From the 25 May 2018, the General Data Protection Regulation (GDPR) replaces the Data Protection Act 1998, giving you as an individual more rights in relation to the personal data we as an organisation may hold about you.
2. Who we are
2.1 Here are the details that we as 'data controller' are required to give to you in accordance with Data Protection Legislation (please note this means the Data Protection Act up to and including 24th May 2018 and from 25 May 2018 and onwards the General Data Protection Regulation (GDPR) and any other applicable law which relates to the protection of individuals rights with regard to the processing of personal data):.
2.1.1 Our Website address is: eosauthority.com
2.1.2 Our company name is: Digitech London Ltd
2.1.3 Our registered address is: Digitech London Ltd trading as EOS Authority, 68 Lombard Street, London, EC3V 9LJ
3. What we may collect
3.1 We may collect, use, transfer and process the following data about you including:
3.1.1 information you put into forms on our Platform at any time. This includes information provided at the time of registering to use our Platform, subscribing to our service, creating an account on our Platform, posting material or requesting further services.
3.1.2 requests that marketing material be sent to you;
3.1.3 information you may provide via our social media platforms; and
3.1.4 information you may provide to us when you contact us by email, phone or otherwise.
3.2 We may also ask for your information when you report a problem with our Platform or provide other feedback and we will collect the following data to enable us to provide our Services to you;
3.2.1 a record of any correspondence between us;
3.2.2 details of transactions you carry out through our Platform
3.2.3 details of your visits to our Platform and the resources you use
3.2.4 any information that you upload to our Platform and any other form of interaction data you may provide; and
3.2.5 information about your computer (e.g. your IP address, browser, operating system etc) for system administration and to report aggregate information to our advertisers. This is statistical data about our users' browsing actions and patterns and does not identify any individual.
3.3 Please note that we do not store credit card details and we do not share customer details with any third parties without the customer's your consent.
3.4 Depending on your circumstances and the products and services selected the personal information we gather about you may include: your name; address; email address; phone number; financial information; personal identification information and any further personal information as may be required as part of the service or product provided or which you share through our Platform.
5. How we use what we collect
5.1 We use information about you to:
5.1.1 present Platform content effectively to you;
5.1.2 provide information on and allow you to use, products and services that you request, or (with your consent) those services which we think may interest you to personalise your experience;
5.1.3 allow us to better our service to you by responding to your customer service requests;
5.1.4 take steps at the request of you prior to entering into a contract or to carry out our contractual obligations and provide you with the products and services under the terms of our contractual arrangement with you;
5.1.5 allow you to use our interactive services if you want to;
5.1.6 to administer a contest, promotion, survey or other Platform feature;
5.1.7 tell you about changes to our service;
5.1.8 we will contact you electronically about similar products and services to those previously sold to you;
5.1.9 with your prior consent, tell you about other goods and services that might interest you; and
5.1.10 we may want to allow selected third parties to contact you directly. We will ask for your consent each time, before passing on your details, and will not do so unless your consent is given.
5.2 In some instances, it may be appropriate for us to combine your information with other information that we may be holding about you, such as combining your name with your geographic location or your browsing or purchasing history.
5.3 If you do want to be contacted for marketing purposes, please tick the relevant box that you will find on screen when we collect your data.
5.4 You can update your preferences at any time by updating your contact preferences or emailing us.
5.5 Please note: we don't identify individuals to our advertisers (if any), but we may give them aggregate information to help them reach their target audience, and we may use information we have collected to display advertisements to that audience.
5.6 Please note, that if you no longer wish for us to process your personal data for marketing purposes, you can contact us at email@example.com and we will update our systems. However, in doing you acknowledge that this may limit the products and services we can provide to you. In some cases, the collection and retention of personal data may be a statutory or contractual requirement.
5.7 In addition to 5.1 we will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
5.7.1 Where we need to perform the contract we are about to enter into or have entered into with you.
5.7.2 Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
5.7.3 Where we need to comply with a legal or regulatory obligation
5.8 Generally we do not rely on consent as a legal basis for processing your personal data other than in relation to our marketing communications or sending third party direct marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by updating your contact preferences, and we will move your data to our "unsubscribe list". However, you acknowledge this will limit our ability to provide the best possible services to you.
6. Where we store your data
6.1 We may transfer your collected data to third parties for storage outside the European Economic Area (EEA) in connection with the above purposes. For example, your personal data may be processed outside the EEA to fulfil your service request.
