaction data: details about payments to and from you and other details of products and services you have

purchased from us

- technical data: your internet protocol (IP) address (a unique address that computing devices such as personal

computers, tablets, and smartphones use to identify itself which is analogous to a street address or telephone

number and could therefore be used to identify you), your login data, browser type and version, time zone setting

and location, browser plug-in types and versions, operating system and platform and other technology on the

devices you use to access our website

- online identifiers: including cookies information (see section 10 (‘”Cookies”), the internet browser and devices you

are using and the pages you visited on our website and how long you visited us for

- marketing and communication data: your preferences in receiving marketing from us

- any personal information which you choose to provide us with in correspondence with you.

Part 2: Lawful basis for processing and processing activities

Under the Data Protection Legislation, we must always have a lawful basis for using your personal data. The following describes how we may use your personal data, and our lawful bases for doing so.

The lawful basis upon which we may rely on to process your personal data are:

- consent: you have given your express consent for us to process your personal data for a specific purpose

- contract: the processing is necessary for us to perform our contractual obligations with you under our contract, or

because you have asked us to take specific steps before entering into a contract with you

- legal obligation: the processing is necessary for us to comply with legal or regulatory obligation

- legitimate interests: the processing is necessary for our or a third party’s legitimate interest, for example, in order for

us to provide the best service to you via our website / before we process your personal data on this basis we make

sure we consider and balance any potential impact on you, and we will not use your personal data on this basis

where such impact outweighs our interest / set out below are specific details of the processing activities we

undertake with your personal data and the lawful basis for doing this

- purpose/activity / type of data / lawful basis for processing:

to identify and register you as a new customer on our website

to provide and manage your account and access to our website

to communicate with you and manage our relationship with you

to process and deliver your order, manage payments for our services, fees and charges and debt recovery

to contact you to supply our services and fulfil our contract with you

to personalise and tailor our services and your experience on our website

to verify the accuracy of information that we hold about you and create a better understanding of you as a customer

to promote our business, products and services

to make suggestions and recommendations to you about goods or services that may be of interest to you

to deliver relevant website content/advertisements to you and measure or understand the effectiveness of our

advertising and communications

to supply you with information by email and/or by post that you have opted-in-to

to ask you to leave a review or take a survey

to notify you about changes to our ‘Terms and Conditions’ or Privacy Policy

to comply with a request from you in connection with the exercising of your rights, for example, where you have

asked us not to contact you for marketing purposes (we will keep a record of this on our suppression lists in order

to be able to comply with your request)

to operate the administrative and technical aspects of our business efficiently and effectively

for network and information security purposes, for example, for us to take steps to protect your information against

loss, damage, theft or unauthorised access

to prevent fraud in running our business, provision of administration and IT services, network security and in the

context of a business reorganisation or group restructuring exercise

to administer and protect our business and this website (including troubleshooting, data analysis, testing, system

maintenance, support, reporting and hosting of data)

to analyse how customers’ use our products/services and communications for our legitimate interests and to develop

them to grow our business and to inform our marketing strategy to use data analytics

to analyse, evaluate and improve your experience of our website and to improve our service (we will generally use

data amalgamated from many people so that it doesn’t identify you personally)

to define types of customers for our products and services

to improve our website, products/services, marketing, customer relationships and experiences

to keep our contact, financial, transaction, marketing and communications records updated

to keep our website updated and relevant.

Part 3: Your legal rights

Under the Data Protection Legislation, you have the following legal rights in relation to your personal data:, which we will always work to uphold:

- be informed about our collection and use of your personal data

- access the personal data we hold about you: you can ask for access to and a copy of your personal data and can

check we are lawfully processing it

- correction: you can ask us to have your personal data rectified if any of your data held by us is inaccurate or

incomplete

- erasure: you can ask us to delete or remove your personal data where:

(a) there is no good reason for us continuing to process it

(b) you have successfully exercised your right to object to processing (see below)

(d) we are required to erase your personal data to comply with local law.

We may not always be able to comply with your request for specific legal reasons, which will be notified to you at the

time of your request.

- object: you can object to the processing of your personal data for a particular purpose or purposes where:

(a) where we are relying on our legitimate interest (or those of a third party) as the basis for processing your personal

data, if you feel it impacts on your fundamental rights and freedoms

(b) where we are processing your personal data for direct marketing purposes

which override your rights and freedoms, and, in such circumstances, we can continue to process your personal data

for such purposes

- restrict processing: you can ask us to us to suspend or restrict the processing of your personal data, if:

(a) you want us to establish the accuracy of your personal data or the reason for processing it

(b) our use of your personal data is unlawful, but you do not want us to erase it

defend legal claims, or

(d) you have objected to our use of your personal data, but we need to verify whether we have overriding legitimate

grounds to use it

- request a transfer/data portability: if you have provided personal data to us directly, and that data is processed using

automated means, you can request a transfer of your personal data which is held in an automated manner and

which you provided your consent for us to process in the performance of a contract with you, you can ask us for a

copy of that personal data to re-use with another service or business and we will provide your personal data in a

structured, commonly used, machine-readable format

- withdraw your consent: if you have consented to the collection, processing and transfer of your personal information

for a specific purpose(s), you have the right to withdraw your consent for that specific processing at any time (where

we are relying on consent as the legal basis for using to process your personal data) / this does not affect the

lawfulness of any processing carried out before you withdrew your consent / to withdraw your consent, please

contact our Data Protection Officer by email or by post to the appropriate address posted on the website / as quickly

as possible, and in any event within 30 days of receiving notification that you have withdrawn your consent, we will

no longer process your information for the purpose(s) you originally agreed to (unless we have another legitimate

basis for doing so in law) / note that if you ask us to stop sending marketing information we will update our records to

stop further mailings as quickly as we can, but you may still receive mailings which were already in progress prior to

you asking us to stop for up to 2 months

- be forgotten, i.e. the right to ask us to delete or otherwise dispose of any of your personal data that we hold

restrict (i.e. prevent) the processing of your personal data.

Rights relating to automated decision-making and profiling - we do not use your personal data in this way. Further information about your rights can also be obtained from the Information Commissioner’s Office or your local Citizens Advice Bureau.

Part 4: Third Parties

- service providers: acting as processors or controllers based in the EEA, but also around the world who provide

services and IT and system administration services

- professional advisors: acting as processors or joint controllers including lawyers, bankers, auditors and insurers

based in the United Kingdom who provide consultancy, banking, legal, insurance and accounting services

- HM Revenue & Customs, regulators and other authorities: acting as processors or joint controllers based in the EEA

who require reporting of processing activities in certain circumstances

- third parties: third parties to whom we may choose to sell, transfer, or merge parts or all of our business or

assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our

business, then the new owners may use your personal data in the same way as set out in this Privacy Policy.

We may collect data from third parties including contact, technical and profile information.

Part 5: Glossary

- aggregated data: information such as statistical or demographic data which may be derived from personal data, but

which cannot by itself identify a data subject

- controller: a body that determines the purposes and means of processing personal data

- data subject: an individual living person identified by personal data (which will generally be you)

- personal data: information identifying a data subject from that data alone or with other data we may hold but it does

not include anonymised or aggregated data

- processor: a body that is responsible for processing personal data on behalf of a controller

- special categories of personal data: information about race, ethnicity political opinions, religious or philosophical

beliefs, trade union membership, health, genetic, biometric data, sex life, sexual orientation

- ICO: Information Commissioner’s Office, the UK’s supervisory authority for data protection issues.

The Website Privacy Policy was last updated: April 2021