Data Retention & Protection Policy
This policy aims to inform you about how we collect and process any information that we collect from you, or that you provide to us. It covers information that could identify you (“personal information”) and information that could not. We do this in the context and in compliance with Data Protection Act 2012 (DPA Act 843).
We are committed to protecting your data and the confidentiality of your personal information.
We undertake to preserve the confidentiality of all information you provide to us and hope that you reciprocate.
The Data Protection Act 2012 requires us to tell you about your rights and our obligations to you in regard to the processing and control of your personal data.
Except as set out below or in our terms of condition, we do not share, or sell, or disclose to a third party, any information collected through our website, apps and services.
Data Protection Officer
We have appointed a data protection officer (DPO) who is responsible for ensuring that our policy is followed.
If you have any questions about this data retention and protection policy, including any requests to exercise your legal rights, please contact our DPO, [email protected].
Data We Process
We may collect, use, store and share personal data about you. We have collated these as follows:
Your identity includes information such as:
Date of birth, and other identifiers that you may have provided at some time;
Your contact information includes information such as email address, telephone numbers, bank card details and any other information you have given to us for the purpose of processing your payments, communication.
We use data and content about our customers for invitations, promotions and communications solely for promoting our services.
We may aggregate anonymous data such as statistical or demographic data for any purpose. Anonymous data is data that does not identify you as an individual. Aggregated data may be derived from your personal data but is not considered personal information in law because it does not reveal your identity.
Information we process because we have a legal obligation
Sometimes, we must process your information in order to comply with a statutory obligation.
For example, we may be required to give information to legal authorities if they so request or if they have the proper authorization such as a search warrant or court order. This may include your personal information.
Data Protection Rights of Customers
Right to be informed: You have a right to be informed of what data of yours is being collected, how it’s being used, how long it will be kept and whether it will be shared with any third parties.
Right of access: You have a right to request a copy of the information of yours that we hold.
Right of rectification: You have the right to correct data that is inaccurate or incomplete.
Right to be forgotten: Under certain circumstances, you have a right to ask us to erase any personal data of yours that we have stored.
Right of portability: You have a right to request that we transfer any data that we hold on you to another company.
Right to restrict processing: You have a right to request that we limit the way we use your personal data.
Right to object: You have the right to challenge certain types of processing, such as direct marketing.
Retention period for personal data
We shall not retain your data for a period longer than is necessary to achieve the purpose for which we process your data and in line with our retention policy. At the end of the retention period, your data will either be deleted completely or anonymized, for example by aggregation with other data so that it can be used in a non-identifiable way for statistical analysis and business planning.
Specific details of the retention periods for different aspects of your personal data are available in our retention policy which you can request from us.
Where necessary, we may anonymize your personal data (so that it can no longer be associated with you) for research or statistical purposes in those circumstances, we may use this information indefinitely without further notice to you.
Encryption of data
We use Secure Sockets Layer (SSL) certificates to verify our identity to your browser and to encrypt any data you provide. Whenever information is transferred between us, you can check that it is done so using SSL by looking for a closed padlock symbol or another trusted mark in your browser’s URL bar or toolbar.
Review of this data protection and retention policy
We may update this data protection and retention policy from time to time as necessary.