INTRODUCTION AND DEFINITIONS
Active Posture Limited ("we", "our" and "us") is committed to protecting and respecting your privacy.
This policy sets out the basis on which any personal data, which we collect about you, that you provide to us or that we have received from a third party source, will be processed by us.
If you have questions about correcting or deleting your personal data please refer to sections 3 and 8 below.
References in this policy to "data protection law" mean (as applicable) the Data Protection Act 1998, the General Data Protection Regulation (Regulation (EU) 2016/679) and all related data protection legislation having effect in the United Kingdom from time to time.
References in this policy to "data or "information" include "sensitive personal data" and "special categories of data" (as defined under data protection law) where applicable.
1. OUR DETAILS
1. The data controller with conduct of your personal information is Active Posture Limited (company no: 11314103) of Access House, 207-211 The Vale, Acton, London W3 7QS.
2. Our data protection officer is Daniel Shilemay who may be contacted at the above address.
2. HOW WE USE YOUR INFORMATION
2.1. The following sections explain what information we hold about you, why we are processing that information, the legal basis for the processing, the duration for which we keep your information and (if applicable) who your information will be shared with and where those recipients are based.
Which information do we process and for what purpose?
2.2. We process the following information from you:
2.2.1. Information you give us. This is information about you that you give us
220.127.116.11. Information that you provide by filling in forms, including those on our website. This includes information provided by you at the time of becoming a registered user of our website (or any time thereafter) or if you sign up for our newsletter. This information could include your name, address, contact details and information relating to your posture concerns.
18.104.22.168. When you place order(s) for our products (whether on our Website or otherwise), we collect personal information to process and fulfil your order(s), including your payment card details and delivery address. If you become a registered user of our website, you can save your personal information and delivery addresses for future use.
22.214.171.124. Information contained in and records of communications between us, including recordings of telephone calls.
126.96.36.199. Information about your preferences in connection with our Website, for the purposes of enhancing and personalising your experience on the Website.
188.8.131.52. We will also collect information concerning your marketing preferences.
Such information may be collected when you email us, use our online ordering form, message us via Facebook or Twitter, call us by phone, give us information in person or by letter. We collect information via our Website at www.activeposture.co.uk
2.2.2. Information we collect about you:
184.108.40.206. Details about the transactions you carry out with us, including through our Website.
220.127.116.11. Details of your visits to our Website, including, but not limited to, traffic data, location data (including the country and telephone area code where your computer is located) and the resources that you access (including the pages of our Website that you view).
2.2.3. If you work for one of our retail customers, suppliers or other business partners:
18.104.22.168. Your name, work email address, work phone numbers and work address
22.214.171.124. If you are an independent retailer, the contact details that you provide us when you complete a form to register with us;
126.96.36.199. If you are an installer or other supplier of goods or services to us, when you give us your contact details so that we may contact you to procure goods or services from you.
4. Purposes. We process information you give to us for the following purposes:
188.8.131.52. to carry out our obligations arising from any contracts entered into between you and us; for example, we will use your payment card details and delivery address to process and fulfil your order(s);
184.108.40.206. to manage and administer any other arrangements between you and us;
220.127.116.11. to notify you about changes to our products and to otherwise communicate with you; for example, we will use your contact details in order to respond to any queries that you submit to us;
18.104.22.168. at or following any purchase or order you make, we may carry out security checks to protect against fraudulent transactions and to prevent and detect criminal activity; for example, we may undertake verification checks to identify any discrepancies with your payment details;
22.214.171.124. to carry out market research; for example, we may contact you (including by email) to obtain your feedback on our products and services, and we may use details of your purchases to understand market trends and to identify popular products;
126.96.36.199. to help us review, develop and improve the products and services we offer; for example, calls to us may be monitored and/or recorded for quality control and training purposes;
188.8.131.52. to provide you with product service and support, and possibly to contact you about product recalls;
184.108.40.206. if you are a supplier to place orders with you and to manage our relationship with you as a supplier of goods or services; and
220.127.116.11. to keep financial records relating to our business and to comply with our legal obligations.
What are the grounds for processing your information?