6.3 Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US. For further details, see the European Commission: EU-US Privacy Shield.
6.4 Data security is of great importance to us, and to protect your data we have put in place suitable physical, electronic and managerial procedures to safeguard and secure data collected through our Platform. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
6.5 We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
6.6 We have implemented security measures such as a firewall to protect any data and maintain a high level of security.
6.7 Notwithstanding the security measures that we take, it is important to remember that the transmission of data via the internet may not be completely secure and that you are advised to take suitable precautions when transmitting to us data via the internet and you take the risk that any sending of that data turns out to be not secure despite our efforts.
7. Retention of Data
7.1 We will not collect more personal data than we need for the purposes set out in Paragraph 5. We will retain such personal data for the life of your contractual arrangement with us and for a period of up to seven years after your relationship with us has ended. We may however be required to retain personal data for a longer period of time to ensure we comply with our regulatory and legislative requirements. We regularly review our data retention obligations to ensure we do not keep personal data for longer that we are legally obliged to.
7.2 We do not store credit card details, other than storing them momentarily on the App until they have been dispatched to our payments provider.
8. Disclosing your information
8.1 We are allowed to disclose your information in the following cases:
8.1.1 if we want to sell our business, or our company, we can disclose it to the potential buyer;
8.1.2 if we want to sell or buy any business, or assets, we can disclose your personal data to the potential buyer or seller of such business or assets;
8.1.3 we can disclose it to other businesses in our group, which means our subsidiaries, our ultimate holding company and its subsidiary as defined in Section 1159 of the UK Companies Act 2006;
8.1.4 we can disclose it if we have a legal obligation to do so, or in order to protect other people's property, safety or rights;
8.1.5 in connection with legal proceedings (including prospective proceedings);
8.1.6 in order to establish or defend our legal rights; and
8.1.7 we can exchange information with others to protect against fraud or credit risks.
8.2 In addition, we may engage third parties to assist us in carrying out certain functions on our behalf. These include companies to assist with payment processing, search engine facilities, advertising and technology services. We only share the appropriate level of personal data to enable the supplier to provide their services. Where your data is required to be shared we will take all reasonable steps to ensure your data is handled safely and securely and in accordance with our and the suppliers' obligations under Data Protection Legislation.
8.3 Companies who may have access to some personal data include: Web Hosting Providers (Amazon Web Services - AWS, Google), Email Providers (AWS, Sparkpost), SMS alerts, IT and software development, Online advertising management, Accountants, Legal
9. Your rights
9.1 You have a number of rights under the Data Protection Legislation;
9.1.1 The right to request a copy of the information we hold on you. When you request this information, this is known as a Subject Access request (SAR). In most cases, this will be free of charge however in limited circumstances we may apply an administration charge. For example, where repeated requests are made; 9.1.2 The right to have personal data we hold about you transferred securely to another service provider in an electronic form;
9.1.3 The right to have inaccurate personal data corrected;
9.1.4 The right to have any out of date personal data deleted once there's no business need or legal requirement for us to hold it;
9.1.5 The right to object or restrict some processing, in limited circumstances and only when we don't have legitimate grounds for processing your personal data;
9.1.6 The right to object to personal data being used to send you marketing material. As mentioned above, we will only send you marketing material where you have given your consent to do so. You can remove your consent at any time.
9.1.7 You can ask us not to use your data for marketing. You can do this by not ticking the relevant boxes on our forms, or by contacting us at any time at firstname.lastname@example.org
9.1.8 The right to ask for a decision to be made manually, where a decision is made using automated means and this adversely impacts you.
9.1.9 The Data Protection Legislation gives you the right to see information we hold about you. To exercise any of these rights please contact email@example.com.
10.1 We are committed to ensuring your personal data is protected and held securely. However, the internet is not a secure medium and we cannot accept responsibility for the security of an email during transmission or non-delivery of that email.
11. Making a complaint
11.1 If you believe we have not processed any of your personal data in accordance with Data Protection Legislation or you have been affected by non-compliance you can make a complaint at firstname.lastname@example.org.
11.2 If you are not satisfied with our response you can raise a complaint with the UK's Information Commissioner's Office, the UK's independent authority set up to enforce Data Protection Legislation.
12. Links to other websites
14. Terms and Conditions
15. Your consent