The person responsible within the meaning of the DPA and GDPR is:
1st Floor, Phoenix House,
3 South Parade, Leeds,
LS1 5QX, UK
Scope of the processing of personal data
As a matter of principle, we only collect and use personal data from you insofar as this is necessary to provide a functional website and our content and services, e.g., when you register on our website or log in to an existing customer account or when you place an order with us.
Relevant legal basis
In accordance with the DPA and GDPR, the following legal basis, unless specifically described below apply to the processing of your personal data:
- the legal basis for obtaining consent is Art. 6(1)(a) and Art. 7 GDPR,
- the legal basis for processing in order to fulfil our services and carry out contractual measures and respond to enquiries is Art. 6(1)(b) GDPR,
- the legal basis for processing in order to fulfil our legal obligations is Art. 6(1)(c) GDPR, and
- the legal basis for processing in order to protect our legitimate interests is Art. 6(1)(f) GDPR.
You have the following rights with regard to personal data concerning you, which you can assert against us:
- Right of access (Art. 15 GDPR),
- Right to rectification (Art. 16 GDPR) or erasure (Art. 17 GDPR),
- Right to restriction of processing (Art. 18 GDPR),
- Right to object to processing (Art. 21 GDPR).
- Right to withdraw your consent (Art. 7(3) GDPR),
- Right to receive the data in a structured, common, machine-readable format (“data portability”) as well as the right to have the data transferred to another controller if the conditions of Art. 20 (1) lit. a, b GDPR apply (Art. 20 GDPR).
You can assert your rights by notifying us using the contact details provided. You also have the right to complain to a data protection supervisory authority about the processing of your personal data carried out by us (Art. 77 GDPR). We would, however, appreciate the chance to deal with your concerns before you approach any supervisory authority.
Data collection on our website
In principle, you can use our website for purely informational purposes without disclosing your identity. However, our website collects a series of general data and information with each visit and this data is temporarily stored in log file. A log file is created in the course of an automatic protocol of the processing computer system. The following can be recorded:
- browser type/browser version
- Operating system used
- language and version of the browser software
- host name of the accessing end device
- IP address
- Website from which the request comes
- Content of the request (specific page)
- Date and time of the server request
- Access status/HTTP status code
- Referrer URL (the previously visited page)
- Amount of data transferred
- Time zone difference to Greenwich Mean Time (GMT)
The temporary processing of the IP address by the system is necessary to technically enable delivery of the website to your computer. Processing your IP address for the duration of the session is necessary for this. The legal basis for this processing is our legitimate interest (Art. 6 (1) f) GDPR).
The access data is not used to identify individual users and is not merged with other data sources. The access data are deleted when they are no longer required to achieve the purpose of their processing. In the case of the collection of data for the provision of the website, this is the case when you end your visit to the website. The data is generally deleted after seven days at the latest; processing beyond this is possible in individual cases. In this case, the IP address is deleted or alienated in such a way that it is no longer possible to assign your device to it.
Cooperation with processors and third parties
If, in the course of our processing, we disclose data to other persons and companies or third parties including our business partners, transmit it to them or otherwise grant them access to the data, this will only be done on the basis of a legal permission (e.g. if a transmission of the data to third parties, such as to payment service providers, is necessary for the performance of the contract, you have consented, a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.). If we commission third parties to process data on the basis of a so-called ” processing agreement”, this is done on the basis of Art. 28 GDPR. In course of operating our website we use the following third parties: WordPress, GoDaddy, Salesforce, Google, WooCommerce, LiveChat, Inc.
Contacting us, registration or placing orders
- a) Contacting us
When you contact us using via email, contact form or social media, the data you provide will be stored by us based on your consent and the preparation or initiation of a contract, insofar as it is necessary to answer your questions (Art. 6 (1) a) GDPR) and (Art. 6 (1) b) GDPR). Your inquiry is logged in order to be able to prove the contact in accordance with the legal requirements. We delete the data accruing in this context when the respective conversation with you has ended and your inquiry has been conclusively clarified.
