Privacy Policy
This Privacy Policy explains how personal data is collected, used, stored, shared, and protected in connection with services provided to all customers in the relevant area. It applies to all customers in area and is designed to reflect the principles of lawfulness, fairness, transparency, purpose limitation, data minimisation, accuracy, storage limitation, integrity, and confidentiality under the GDPR.
1. Scope and Purpose
This Policy describes the handling of personal data when a customer engages with our services, makes an enquiry, uses our products, or otherwise interacts with us in the relevant area. It applies to personal data processed in both digital and non-digital form, where applicable. The aim is to inform customers clearly about what data is collected, why it is used, how long it is retained, and what rights individuals have under data protection law.
2. Personal Data We Collect
We may collect the following categories of personal data:
- Identity data, such as name, title, or similar identifiers.
- Contact data, such as email address, telephone number, postal address, or other communication details.
- Service and transaction data, such as details relating to purchases, requests, interactions, and service history.
- Technical data, such as device information, IP address, browser type, and usage patterns.
- Communication data, such as correspondence and records of enquiries or complaints.
- Preference data, where customers choose settings or indicate interests related to services.
We collect data directly from customers when they provide it to us, and sometimes indirectly through operational systems, service tools, and lawful third-party sources. We only collect data that is relevant and necessary for specified purposes.
3. Lawful Basis for Processing
We process personal data only where a lawful basis under GDPR applies. Depending on the context, the lawful basis may include:
- Contract: processing is necessary to perform a contract or to take steps at the request of a customer before entering into a contract.
- Legal obligation: processing is necessary to comply with legal and regulatory requirements.
- Legitimate interests: processing is necessary for our legitimate interests, provided those interests are not overridden by the rights and freedoms of the individual.
- Consent: where required, processing is based on the customer’s freely given, specific, informed, and unambiguous consent.
- Vital interests: in rare situations, processing may be necessary to protect someone’s life.
- Public task: if applicable, processing may be carried out in the public interest or in the exercise of official authority.
Strong safeguards are used to ensure that the chosen lawful basis is appropriate for each processing activity and that it is documented before processing begins.
4. How We Use Personal Data
Personal data may be used for the following purposes:
- to deliver and manage services requested by customers;
- to communicate about service updates, requests, or changes;
- to process transactions and maintain accurate records;
- to improve service quality, functionality, and customer experience;
- to manage complaints, support enquiries, and dispute resolution;
- to comply with legal, accounting, and regulatory obligations;
- to protect against fraud, misuse, and unauthorised access;
- to monitor, analyse, and secure systems and operations.
We do not use personal data for purposes that are incompatible with the original reason for collection unless we have a valid lawful basis to do so.
5. Data Sharing and Processors
We may share personal data with trusted service providers and other processors who act on our instructions and are contractually required to protect data in accordance with GDPR. These processors may provide services such as IT hosting, data storage, payment handling, analytics, customer support tools, security monitoring, and administrative functions.
Where processors are used, we ensure appropriate data processing agreements are in place. These agreements require processors to:
- process personal data only on documented instructions;
- maintain confidentiality and security;
- assist with compliance obligations where necessary;
- delete or return data when the service ends;
- not engage sub-processors without appropriate safeguards.
Personal data may also be disclosed where required by law, regulation, court order, or lawful request from a competent authority. Any such disclosure is limited to what is necessary and proportionate.
6. International Transfers
If personal data is transferred outside the European Economic Area or another jurisdiction with comparable data protection standards, we ensure that suitable safeguards are in place. These may include adequacy decisions, Standard Contractual Clauses, or other lawful transfer mechanisms permitted under GDPR. Customers may request information about the safeguards used where appropriate.
7. Data Retention
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including satisfying legal, accounting, tax, regulatory, and contractual requirements. Retention periods vary depending on the nature of the data and the purpose for which it is processed.
In determining retention periods, we consider:
- the amount, nature, and sensitivity of the data;
- the potential risk of harm from unauthorised use or disclosure;
- the purposes of processing and whether they can be achieved by other means;
- legal obligations that require storage for a defined period.
When personal data is no longer needed, it is securely deleted, anonymised, or otherwise disposed of in a controlled manner. Storage limitation is an essential principle of our approach.
8. Security Measures
We implement appropriate technical and organisational measures to protect personal data against loss, misuse, unauthorised access, alteration, or disclosure. These measures may include access controls, encryption where suitable, audit trails, secure disposal, staff training, and regular review of internal procedures. No system is completely secure, but we make reasonable and proportionate efforts to reduce risk and maintain confidentiality.
9. Your Rights Under GDPR
Customers in the relevant area have several rights under data protection law, subject to legal limits and exemptions. These include:
- Right of access: to obtain confirmation about whether personal data is being processed and to receive a copy of that data.
- Right to rectification: to request correction of inaccurate or incomplete personal data.
- Right to erasure: to request deletion of personal data in certain circumstances.
- Right to restriction: to request limitation of processing in certain situations.
- Right to data portability: to receive data in a structured, commonly used, machine-readable format and transmit it where applicable.
- Right to object: to object to processing based on legitimate interests or to direct marketing where applicable.
- Right to withdraw consent: where consent is the lawful basis, it may be withdrawn at any time without affecting prior lawful processing.
- Rights related to automated decision-making: to not be subject to decisions based solely on automated processing where such rights apply.
Requests will be handled in accordance with GDPR time limits and legal requirements. We may need to verify identity before responding to a request. If a request is complex or numerous, we may take additional time permitted by law, and we will explain why if needed.
10. Children’s Data
Where services are not intended for children, we do not knowingly collect personal data from children without appropriate authority or legal basis. If we become aware that data has been collected inappropriately, we will take reasonable steps to delete it promptly.
11. Cookies and Similar Technologies
Where applicable, we may use cookies or similar technologies for operational, security, or analytical purposes. Any such use will be limited to what is necessary and will respect applicable consent requirements. Preference and analytics tools are used only where allowed by law and, where required, after obtaining valid consent.
12. Changes to This Privacy Policy
We may update this Policy from time to time to reflect changes in legal requirements, operational practices, or service arrangements. Any revised version will continue to apply to all customers in area. The most current version will govern our processing of personal data from the date it takes effect.
13. Summary of Our Commitment
We are committed to handling personal data responsibly, lawfully, and securely. Our processing is based on valid legal grounds, limited to specified purposes, and supported by retention controls and processor safeguards. Customers retain meaningful rights over their personal data, and we aim to respect those rights in a clear and timely manner. Privacy, accountability, and compliance remain central to how we operate.