Updated on 10th January 2019
Updated on 18th March 2019
Updated on 8th April 2019
Updated on 16th April 2019
What’s this policy about and when does it apply?
Your privacy is important to us. In this policy we want to explain to you how we
- use your personal data
- comply with the data protection legal obligations which apply to us and this website
so that you understand and have a choice about what is done with your personal data and how it is processed.
The policy applies when you use our Website. You can find our Website terms and conditions here. Separate terms and conditions will apply when you buy something from us.
Changes to this policy
We may make changes to the policy (for example to keep up with changes in the law) so we advise you to check the policy as you use the Website, although we will let you know about material changes.
Who are we and how to contact us?
Who do I contact about personal data or change my mind about how you can use it?
Our data protection representative is contactable at firstname.lastname@example.org if you need any help or information about this policy or about how we collect and use personal data. This includes if you have consented to us using your information and want to change your mind. You can also write to us if you prefer – see Who are we and how to contact us? Above.
What personal data and information do we collect?
Personal data is any information which could identify you, including your name, address and email address and IP address. Special category data is more sensitive, such as information about your ethnic origin.
Depending on how you use the website and what we provide to you, we collect a range of personal data from you, including:
- Identity (your name and title) contact information (your address, telephone number, and email) which you choose to give us as you use the website and our services. So, for example, if you buy a product or service from us we will also collect transaction and financial data (about what you buy and what payments you make), and data that you give us to open an account (such as if you choose services that mean you choose a username).
- Financial data – payment card and bank details when you buy something.
- Accounting and transaction data – such as details of purchases, free downloads.
- Marketing data – your marketing communication preferences.
- Member profile data – username, password and your preference information about when you choose a membership.
- Website use data – how you use our website, products and services.
- Technical data – IP address, browser information, location and time-zone settings, operating system and platform.
We may also collect any special category information which we need and you choose to give us (give us your explicit consent) so that we can provide services to you as you required.
If you choose not to provide us with personal data we may be unable to provide some services to you. For example, without your email address we will not be able to email you.
How do we collect personal data?
We may collect your personal data from you in the following ways:
- Forms you complete on the Website, such as when you register or create an account with us
- Information you provide to us when you buy from us or ask us to provide services to you (this may include free information and downloads from our website)
- The information you provide when you communicate with us such as by email, telephone or post
- Any surveys or feedback requests which you choose to complete or competitions or promotions which you choose to enter
- Information about your visits to our Website which will include (but are not limited to) your IP address, online tracking such as location, browser and type of device you use.
- information from third parties, including when you visit our website from another website.
When you provide us with any data, you confirm that you are over 13 years of age. We also want to be sure that your data is up-to-date and accurate so, if your personal information changes, please email us at email@example.com
How do we use Personal information?
We use personal data so that we can:
- Supply you with services you have asked us for, including any free services or downloads,
- Send you any information you have asked for or which may interest you, where you have consented to this happening, or information we need to tell you about
- Deal with any request for help or answer your queries and customer support generally
- Give you the best user experience and to enable you to participate in interactive features of our Website,
- To analyse and monitor how our Website is used and to help us to administer it (including security and fraud detection), and to run our business generally.
The lawful basis for our use will usually be one or more of the following:
- to fulfil our contractual obligations to you or because you’ve asked us to do something before entering into a contract.
- to comply with our legal obligations.
- where you have consented to the processing of your personal data, such as when we process special categories of data (we usually need your explicit consent) or for marketing purposes. (Remember you can change your mind at any time by contacting us – see Who do I contact about personal data or change my mind about how you can use it?)
- when processing is necessary for our legitimate interests or those of a third party, and those interests don’t override your interests, rights or freedoms.
For more information about the lawful basis by which we use personal data see below.
|Activity||Lawful Basis for processing data||What data we use|
|When you ask for a quote||Fulfilling our contract||Identity and contact data|
|When you become a client||Fulfilling our contract||Identity and contact data|
|Supplying a free download or other information||Fulfilling our contract||Identity and contact data|
|Delivering an order, collecting payment||Identity, contact, financial, accounting and transaction, member profile and marketing data|
|Recovering payment||Legitimate interests to recover debt||Legitimate interests|
|Company accounting||Legal obligation||Identity, contact, financial, accounting and transaction, data|
|Provide relevant advertising and content and to measure their effectiveness||Legitimate interests||Identity, contact, technical, website use, member profile and marketing data|
|Contacting you about things (products, services, and information) that may interest you||Legitimate interests||Identity, contact, technical, website use, member profile|
|Improving our website and what we can offer you||Legitimate interests to grow our business and improve client/user experience||Technical and website use data|
|Protect and run our website more efficiently||Legitimate interests to grow our business and improve client/user experience
|Identity, contact, technical data|
|Asking you to take part in a survey||Legitimate interests to grow our business and improve client/user experience||Identity, contact, website use, member profile, and marketing data|
|Notifying you of updates to our policies||Fulfilling our contract
|Identity, contact, member profile data|
We will only send you marketing communications if:
- you have asked us to and
- you haven’t changed your mind/opted out.
