1. DATA WE COLLECT ABOUT YOU
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). We may collect, use, store and transfer different kinds of personal data about you which we have grouped together follows:
- identity data, such as, first name, last name and date of birth;
- contact data, such as, email address, mailing address and phone number;
- financial data, such as, bank account, payment card details and billing address;
- transaction data, such as, details about payments to and from you and other details of the Services you have purchased from us;
- profile data, such as, username, account number or password;
- technical data, such as, the Internet Protocol (IP) address used to connect your computer to the Internet, your login information (if applicable), browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, information about your visit, including the full Uniform Resource Locators (URL), clickstream to, through and from our Website (including date and time), page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouseovers), methods used to browse away from the page and any information of yours related to contact our customer service team;
- usage data, such as, information you viewed or searched for and information about how you use our Website and Services; and
- marketing and communications data, such as, your preferences in receiving marketing from us and our third parties and your communication responses.
We also collect, use and share aggregated data such as statistical or demographic data for any purpose. Aggregated data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your usage data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.
2. METHODS OF DATA COLLECTION
We use different methods to collect data from and about you including through:
- direct interactions. You may give us your identity, contact and financial data by filling in forms or by corresponding with us by post, phone, email, skype and other messenger or otherwise. This includes personal data you provide when you apply for our Services, create an account on our Website, subscribe to our Service or publications, request marketing to be sent to you, enter a competition, promotion or survey, or give us some feedback, including report a problem with our Website;
- automated technologies or interactions. As you interact with our Website, we may automatically collect technical data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. We may also receive technical data about you if you visit other websites employing our cookies.
- third parties or publicly available sources. We may receive personal data about you from public domain, third parties (such as, analytics providers, advertising networks, search information providers and providers of technical, payment and delivery services) or other websites we operate or the other services we provide.
Where we need to collect personal data by law, or under the terms of an agreement we have with you and you fail to provide that data when requested, we may not be able to perform the agreement we have or are trying to enter into with you, including to provide you with the Services. In this case, we may have to cancel the Services you have with us but we will notify you if this is the case at the time.
3. USE OF YOUR PERSONAL DATA
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
- where we need to perform the agreement, we are about to enter into or have entered into with you;
- where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests;
- where we need to comply with a legal or regulatory obligation.
Legitimate interest means the interest of our business in conducting and managing our business to enable us to provide you with the best Services and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
Generally we do not rely on consent as a legal basis for processing your personal data other than in relation to sending third party direct marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by contacting us.
We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate. Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data.
We may use your identity, contact, profile, technical and usage data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which Services and offers may be relevant for you (we call this marketing). You may receive marketing communications from us if you have requested information from us or purchased Services from us and, in each case, you have not opted out of receiving that marketing.
You can ask us to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or by contact us at any time.
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.
5. DISCLOSURE OF YOUR PERSONAL DATA
We reserve the right at all times to disclose any personal data that we have collected when: (a) permitted or required by law; or, (b) trying to protect against, prevent, investigate actual or potential fraud, security issues, technical issues, unauthorized transactions or other violations; or (c) trying to enforce the applicable terms of service or other agreements; or (d) protecting against violations to the rights, property or safety of us, our users or the public as required or permitted by applicable laws; or (e) you have given your consent to do so. Finally, we may transfer personal data to a successor entity in connection with a corporate merger, consolidation, partial or total sale of assets, bankruptcy, or other corporate change.
Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. For further details, see European Commission: Adequacy of the protection of personal data in non-EU countries; where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe. For further details, see European Commission: Model contracts for the transfer of personal data to third countries; where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US. For further details, see European Commission: EU-US Privacy Shield.