We want you to know that when you use our organisation you can trust us with your information. We are determined to do nothing that would infringe your rights or undermine your trust. This Privacy Notice describes the information we collect about you, how it is used and shared, and your rights regarding it.
When accessing the Website, we will learn certain information about you, both automatically and through voluntary actions you may take, during your visit. This policy applies to information we collect on the Website and in email, text, or other electronic messages between you and the Website.
Our Lawful Basis for processing your information
The General Data Protection Regulation (GDPR) requires all organisations that process personal data to have a Lawful Basis for doing so.
The Lawful Bases identified in the GDPR are:
Consent of the data subject
Performance of a contract with the data subject or to take steps to enter into a contract
Compliance with a legal obligation
To protect the vital interests of a data subject or another person
Performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
The legitimate interests of ourselves, or a third party, except where such interests are overridden by the interests, rights or freedoms of the data subject.
Examples of legitimate interests include:
Where the data subject is a client or in the service of the controller
Transmission within a group of undertakings for internal administrative purposes
Processing necessary information to ensure network and information security, including preventing unauthorised access
Processing for direct marketing purposes, or to prevent fraud
Reporting possible criminal acts or threats to public security
Our lawful basis is consent of the data subject or performance of a contract with the data subject or to take steps to enter a contract and our legitimate interest is processing for direct marketing purposes.
We use your information to:
Provide services and information, for example our newsletters and information about events.
Conduct data analysis, testing, and research (including for product development), and to monitor and analyse usage and activity trends. For example, where in the world people are reading our newsletters, how many people open each one, etc;
Maintain the safety, security and integrity of our services;
Investigate and address your concerns;
Occasionally communicate with you about products, services, promotions, surveys, news, updates and events;
We do not use automated decision-making in the processing of your personal data.
We collect and process both personal data and special categories of personal data as defined in the GDPR. This includes:
Information Provided Voluntarily
Personal Information. You may be asked to provide personal information including your name, address, email address and phone number when you sign up for any of our newsletters, respond to a survey, register for a class, or purchase a product or service. We will only request the personal information that is required in order to fullfill our obligations to you, i.e. in order to deliver what you have requested, as well as to comply with any legal obligations that may accompany such an exchange.
Information Collected Automatically
In addition to the information described above, we may collect some or all of the following information:
Activity Info (Log Data). Information may be collected based on your use of the Website, which generally includes information about your computer hardware and software, such as:
Internet Protocol (“IP”) addresses, operating systems, browser types, device types, URLS, access dates and times; Website pages that you visit; referring website information; universally unique identifiers (“UUID”), advertising identifier (“IDFA”), carrier and country location, hardware and processor information, network type, and other related data.
We never share your personal data
We collect and process both personal data and special categories of personal data as defined in the GDPR. This includes:
Device IP address and MAC address
Cookies including Facebook and Google Analytics
We never share your personal data
We retain your personal data while you remain a customer. We will delete or anonymise your information at your request unless:
There is an unresolved issue, such as claim or dispute;
We are legally required to; or
There are overriding legitimate business interests, including but not limited to fraud prevention and protecting customers’ safety and security.
The General Data Protection Regulation gives you specific rights around your personal data. For example, you have to be informed about the information we hold and what we use it for, you can ask for a copy of the personal information we hold about you, you can ask us to correct any inaccuracies with the personal data we hold, you can ask us to stop sending you emails, or in some circumstances ask us to stop processing your details.
Finally, if we do something irregular or improper with your personal data you can seek compensation for any distress you are caused or loss you have incurred.
You can find out more information from the ICO’s website http://ico.org.uk/for_the_public/personal_information and this is the organisation that you can complain to if you are unhappy with how we deal with you.
You may opt out of receiving emails and other messages from our organisation by following the instructions in those messages.
- Validate users;
- For E-commerce tracking;
- Remember user preferences and settings;
- Determine frequency of accessing our content;
- Measure the effectiveness of advertising campaigns on platforms such as Facebook and Google Analytics; and
- Analyse site visits and trends.
We will occasionally update our Privacy Notice. When we make significant changes that are relevant to you we will notify you of these by email. We will publish the updated Notice on our website.
Who are we?
We all take your privacy very seriously.
email@example.com is the data controller in relation to the processing of the personal information that you provide to us when you use our Services. Its registered address is firstname.lastname@example.org. If you have any queries relating to our use of your personal information, or any other related data protection questions, please contact our Customer Services Team at email@example.com. Our Data Protection Officer is firstname.lastname@example.org. To contact our Data Protection Officer please email email@example.com.
How do we collect personal information?
