We have recently updated this policy to reflect the changes we have made to be compliant with the General Data Protection Regulation (GDPR) in force from 25 May 2018. The main changes are that we have set out:
· the rights you have regarding your personal information
· the ways in which we process your personal information and why
· the lawful grounds we rely on to process your personal information
· how long we keep your personal information.
Please note: It is entirely up to you whether to share your personal information with us. If you choose not to do so, then we may not be able to give you a complete service.
We collect information about you in various ways:
When you give it to us directly, such as when you:
· interact with us online
· create an online account with us
· contact us(whether by email or post or otherwise)
· buy products and/or services from us
· apply to work for us
· give us your personal information in any other way, for example, at a cycling or other endurance event
When it’s publicly available, for example:
· press reports
· sports media
· depending on your privacy settings for professional services such as LinkedIn
When you visit our website, we automatically collect the following personal information:
- information about your visit to our website including
- the uniform resource locator (URL) clickstream to, through and from our website
- products and/or services you viewed and searched for
- page response times
- download errors
- length of visits to certain pages
- referral sources (how you arrived at our website)
- page interaction information
- methods used to browse away from the page
- technical information, including
- the internet protocol (IP) address used to connect your computer to the internet
- your browser type and version
- your time zone setting
- browser plug-in types and versions
- your operating systems and platforms
Cookies on our website
What is personal information?
· Your name and contact details, including postal address, email address and telephone number
· Financial information, for example, bank details, credit/debit card details where you provide these for payment or when creating your online account
· Information about your computer/mobile device and your visits to and use of our website, including your internet protocol (IP) address
· Information about our products and/or services which we consider of interest to you
How do we use your personal information?
We collect, store, share and use your personal information to:
- allow you to purchase products and/or services from us
- carry out our obligations arising from any contracts we enter into with you and for billing and delivery purposes
- register, administer and personalise online accounts
- provide you with information, products or services that you request from us or which we feel may interest you
- improve your interactions with our website according to your interests and to ensure our website’s content is presented as effectively as possible for you
- administer our website and keep it safe and secure and for internal operations, including troubleshooting, data analysis, testing, research, evaluation, statistical and survey purposes
- for our internal purposes including training and/or quality control, site performance, internal record keeping and to audit and/or administer our accounts
- provide aggregate information and statistics for the purposes of monitoring website usage in order to help us develop our website
- obtain professional advice and comply with our legal obligations
- process your job application
- communicate with you in any other way.
We may use your personal information to give you information about our services and/or products which we think may be of interest to you. Where we do this email or SMS we will only do this with your prior consent.
If you request our e-newsletter, we will use the personal information you provide to us to send you our e-newsletter. You can change your mind about receiving our e-newsletter at any time using the unsubscribe buttons which appear on emails we send to you.
You may ask us at any time not to use your information for marketing purposes by contacting us at Rawvelo Ltd., 33b Independent Place, Shacklewell Lane, London, England, E8 2HEor firstname.lastname@example.org.
How long do we keep your personal information?
We will only keep your personal information for as long as is necessary for these purposes, usually for no longer than six years after the date it was collected. But we will remove it sooner if:
· we are no longer lawfully entitled to process it
· you ask us to remove it.
What happens if you ask for your personal information to be removed?
If you ask for your personal information to be removed so that you receive no further contact from us, we’ll keep some basic information about you to ensure that we don’t send you unwanted materials in the future.
Our lawful grounds for processing your information
The GDPR requires us to rely on one or more lawful grounds to process your personal information. These are the grounds we think are generally relevant:
- you’ve given your consent for us to use your personal information in a certain way, e.g. you’ve subscribed to our e-newsletter
- where necessary for the performance of a contract which we have with you or to take steps before entering a contract (e.g. if you purchase something online or apply to work for us)
- where there is a legitimate interest in us doing so (for example, writing to you to let you know about our products and services).
What do we mean by ‘legitimate interests’?
The GDPR allows us to collect and process your personal information if it is reasonably necessary to achieve our or others’ legitimate interests, as long as that processing is fair, balanced and does not unduly impact upon your rights.
Rawvelo’s legitimate interests
In broad terms, our “legitimate interests” means running Rawvelo as a commercial concern in line with our mission statement and philosophy, for example, by:
- providing a complete range of organic, vegan sports nutrition products designed for endurance athletes
- promoting and selling those products
- taking applications for staff.
Your legitimate interests
“Legitimate interests” can also include your interests, such as when you have requested information or certain goods or services from us, and those of third parties.
How do we balance these interests?
When we legitimately process your personal information in this way, we consider and balance any potential impact on you (both positive and negative), and your rights under data protection laws.
We won’t use your personal information for activities where our interests are overridden by the impact on you, for example, where use would be excessively intrusive (unless, for instance, we are otherwise required or permitted to by law).
