Rubica Change and Analytics Limited
A company registered in the United Kingdom under registered number 09226191
PLEASE TAKE A MOMENT TO READ IT SO THAT YOU ARE FULLY AWARE OF HOW AND WHY WE ARE USING YOUR DATA. THANK YOU.
WHO WE ARE & OUR WEBSITE
WHAT PERSONAL INFORMATION DO WE COLLECT AND USE?
Personal information includes any information about an individual from which that person can be identified, for example: your name, address, phone number and email address. Obviously, this doesn’t include any anonymised data.
We collect personal information about you when you access the Site, register with us, contact us, send us feedback, purchase products or services via the Site, post material to the Site and compete customer surveys or participate in competitions via the Site.
The personal information we collect about you depends on the particular activities carried out through our Site but it might include:
- your name, address and contact details
- date of birth
- bank account and payment details when you purchase a product or service from us
- details of any feedback you give us by phone, email, post or via social media
- information about the services or products we provide to you
- your account details, such as username, login details to membership sites we give you access to
- your marketing and advertising preferences
- information about how you use our Site
We then use this personal information in a number of ways including:
- to respond to you if you contact us for help or a query;
- create and manage your account with us;
- to allow you to play properly with our websites and online services, so you can be interactive with us when you choose to do so;
- verify your identity;
- provide goods and services to you under a contract;
- to send you valuable information which we think you’ll enjoy and like relating to our services, events, what we’re up to, how you can connect with us. But ONLY if you consent to this and if you ask us to stop then we will;
- customise our website and its content to your particular preferences;
- notify you of any changes to our website or to our services that may affect you;
- improve our services.
Generally, we only use it for purposes which we need to – to protect ours and your interests and prevent illegal activity and make sure that what we offer and do in the world is safe and secure. It’s also important to note that this website is not intended for use by children under the age of 13 and we do not knowingly collect or use personal information relating to children.
OUR LEGAL BASIS FOR PROCESSING YOUR PERSONAL DATA
Here’s the main thing to know. We will only collect, use and share your personal information if you’ve given us your permission and / or if we have either a legal right or obligation. This is known as the legal basis. The main legal bases we may rely upon include:
- consent: where you have given us clear consent for us to process your personal information for a specific purpose
- contract: where our use of your personal information is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract
- legal obligation: where our use of your personal information is necessary for us to comply with the law (not including contractual obligations)
- legitimate interests: where our use of your personal information is necessary for our legitimate interests or the legitimate interests of a third party (unless there is a good reason to protect your personal information, which overrides our legitimate interests)
- you specifically gave us your permission to do so (“consent”)
- we sought your consent for certain things, e.g. to add cookies to your device;
- we needed to use your information to run our business successfully (the law calls this “legitimate interests”) but only when we’re happy there is no risk to you and your personal information, and we’ll give you an option to easily unsubscribe;
- we are delivering a contract to you or complying with a legal obligation giving us permission to do so.
Current data protection laws provide you with certain rights. These include the right, in certain circumstances, to:
- request access to your personal data;
- request correction of your personal data;
- request erasure of your personal data;
- object to processing of your personal data;
- request restriction of processing your personal data;
- request transfer of your personal data; and
- right to withdraw consent.
You can find more information about your rights here: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/
If you wish to exercise any of the rights set out above or have any queries, please email us at firstname.lastname@example.org.
Generally, fees for access to your personal data (or in the exercise of any of your other rights) can no longer be charged. You will therefore not have to pay any fee to exercise your rights, including to access your own personal data. However, if your request appears unfounded, repetitive or excessive we may either decide to charge a reasonable fee or we may refuse to comply with your request. We will always explain to you our reasons for doing so.
In order to help us we may need to confirm your identity and ensure that you have the right to access the data you are requesting or exercise any of your other rights. In order to do that, we may need to request specific information from you as a security measure to ensure that we are not disclosing personal data to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request in order to speed up our response.
Legitimate requests will generally be dealt with in one calendar month. Sometimes it may take a bit longer if there are numerous requests or if the request is a little more complex than usual. We will always keep you up to date with our progress.
