1. DATA WE COLLECT ABOUT YOU
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). We may collect, use, store and transfer different kinds of personal data about you which we have grouped together follows:
We also collect, use and share aggregated data such as statistical or demographic data for any purpose. Aggregated data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your usage data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.
2. METHODS OF DATA COLLECTION
We use different methods to collect data from and about you including through:
Where we need to collect personal data by law, or under the terms of an agreement we have with you and you fail to provide that data when requested, we may not be able to perform the agreement we have or are trying to enter into with you, including to provide you with the Services. In this case, we may have to cancel the Services you have with us but we will notify you if this is the case at the time.
3. USE OF YOUR PERSONAL DATA
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
Legitimate interest means the interest of our business in conducting and managing our business to enable us to provide you with the best Services and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
Generally we do not rely on consent as a legal basis for processing your personal data other than in relation to sending third party direct marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by contacting us.
We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate. Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data.
We may use your identity, contact, profile, technical and usage data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which Services and offers may be relevant for you (we call this marketing). You may receive marketing communications from us if you have requested information from us or purchased Services from us and, in each case, you have not opted out of receiving that marketing.
You can ask us to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or by contact us at any time.
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.
5. DISCLOSURE OF YOUR PERSONAL DATA
We reserve the right at all times to disclose any personal data that we have collected when: (a) permitted or required by law; or, (b) trying to protect against, prevent, investigate actual or potential fraud, security issues, technical issues, unauthorized transactions or other violations; or (c) trying to enforce the applicable terms of service or other agreements; or (d) protecting against violations to the rights, property or safety of us, our users or the public as required or permitted by applicable laws; or (e) you have given your consent to do so. Finally, we may transfer personal data to a successor entity in connection with a corporate merger, consolidation, partial or total sale of assets, bankruptcy, or other corporate change.
Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. For further details, see European Commission: Adequacy of the protection of personal data in non-EU countries; where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe. For further details, see European Commission: Model contracts for the transfer of personal data to third countries; where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US. For further details, see European Commission: EU-US Privacy Shield.