Where do we transfer your information?
We may transfer your information to, or store it, outside the European Economic Area (“EEA”) in countries where standards of data protection may not be equivalent to those that apply inside the EEA. If we do this we will comply with all relevant data protection legislation.
Will we share your personal information?
We never share, sell, distribute or lease your personal information to third parties for marketing purposes.
· business partners and suppliers who help us deliver services to you
· IT service providers who run and administer our website and activities run through our website
Where we do so, we will ensure that:
· the personal information shared with them will be limited to that necessary for them to perform the service
· they will not be authorised to make any other use of your personal information and will treat it confidentially.
We also reserve the right to disclose your personal information to third parties where:
- we are required to do so by law or regulation
- this is necessary in connection with the sale of a business or its assets in which case we will disclose your personal details to the prospective seller or buyer of such business or assets
- if substantially all of our assets are acquired by a third party, personal information held by us may be one of the transferred assets
How do we store your personal information and keep it secure?
We have appropriate and proportionate security policies and organisational and technical measures in place to keep your personal information safe and secure. For example, all your personal information is stored on our secure servers and all payment transactions are encrypted using SSL technology. Unfortunately, no transmission of your personal information over the internet can be guaranteed to be 100% secure. Although we will apply our normal procedures and comply with legal requirements to protect your personal information, we cannot guarantee the security of your personal information transmitted to our website and any transmission is at your own risk. Once we have received your personal information, we will use strict procedures and security features designed to prevent unauthorised access.
If you have a username, password or other login details which enable you to access certain parts of our website, you must not allow anyone else to use them and must treat them as confidential. If you believe or suspect that someone else knows your login details you must contact us at email@example.com as soon as possible. Please also seeour Terms & Conditions.
Who can see my personal information?
Only appropriately trained staff and contractors can access your information.
Where is my personal information stored?
In general, the personal information that we collect from you will be stored at a destination within the UK or European Economic Area (“EEA”).
However, we may use agencies and suppliers to process personal information on our behalf.
Your personal information may therefore be transferred or stored outside, and/or otherwise processed by contractors operating outside, the UK or EEA who work for us or for one of our suppliers.
Please note that some countries outside of the EEA have a lower standard of protection for personal information, including lower security requirements and fewer rights for individuals.
Links to other websites
Our website may from time to time contain links to and from external websites. Please see our Terms & Conditions for provisions relating to external websites you visit via links on our website and read their privacy policies.
Your rights regarding how we process your information:
Right to be informed
You have the right to be told how your personal information will be used. This policy and other policies and statements used on this website and in our communications provide you with a clear and transparent description of how your personal information may be used.
Right of access
You can write to us to ask for confirmation of what information we hold on you and to request a copy of that information.
Provided we are satisfied that you are entitled to see the information requested and we’ve successfully confirmed your identity, we’ll give you your personal information (subject to any exceptions that apply).
Right of erasure
You have the right to ask us to delete your personal information, and we’ll do this when you ask us to. In many cases, we’ll check to see if you’re happy for us to make it anonymous first, rather than delete it completely.
Right of rectification
If you believe our records of your personal information are inaccurate, you have the right to ask us to update those records.
You can also ask us to check the personal information that we hold about you if you are unsure whether it is up to date.
Right to restrict processing
You have the right to ask us to restrict the processing of your personal information if there is disagreement about its accuracy or legitimate usage.
Right to object
You have the right to object to processing where we are:
· processing your personal information on the grounds of legitimate interest
· using your personal information for direct marketing or
· using your personal information statistical purposes.
Where we rely on your consent to use your personal information, you have the right to withdraw that consent at any time.
This includes the right to ask us to stop using your personal information for marketing or fundraising by electronic means (for example to be unsubscribed from our e-newsletter).
Right to data portability
Where we are processing your personal information:
· because you gave us your consent
· because such processing is necessary for the performance of a contract to which you are party or to take steps at your request prior to entering into a contract, and the processing is carried out by automated means
you may ask us to provide it to you – or another service provider – in a machine-readable format.
Rights related to automated decision-making
Where we take automated decisions (i.e. with no human involvement) in relation to your personal information, you have the right to ask us for human intervention or to challenge any such decision.
How to exercise your rights
To exercise any of these rights, please send a description of the personal information in question using the contact details below. Please note that we reserve the right to ask for personal identification and further information in relation to any such request. Ordinarily, we will make no charge for complying with any such request.
Please note that you may only use/benefit from some of these rights in limited circumstances. For more information, we suggest that you consult guidance from the Information Commissioner’s Office (ICO).
You have the right to make a complaint to the ICO about us or the way we have processed your personal information. For more information, please contact the Information Commissioner’s Office (ICO).
How to contact us