WHAT INFORMATION WE MAY ASK YOU TO PROVIDE
We may ask you to provide the following information:
- your name (and possibly job title)
- contact information such as email address, phone number, correspondence address;
- demographic information such as postcode, lifestyle interests, business pursuits;
- optional information about your needs, interests, preferences, challenges for examples when we’re inviting you to fill out surveys, questionnaires, on boarding information or enrolments to coaching programmes;
- photographic evidence and/or video footage (this is usually if you attend one of our events in which case you will be asked for specific consent for this)
- as a customer, we would need to collect financial information for a transaction, a signature on a contract or other personal data in the context of our working together and to allow us to operate our business in accordance with the law.
USING YOUR PERSONAL DATA
We only use your personal data for purposes which we need to – to protect ours and your interests and prevent illegal activity and make sure that what we offer and do in the world is safe and secure.
For example, we may use the personal data you provide in the following ways:
To reply to you if you contact us for help or a query;
- To fulfil our contract with you when you’ve bought something from us;
- To send you valuable information which we think you’ll enjoy and like relating to our services, events, what we’re up to, how you can connect with us… but ONLY if you consent to this and if you ask us to stop then we will;
- To make sure that the Site is helpful and attractive for you and working effectively for your computer and devices and so we can meet the preferences and interests that you’ve told us about;
- To allow you to play properly with our Site and online services, so you can interact with us when you want to;
- To tell you if we make changes to our Site or service;
SHARING YOUR PERSONAL DATA
Some of our third parties service providers are based outside the European Economic Area (EEA). This means that when they process your personal data it inevitably means that such data is transferred outside of the EEA. Such transfers have been prohibited unless we meet certain criteria prescribed by European law when making such a transfer. As a result, we do our best to ensure that the same level of security of data is in place by ensuring at least one of the following safeguards is implemented:
- the country to which your personal data is proposed to be transferred having been deemed by the European Commission to provide an adequate level of protection for personal data; or
- the use of certification mechanisms approved by the European Commission, specific contracts or codes of conduct which give personal data the same protection it has in Europe; or
- in the case of third parties based in the US, where they are part of the EU-US Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US.
Please email us at email@example.com if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.
If none of the above safeguards is available, we may instead request your explicit consent to the specific transfer. You will have the right to withdraw this consent at any time.
We would like to send you information about products and services, events, special offers and news updates which are intended to be of value and interest to you. Where we have your consent or it is in our legitimate interests to do so, we may do this by post, email, telephone, text message (SMS) or automated call.
We will ask whether you would like us to send you marketing messages when you tick the relevant boxes when you provide your personal data to us for the first time.
If you have previously agreed to being contacted in this way, you can unsubscribe at any time by:
- contacting us at firstname.lastname@example.org or
- using the ‘unsubscribe’ link in our emails to you;
Please note it may take up to 5 days for your unsubscribe request to take place.
For more information on your rights in relation to marketing, see ‘Your rights’ above.
COOKIES AND SIMILAR TECHNOLOGIES
Through your use of our website you will have access to links, plug-ins and applications that are not under our control. When you click on those links or open the connection associated with those links it may be that the third party that does control them collects and shares your personal data. We cannot be responsible their privacy statements. When you leave our website, please ensure you read the privacy notice of each website you visit as there may be significant differences that affect you.
KEEPING YOUR PERSONAL INFORMATION SECURE
We have appropriate security measures in place to prevent personal information from being accidentally lost or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
HOW LONG WE WILL KEEP YOUR PERSONAL DATA – DATA RETENTION
We will only ever keep your personal data for as long as we need it to be able to fulfil the purposes for which we collected it in the first place. This will include any reporting requirements, legal requirements or accounting requirements.
When we think about how long we should keep or retain your data, we think about:
- the amount, nature, and sensitivity of the personal data;
- the potential risk of loss, damage or harm from any disclosure, loss, misuse or unauthorised use of your personal data;
- the purposes for which we process your personal data and whether we can achieve those purposes without needing your personal data, and
- the applicable legal requirements, for example we have to keep basic information about our customers for six years after they cease being customers for tax purposes.
