In order to provide our services to you and to promote our business, we will need to collect and process certain personal information about you.
If you have any questions at all about this policy or the Website, or about how we use and process your personal information, please do not hesitate to contact us by e-mail at [email protected] or, alternatively, in writing to Petaurum Solutions Ltd, Kemp House, 152 – 160 City Road, London EC1V 2NX, United Kingdom.
- Our role
- What information we collect
- Lawful basis and purposes of processing of your personal information
- Uses made of the information
- Disclosures of the information
- Direct mailings
- Keeping your data secure
- Transfers of your information out of the EEA
- Retention Periods
- Your Right to Withhold Information and Your Right to Withdraw Information After You Have Given it
- Summary of Your Rights under GDPR
- Contact us or the ICO
- What Happens If Our Business Changes Hands?
1. Our role
If you do not already have a relationship with us, we may hold limited personal information about you so that we may contact you to promote our products and/or services.
For the purposes of the applicable Data Protection Laws, Petaurum Solutions Ltd is the data controller of your personal data collected in connection with your use of our Website.
2. What information we collect
In addition to the information provided to us by your employer or the Club / Association, we will collect certain personal information about you when you activate your account or fill in forms on our Website, or when you contact us by phone, e-mail, online chat or otherwise.
We will, therefore, hold the information provided by your employer or the Club / Association to create your user profile and further information you provide to us.
We may also require certain information from you when you make a purchase on our Website, or redeem a benefit, enter a promotion, competition or survey and/or when you report a problem with our Website.
When you submit personal information in connection with making a payment via the Website, such personal information is encrypted and protected with encryption software that lets your browser automatically encrypt data before you send it to us. While on a secure page the padlock icon on the address bar of Web browsers such as Google Chrome or Microsoft Edge becomes locked.
With regard to each of your visits to our Website we will automatically collect the following information:
- if you are using our Website as a registered user, we will collect information about your log-on credentials.
- technical information, including the internet protocol (IP) address used to connect your computer or mobile device to the internet, type of mobile device you use, a unique device identifier, mobile network information, your login information, browser type and version you use, browser plug-in types and versions, operating system and platform;
- information about your visit to our Website, including the full uniform resource locators (URL) clickstream to, through and from our Website (including date and time); pages you viewed or information you searched for; page response times, download errors, length of visits to certain pages; and
- details of your visits to other websites via our Website.
We also work with third parties (including, for example, electronic analytics, business partners, sub-contractors in technical and payment services, advertising networks, analytics providers, search information providers) and may receive certain information about you from them.
When we wish to send you information about our services, and you do not currently use our services, we may collect your contact details, for example, your name, email address and job title. This information may be provided directly by you, when you express interest in our website, or may be obtained through third parties.
3. Lawful basis and purposes of processing of your personal information
All personal data is stored securely and processed in accordance with the Data Protection, Privacy and Electronic Communications Regulation 2019 (UK GDPR) and where applicable, the EU GDPR. We collect information about you so that we can:
- identify you and manage your account on our Website;
- process your transactions;
- liaise with your employer, Club / Association, our suppliers and group companies;
- administer our contract with you and with your employer or the Club / Association;
- improve our services;
- promote our business and market our services;
- manage our business, including for accounting and auditing purposes;
- conduct our regular reporting activities on the performance of our company, in the context of a business reorganisation or group restructure;
- maintain our IT systems and manage hosting of our data;
- deal with legal disputes involving you, your employer, the Club / Association or our suppliers;
- prevent fraud; and
- comply with our regulatory obligations.
We will only use your personal information when the law allows us to, i.e. when it is necessary to:
- perform our obligations towards you and/or your employer or the Club / Association, as set out in this policy
- comply with our legal and regulatory obligations;
- pursue our legitimate interests (e.g. conducting our business in an efficient, compliant and profitable manner and the overall promotion of the business), and where your interests and fundamental rights do not override these interests. It may also become necessary to process your personal data for a legitimate interest of a third party, such as your employer or the Club / Association. We will also rely on our legitimate interests for the proper administration of our Website, and to manage our operations (for example, maintaining appropriate records and databases).
