This policy may be updated from time to time to keep up with legal and/or business developments, so you should check it regularly when you use our services.
- 1 Types of information we may collect about you
- 2 How we look after your information
- 3 How and why we use your information
- 4 Cookies Policy
- 5 Who we share your information with
- 6 How long we hold personal information for
- 7 Your rights and further information
- 8 How to contact the DPO
Types of information we may collect about you[edit | edit source]
When you sign up to our services we may collect personal information about you. Different services may require different types of information. If you are aged 16 or under, you must get your parent/guardian’s permission before you provide us with your personal information. Unless you have this consent you are not allowed to give us your information. Here is some more specific detail about the information we collect:
- Information you give to us: information that you provide by filling in forms on our services. This includes information provided at the time of signing up to our products or services, creating a user account, posting material, filling in a survey or requesting further services. We will also ask you for information when you enter a competition or promotion and when you report a problem with our services. This information will normally include information about yourself (such as your name) and contact details (such as address, email address, telephone number etc);
- Information about your location: we may collect information about your actual location, but the information is used only for statistical purposes in a way that your actual location is not processed.
- Information about transactions: if you add an online profile to your own account, we will make a record of the details of that transaction.
- Contact information: if you contact us, we may keep a record of that correspondence.
As well as collecting information directly, we may receive personal information about you from third parties (such as our business partners) where you have provided your permission to them to share your information, or they are otherwise legally permitted or required to disclose your personal information to us. We may also collect information gathered from publicly available sources and social media platforms based on the information you provide in your own user profile. We may also compile and share aggregated data, such as statistical or demographic data. This gathers together your personal information and that of others in an aggregated, anonymised way. It does not directly or indirectly reveal your identity. If you fail to provide the personal information we have requested where we are required to collect this by law, or to perform our contract with you, we may be unable to perform the service we have or are trying to serve to you. However, we will notify you if this is the case.
We are committed to protecting your personal information, and we have appropriate procedures and security features in place to keep it secure and prevent unauthorized access.
Unfortunately, transmission of information via the internet is not completely secure. Although we do our best to protect your information, we cannot guarantee its security and when giving us your information you do so at your own risk.
How we look after your information[edit | edit source]
The information that we collect from you may be transferred to, stored at, or accessed from a destination outside the European Economic Area (which consists of the EU, Iceland, Norway and Lichtenstein) by us (or by someone acting on our behalf) where it is necessary to provide you with services. Where this is the case, we will always ensure that appropriate protection is in place to protect your personal information.
How and why we use your information[edit | edit source]
We may use your information for a number of purposes, depending on how and where we receive it. We will always do so on a lawful basis, which will normally be one of the following justifications. We may use your information for a number of purposes, depending on how and where we receive it. We will always do so in one or more of the lawful ways set out here:
With consent[edit | edit source]
We will set out why we would like to use your data, and ask for your permission to do this. For example, we will do this where:
- we would like to send you carefully selected newsletters, special offers and/or promotions from the service you are using (which may also feature relevant offers from our business partners) and/or the Granite Devices by email and/or other means.
- we would like to pass your information to carefully selected organisations to allow them to tell you about their special offers or products and services that may be of interest to you;
- we process “special categories” of personal data about you, such as your health or fitness; and
Where our processing of your information is based on your consent, you can withdraw this consent at any time using the details in the “How to contact us” section, by changing your account settings if you have an online account with us. You will also be given a straightforward way to opt out of our marketing messages each time you receive a communication from us. Please note that it may take up to two weeks to implement changes to your preferences.
To perform our contract with you[edit | edit source]
In some circumstances we will need to use your information to help us provide you service. For example, we will do this:
- to meet product orders, requests for services or information and to process payments and any other requests you make of us;
- if we need to contact you for reasons related to the service you have signed up for e.g. to provide you with password reminders, to inform you of new or improved benefits relating to the product or service, or to notify you that a particular service has been suspended for maintenance;
- to tell you about changes to our service;
- to manage our competitions and contact the winners; and
- to enable other people or businesses to carry out work on our behalf.
Legitimate interests[edit | edit source]
Sometimes we will use your information for specific purposes we have carefully considered, taking into account any potential impact on you and your rights, where it will help us to enhance the services we provide and benefit our customers. This may include:
- to personalise or improve our communications with you. For example, we may use your usage history with us to provide you with tailored information about other products or services which are more likely to be of interest to you;
- for statistical and analytical purposes, in order to help us understand our audiences, improve the products and services we offer, and to determine the price we should charge for digital advertising (if applicable);
- to contact you about a submission or contribution you have made to our services, including any content you provide;
- to invite you to participate in surveys about our services (participation is always voluntary), in order to help us improve these in future;
- to keep our records up to date, including any correspondence or communications between us;
- to administer and protect our business and websites (including troubleshooting, system maintenance, testing, reporting etc);
- for management and auditing of our business (including the preparation of statistics about circulation and usage of our products);
- to investigate and protect against fraudulent, unauthorised, or illegal activity; and
- providing your information to buyers in the event of a sale or potential sale of Granite Devices (or any of our assets) to a third party.