2.3. We are processing your data on the following grounds:
2.3.1. you have consented to the processing for the purposes stated in section 2.2, above (this may apply where you have applied to register with us and have agreed to receive emails about our promotions and product changes).
2.3.2. if you are a customer who is an individual, because it is necessary for the performance of the contract between you and us. This includes where you have instructed us to take some pre-contractual steps prior to us formalising the contract.
2.3.3. the processing is necessary for us to comply with our legal obligations, such as our obligations to keep accounting records and tax records.
2.3.4. the processing is necessary for pursuing our legitimate interest of operating our business of suppling medically approved and patented posture clothing, improving our products and services and promoting the business. In accordance with data protection law, we have carefully weighed your interests and fundamental rights and freedoms against our interest to process your information and are satisfied that we are justified in processing your information for this purpose.
Duration and further processing
2.4. We only keep your information for so long as it is reasonably necessary. When setting our data retention periods, we consider the amount, nature, and sensitivity of the information we hold, the potential risk of harm from unauthorised use or disclosure of the information and the purposes for which we process the information (including whether we can achieve those purposes by other means). We also take into account our other legal obligations to keep or securely dispose of personal information.
2.5. Generally speaking, we retain your information for the following periods of time:
- Marketing purposes (e.g. cookies for facebook and instagram): 180 days
- Order/purchase history: 5 years (required by Danish law)
- Google analytics data: 50 months
- Newsletter: Until active unsubscription
- E-mail and chat inquiries: 2 years by default
If we need to keep your information for a longer period then we will notify you of the reason and grounds for doing so.
Who is your information shared with?
2.6. In order to achieve the purpose(s) set out in section 2.2.4 above, we may share your personal information with any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006. We will not share your personal data with third parties for marketing purposes. We may share your information with selected third parties including the following:
2.6.1. We use third parties to carry out certain activities on our behalf that involve the processing of personal information. For example, we may engage third party service providers to fulfil orders, carry out customer surveys, deliver packages, send postal mail and email, maintain and update our databases of customer details (including the removal of repetitive information), analyse data, provide marketing assistance, process card payments and provide customer service. These third parties have access to personal information needed to perform their functions, but may not use it for other purposes. We may use the information we receive from third parties to supplement, improve and add to our databases of customer details.
2.6.2. We may pass personal information to external agencies and organisations (including the police and other law enforcement agencies) for the purpose of preventing and detecting fraud (including fraudulent transactions) and criminal activity. These external agencies may check the information we give them against public and private databases and may keep a record of such checks to use in future security checks. We may also disclose personal information to the police and other law enforcement authorities in connection with the prevention and detection of crime.
2.6.3. We may pass personal information to our insurers in the event that a claim is made or could be made against us.
2.6.4. In the event that we sell or buy any business or assets, we may disclose personal information held by us about our customers to the prospective seller or buyer of such business or assets. If we or substantially all of our assets are acquired by a third party (or subject to a reorganisation within our corporate group), personal information held by us about our customers will be one of the transferred assets.
2.6.5. We may pass your personal information to third parties if we are under a duty to disclose or share your personal information in order to comply with any legal obligation (including in connection with a court order), or in order to enforce or apply our Website Terms and Conditions or other agreements we have with or otherwise concerning you (including agreements between you and us) or to protect our rights, property or safety or those of our customers, employees or other third parties.
2.7. Some of our third party service providers have servers hosted outside of the European Economic Area (EEA) however have signed up to the EU-US Privacy Shield Framework. Otherwise, to the best of our knowledge, understanding and belief, your information will not be transferred outside of the EEA or to any country which is not approved by the European Commission. If this changes then we will let you know.
