You must read this section of our Privacy Notice to know how we collect or process personal data about you, which complies with the General Data Protection Regulation (GDPR).
We are known as the “Data Controller” of the personal data collected from you to enter a service delivery contract.
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). We may collect, use, store and transfer different kinds of personal data, data such as:
We also collect, use, and share aggregate data, such as statistical or demographic data, for any purpose. Aggregated data may be derived from your data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. We treat the combined data as personal data that will be used per this Privacy Notice.
We do not request any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data) to enter a service contract.
If you fail to provide personal data where we need to collect personal data under the terms of a contract we have with you and you fail to provide that data when requested by us, we may not be able to perform the contract we have or are trying to enter with you. In this case, we may have to cancel a product or service you have with us or decline your booking, but we will notify you if this is the case at the time.
We use different methods to collect data from and about you including through:
This includes personal data you provide or that you may have provided when you:
As you interact with our website or those of Third Parties, we may automatically collect data from the following parties:
analytics providers such as Google based inside or outside the EU;
search information providers inside or outside the EU.
Contact and Transaction Data from providers of technical and payment services inside or outside the EU.
We will only process your personal information if there is a lawful basis. Most commonly, we will use your personal information in the following circumstances:
When processing is necessary for the performance of a contract or when processing is required before entering a contract with you.
When processing is necessary for compliance with a legal or regulatory obligation.
To prevent and detect crime, including fraud.
Generally, we do not rely on consent as a legal basis for processing your data. We will only use your personal information for the purposes we collected it unless we consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and explain the legal basis which allows us to do so. Please note that we may process your personal information without your knowledge or consent in compliance with the above rules where this is required or permitted by law.
We may share your data with representatives of the Data Controller to enable third-party service delivery for IT hosting information located on servers within the EU, our website providers Applecado Widget Co Limited, who are Joint Data Controllers. Social media platforms may also collect and process your data. We may also need to share your data for legal reasons, including but not limited to insurance claims, tax requirements or criminal investigations. If we do, you can expect a similar degree of protection with respect to your personal information. We will not sell your data for marketing to Third Parties.
We will only retain your data for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, regulatory accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your data, the purposes for which we process your data and whether we can achieve those purposes through other means, and the applicable legal or regulatory requirements.
By law, we must keep basic information about our customers and suppliers (including Contact, Identity, Financial and Transaction Data) for a certain period after they cease being customers for tax, VAT, and insurance purposes. We will retain your data for 2 years from your booking and contract being fulfilled.
You can ask us to delete your data by emailing the Data Controller. However, if this request is made before the contract to supply is fulfilled, we may not be able to perform the contract we have or are trying to enter with you. In this case, we may have to cancel a product or service you have with us or decline your booking, but we will notify you if this is the case.
In some circumstances, we may anonymise your data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you. If you wish to raise a complaint about how your data is being handled in accordance with the law, you can contact the Information Commissioner Office (ICO)