- DavidBrett-Williams.com, and
- DavidBrett-Williams App.
may also share your personal information with the rest of the DavidBrett-Williams Group but only if you have given your informed consent for it to do so. This information will be used to speed up form filling, or to personalise, or improve your experience when using the Sites. Other than this, we do not share your personal information with the other members of the DavidBrett-Williams group.
- What personal information do we collect?
We collect personal information about you when you give this to us in the course of registering for and/or using our Services via any of the Sites for example we may collect your name, address, email address or telephone number. In the course of providing the Services to you, we may also store information about how you use our Sites, for example, the pages viewed, the website from which you came to visit our Sites, changes you make to information you supply to us, details of the quotes you request and your transactions, together with details of your financial information, for example, bank account or payment details. We make sure that we have appropriate security measures to protect your information (see section 8 How secure is our site and what steps do we take to keep you safe? below). We will periodically review your personal information to ensure that we do not keep it for longer than is permitted by law see section 11 below which details how long we keep your personal information for.
Note that it is your responsibility to check and ensure that all information, content, material or data you provide on the Sites is correct, complete, accurate and not misleading and that you disclose all relevant facts.
We do not knowingly collect or store any personal information about children under the age of 16. If you are aged under 16 please get your parent or guardian’s permission before you provide any personal information to us.
In order to ensure the Services we provide you continue to meet your needs we may ask you for feedback on your experience of using the Sites. Any feedback you provide will only be used as part of our programme of continuous improvement and will not be published on the Sites.
How do we use your personal information?
We may use your personal information:
- to enable you to access and use the Services;
- to personalise and improve aspects of our Services;
- for research, such as analysing market trends and customer demographics;
- to communicatewith you, including some or all of the following:
4.1 sending you information about products and services which we think may be of interest to you – If you agree, we will contact you (depending on your contact preferences) via email, post, telephone, sms, or by other electronic means such as via social and digital media this may include new product launches, newsletters and opportunities to participate in market research
- to process a transaction between you and a third party;
- to track sales, which may involve us sharing data with your product provider relating to the product(s) you have purchased. Your product provider may also send us information they hold relating to the product(s) you have purchased for this purpose;
- to match our data with data from other sources – we may validate and analyse your information and, in some cases, match it against information that has been collected by a third party to ensure that the information we hold about you is as accurate, consistent and well-organised as possible. As well as ensuring that any marketing material that we send you is appropriate to your needs, this process also ensures that our Services continue to be as personalised and focused as possible;
- to enable you to use our smart search services (see section 5 Who do we share your personal information with? below);
- to enable you to share our content with others, e.g. by using any ‘Email a friend’ or ‘Share this’ functionality on our Sites.
We will store the personal information you provide and may use it to pre-populate fields on the Sites and to make it easier for you to use the Sites when making return visits. If you do not want us to store and use your personal information in this way, you may amend your preferences at any time via the link received in emails or by emailing us at firstname.lastname@example.org (see also section 9 How can you amend your preferences? below).
We may monitor or record your calls, emails, sms or other communications but we will do so in accordance with data protection legislation and other applicable law. Monitoring or recording will always be for business purposes, such as for quality control and training (e.g. where you call our customer services help line), to prevent unauthorised use of our telecommunication systems and Sites, to ensure effective systems operation, to meet any legal obligation and/or to prevent or detect crime.
Why do we process your personal information?
We will only collect and use your personal information (as described in section 4) in accordance with data protection laws. Our grounds for processing your personal information are as follows:
- Consent – Where necessary we will only collect and process your personal information if you have given your consent for us to do so, for example, we will only send you certain marketing emails and process any sensitive information about you if we have your consent.
- Legitimate Interests – We may use and process some of your personal information where we have sensible and legitimate business grounds for doing so. Under European privacy laws there is a concept of “legitimate interests” as a justification for processing your personal information. Our legitimate interests for processing your personal information are:
2.1 to enable you to access and use the Services by: searching the websites of our partners; processing any transaction between you and a third party; and tracking sales. Using your information in this way is an essential part of us being able to provide the Services to you;
2.2 to communicate with you about the Services. We need to keep you informed about your use of the Services for example sending you a confirmation email. This won’t include marketing communications unless you have given us your consent to receive these; and
2.3 to improve our Services. We may use your personal information to: personalise aspects of our service; and for market research. We constantly aim to improve our Services to you and using your personal information in this way helps us to do this.
From May 2018, you will have a right to object to our use of your personal information for these legitimate interests including where we may use your personal information to create a profile to inform customer demographics. If you raise an objection we will stop processing your personal information unless very exceptional circumstances apply, in which case we will let you know why we are continuing to process your personal information. Please contact our Customer Services Team at email@example.com if you wish to exercise this right.