Automated decision making
2.8. We do not make automated decisions about you based on your information.
3. YOUR RIGHTS
Under data protection law you have the following rights:
3.1.1. if we are processing your data on the basis of your consent then you have the right to withdraw that consent at any time. Consent can be withdrawn by notifying us using the details set out in section 8 below. The lawfulness of our historic processing based on your consent will not be retrospectively affected by your withdrawal of consent
3.1.2. the right to access a copy of your information which we hold. This is called a 'subject access request'. Additional details on how to exercise this right are set out in section 5, below;
3.1.3. the right to prevent us processing your information for direct marketing purposes. We will usually inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by contacting us using the details set out in section 8, below;
3.1.4. the right to object to decisions being made about you by automated means. We will inform you if your information is subject to automated processing;
3.1.5. the right to object to us processing your personal information in certain other situations;
3.1.6. the right, in certain circumstances, to have your information rectified, blocked, erased or destroyed if it is inaccurate; and
3.1.7. the right, in certain circumstances, to claim compensation for damages caused by us breaching data protection law.
3.2. From 25 May 2018 you will have the following additional rights under data protection law:
3.2.1. enhanced rights to request that we erase, rectify, cease processing and/or delete your information; and
3.2.2. in certain circumstances, the right to request the information we hold on you in a machine readable format so that you can transfer it to other services. This right is called 'data portability'. Additional details on how to exercise this right are set out in section 5, below.
3.3. You also have the general right to complain to us (in the first instance) and to the Information Commissioner's Office (if you are not satisfied by our response) if you have any concerns about how we hold and process
your information. Our contact details are set out in section 8, below. The Information Commissioner's Office website is www.ico.org.uk.
3.4. For further information on your rights under data protection law and how to exercise them, you can contact Citizens Advice Bureau (www.citizensadvice.org.uk) or the Information Commissioner's Office (www.ico.org.uk).
4.1. Cookies are small text files that we transfer to your computer's hard drive through your web browser to enable our systems to recognize your browser and help us to track visitors to our Website so we can better understand what portions of the Website best serve you. It is not possible to place orders and purchase goods and services using the Website unless you have cookies turned on and we suggest that you leave them turned on. Our cookies enable us to provide features such as the ability to store items in your Shopping Basket between visits.
4.2. To find out more about the types of cookies we use on the Website, how we use them and how you can change your cookies settings, please see below:
These cookies are used to store information, such as what time your current visit occurred, whether you have been to the site before, and what site referred you to the web page.
These cookies contain no personally identifiable information but they will use your computer’s IP address to know from where in the world you are accessing the Internet.
Google stores the information collected by these cookies on servers in the United States. Google may transfer this information to third-parties where required to do so by law, or where such third-parties process the information on Google’s behalf.
For more information on the usage of cookies by Google Analytics please see the Google website. A link to the privacy advice for this product is provided below for your convenience. http://www.google.com/analytics/learn/privacy.html
* Internet Explorer: http://windows.microsoft.com/en-GB/windows7/Block-enable-or-allow-cookies
* Google Chrome: https://support.google.com/chrome/bin/answer.py?hl=en-GB&answer=95647&p=cpn_cookies
* Mozilla Firefox: http://support.mozilla.org/en-US/kb/Blocking%20cookies
* Apple Safari: https://support.apple.com/kb/PH21411?viewlocale=en_US&locale=en_US
5. ACCESS TO INFORMATION
5.1. Under data protection law you can exercise your right of access by making a written request to receive copies of some of the information we hold on you. If you make your request before 25 May 2018, you will need to pay a £10 fee. You must send us proof of your identity, or proof of authority if making the request on behalf of someone else, before we can supply the information to you. Requests should be sent to us using the contact details below.
5.2. From 25 May 2018 you will:
5.2.1. no longer have to pay a £10 fee unless you are requesting copies of documents you already possess, in which case we may charge our reasonable administrative costs. We will also be allowed to charge you for our reasonable administrative costs in collating and providing you with details of the requested information which we hold about you if your request is clearly unfounded or excessive. In very limited circumstances, we are also entitled to refuse to comply with your request if it is particularly onerous; and
5.2.2. in certain circumstances, be entitled to receive the information in a structured, commonly used and machine readable form.
6. DATA SECURITY
We will always store your digital information on secure servers. Unfortunately, however, the transmission of information via the internet is not completely secure. Although we will do our best to protect your information, we cannot guarantee the security of your information transmitted to our site or otherwise to our servers (such as by email). Any such transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.