You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
THE DATA WE COLLECT ABOUT YOU
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
- Identity Data includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender.
- Contact Data includes billing address, delivery address, email address and telephone numbers.
- Financial Data includes bank account and payment card details.
- Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us.
- Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
- Profile Data includes your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses.
- Usage Data includes information about how you use our website, products and services.
- Marketing and Communications Data includes your preferences in receiving marketing from us.
We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
HOW IS YOUR PERSONAL DATA COLLECTED?
We collect most of this information from you directly, for example, Identity Data, Contact Data, Financial Data and Transaction Data when you fill in forms, correspond with us by email, phone, post or otherwise when you:
- purchase our products;
- register on our website;
- agree to be added to our collaboration spreadsheet;
- subscribe to our podcasts, YouTube channel, e-newsletter or professional skills courses;
- enter a promotion, competition or survey; or
- give us some feedback.
We may also collect information from:
- automated technologies, such as cookies which collect Technical Data about your equipment and browsing activities;
- publicly accessible sources, such as Companies House or the Electoral Register;
- providers of technical, payment, advertising and delivery services, such as PayPal, Convert Kit, Amazon Associates Programme or DHL
- analytics providers such as Google or Jetpack, based outside the UK;
- a third party with your specific consent (e.g. your bank);
- we can provide details of other sources we collect data from on request.
HOW WE PROCESS YOUR PERSONAL DATA
We have set out below a description of all the ways we plan to use your personal data, and the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us at firstname.lastname@example.org or write to us at our address: Hayley Akins Limited, 76 King Street, Manchester M2 4NH if you need details about the specific legal ground we are relying on to process your personal data.
Processing an order and to fulfil contractual obligations – We may process information to fulfil our obligations and any contract with you including using third party website servers (for example for you to view relevant videos and courses). If you purchase products or services from us, we process identity, contact, financial, profile and transaction data.
Registering on our website To enable you to comment on our blog or order products/services from us we ask you to register on our website. For this purpose, we collect identity and contact data. To provide our services via our website and to improve and protect our business. – We use the information you provide to us to deliver the best possible experience for our customers.
Taking part in a prize draw, competition or survey To enable you to win prizes and study how users use our products or services, we process identity, contact, profile, usage, marketing and communications data.
Taking part in collaborations To grow your business and grow our community we process identity and contact data and may collaborate with others to promote our business further.
Updates To send relevant information including our newsletters and details regarding our product and services information to our subscribers. We may send you communication to inform you about changes to our services or technical and/or other administrative messages. These communications should be considered part of our services to you.
Billing Billing, account management and other administrative matters – We may contact you for invoicing, management of accounts, information on the services we are providing to you.
Legal As required by applicable law.
Security Issues To investigate and help prevent security issues and abuse.
LEGAL BASIS FOR PROCESSING PERSONAL DATA
The legal basis for processing your personal data are as follows:
Performance of a contract – most of our data processing is to allow us to fulfil an obligation to you (for example under a contract)
Pursuing our legitimate interests – We will process data where it is necessary to meet our legitimate business interests but only in a manner that minimizes its impact on your privacy.
To comply with a legal obligation – We will process your personal data where we are required to do so under a relevant law or regulation.
Consent – In certain circumstances we will process your personal data only with your specific consent where we are unable to process that data in accordance with a contract or where pursuing our legitimate interests is not applicable.
|Our Approach to Marketing|
|Our Website does not contain third party advertising. We may collect identity and contact data about you to send you updates on our products or services if you have purchased services or products from us. We do not permit third-party advertising (or targeted advertising) on our website. If you click on links to our social media pages, or to any third-party website, you may be subject to targeted marketing via that site.||Where we have obtained your specific consent (e.g. when you subscribe to our e-newsletter, community or jobs board), we may engage in direct marketing, such as sending you e-mails and/or brochures/other relevant marketing collateral to inform you of our services. We provide these communications on the basis that you have asked to receive these. If you change your mind, you may opt-out at any time via the unsubscribe feature that appears in our e-mails or by emailing email@example.com||We will not share with any third party the personal information that we obtain about you for the purposes of marketing unless you have provided your specific consent for us to do so and those third parties have agreed to make no independent or further use of that data and to maintain its confidentiality|
|Our Social Media Pages|
|Our website contains links to our social media pages on Facebook, Twitter, and Pinterest. These third-party websites have their own respective privacy policies (which we would advise you to read) for which those sites are solely responsible. Should you visit those social media pages and choose to follow us on Facebook, Twitter, or Pinterest, we may receive identity, contact, profile or transaction data from the social media providers.||If we do receive any personal information about you from these third-party social media sites, we will not process your information for the purposes of direct marketing unless you have provided your consent, or it is otherwise lawful for us to do so (e.g. you have previously bought something from us). If you have opted-in to receive such communications, please see our section above on “Our Approach to Marketing”.||We will not share your personal information with any third party for the purpose of marketing unless you have provided your consent for us to do so. If you would like us to delete the personal information that we have received about you from these sites, please email us at firstname.lastname@example.org If you do not want us to receive further information about you from these sites, you should also contact the sites directly to turn off the ‘follow’ setting.|
COOKIES & ANALYTICS
Our Website may also access website analytic services from third parties such as Google Analytics and Automattic (part of Jetpack) to evaluate and improve our Website, personalise your experience and to offer the best, most accessible service possible to all our visitors.
