Freshwave Group Ltd ("We") are committed to protecting and respecting your privacy.
For the purpose of the Data Protection Act 1998 (the Act), the data controller is Freshwave Group Ltd of 12 New Fetter Lane, London EC4A 1JP (registration number ZA034639).
This policy only applies to our Site. If you leave our Site via a link or otherwise, you will be subject to the policy of that website provider. We have no control over that policy or the terms of the website and you should check their policy before continuing to access the website.
Information we may collect from you
We may collect and process the following data about you:
Categories of personal data you give to us
The personal data you give us includes:
Your location information
We may use GPS technology or other technology to determine your current location to provide certain functionality to you as part of our Site and applications. Some of our location-enabled applications require your location data for the feature to work. You can withdraw your consent to determine your current location at any time through your device settings.
Your device information
Each time you visit or use our Site or use our applications, we may automatically collect technical information, including the type of mobile device you use, a unique device identifier (for example, your device's IMEI number, the MAC address of the device's wireless network interface, or the mobile phone number used by the device), mobile network information, your mobile operating system, the type of mobile browser you use, and/or time zone setting;
We may automatically collect but not limited to, Internet protocol (IP) address used by your device, traffic data, location data, weblogs and other communication data, whether this is required for our own billing purposes and the application that you access, URL click stream information showing how users have reached our Site and applications and whether they access other third-party sites via any external links.
We may obtain information about your general internet usage by using a cookie file which is stored on the hard drive of your computer. Cookies contain information that is transferred to your computer's hard drive. They help us to improve our Site and to deliver a better and more personalised application. They enable us:
Where we store your personal data
All information you provide to us is stored on our secure servers. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our Site, you are responsible for keeping this password confidential. We ask you not to share your user name or a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our Site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
Uses made of the information
We use information held about you in the following ways:
Disclosure of your information
We may disclose your personal information to third parties:
Links to and from other websites
Our Site may, from time to time, contain links to and from other websites. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
Once it is within our control, we will do our utmost to ensure your personal data is processed in a way that ensures appropriate security from unauthorised or unlawful processing, accidental loss, destruction or damage.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Retaining your personal information
We will retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. We may also retain your personal data for a reasonable period afterwards to allow us to respond to any follow up enquiries or complaints.
To determine appropriate retention periods for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, we may use or store this information indefinitely without further notice to you.
In some circumstances you can ask us to delete your data, see below Right of Erasure.
Access to information
Where we are using your personal information based on your consent, you have the right to withdraw that consent at any time. We will usually inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data. You can also exercise the right at any time by contacting us at firstname.lastname@example.org.
Right to be informed
You have the right to be told how your personal information will be used. This policy document is intended to be a clear and transparent description of how your data may be used.
Right of access
You can write to us asking what information we hold on you and to request a copy of that information. This is called a Subject Access Request. From 25 May 2018 we will have 30 days to respond to you once we are satisfied you have rights to see the requested records and we have successfully confirmed your identity. See below for details on how to submit a Subject Access Request.
Right of erasure
From 25 May 2018, you have the right to be forgotten (i.e. to have your personally identifiable data deleted). However, we may not always be able to comply with your request of erasure for specific legal reasons, which will be notified to you. In some cases, we may recommend that we supress you from future communications, rather than data deletion.
Right of rectification
If you believe our records are inaccurate you have the right to ask for those records concerning you to be updated. This enables you to have any incomplete or inaccurate data we hold about you corrected. We may need to verify the accuracy of the new data provided to us.
Right to restrict processing
In certain situations, you have the right to ask for processing of your personal data to be restricted because there is some disagreement about its accuracy or legitimate usage.
Right to data portability
Where we are processing your personal data under your consent, the law allows you to request data portability from us to another service provider. This right is largely seen as a way for people to transfer their personal data from one service provider to another. We are not a personal service provider.
Right to object
You have an absolute right to stop the processing of your personal data for direct marketing purposes. Simply contact our us to amend your contact preferences.
Right to object to automated decisions
In a situation where a data controller is using your personal data in a computerised model or algorithm to make decisions "that have a legal effect on you", you have the right to object. This right is more applicable to mortgage or finance situations. We do not undertake complex computerised decision making, that produce legal effects.
How to make a Subject Access Request
A Subject Access Request should be in writing and can be submitted by letter or email. So that we can respond fully, your request must include your name and correspondence address (email address where applicable). Please provide us with as much detail as possible on the information you require. This will enable us to identify the information requested.
Before responding to your Subject Access Request, we will require proof of identity to ensure that we do not release the information to anybody else other than you. If information is required in a format, for example, a photocopy or electronic copy, please state this in your request.
If we need more information from you to help us find your information or identify you, we will ask you for further information. The 30-day timescales will commence once we are satisfied we have all the necessary identification and information to respond to your request.
If, for any reason, you have a complaint, please contact the Data Protection Officer to discuss your concerns.
Data Protection Officer: Andrew Saunders
Call: 01279 215555
Post: Freshwave Group Ltd of 12 New Fetter Lane, London EC4A 1JP
Following this, if you are still dissatisfied, you can contact the Information Commissioner's Office directly at the contact details below.
Information Commissioner: Contact telephone number: 0303 123 1113 www.ico.org.uk