This policy sets out the basis on which personal data collected from you, or that you provide to us will be processed by us. This policy is in addition to additional obligations relating to your personal data contained in the specific terms and conditions that you may enter into with us in respect of our delivery and your receipt of File Protect Limited.
1. IceBlue Marketing & Design Ltd T/as FileProtect. Registered office Finch House, 28/30 Wolverhampton Street, Dudley, DY1 1DB
2. PERSONAL DATA COLLECTED FROM YOU
2.1 The personal data that we collect from you is as follows:
2.1.1 your name, your geographical address and/or IP address, your email address (hereinafter collectively referred to as "your Personal Data").
2.1.2 the banking and payment information from your or the person/company nominated as being responsible paying the bill ("Billing Information").
2.2 If you have provided us with the personal data of another person ("Third Party Personal Data") you confirm that they consent to the processing of their personal data by us and that you have informed them of our identity and the purposes (as set out herein and in any agreement between us) for which their personal data will be processed.
2.3 You thereby consent to the collection and processing of payments by File Protect Limited, or by a third party payments service provider acting on File Protect Limited behalf, to process or deliver orders, invoices, or notify you of the status of your order made via our website. No other use is made of your Billing Information, nor is it stored by us other than for use as set out in this paragraph 2.2.
3. OUR LEGAL BASIS FOR COLLECTING AND PROCESSING YOUR DATA
3.1 Contractual basis: When you click the “accept” box you are agreeing to be bound by this Privacy Notice which is part of the T&C and together form the basis of our contractual relationship with you. Therefore, we may collect, hold and process your personal data on the basis that you have accepted our contractual terms by agreeing to this Privacy Notice and the T&Cs. For this reason, when we need to send you any notification regarding any change in the Privacy Notice or any communication regarding these documents we may send you an email including the relevant provisions, such as answering your queries, complaints, acknowledgement of how many points you have, activation messages, deletion request responses.
3.2 Consent: We collect, hold and process your personal data on the basis that you give us consent when you accept this Privacy Notice and choose the different options (defined above in “your communication preferences”). In other words, we set out what we are going to do with your data in this Privacy Notice.
• We present a link to this Privacy Notice from our website.
• We ask you to read this Privacy Notice to ensure you are happy with the way that we will process your data.
• We ask you to confirm that you agree with our Privacy Notice when you confirm your decision to use FileProtect.
• You also have the option to opt in to the different marketing options that you prefer.
You remain in control of the personal data you share with FileProtect. You can change your preferences in at any time, by choosing whether you want to give consent to your data being processed for specific types of communication and / or communication channels. You can cancel your account at any time and your details and information will be deleted.
3.3 Legitimate interest: We may collect, hold and process your personal data on the basis of legitimate interest where it is necessary in order for us to fulfil our needs as a business and to be able to provide you with our services, and send you information about FileProtect’s features and updates.
NOTE: if you do not want to continue to receive these types of emails – notifications – you can opt-out at any time by sending an email to the following email address firstname.lastname@example.org
3.4 Vital interest: We may use your personal information to contact you if we reasonably believe that there is any urgent safety or product issue that we need to communicate to you because the processing of your personal data will prevent or reduce any potential harm to you. This type of notification is in your vital interest.
3.5 Legal Obligation: We may use and process your personal data to comply with our legal obligations such as HMRC requirements, if the Police requests it or to identify you as an individual if you contact us, or to verify the accuracy of your data.
4. USES MADE OF YOUR PERSONAL DATA
4.1 Your Personal Data shall be kept confidential by us.
4.2 IceBlue Marketing & Design Ltd T/as FileProtect confirm that we comply with the principles of the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679)
4.3 Our company’s policy and reputation has been built on our ability to keep client data confidential and secure.
4.4 The Company shall, as far as is reasonably practicable, comply with the Data Protection Principles contained in the current legislation in order to ensure that all data is:
• Fairly and lawfully processed
• Collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes. Further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes
• Adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed.
• Not kept for longer than necessary
• Accurate and, where necessary, kept up to date. Every reasonable step must be taken to ensure that personal data that is inaccurate, having regard to the purposes for which it is processed, is erased, or rectified without delay.
• Kept in a form which permits identification of data subject for no longer than is necessary for the purposes for which the personal data is processed. Personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes, subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of the data subject.
• Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organisational measures.
• Not transferred to other countries without adequate protection
• Where consent is relied upon, the Company will ensure that such consent is specific and granular
4.5 Your privacy and security are of primary importance to us and we are committed to safeguarding the privacy and security of our web based software users. We will always follow the principles set out above.
4.6 We will use your Personal Data as follows:
4.6.1 to enable us to provide the services which we have agreed to provide to you;
4.6.2 to alert you to any product and service changes and updated information; and
4.6.3 for our own administration purposes.
4.7 In the event you do not wish for us to use your Personal Data for alerting purposes, please advise us by email
4.8 We shall not pass your Personal Data to any third party for marketing purposes unless you have provided us with your consent to do so.
5. RETENTION OF YOUR PERSONAL DATA
5.1 The Company shall not keep personal data for any longer than is necessary in light of the purpose or purposes for which that personal data was originally collected, held, and processed.
5.2 When personal data is no longer required, all reasonable steps will be taken to erase or otherwise dispose of it without delay.
