This policy applies to ‘personal data’. Personal data means any information relating to an identified or identifiable natural person, who may be identified, directly or indirectly by reference to an identifier such as a name, an identification number, location data, online information (e.g. an IP address) or to one or more factors relating to that person
UX Connections is the data controller and we are responsible for your personal data.
We may update this notice at any time and we may provide you with additional privacy notices from time to time.
If you do not want us to collect and use your personal information, please contact us at email@example.com and ask for your information to be deleted.
Personal Data That We Process
Personal data means any information about an individual from which that person can be identified. It does not include anonymous data where the identity has been removed.
We will collect, store, and use the following categories of personal data about you:
- Communication Data: includes any communication that you send to us whether that be through the contact form on our website, through phone or video calls, email, text, social media messaging, social media posting or any other communication that you send us.
- Customer Data: includes data relating to any purchases, such as your name, title, address, email address, phone number and contact details.
- User Data: includes data about how you use our website and any online services.
- Technical Data: includes data about your use of our website and online services such as your IP address, your login data, details about your browser, length of visit to pages on our website, page views and navigation paths, details about the number of times you use our website, time zone settings and other technology on the devices you use to access our website. The source of this data is from our analytics tracking system.
- Financial Data: such as billing and banking information which we may hold in the context of i) providing services to you (to the extent you are a customer or client); or ii) receiving services from you (to the extent you are a third party supplier).
We will not collect any sensitive personal data without your prior consent. By sensitive personal data we mean data which falls within certain ‘special categories’ which are defined in the GDPR (e.g. health data) and which require additional protection and consent measures.
How We Collect Your Personal Data
We may collect data about you by you providing the data directly to us, such as by filling in forms on our site.
We may automatically collect certain data from you as you use our website by using cookies and similar technologies. We may use pixel tags to collect IP addresses, which may then be used to analyse website traffic and derive insights.
We may receive data from third parties including analytics providers and search information providers such as Google and advertising networks such as Facebook.
How We Use Your Personal Data
Most commonly, we will use your personal information in the following circumstances:
- to administer and support the Website and your use of the Website.
- to provide access to certain pages and sections of the Website.
- to contact you by email.
- to notify you when the Website undergoes important changes or developments.
- to improve the services we offer.
- to manage our relationship with you (such as when you submit a complaint and sending relevant information about our products and services).
- to provide services to you.
- for other purposes to which you have given your consent
Our basis for processing your personal data is as follows:
- the processing is necessary in pursuit of a “legitimate interest”, a legitimate interest in this context means a valid interest we have or a third party has in processing your personal data which is not overridden by your interests in data privacy and security;
- you have consented to the processing for the specific purposes described in this notice; or
- the processing is necessary in order for us to comply with our obligations under a contract between you and us.
Under the Privacy and Electronic Communications Regulations, we may send you marketing communications from us if:
- you made a purchase or asked for information from us about our goods or services
- you agreed to receive marketing communications and in each case you have not opted out of receiving such communications since.
Under these regulations, if you are a limited company, we may send you marketing emails without your consent. However you can still opt out of receiving marketing emails from us at any time.
Disclosure of Your Personal Data
We may have to share your personal data with the parties set out below:
- Service providers who provide IT and system administration services.
- Professional advisers including lawyers, bankers, auditors and insurers.
- Government bodies that require us to do so.
We require all third parties to whom we transfer your data to respect the security of your personal data and to treat it in accordance with the law. We only allow such third parties to process your personal data for specified purposes and in accordance with our instructions.
TRANSFERS OUTSIDE OF THE UK AND EEA
We may transfer your personal information outside the UK and EEA. If we do, you can expect a similar degree of protection in respect of your personal information.
When we transfer your personal data to countries where there is no adequacy decision by the European Commission in respect of that country, we will put in place certain measures to ensure that your personal data does receive an adequate level of protection, such as contractual clauses that have been approved by the European Commission.
We have put in place security measures to prevent your personal data from being accidentally lost, used, altered, disclosed, or accessed without authorisation. We also allow access to your personal data only to those employees and partners who have a business need to know such data. They will only process your personal data on our instructions and they must keep it confidential.
We have procedures in place to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach if we are legally required to.
If personal data we hold about you is subject to a breach or unauthorised disclosure or access, we will report this to (ICO) and/or our data protection manager and/or the Information Commissioner’s Office (ICO) (as necessary).
If a breach is likely to result in a high risk to your data rights and freedoms, we will notify you as soon as possible.
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
For tax purposes the law requires us to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they stop being customers.
For any category of personal data not specifically defined in this notice, and unless otherwise specified by applicable law, the required retention period for any personal data will be deemed to be 7 years from the date of receipt by us of that data or (if later) the end of the relevant contract, arrangement or interaction with that person.
We review the personal data (and the categories of personal data) we are holding on a regular basis to ensure the data we are holding is still relevant to our business and is accurate. If we discover that certain data we are holding is no longer necessary or accurate, we will take reasonable steps to correct or delete this data as may be required. In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.
Rights Of Access, Correction, Erasure and Restriction
Under certain circumstances, by law you have the right to:
- Be informed of our personal data protection and data processing activities, details of which are contained in this notice.
- Request access to your personal information. This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
- Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it.
- Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
- Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
- Request the transfer of your personal information to another party.
- Request copies of the data we hold about you in a commonly used and easily storable format.
If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data or request that we transfer a copy of your personal information to another party, please email us at firstname.lastname@example.org.
You will not have to pay a fee to access your personal data or to exercise any of the other rights under data protection laws. However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your rights. This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you.
If you are within the UK and are not happy with any aspect of how we collect and use your data, you have the right to complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk) We should be grateful if you would contact us first if you do have a complaint so that we can try to resolve it for you.
If you are within the EU and are not happy with any aspect of how we collect and use your data, you have the right to complain to the data protection authority of the country in which you are based. We should be grateful if you would contact us first if you do have a complaint so that we can try to resolve it for you.
Right To Withdraw Consent
In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please email us at email@example.com. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
Notification of changes to the contents of this policy
This policy may be updated from time to time and you should check this webpage regularly for any updates. Changes to this notice are effective when they are posted on this page.