What information we collect about you
The personal data you have provided, we have collected from you:
- name, address and address, gender
- contact details, including telephone numbers and email address
- financial information, including bank details and credit/debit card details (although we do not retain complete payment card information)
- details about your family and dependents
- attendance of events and training courses
How we collect information about you
The personal information we hold about you is that which we collect directly from you, for example:
- when you apply for an account
- when you renew your account
- when you purchase our products or services
- when you register to receive information from us
- each time you interact with us, respond to communications or surveys, or enter competitions
- when you make enquiries or raise concerns with any of our teams
What we use your information for and the legal bases for processing
We may store and use your personal information for the purposes of:
- administering your account and shareholder rights contained within The Associations constitution (as is necessary for performance of a contract between you and us and/or as is necessary for our legitimate interests);
- using your payment details to process payments relating to your purchase, including fees, premiums, and refunds (as is necessary for the performance of a contract between you and us and/or as is necessary for our legitimate interests);
- sending you information about how to renew your account (as is necessary for the performance of a contract between you and us and/or as is necessary for our legitimate interests);
- communicating with you about your account, policies, including responding to your enquiries (as is necessary for the performance of a contract between you and us and/or as is necessary for our legitimate interests);
- undertaking market research and statistical analysis, including analysing your use of our website. This allows us to develop new, or improve existing, products and services (as is necessary for our legitimate interests); and
- fulfilling our obligations owed to a relevant regulator, tax authority or revenue service (as is necessary for compliance with our legal obligations and/or as is necessary for our legitimate interests)
Our “legitimate interests” as referred to above (and below) include our legitimate business purposes, upholding the roles and objectives of The Associations contained in the constitution and commercial interests in operating our business in a customer-focused, efficient and sustainable manner, in accordance with all applicable legal and regulatory requirements.
Who we share your data with
- regulators and law enforcement agencies, including the police, the Financial Conduct Authority, HM Revenue and Customs or any other relevant authority who may have jurisdiction (as is necessary for compliance with our legal obligations)
Processing outside of the European Economic Area (EEA)
The personal information that we collect from you may be transferred to and processed in a destination outside of the EEA. It may also be processed by staff operating outside the EEA who work for one of our suppliers. In these circumstances, your personal information will only be transferred on one of the following bases:
- the country that we send the data is approved by the European Commission as providing an adequate level of protection for personal information; or
- the recipient has agreed with us standard contractual clauses approved by the European Commission, obliging the recipient to safeguard the personal information (in particular, our transfer of personal information to suppliers in India and the United States for IT development and IT testing purposes are protected in each case by the use of appropriate model clauses); or
- there exists another situation where the transfer is permitted under applicable data protection legislation (for example, where a third party recipient of personal data in the United States has registered for the EU-US Privacy Shield).
To find out more about how your personal information is protected when it is transferred outside the EEA (and if you wish to obtain a copy of the appropriate and suitable safeguards), please contact our Data Protection Officer using the details above.
How long your information is kept
We will retain your personal information for a number of purposes, as necessary to allow us to carry out our business. Your information will be kept for up to 7 years on our main systems after which time it will be archived, deleted or anonymised. Some of the archived information may be retained for up to 50 years for the purposes of processing of your existing or future claims. Any retention of personal data will be done in compliance with legal and regulatory obligations and with industry standards. These data retention periods are subject to change without further notice as a result of changes to associated law or regulations. If you have any questions in relation to the retention of your personal data, please contact our Data Protection Officer at the details provided above.
Under the Data Protection Act 1998 you have the following rights:
- to obtain access to, and copies of, the personal information that we hold about you;
- to require that we cease processing your personal information if the processing is causing you damage or distress; and
- to require us not to send you marketing communications
- to require us to correct the personal information we hold about you if it is incorrect
Once the GDPR comes into force on 25 May 2018, you will also have the following rights:
- withdraw consent, if consent was the lawful basis for processing
- to require us to erase your personal information;
- to require us to restrict or object to our data processing activities;
- to receive from us the personal information we hold about you which you have provided to us, in a reasonable format specified by you, including for the purpose of you transmitting that personal information to another data controller; and
If you withdraw consent we may not be able to assist in any purchases of refunds and could affect the efficiency in which your membership is processed
Please note that these rights may be limited by data protection legislation, and we may be entitled to refuse requests where exemptions apply.
If you are not satisfied with how we are processing your personal information, you can make a complaint to the Information Commissioner.
You can find out more about your rights under data protection legislation from the Information Commissioner’s Office website: www.ico.org.uk.
How do I withdraw my consent?
If after you opt-in, you change your mind, you may withdraw your consent for us to contact you, for the continued collection, use or disclosure of your information, at anytime, by contacting us at firstname.lastname@example.org or mailing us at: Bearingtech 25 Wises lane , Borden, KEN, Me10 1YN, United Kingdom
SECTION 3 - DISCLOSURE
We may disclose your personal information if we are required by law to do so or if you violate our Terms of Service.
SECTION 4 - SHOPIFY
Our store is hosted on Shopify Inc. They provide us with the online e-commerce platform that allows us to sell our products and services to you.
Your data is stored through Shopify’s data storage, databases and the general Shopify application. They store your data on a secure server behind a firewall.
If you choose a direct payment gateway to complete your purchase, then Shopify stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted.
All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover.
PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
For more insight, you may also want to read Shopify’s Terms of Service here or Privacy Statement here.
SECTION 5 - THIRD-PARTY SERVICES
In general, the third-party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us.
However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions.
For these providers, we recommend that you read their privacy policies so you can understand the manner in which your personal information will be handled by these providers.
In particular, remember that certain providers may be located in or have facilities that are located in a different jurisdiction than either you or us. So if you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.
As an example, if you are located in Canada and your transaction is processed by a payment gateway located in the United States, then your personal information used in completing that transaction may be subject to disclosure under United States legislation, including the Patriot Act.
When you click on links on our store, they may direct you away from our site. We are not responsible for the privacy practices of other sites and encourage you to read their privacy statements.
SECTION 6 - SECURITY
To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.
If you provide us with your credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with a AES-256 encryption. Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards.
Here is a list of cookies that we use. We’ve listed them here so you can choose if you want to opt-out of cookies or not.
_session_id, unique token, sessional, Allows Shopify to store information about your session (referrer, landing page, etc).
_shopify_visit, no data held, Persistent for 30 minutes from the last visit, Used by our website provider’s internal stats tracker to record the number of visits
_shopify_uniq, no data held, expires midnight (relative to the visitor) of the next day, Counts the number of visits to a store by a single customer.
cart, unique token, persistent for 2 weeks, Stores information about the contents of your cart.
_secure_session_id, unique token, sessional
storefront_digest, unique token, indefinite If the shop has a password, this is used to determine if the current visitor has access.
SECTION 7 - AGE OF CONSENT
By using this site, you represent that you are at least the age of majority in your state or province of residence, or that you are the age of majority in your state or province of residence and you have given us your consent to allow any of your minor dependents to use this site.
If our store is acquired or merged with another company, your information may be transferred to the new owners so that we may continue to sell products to you.
QUESTIONS AND CONTACT INFORMATION
If you would like to: access, correct, amend or delete any personal information we have about you, register a complaint, or simply want more information contact our Privacy Compliance Officer at email@example.com or by mail at Bearingtech
[Re: Privacy Compliance Officer]
[25 Wises lane , Borden, Kent, ME10 1YN, United Kingdom]