By entering into any business arrangement with Us, or by visiting Our site, you are confirming your acceptance with this policy. If you do not agree with the terms outlined in this policy, you must not attempt to use Our service.
The Data Controller
The Data Controller is Raven Ltd. of 72-76 Steam Packet House, Manchester, M2 4JG, England.
All queries regarding this cookies policy should be addressed to the Data Protection Officer at the above address, who can also be contacted directly at firstname.lastname@example.org.
What Data Do We Collect?
In the course of any business contract which commences between You and Us, we may collect the following in the means of fulfilling contractual obligations and processing payments.
- Details which identify You (such as names, addresses, phone numbers, etc… etc…).
- Any payment details which You provide to Us.
- A record of any correspondence between You and Us.
- Information about Your use of Our website, such as location data, traffic data, and other communication data.
How and Why Do We Process This Data?
We use data gathered in the previous fashion in the following ways, and for the following purpose stated.
- To provide You with the specified product(s) as per any contractual obligation between You and Us.
- To process financial transactions between You and Us in relation to payment for the above contracts.
- To send you marketing and promotional material about our products, on the provision that you have provided clear opt-in consent to receive such marketing.
How Do I Withdraw My Consent to This Processing?
If you wish to withdraw your consent for Us to store and process Your data, please contact the Data Protection Officer through the process outlined in the “Data Controller” section of this policy.
The Data Protection Officer will action your request for no further processing to take place using your personal data, but please be aware that any data which is required to be retained for any legal purpose will not be erased. For example, We will stop processing Your data in the event of You making such a request, but we will retain all financial transaction records for a period of no longer than seven years, in order to comply with our legal obligations under the Proceeds of Crime Act (2002).
The Data Protection Officer will confirm which information has been retained, and the basis behind this retention, after completing the request to cease further processing and deletion or anonymisation of all non-essential personal data.
Personal Data Which We Share with Others
We may share any collected data to third parties in any of the following circumstances:
- Where we have a legitimate interest to do so in the completion of any objectives listed in the “How and Why Do We Process This Data?” section.
- If we are obliged to share or disclose details in order to comply with any form of legal obligation.
- Disclosing personal information to a credit reference agency, for the sole purpose of protection of Our business from potentially fraudulent activity, and credit risk reduction.
- In the event that We are acquired by a third party, all personal data held by Us will become one of the transferred assets.
Please note that any such external bodies whom We share Your information with in keeping with the above objectives will have their own organisational privacy policies, which will take precedence over this agreement for all of the time where data is held and processed by them. However, for the avoidance of doubt, We only work with external parties who comply with the GDPR requirements to which We ourselves adhere, or where the receiving organisation is certified under the EU-US Privacy Shield Framework (or other specifically approved safeguard(s) as recognised by the European Union).
Where Your Data Is Stored
Your data held and processed by Us is stored on secure servers within the United Kingdom, on servers which comply with the ISO/IEC 27001:2015 standard for information security systems.
How Long Do We Store Your Data For
We only retain and process your data for the necessary time frame to complete the task which the data was collected for. The only exception to this is for any data which needs to be retained in order to fulfil a legal obligation (for example, records of any financial transactions are held for a period of seven years, in order to best comply with the Proceeds of Crime Act (2002)). Please refer to the “How Do I Withdraw My Consent to This Processing?” section of this policy for further details as to your right to be forgotten as a data subject.
Your Rights as a Data Subject
You have the right to issue Us with a Subject Access Request (SAR) by contacting Us through the details provided in the “Data Controller” section of this policy. Please include your full name, address, telephone number, and as many specifics of your request as applicable.
Within 30 days of receiving the SAR, the Data Controller will manage your request and provide you with all requested information (excluding any data which would compromise the privacy or confidentiality of any other data subject). In the event that We are unable to process your request within the 30 day window (for example, if the request made is at an extreme of complexity or quantity), you will be notified in this original time frame by the Data Protection Officer, who will explain the reason for the delay and provide a firm estimate of when the SAR will be processed by.
You have the right to raise a SAR free of charge, however We have the right to charge an administrative fee of no more than £10 in the event of excessive, repetitive, or manifestly unfounded requests being made. This fee will be based solely on the administrative costs implied in completing the SAR, and We shall make no profit from charging this fee.
If you are dissatisfied or concerned with how We have stored or processed your personal data, we would recommend contacting the Data Protection Officer in the first instance. If We are unable to resolve your query or compliant to your satisfaction, you have the right to make a complaint to the Information Commissioners Office (ICO), with whom We will comply in all aspects of any investigation which they launch accordingly.
Automated Decision Making
We do not use any automated decision-making processes to make any decision about a data subject which would have any legal effect or implication on said data subject.