5.3 The DPO will instruct specific members of staff to periodically review the data being held by the Company and to review whether or not it is still required to be held. This review will take place on an annual basis or, on an ad hoc basis should any issues be identified.
5.4 If your Personal Data changes, please notify us in writing at IceBlue Marketing & Design Ltd T/as FileProtect, 6 Church Street, Kidderminster, Worcestershire, DY10 2AD or emailing us at email@example.com.
5.5 We will update your Personal Data within seven (7) working days of any new or updated personal data being provided to us, to ensure that the personal data we hold about you is as accurate and up to date as possible.
6. YOUR RIGHTS
6.1 Data subjects may make subject access requests (“SARs”) at any time to find out more about the personal data which the Company holds about them, what it is doing with that personal data, and why. The responsibility of responding to any SAR shall be that of the DPO. If you wish to contact us for these purposes, please email us at firstname.lastname@example.org.
6.2 Data subjects wishing to make a SAR may do so in writing, using the Company’s Subject Access Request Form, or other written communication.
6.3 SARs should be addressed to the Company’s Data Protection Officer at IceBlue Marketing & Design Ltd T/as FileProtect, 6 Church Street, Kidderminster, Worcestershire, DY10 2AD
6.4 Responses to SARs shall normally be made within one month of receipt, however this may be extended by up to two months if the SAR is complex and/or numerous requests are made. If such additional time is required, the data subject shall be informed.
6.5 All SARs received shall be handled by the Company’s Data Protection Officer.
6.6 The Company does not charge a fee for the handling of normal SARs. However, the Company reserves the right to charge reasonable fees for additional copies of information that has already been supplied to a data subject, and for requests that are manifestly unfounded or excessive, particularly where such requests are repetitive.
6.7 Data subjects have the right to require the Company to rectify any of their personal data that is inaccurate or incomplete.
6.8 The Company shall rectify the personal data in question, and inform the data subject of that rectification, within one month of the data subject informing the Company of the issue. The period can be extended by up to two months in the case of complex requests. If such additional time is required, the data subject shall be informed.
6.9 In the event that any affected personal data has been disclosed to third parties, those parties shall be informed of any rectification that must be made to that personal data.
6.10 The website may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
6.11 Data subjects have the right to request that the Company erases the personal data it holds about them in the following circumstances:
• It is no longer necessary for the Company to hold that personal data with respect to the purpose(s) for which it was originally collected or processed;
• The data subject wishes to withdraw their consent to the Company holding and processing their personal data
• The data subject objects to the Company holding and processing their personal data (and there is no overriding legitimate interest to allow the Company to continue doing so)
• The personal data has been processed unlawfully;
• The personal data needs to be erased in order for the Company to comply with a particular legal obligation
6.12 Unless the Company has reasonable grounds to refuse to erase personal data, all requests for erasure shall be complied with, and the data subject informed of the erasure, within one month of receipt of the data subject’s request.
6.13 The period can be extended by up to two months in the case of complex requests. If such additional time is required, the data subject shall be informed.
6.14 In the event that any personal data that is to be erased in response to a data subject’s request has been disclosed to third parties, those parties shall be informed of the erasure (unless it is impossible or would require disproportionate effort to do so).
7. DISCLOSURE OF YOUR INFORMATION
7.1 We may disclose your Personal Data and/or Billing Information to any member of our group, which means our subsidiaries if we have received your consent to do so or if we have to do so in order to need to do so in order to carry out our contractual duties with you.
7.2 We may disclose your Personal Data and/or Billing Information to third parties only in the following limited situations:
7.2.1 if File Protect Limited or substantially all of its assets are acquired by a third party, in which case personal data held by File Protect Limited may be transferred to the entity acquiring File Protect Limited; or
7.2.2 if we are under a duty to disclose or share your Personal Data in order to comply with any legal or regulatory obligation, or in order to enforce any of our agreements; or
7.2.3 to protect the rights, property, or safety of File Protect Limited, our customers, or third parties. This includes exchanging information with other companies and organisations for the purposes of fraud protection.
8. DATA BREACH NOTIFICATION
8.1 All personal data breaches must be reported immediately to the Company’s Data Protection Officer.
8.2 If a personal data breach occurs and that breach is likely to result in a risk to the rights and freedoms of data subjects (e.g. financial loss, breach of confidentiality, discrimination, reputational damage, or other significant social or economic damage), the Data Protection Officer must ensure that the Information Commissioner’s Office is informed of the breach without delay, and in any event, within 72 hours after having become aware of it.
8.3 In the event that a personal data breach is likely to result in a high risk (that is, a higher risk than that described under Part 29.2) to the rights and freedoms of data subjects, the Data Protection Officer must ensure that all affected data subjects are informed of the breach directly and without undue delay.
8.4 Data breach notifications shall include the following information:
• The categories and approximate number of data subjects concerned;
• The categories and approximate number of personal data records concerned;
• The name and contact details of the Company’s data protection officer (or other contact point where more information can be obtained);
• The likely consequences of the breach;
• Details of the measures taken, or proposed to be taken, by the Company to address the breach including, where appropriate, measures to mitigate its possible adverse effects.
9. COOKIES AND IP ADDRESSES
9.2 When you visit our site, we may also log your IP address, a unique identifier for your computer or other access device.
10. CONTACT DETAILS
IceBlue Marketing & Design Ltd T/as FileProtect
6 Church Street