- d) Registration
On our website, we offer you the opportunity to register by providing personal data. The data is entered in the registration form is transmitted to us and stored and includes your full name, your e-mail address and your password. We will also send you a verification e-mail to ensure that the account creation is made for the intended person. The processing of the data for this registration thus serves the fulfilment of the contract of use or the implementation of pre-contractual measures (Art. 6 (1) b) GDPR). You can delete your account at any time either by using the delete function in your account or by contacting us.
- c) Order confirmation/dispatch confirmation
In order to process the contract and provide you with our services, for example the web shop or to send you your order, we use your contact details (email address and Name) to send you registration confirmations, customer service information, order confirmations, contract documents or payment processing information. We are obliged to send you these documents in order to comply with our legal information obligations for an effective conclusion of a contract with you. The processing of your data is therefore necessary to fulfil our legal information obligations for an effective conclusion of a contract with you (Art. 6 (1) c) GDPR) and (Art. 6 (1) b) GDPR).
- d) Other
Based on our legal obligation (Art. 6 (1) c) GDPR) and our legitimate interest (Art. 6 (1) f) GDPR), we use and store your personal data and technical information to the extent necessary to prevent or prosecute misuse or other illegal behaviour on our website, e.g., to maintain data security in the event of attacks on our IT systems (Art. 6 (1) f) GDPR). This also takes place insofar as we are legally obliged to do so, for example due to official or court orders, and for the exercise of our rights and claims as well as for legal defence (Art. 6 (1) f) GDPR).
Working with us
If you apply for a role or job, we process the information we receive from you as part of the application process, e.g., through your letter of application, CV, references, correspondence, telephone, or verbal details. In addition to your contact details, information about your education, qualifications, work experience and skills is particularly relevant to us.
Your data will initially be processed solely for the purpose of carrying out the application process. If your application is successful, it will become part of your personnel file and will be used to carry out and terminate your employment and will be deleted in accordance with the rules applicable to personnel files. If we are unable to offer you employment, we will continue to process your data for up to six months after sending the rejection in order to defend ourselves against any legal claims, in particular alleged discrimination in the application process.
The legal basis for processing data during the application process is Art. 6 para. 1 lit. b) GDPR and, if you have given your consent, for example by sending us information that is not necessary for the application process, it is Art. 6 para. 1 lit. a) GDPR. The legal basis for data processing after a rejection is Art. 6 para. 1 lit. f) GDPR.
As a rule, we do not require any special categories of personal data within the meaning of Art. 9 GDPR for the application process. We ask you not to provide us with any such information from the outset. If such information is relevant to the application process, we process it together with your other data. Your data will not be used by us for automated decision-making or profiling, nor will it be passed on to third parties. Your data will be processed by us or on our behalf.
You are not obliged to provide us with personal data. However, we can only assess your suitability for the respective position under consideration if we receive information in particular about your education, work experience and skills, and we cannot include you in the application process without providing your contact details.
Within the website, we may display certain personal information, share certain details and insights, post relevant reviews about our services. Reviews are publicly viewable. Prior to submitting your review to us we would like to make you aware that you have choices about the information on your review. It is thus your choice whether to include sensitive information in your review and to make that sensitive information public. Please do not include personal data in your review that you would not want to be available.
We process and store personal data that is required for your use of our events. For this purpose, we collect: your name, your e-mail address, your phone number; and the personal and non- personal data that you are voluntarily disclosing.
To provide our events and the sign up forms we use the services of Livestorm Inc. and the personal data provided is processed exclusively for the purpose of providing the webinar. The legal bases for this processing are, your consent, to fulfil our contractual obligations or to carry out pre-contractual measures, and our legitimate interest.
Disclosure or transfer of personal data
We do not transfer or disclose your information to third parties unless there is a legal basis for such disclosure. Example of such a basis is typically consent from you or a legal basis that requires us to disclose the data.
For the operation and optimisation of our website and our services and for the processing of contracts, various service companies work for us, e.g., for central IT services or the hosting of our website, for the payment and delivery of our digital products, or order fulfilment, to whom we pass on the data required for the fulfilment of the task (e.g., name, address).