If you have provided us with your individual contact details (for example, your personal email address), we will rely on your consent to send you electronic communications such as our newsletters and emails with information about our products and/or services. If we hold your business contact details (for example, your work email address), we will rely on legitimate interests of the business to send you electronic communications, but we will always provide you with an option to opt out from future communications of this kind. See the “Direct mailings” section below for more details.
Some of the above grounds and purposes for processing will overlap and there may be several grounds which justify our use of your personal information.
We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
4. Uses made of the information
We use your data to provide the best possible services to you. This includes:
- communicate with you in response to a specific action performed by you on our Website, for example when you experience an issue when buying or redeeming a benefit;
- to provide you with support in using our Website;
- to provide you, or enable selected third parties to provide you, with information about goods or services we or they offer. For more details see “Direct Mailings” section;
- to ensure that content from our Website is presented in the most effective manner for you and for your computer and/or your mobile device.
We will use the information we collect about your use of our Website:
- to administer our Website for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
- to improve our Website to ensure that content is presented in the most effective manner for you and for your computer and/or your mobile device;
- to help us improve and personalise our services;
- to allow you to participate in interactive features of our Website when you choose to do so;
- as part of our efforts to keep our Website safe and secure;
- to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you; and
- to make suggestions and recommendations to you and other users of our Website about goods or services that may interest you or them.
In some cases, the collection of data may be a statutory or contractual requirement, and We will be limited in the products and services We can provide you without your consent for Us to be able to use such data.
With your permission and/or where permitted by law, We may also use your data for marketing purposes which may include contacting you by email with information, news and offers on Our services. We will not, however, send you any unsolicited marketing or spam and will take all reasonable steps to ensure that We fully protect your rights and comply with Our obligations under the UK GDPR, the Data Protection Act 2018 and the Privacy and Electronic Communications (EC Directive) Regulations 2003, as amended in 2004, 2011 and 2015.
Under UK GDPR we will ensure that your personal data is processed lawfully, fairly, and transparently, without adversely affecting your rights. We will only process your personal data if at least one of the following lawful grounds may applies:
- you have given consent to the processing of your personal data for one or more specific purposes;
- processing is necessary for the performance of a contract to which you are a party or in order to take steps at the request of you prior to entering into a contract;
- processing is necessary for compliance with a legal obligation to which we are subject;
- processing is necessary to protect the vital interests of you or of another natural person;
- processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; and/or
- processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by the fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child. Where this may be the condition used to process data, we may conduct a Legitimate Interest balancing test.
5. Disclosures of your Information
We do not sell or share your personal data with third parties for them to use for marketing purposes.
We may allow our staff, consultants and/or external service providers acting on our behalf, and our provider of payment services, to access and use your personal data for the activities we have described above. We only permit them to use it to deliver the relevant service, and if they apply an appropriate level of security protection.
We will share your personal information with the following third parties:
- other companies within our group;
- our agents and service providers;
- your employer or the relevant Club / Association (where applicable)
- our regulators;
- law enforcement agencies in connection with any investigation to help prevent unlawful activity; and
- in the context of the possible sale or restructuring of our business.
We require third parties to respect the security of your data and to treat it in accordance with the law. All our third-party service providers and other entities in the group are required to take appropriate security measures to protect your personal information. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.
We also reserve the right to disclose the information collected about you to our professional advisors and/or if we, in good faith, believe it necessary to protect the personal safety of users or the public.
We may share aggregated demographic information with our partners, clients and advertisers. This is not linked to any personal information that can identify any individual person.
We may partner with another party to provide specific services. When you sign up for these services, we will share names or other contact information that is necessary for the third party to provide these services.
These parties are not allowed to use any personally identifiable information except for the purpose of providing these services. We may also use such aggregated information and statistics for monitoring the Website usage in order to help us develop the Website and our services and may provide such aggregate anonymous information to third parties.
7. Direct mailings
We may occasionally send out newsletters, offers or alerts to our members and to other business contacts. We may also wish to provide you with information about special features of our Website or any other service or products we think may be of interest to you.