You have the legal right to ask us to delete your data in certain circumstances. Please see the section above entitled ‘Your Rights’ for further information.
We may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you. This is because you can no longer be identified from the anonymised data.
WHAT IF THE INFORMATION WE HOLD ABOUT YOU IS WRONG?
It is very important that any personal data we hold about you is correct and is current i.e. is up to date. You have the right to correct us if any information we hold is incorrect or out of date. Please tell us if at any time your personal information changes or if we just have it wrong by emailing us at email@example.com
WHAT IF WE GET SOMETHING WRONG?
If we get something wrong, we want to put it right as quickly as possible. We would really appreciate it if you would contact us first to try and resolve the issue if you ever have any cause to be unhappy with any aspect of the way in which we collect and use your data. However, if you remain unhappy please note that you always have the right to make a more formal complaint through the Information Commissioner’s Office (ICO) is the UK supervisory authority for data protection issues and their website is at www.ico.org.uk. We will work with ICO to ensure that any such complaint is dealt with to your complete satisfaction and in as short a time as possible.
SCHEDULE 1 – THE LEGAL BASES FOR OUR PROCESSING
|CATEGORY OF DATA||EXAMPLES||LAWFUL GROUNDS|
|Communication Data||Pretty much any communication that you send to us. For example, via the contact form on our website, an email, a text, any social media messaging, or any social media posting.||We process this data for the purposes of communicating with you, for record keeping and for the establishment, pursuance or defence of legal claims. Our lawful ground for this processing is our legitimate interests which in this case are to reply to communications sent to us, to keep records and to establish, pursue or defend legal claims.
|Customer Data||This includes data relating to any purchases of goods and/or services such as your name, title, billing address, delivery address email address, phone number, contact details, purchase details and your card details.||We process this data to supply the goods and/or services you have purchased and to keep records of such transactions. Our lawful ground for this processing is the performance of a contract between you and us and/or taking steps at your request to enter into such a contract.
|User Data||This includes data about how you use our Site and any online services together with any data that you post for publication on our Site or through other online services such as the Rubica Academy.||Our lawful ground for this processing is our legitimate interests which in this case are to enable us to properly administer our Site and our business. We process this data to operate our Site and ensure relevant content is provided to you, to ensure the security of our website, to maintain back- ups of our Site and/or databases and to enable publication and administration of our website, other online services and business.
|Technical Data||This is data about your actual use of our Site and other online services. It might include your IP address, your login data, details about your browser, length of visit to pages on our Site, page views and navigation paths, details about the number of times you use our Site, time zone settings and other technology on the devices you use to access our Site. The source of this data is from our analytics tracking system.||We process this data to analyse your use of our Site and other online services, to administer and protect our business and Site, to deliver relevant Site content and advertisements to you and to understand the effectiveness of our advertising. Our lawful ground for this processing is our legitimate interests which in this case are to enable us to properly administer our Site and our business and to grow our business and to decide our marketing strategy.
|Marketing Data||This could include data whether you agree to receive marketing from us (and our third parties) and your communication preferences. We process this data to enable you to partake in our promotions such as competitions, prize draws and free give-aways, to deliver relevant Site content and advertisements to you and measure or understand the effectiveness of our communications and advertising.||Our lawful ground for this processing is our legitimate interests, for example in order to evolve and improve our services we like to study how customers use our products/services, and this helps us to expand and develop them, to grow our business and to decide our marketing and commercial strategy.
|Prospect Data||This could be data we have collected from you when you made an enquiry about our services through our Site or on social media or using email or phone or other communication tool. It may also we data we collect when you request or opt in to one of our free information resources.||We process this information in order to effectively reply to your enquiry and give you information you need and maintain a record of this, this is necessary at your request and a pre-cursor to entering into a contract and for our legitimate interests in running our business and replying to communications and sending you information. It is also necessary for record keeping should we need to establish, pursue or defend a legal claim.
We hope you enjoy continuing to browse this Site and you may get in touch with any queries or further information you need. Email: firstname.lastname@example.org
Last Update: May 2020