Some of these companies act for us by way of commissioned processing and may therefore use the data provided exclusively in accordance with our instructions. In this case, we are legally responsible for appropriate data protection measures at the companies we commission. We therefore agree on specific data security measures with these companies and monitor them regularly.
In the case of payment for our digital products to the payment service provider as specified when the order was placed (currently SagePay (Opayo)). Please Note: We do not collect or store any payment transaction information such as credit card numbers or bank details during the payment process. You provide this information directly to the respective payment service provider.
If we use service providers in third countries, we take additional measures to ensure an adequate level of data protection for the transfer of personal data and thus ensure that the transfer is generally permissible and that the special requirements for a transfer to a third country are met (e.g., by concluding standard contracts and additional guarantees, supplementary technical and organisational measures such as encryption or anonymisation).
We will disclose your data to third parties or government agencies within the framework of existing data protection laws if we are legally obliged to do so, e.g., due to official or court orders, or if we are entitled to do so, e.g., because this is necessary for the prosecution of criminal offenses or for the exercise and enforcement of our rights and claims.
Advertising and Marketing
Insofar as you have also given us your separate consent to process your data for marketing and advertising purposes, we are entitled to contact you for these purposes via the communication channels you have given your consent to.
You may give us your consent in a number of ways including by selecting a box on a form where we seek your permission to send you marketing information, or sometimes your consent is implied from your interactions or contractual relationship with us. Where your consent is implied, it is on the basis that you would have a reasonable expectation of receiving a marketing communication based on your interactions or contractual relationship with us.
Direct Marketing generally takes the form of e-mail but may also include other less traditional or emerging channels. These forms of contact will be managed by us, or by our contracted service providers. Every directly addressed marketing sent or made by us or on our behalf will include a means by which you may unsubscribe (or opt out).
Miscellaneous and closing
Based on our legitimate interest (Art. 6 (1) f) GDPR), we are present in various “social media” platforms in order to communicate with our customers, interested parties and users registered there and to be able to inform them about our offers there. We would like to point out that you use these platforms and their functions on your own responsibility. This applies in particular to the use of the interactive functions (e.g., commenting, sharing, rating).
Updating your information
If you believe that the information, we hold about you is inaccurate or that we are no longer entitled to use it and want to request its rectification, deletion, or object to its processing, please do so within your account or by contacting us. For your protection and the protection of all of our users, we may ask you to provide proof of identity before we can answer the above requests.
Keep in mind, we may reject requests for certain reasons, including if the request is unlawful or if it may infringe on trade secrets or intellectual property or the privacy of another user. Also, we may not be able to accommodate certain requests to object to the processing of personal data, notably where such requests would not allow us to provide our service to you anymore.
Links to other providers
Our website also contains – clearly recognisable – links to the websites of other companies. Insofar as there are links to websites of other providers, we have no influence on their contents. Therefore, no guarantee or liability can be assumed for these contents. The respective provider or operator of the pages is always responsible for the content of these pages.
The linked pages were checked for possible legal violations and recognisable infringements at the time of linking. Illegal contents were not recognisable at the time of linking. However, permanent monitoring of the content of the linked pages is not reasonable without concrete indications of a legal violation. Such links will be removed immediately if infringements of the law become known.
Personal data and children
Our services are aimed at people aged 18 and over. We will not knowingly collect, use or disclose personal data from minors under the age of 18 without first obtaining consent from a legal guardian through direct offline contact.
Databases or data sets that include Personal data may be breached inadvertently or through wrongful intrusion. Upon becoming aware of a data breach, we will notify all affected individuals whose Personal data may have been compromised, and the notice will be accompanied by a description of action being taken to reconcile any damage as a result of the data breach. Notices will be provided as expeditiously as possible after which the breach was discovered.
Questions or Comments
1st Floor, Phoenix House,
3 South Parade, Leeds, LS1 5QX
Data Protection Officer: Simon Harris, Sales and Marketing Director
Telephone: 0330 111 7177