- WHO ARE WE?
Ask Hatty respects your privacy and is committed to protecting your personal data.
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
The Site is not intended to be used by children and we do not knowingly collect data relating to children.
- WHAT PERSONAL DATA MAY WE COLLECT?
We may collect, use, store and transfer different kinds of personal data about you when you access the Site.
We may collect and process the following categories of information about you:
- Identity Data: such as your first name, maiden name, last name, username or similar identifier, marital status and title.
- Contact Data: such as your address, email address and telephone number(s).
- Financial Data: such as information about your bank account if you make a payment to us.
- Transaction Data: such as details about payments from you and other details of services you have purchased from us.
- Technical Data: such as internet protocol (IP) address, the type of mobile, tablet or computer (‘Device’) you use, browser type and version, time zone setting and location, browser plug-in types and versions, Internet Service Provider, mobile operating system and platform, mobile number, mobile network information, a unique device identifier (for example, your Device’s IMEI number) and other technology on the Devices you use to access the Site.
- Profile Data: such as services purchased by you, your interests, preferences, feedback and survey responses.
- Usage Data: such as information about how you use the Site, page views and the length of your visit.
- Marketing and Communications Data: such as your preferences in receiving marketing from us and your communication preferences.
We do not collect any Special Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
- HOW IS YOUR PERSONAL DATA COLLECTED?
We use different methods to collect data from and about you, including through:
- Direct interactions. You may give us your Identity, Contact, Financial, and Profile Data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:
- enquire about or buy services;
- request marketing to be sent to you;
- report a problem to us;
- enter a competition, promotion or survey; or
- give us feedback
- Third parties or publicly available sources. We will receive Technical Data from analytics providers such as Google.
- HOW WE USE YOUR PERSONAL DATA
We will use your personal data for the following purposes:
- to acknowledge, confirm or send receipts for any services you purchase;
- to deal with enquiries, complaints and feedback from you and our service providers;
- to reconcile payments;
- to manage, improve and administer the Site;
- for our internal business and technical operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes and as part of our efforts to keep our Site secure;
- to our data analysis service provider, Google Analytics. Google uses data collected from the Site to track and examine the use of the Site, to prepare reports on its activities and may share them with other Google services. If you enable ‘Do Not Track’ in your web browser, the application of Google Analytics can be reduced;
- to notify you of changes to the Site or the services we provide through it; or
- if you have consented, to send you newsletters, surveys and other communications. If you complete a survey for us, we may process the information you choose to submit in response.
- OPTING OUT
You can ask us to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or by contacting us at any time.
- DISCLOSURES OF YOUR PERSONAL DATA
We may share your personal data in accordance with this policy with the following third parties:
- selected third parties who act on our behalf to support our operations, for example our IT suppliers, payment service providers, website service providers, communications tools providers, CRM providers;
- an acquirer if we, or substantially all of our assets, are acquired;
- a prospective seller or buyer if we sell or buy any assets;
- law enforcement or regulatory agencies if we are under a legal or regulatory obligation to do so; and
- other companies and organisations for the purposes of fraud protection and credit risk reduction, or to protect the rights, property, or safety of Ask Hatty, Our users, suppliers, contractors or others.
- WHERE WE STORE YOUR DATA AND INTERNATIONAL TRANSFERS
The information that We collect from you will be stored on servers located in the UK.
However, it may be processed by staff operating outside the EEA who work for us or for one of our suppliers. These staff may for example be engaged in the fulfilment of your request or the processing of your payments or provide IT support services to us.
Such processing will therefore involve a transfer of data outside the UK and EEA.
Please note that the U.S.A and certain other countries outside the EEA do not provide the same legal standards for protection of your personal data that you have in the United Kingdom or EEA.
- DATA SECURITY
We have put in place appropriate security measures to prevent your personal data being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.
All information you provide to us is stored on secure servers. However, the transmission of information over the internet or public communications networks can never be completely secure and we cannot 100% guarantee the security of data that you provide to us online.
Where we have given you (or where you have chosen) a password or log-in which enables you to access certain restricted parts of our Site, you are responsible for doing everything you reasonably can to keep these details secret. Do not share your password or log-in details with anyone else.
If you believe your personal data has been breached, please contact us immediately at [email protected].
- MARKETING EMAILS
We will inform you before collecting your data if we intend to use your data for marketing purposes or if we intend to disclose your information to any third party for marketing purposes. You have the right to withdraw consent to marketing at any time by contacting us.
- LINKS TO THIRD PARTY WEBSITES
The Site may contain links to third party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control third-party websites and are not responsible for their privacy practices. These websites and any services accessible through them will have their own privacy policies. We encourage you to read those policies. We do not accept any responsibility for the actions of those third parties.
- WHAT ARE YOUR LEGAL RIGHTS?
You have the following rights (subject to applicable local laws) in relation to the personal data that we hold about you:
- to access your personal data, and some related data (your right of access), commonly known as a “data subject access request”. This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
- to require any inaccurate personal data that we hold about you to be corrected or deleted (your right to rectification). We may need to verify the accuracy of any new data you provide to us.
- in certain circumstances to require us to delete your personal data (your right to erasure). This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law.
- to object to our use of your personal data (your right to object to processing). You may object to our processing your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes.
- in certain circumstances to require us to restrict or block the processing of your personal data (your right to restriction of processing); This enables you to ask us to suspend the processing of your personal data in the following scenarios:
- If you want us to establish the data’s accuracy.
- Where our use of the data is unlawful but you do not want us to erase it.
- Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims.
- You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
- to obtain your personal data from us, in a structured, commonly used and machine-readable format in certain circumstances (your right to data portability). We will provide you, or a third party you have chosen with your personal data in a structured, commonly used, machine-readable format.
- to withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent.
- HOW LONG DO WE KEEP YOUR PERSONAL DATA?
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
By law we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they cease being customers for tax purposes.
In some circumstances you can ask us to delete your data: see section 12 above for further information.
In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.