Where required by the Data Protection Laws (for example, if you have provided your personal contact information) we will send you such information only if you have specifically elected to receive it. You can opt-out from receiving such communications at any time – please see “Your rights” section below. From time to time the Website may request information from you via surveys or contests. Participation in these surveys or contests is completely voluntary and you, therefore, have a choice whether or not to disclose this information. Information requested may include contact information (such as name and shipping address), and demographic information (such as postcode or age level). Contact information will be used to notify the winners and award prizes. Survey information will be used for purposes of monitoring or improving the use of and satisfaction with this Website.
8. Keeping your data secure
We only keep your data for as long as We need to in order to use it as described below in section 10, and/or for as long as We have your permission to keep it. In any event, We will conduct an annual review to ascertain whether we need to keep your data. Your data will be deleted if we no longer need it in accordance with the terms of our Data Retention Policy.
Your data will only be stored in the UK or within the European Economic Area (“the EEA”) (The EEA consists of all EU member states, plus Norway, Iceland and Liechtenstein).
Data security is of great importance to Us, and to protect your data We have put in place suitable physical, electronic and managerial procedures to safeguard and secure data collected through Our Site.
Steps We take to secure and protect your data include:
- Firewall to all external facing service.
- Encryption of Data
Notwithstanding the security measures that We take, it is important to remember that the transmission of data via the internet may not be completely secure and that you are advised to take suitable precautions when transmitting to Us data via the internet.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
9. Transfers of your information out of the EEA
We may need to transfer your personal data outside the European Economic Area (EEA), for example, if one of our suppliers or group companies is located outside the EEA. We will ensure that any supplier or groups provide full assurance that any transfer of your data will be subject to appropriate safeguards, such as a European Commission approved contract (if appropriate) that will ensure you have appropriate remedies in the unlikely event of a security breach.
10. Retention periods
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances, we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you. Once you are no longer our customer, we will retain and securely destroy your personal information in accordance with applicable laws and regulations.
When you submit information via Our Sites, you may be given options to restrict Our use of your data. We aim to give you strong controls on Our use of your data (including the ability to opt-out of receiving emails from Us which you may do by unsubscribing using the links provided in Our emails.
You may also wish to sign up to one or more of the preference services operating in the UK The Telephone Preference Service (“the TPS”), the Corporate Telephone Preference Service (“the CTPS”), and the Mailing Preference Service (“the MPS”). These may help to prevent you receiving unsolicited marketing. Please note, however, that these services will not prevent you from receiving marketing communications that you have consented to receiving.
11. Your Right to Withhold Information and Your Right to Withdraw Information After You Have Given it
You may access certain areas of Our Site without providing any data at all. However, to use all features and functions available on Our Site you may be required to submit or allow for the collection of certain data.
You also have the right to ask us not to process your personal data for marketing purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data. You can also exercise the right at any time by contacting us at: [email protected] You can always unsubscribe from our email communications at any time by following the unsubscribe link in our email communications, or by updating your email preferences on your profile on our Website.
You may withdraw your consent, if consent is the condition replied upon, for Us to use your personal data as set out in section in 4 at any time by contacting us using the details set out in this section, and We will delete Your data from our systems. However, please note that we may not be able to provide our services and we may need to deactivate your account on our Website.
Your duty to inform us of changes
It is important that the personal information we hold about you is accurate and current. Please let your employer or the Club / Association and/or us know if your personal information changes during your relationship with us.
12. Summary of Your Rights under GDPR
Under the GDPR, you have:
- the right to request access to, deletion of or correction of, your personal data held by Us;
- the right to complain to a supervisory authority;
- be informed of what data processing is taking place;
- the right to restrict processing;
- the right to data portability;
- object to processing of your personal data;
- rights with respect to automated decision-making and profiling (see section 14 below).
13. Contact us or the ICO
If you have any concerns or complaints about our privacy activities, you can contact us on [email protected] You can also contact the Information Commissioner’s Office on 0303 123 1113.Our ICO reference number is ZA771373
For more details about your rights under the Act, the rules we have to adhere to in collecting and storing your information, and how you can check your data records, please visit https://www.gov.uk/data-protection/the-data-protection-act.
14. What Happens If Our Business Changes Hands?
In the event that any of your data is to be transferred in such a manner, you will be contacted in advance and informed of the changes. When contacted you will be given the choice to have your data deleted or withheld from the new owner or controller.
Date of last update: 15th October 2020