To find out more about Google Analytics and to learn how to opt out, please visit:
- How Google uses data when you use our partners' sites or apps, or
To find out more about Automattic, please visit: https://automattic.com/privacy-notice/ When you visit our website, these analytics service providers may collect the following data, which will almost always be anonymised and aggregated before reporting back to us:
- number of visitors to our Website;
- pages visited while on the Website and time spent per page;
- page interaction information, such as scrolling, clicks and browsing methods;
- websites where visitors have come from and where they go afterwards;
- page response times and any download errors;
- other technical information relating to end user device, such as IP address or browser plug-in.
We process this information to understand how visitors use our Website and to compile statistical reports regarding that activity (for example, your IP address is used to approximate the country from which you access our Website, and we aggregate this information together, so we know that, for example, most of the visitors to our Website come from England or the United States). This processing is crucial to the running of our online business, and we therefore undertake such monitoring in the pursuit of our legitimate interests in improving our website to provide a better service and source of information to visitors.
YOUR RIGHTS IN RELATION TO THE PERSONAL DATA THAT WE PROCESS
You have the right to:
Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:
- If you want us to establish the data's accuracy.
- Where our use of the data is unlawful but you do not want us to erase it.
- Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims.
- You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
CHANGE OF PURPOSE
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us at email@example.com or write to us at our address: Hayley Akins Limited, 76 King Street, Manchester M2 4NH.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
We do not knowingly use the Website to solicit or process data from or market to children.
We will take commercially reasonable, appropriate technical and organisational measures to ensure a level of security appropriate to the risk that could be encountered if you use our website and services, taking into account the likelihood and severity those risks might pose to the rights and freedoms of our Website visitors. In particular, we will take precautions to protect against the accidental or unlawful destruction, loss or alteration, and unauthorised disclosure of or access to the personal information transmitted, stored or otherwise processed by us. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality. Please be aware that, while we make the security of our Website and your personal information a high priority and devote considerable time and resources to maintain robust IT security, no security system can prevent all security breaches. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
In accordance with data protection laws and good commercial practice, we do not retain data in a form that permits identification of the person(s) to whom it relates for any longer than is necessary. Once the purpose for which information has been collected has been fulfilled, we will either permanently delete your personal information or remove all identifiers within it so that it is no longer personal data. We may use such anonymised data for research and/or business analysis purposes.
Our servers are located in Germany, and the information that we collect directly from you will be stored on these servers.
We may also transfer your personal data outside the UK:
Our third-party service providers, many of whom are located outside of the UK, operate from multiple locations including non-UK based operations or we engage sub-processors located outside the UK.
Whenever we transfer your personal data out of the UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data; or
- If a country is deemed not to have an adequate level of protection, we may use specific contracts approved for use in the UK which give personal data the same protection it has in the UK.
We may transfer data outside the UK when it is necessary for the performance of a contract made in your interests between us and another service provider.
Please contact us at firstname.lastname@example.org or write to us at our address: Hayley Akins Limited, 76 King St, Manchester, M2 4NH if you want further information on the specific mechanism used by us when transferring your personal data out of the UK.
HOW LONG WILL YOU USE MY PERSONAL DATA FOR?
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. For example, by law we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they cease being customers for tax purposes.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
You can request details of retention periods for different aspects of your personal by emailing us at email@example.com or writing to us at our address: Hayley Akins Limited, 76 King Street, Manchester M2 4NH.