Privacy Policy

This privacy policy, alongside the Raven terms and conditions (and all supplementary documentation detailed within those terms), is designed to clearly set out how Raven Ltd. (“We”, “Our”, or “Us”) manage personal data across all aspects of the service, including what personal data we collect from you, why we collect it, what we do with it, and how we take all steps to ensure that your data is secure and kept safe from misuse.

By entering into any business arrangement with Us, or by visiting Our site, you are confirming your acceptance with this policy. If you do not agree with the terms outlined in this policy, you must not attempt to use Our service.

The Data Controller

The Data Controller is Raven Ltd. of 72-76 Steam Packet House, Manchester, M2 4JG, England.

All queries regarding this cookies policy should be addressed to the Data Protection Officer at the above address, who can also be contacted directly at danielb@activewin.co.uk.

What Data Do We Collect?

In the course of any business contract which commences between You and Us, we may collect the following in the means of fulfilling contractual obligations and processing payments.

  • Details which identify You (such as names, addresses, phone numbers, etc… etc…).
  • Any payment details which You provide to Us.
  • A record of any correspondence between You and Us.
  • Information about Your use of Our website, such as location data, traffic data, and other communication data.

How and Why Do We Process This Data?

We use data gathered in the previous fashion in the following ways, and for the following purpose stated.

  • To provide You with the specified product(s) as per any contractual obligation between You and Us.
  • To process financial transactions between You and Us in relation to payment for the above contracts.
  • To send you marketing and promotional material about our products, on the provision that you have provided clear opt-in consent to receive such marketing.
  • Cookies are used for the purposes of website functionality, session management, tracking, fraud prevention, and analysis of website performance (please refer to the Raven Cookie Policy for further details in this regard).

How Do I Withdraw My Consent to This Processing?

If you wish to withdraw your consent for Us to store and process Your data, please contact the Data Protection Officer through the process outlined in the “Data Controller” section of this policy.

The Data Protection Officer will action your request for no further processing to take place using your personal data, but please be aware that any data which is required to be retained for any legal purpose will not be erased. For example, We will stop processing Your data in the event of You making such a request, but we will retain all financial transaction records for a period of no longer than seven years, in order to comply with our legal obligations under the Proceeds of Crime Act (2002).

The Data Protection Officer will confirm which information has been retained, and the basis behind this retention, after completing the request to cease further processing and deletion or anonymisation of all non-essential personal data.

Personal Data Which We Share with Others

We may share any collected data to third parties in any of the following circumstances:

  • Where we have a legitimate interest to do so in the completion of any objectives listed in the “How and Why Do We Process This Data?” section.
  • If we are obliged to share or disclose details in order to comply with any form of legal obligation.
  • Disclosing personal information to a credit reference agency, for the sole purpose of protection of Our business from potentially fraudulent activity, and credit risk reduction.
  • In the event that We are acquired by a third party, all personal data held by Us will become one of the transferred assets.

Please note that any such external bodies whom We share Your information with in keeping with the above objectives will have their own organisational privacy policies, which will take precedence over this agreement for all of the time where data is held and processed by them. However, for the avoidance of doubt, We only work with external parties who comply with the GDPR requirements to which We ourselves adhere, or where the receiving organisation is certified under the EU-US Privacy Shield Framework (or other specifically approved safeguard(s) as recognised by the European Union).

Where Your Data Is Stored

Your data held and processed by Us is stored on secure servers within the United Kingdom, on servers which comply with the ISO/IEC 27001:2015 standard for information security systems.

How Long Do We Store Your Data For

We only retain and process your data for the necessary time frame to complete the task which the data was collected for. The only exception to this is for any data which needs to be retained in order to fulfil a legal obligation (for example, records of any financial transactions are held for a period of seven years, in order to best comply with the Proceeds of Crime Act (2002)). Please refer to the “How Do I Withdraw My Consent to This Processing?” section of this policy for further details as to your right to be forgotten as a data subject.

Your Rights as a Data Subject

You have the right to issue Us with a Subject Access Request (SAR) by contacting Us through the details provided in the “Data Controller” section of this policy. Please include your full name, address, telephone number, and as many specifics of your request as applicable.

Within 30 days of receiving the SAR, the Data Controller will manage your request and provide you with all requested information (excluding any data which would compromise the privacy or confidentiality of any other data subject). In the event that We are unable to process your request within the 30 day window (for example, if the request made is at an extreme of complexity or quantity), you will be notified in this original time frame by the Data Protection Officer, who will explain the reason for the delay and provide a firm estimate of when the SAR will be processed by.

You have the right to raise a SAR free of charge, however We have the right to charge an administrative fee of no more than £10 in the event of excessive, repetitive, or manifestly unfounded requests being made. This fee will be based solely on the administrative costs implied in completing the SAR, and We shall make no profit from charging this fee.

If you are dissatisfied or concerned with how We have stored or processed your personal data, we would recommend contacting the Data Protection Officer in the first instance. If We are unable to resolve your query or compliant to your satisfaction, you have the right to make a complaint to the Information Commissioners Office (ICO), with whom We will comply in all aspects of any investigation which they launch accordingly.

Automated Decision Making

We do not use any automated decision-making processes to make any decision about a data subject which would have any legal effect or implication on said data subject.

Changes to the Privacy Policy, and Issue Status

This Privacy Policy is the property of Us, and is kept under continued review by the Data Protection Officer. We may amend any aspect of this policy at any point without notice to you. In the event of a change being made which would affect your rights as a Data Subject, you will be notified accordingly through your registered contact email. If you consent to the changes made, you need take no action to continue using Our service. If you have any disagreement with changes made to the Privacy Policy, and wish for Us to no longer process your data, you must contact us within 14 days of the change being made through the process explained in the “How Do I Withdraw My Consent to This Processing?” section of this policy.