However, you can change your mind at any time by contacting us – see Who do I contact about personal data or change my mind about how you can use it?
Who do we share personal data with?
Before we share your personal data with any third party for marketing purposes, we’ll always get your agreement (express opt-in consent) to do so.
Otherwise, there may be times when we must share your personal data with others, for example, where the law requires us to enforce our rights or protect others, such as for fraud prevention. In addition, we may also:
- Allow authorised third parties to track and store information about visitors to our website (including IP addresses).
- Disclose your personal data to those who are providing services to us if they have appropriate processes to protect it.
- Otherwise, we will only share your personal information if you have consented to this.
Aside from the third parties who may receive anonymised data (see the section Collecting and processing non-personal information can be found below.
LIST OF THIRD PARTIES WITH WHOM WE SHARE DATA
|Vari.host||Hosting our website||https://www.vari.host/terms-conditions/|
|Aweber.com||Emails newsletters and marketing||https://www.aweber.com/privacy.htm|
|Facebook pixel for retargeting||Marketing – To show targeted ads to people who have visited our website||https://www.facebook.com/about/privacy/update|
|Google pixel for retargeting
|Marketing – To show targeted ads to people who have visited our website||https://policies.google.com/privacy?hl=en&gl=uk|
|Google Suite||gmail provided by Google to send and receive emails||https://policies.google.com/privacy?hl=en&gl=uk|
|Google Analytics||Web analytics||https://policies.google.com/privacy?hl=en-GB|
|Box||File sharing and document management||https://www.box.com/en-gb/legal/privacypolicy|
|Woo Commerce||E-commerce platform||https://woocommerce.com/data-protection-policy/|
|Gravity forms||Create website forma||https://www.gravityforms.com/terms-and-conditions/|
|Jetpack||Marketing – particularly when someone shares a social media post||https://automattic.com/privacy/
|HM Revenue and Customs||Financial records as required by law||https://www.gov.uk/government/organisations/hm-revenue-customs/about/personal-information-charter|
We check that third parties comply with the law in relation to data protection.
Recruitment – people who apply for jobs, employees and former employees
As part of any recruitment process we will explain how we collect, use and store personal data. If you become an employee you will receive the employee’s data protection policy which will explain how we collect, use and store personal data both whilst you are an employee and after you have left our employment.
What are your personal data rights?
The law gives you certain rights in relation to your personal data and to exercise these rights contact us at DPO@www.actionknowhow.com The following rights apply to personal data we collect and process so that you can:
- See what personal data we hold about you
- Rectify your personal data if it is inaccurate or incomplete
- Ask us to erase your personal data and prevent processing in specific circumstances
- Restrict processing of your personal data in certain circumstances
- Obtain and reuse your personal data for your own purposes across different services
- Object to processing your personal data in certain circumstances
Who to contact you have a query or complaint?
If you have any queries or complaints about your personal data please contact us at DPO@www.actionknowhow.com
You also have the right to lodge any data protection complaints with the Information Commissioner’s Office (ICO) who is the UK’s supervisory authority. Visit www.ico.org.uk for more information including how to access their helpline.
What about storing and transferring personal data?
We keep your personal data only for as long as it is reasonably required (for example we keep sales records for 7 years to comply with HM Revenue and Customs requirements) and then it will be deleted or destroyed or anonymised. Our data retention is as follows:
|Data Subject||How long personal information/data is kept
|Potential Clients||We will retain personal information for 6 months from the date of our last contact.|
|Clients||We will retain personal information for 7 years from the date that you ceased to be a client.|
|Potential Suppliers||We will retain personal information for 6 months from the date of the last time you contacted us.|
|Suppliers||We will retain personal information for 7 years from the date that you ceased to be a supplier.|
|Employees||We will retain personal information for 7 years from the date that you ceased to be an employee.|
|Potential employees||We will retain personal information for 6 months from the date of the last time you contacted us.|
Your data may be transferred or stored outside the EU to countries who may not have the same data protection as the EU but, if we do this, we will have an agreement with the third party who will be using an approved mechanism to keep personal data secure. This means transferring data to providers who:
- the European Commission deems to have an adequate level of protection for personal data.
- adhere to certain agreed codes of conduct or certification approved by the European Commission.
- are based in the USA and part of the EU-US Privacy Shield.
If one of these safeguards isn’t in place, we’ll ask for your explicit consent, which you can withdraw at any time.
Collecting and processing non-personal Information
When you use the Website (we may also collect non-personal information or aggregated information– that is any information about more than one individual where the individual’s identity is unknown and can’t be inferred from that information. This helps us run our Website and business effectively. For example, we use Google Analytics to get information about our website visitors but the information is processed so that an individual can not be identified from it because we work in accordance with Google’s guidelines so personal data should not be used or shared with them. Website searches may be powered by third parties but are anonymised.
What about Links to other websites, third parties and social media icons?