Where we process your information based on legitimate interest grounds, you may object to this at any time and we will stop using it for that purpose unless we have compelling legitimate grounds or other legal reason for continuing to use it. Please see “What rights do I have?” for further information.
Legal obligation[edit | edit source]
We are entitled to process your personal information where we are under a legal or regulatory obligation to do so.
Cookies Policy[edit | edit source]
- INFORMATION ABOUT COOKIES AND OTHER ONLINE TRACKING TECHNOLOGIES
- ANALYTICS ON OUR WEBSITES
- ADVERTISING ON OUR WEBSITES
- YOUR PREFERENCES
- CONTACTING US
This policy may be updated from time to time to keep up with legal and/or business developments. The date of the most recent changes to each section of the policy will appear at the top of the relevant page.
[edit | edit source]
Generally, we will only use your information within Granite Devices provide you with the service or product you have requested, or to provide you with information about other products or services where we have your permission or a legitimate interest in doing so. We will also disclose your information to other trusted third parties with your consent, or where we have justification for doing so (see “How and why we use your information”). This may include:
- with a third party who is helping us to provide a service to you, such as service processors, customer management and assistance, drawing competition winners, prize providers and/or our IT and database services;
- with a third party who is helping us develop and improve our services to you, such as analytics providers;
- with a third party who is helping us select and deliver interesting and relevant advertising to you and/or other potential customers, such as advertising networks, social media platforms, and search engines. We may also occasionally share anonymous data segments with advertisers to help them make their advertising outside our services more relevant;
- with our trusted business partners to provide insight and analysis of our customers, or where you have told us you would like to receive offers/promotions from those partners;
- with third party auditing organisationsfor reporting purposes, and to review our policies, processes and procedures for compliance with relevant standards;
- with relevant third parties such as your employer, school and/or email or internet provider if you post or send offensive, inappropriate or objectionable content anywhere on our services, or otherwise engage in any disruptive behaviour; and
- when the disclosure is required or permitted by law (e.g. to government bodies and law enforcement agencies).
How long we hold personal information for[edit | edit source]
We collect all personal information for one or more specific purpose (see “How and why we use your information”). This means that we hold your information on our systems for as long as is necessary to fulfil the purpose, or as long as is set out in any relevant contract you hold with us. Once that purpose has been fulfilled, we will securely delete the data, unless we are required to keep the data longer for legal, tax or accounting reasons. For example, if you change your registration profile to opt-out of receiving communications from us, your relevant details will stay on the system so we can ensure that we do not contact you in the future. Alternatively we will anonymise your information, so that we (or anyone else) can no longer tell that the data relates to you, at which point your information will cease to be considered personal information.
Your rights and further information[edit | edit source]
You have the following rights in relation to the personal data we hold about you:
- access – you can ask us for a copy of any personal information that we hold about you. If you require additional copies of the data, we may charge an administrative fee;
- corrections – we use reasonable efforts to update the personal information we hold about you, but you can request that we amend any inaccurate or incomplete personal data that we hold;
- restriction – you can request that we suspend the processing of your personal data where, for example, you object to our processing of it (see below) or while we correct any inaccuracies;
- objection – you can tell us that you object to the processing of your personal data where, for example, we are using it for direct marketing purposes, or we are processing it on the grounds of “legitimate interests” (see above) and you feel it impacts your rights. If we feel we have a compelling reason to carry on this processing we will let you know, otherwise we will no longer use it for that purpose;
- withdrawal of consent – where you have given us your consent to process your personal data for a particular purpose (or purposes), you can withdraw this permission at any time by letting us know;
- deletion – we use reasonable efforts to delete your data when we no longer need it (see “How long do you hold personal data for?” above). However, you can also ask us to delete your personal data from our records in certain circumstances – for example, where you have withdrawn your consent for us to use it (see above). If we are unable to comply with your request for legal reasons, we will tell you this; and
- transfer – you can ask for any personal data you have previously provided to us to be transferred to you in a usable electronic format, or to a third party (where this is technically feasible), so you can use it elsewhere.
When you make a request, we may request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We try to respond to all legitimate requests within one month, unless your request is particularly complex or you have made a number of requests, in which case it may take longer. If this is the case, we will keep you updated.
How to contact the DPO[edit | edit source]