Who do we share your personal information with?
When you use any of our Services, we may disclose your personal information to the following parties:
- other members of the DavidBrett-Williams Group in accordance with section 4;
- our channel operators: whilst the majority of the channels on our Sites are run by us, some of our channels are designed and maintained for us by our service providers. We may receive your personal information from these service providers and use it in accordance with section 4 above. We will only use the personal information we receive from third parties where the relevant third party can show that it was collected and processed in accordance with the law;
- other service providers that we engage to help us provide certain services and/or functionality, such as whether products are suitable for you.
- Where permitted by data protection and privacy law, we may also disclose information about you (including electronic identifiers such as IP addresses) and/or access your account:
- if required or permitted to do so by law;
- if required to do so by any court, the Financial Conduct Authority, the Competition and Markets Authority or any other applicable regulatory, compliance, Governmental or law enforcement agency;
- if necessary in connection with legal proceedings or potential legal proceedings; and/or
- in connection with the sale or potential sale of all or part of our business.
If we reasonably believe false or inaccurate information has been provided and fraud is suspected, details may be passed to fraud prevention agencies to prevent fraud and money laundering.
Who might our providers share your personal information with?
Some of our providers will use your personal information to assess your circumstances and verify the information that you have provided before providing a quote to you.
Some providers may carry out checks against data they already hold on you, (or is held by the company whose brand they administer the product for, or members of their group of companies) such as data from existing products, account data, data from previous product transactions, accounts you may hold with them or loyalty scheme data.
What cookies do we use?
A cookie is a very small text file placed on your computer or device. Cookies help us to:
- understand browsing habits on the Sites;
- understand the number of visitors to the Sites and the pages visited; and
- remember you when you return to the Sites so we can provide you with access to previously saved quotes.
8. How secure is our site and what steps do we take to keep you safe?
Your personal data’s security is very important to us. This is why, where it’s appropriate, our Sites use HTTPS to help keep information about you secure. However, no data transmission over the internet can be guaranteed to be totally secure. Certain information, for example, your credit card details, is encrypted to minimise the risk of interception during transit.
You may complete a registration process when you sign up to use parts of the Sites. This may include the creation of a username, password and/or other identification information. Any such details should be kept confidential by you and should not be disclosed to or shared with anyone. Where you do disclose any of these details, you are solely responsible for all activities undertaken on the Sites where they are used. To protect your account, we ask you to choose a strong password to access your information on our Sites. A strong password should be lengthy and include a mixture of letters and numbers. Your password can only be reset with access to the email address registered in our system.
We do our best to keep the information you disclose to us secure. However, we can’t guarantee or warrant the security of any information which you send to us, and you do so at your own risk. By using our Sites you accept the inherent risks of providing information online and will not hold us responsible for any breach of security.
It might sometimes be necessary for us to transfer your personal information outside of the European Economic Area (EEA) to locations that may not provide the same level of protection as the UK. However, we will only transfer your personal information out of the EEA if we have put in place appropriate safeguards and protections as stated under UK law for example by the use of a data-transfer agreement incorporating certain standard model protection clauses.
9. How can you amend your preferences?
Any electronic marketing communications we send you will include clear and concise instructions to follow should you wish to unsubscribe at any time. You may also amend your marketing preferences by emailing us at firstname.lastname@example.org.
Should you no longer wish to be contacted by us, you can advise us at any time by by sending an email to email@example.com.
If you no longer wish to be contacted by providers for marketing purposes, please follow the instructions in their marketing communications, or consult their privacy policies for further information about unsubscribing.
Your personal data rights and how to contact us
You have certain rights under existing data protection legislation including the right to request a copy of the personal information we hold about you, if you request it from us in writing.
From May 2018 you will have the following rights:
(i) Right to access: the right to request copies of your personal information from us;
(ii) Right to correct: the right to have your personal information rectified if it is inaccurate or incomplete;
(iii) Right to erase: the right to request that we delete or remove your personal information from our systems;
(iv) Right to restrict our use of your information: the right to ‘block’ us from using your personal information or limit the way in which we can use it;
(v) Right to data portability: the right to request that we move, copy or transfer your personal information;
(vi) Right to object: the right to object to our use of your personal information including where we use it for our legitimate interests or where we use your personal information to carry out profiling to inform our market research and customer demographics (see section 5 above).
If you are not satisfied with the way any complaint you make in relation to your personal information is handled by us then you may be able to refer your complaint to the relevant data protection regulator which in the UK is the Information Commissioner’s Office.
How long do we keep your personal information?