This policy was last updated on 20th July 2018
1.1 This website, www.clicktopurchase.com (the "site") and the online platform available on it (the "platform") is owned and operated by the Click to Purchase group of companies comprising Click to Purchase Limited, Click to Purchase No 2 Limited and Click to Purchase Ireland Limited (together, the "Company", "we", "us" or "our").
1.2 The Company respects the privacy of our users. The Company is committed to treating any information that we obtain about you through the site or platform with as much care as possible and in a manner that is compliant with all applicable data protection legislation, including the EU General Data Protection Regulation 2016/679 ("GDPR") and any applicable national implementing laws in relation to the same (collectively, "Data Protection Legislation").
1.3 This document (the "policy") explains:
1.3.1 what personal data we may collect about you in connection with: (i) providing you with access to and facilitating your use of our platform; (ii) your online interaction with us (including via our site, email or social media channels (if any); and (iii) any other channels related or ancillary to the foregoing (collectively, the "Channels");
1.3.2 how we collect, store, disclose, transfer, protect and otherwise process that information and for what purposes; and
1.3.3 other important information, such as the lawful bases by which we process your personal data, how long we might retain your personal data, and the rights you have in relation to personal data we hold about you.
Please read this policy carefully to understand our views and practices regarding your personal data.
1.4 This policy does not apply to data which emanates from companies or other legal persons not captured by Data Protection Legislation.
1.6 In this policy, terms defined in the GDPR, including "data subject", "personal data", and "processing", have the same meaning when used in this policy. The words "include", "including", "such as" and similar words and phrases shall be construed to mean "including without limitation".
1.7 This policy is intended to be communicated to you in a concise, transparent, intelligible and easily accessible manner, but we appreciate that you may have queries or want to seek clarification as to its terms. If so, please email email@example.com or write to Data Protection Enquiries, 2nd Floor, Titchfield House, 69-85 Tabernacle Street, London, EC2A 4RR and we will endeavour to respond as soon as possible.
1.8 The Company reserves the right to make changes to this policy in order to reflect any changes in Data Protection Legislation and best practice from time to time. The Company will endeavour to notify you of such changes but you are advised to check for an updated version of this policy each time you interact with us through the Channels.
2 INFORMATION WE MAY COLLECT FROM YOU
2.1 We may collect and process personal data about you through the Channels when you:
2.1.1 access and use our site and/or platform;
2.1.2 register for an account on our site or register to use our platform or subscribe for other services, contests, special events or mailing lists we offer or make available from time to time;
2.1.3 contact us requesting further information relating to our services or the clicktopurchase platform;
2.1.4 provide (or we ask for) information concerning technical assistance in relation to a problem with our site/platform;
2.1.5 engage in general correspondence with us (whether in writing, by email, by telephone, via our Information Centre, or otherwise);
2.1.6 post content on our site or social media pages (if applicable);
2.1.7 participate in surveys that we use for research purposes which we have asked you to complete (although you have no obligation to do so); and
2.1.8 otherwise interact with us through the Channels.
2.2 The type of personal data we process may include (if and as applicable):
2.2.2 without prejudice to the foregoing, your name, user name, email address, postal address, telephone number and other information provided by you; and
2.2.3 information relating to your interests in our goods and services and purchase history.
2.3 We do not process:
2.3.1 any special categories of personal data (including details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data);
2.3.2 any information about criminal convictions and offences; or
2.3.3 any information about children under the age of 13,
and you should not provide us with any such information through any of the Channels.
3 USES MADE OF YOUR INFORMATION
3.1 We (individually or in conjunction with our partners as set out in paragraph 6) may use personal data held about you in the following ways:
3.1.1 to facilitate the use of our site and platform for the purposes for which it is being used in any particular case (whether as a sales channel, communication platform, verification tool, contract exchange/completion mechanism, digital signature platform or other feature (or any combination thereof) offered by us from time to time);
3.1.2 to ensure that content from our site and our platform is presented in the most effective manner for you and for your computer (including allowing us to personalise content);
3.1.3 to notify you about changes to our service(s) and platform;
3.1.4 for our internal and administrative purposes (including improving our marketing and promotional efforts, improving content, and providing training to our staff);
3.1.5 to provide you with information about related services which may be of interest to you, and we may contact you about these by post or e-mail. If you would like to be removed from this mailing list please send an email to firstname.lastname@example.org with "Unsubscribe" in the subject line. Please allow 10 days for all requests to be actioned;
3.1.6 we may use data collected about you in an anonymised and aggregated manner to gather and share demographic and market research information and statistics relating to our business and site. This information will not identify or be capable of identifying you personally and is therefore outside the scope of Data Protection Legislation. We may, for example, perform statistical analyses of the behaviour of the users of our website in order to measure interest in the various areas of our site and to inform advertisers as to how many consumers have seen or “clicked” their advertising banners;
3.1.7 to respond to any correspondence from you including enquiries, comments, complaints and communications relating to technical problems;
3.1.8 administering any polls, services, questionnaires, contests or special events which you may have subscribed for or participated in; and
4 THE LAWFUL BASES BY WHICH WE PROCESS YOUR PERSONAL DATA
4.1 Your consent
By accepting the terms of this policy, you give the Company your express, freely given consent to process any of your personal data in accordance with the terms of this policy. You may withdraw your consent given under this paragraph (in whole or in part) at any time by contacting email@example.com or writing to Data Protection Enquiries, 2nd Floor, Titchfield House, 69-85 Tabernacle Street, London, EC2A 4RR. You can also unsubscribe from different types of emails by following the unsubscribe link displayed at the bottom of each email. The withdrawal of your consent shall not affect the lawfulness of processing based on consent before withdrawal or the lawfulness of processing based on other lawful grounds as set out below.
4.2 Other lawful grounds
Without prejudice to the consent given by you under paragraph 4.1 above, the Company may process your personal data in any circumstances where such processing is necessary:
4.2.2 to comply with any applicable law or regulation; or
4.2.3 for the purposes of the legitimate interests pursued by us or third parties. These legitimate interests include the purposes identified above but may also include other general commercial interests and internal administrative purposes.
5 WHAT IF YOU REFUSE TO PROVIDE US WITH ANY PERSONAL DATA?
5.1 Where we need to collect personal data by law, or under the terms of an agreement we have (or one of our third party licensees has) with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with access to our platform). In this case, you may be unable to use the platform in whole or in part.
5.2 Whilst we may be able to provide you with certain products and services notwithstanding your refusal to submit personal data, this may limit your ability to participate in some activities or features or your use of certain online services.
5.3 We may lawfully obtain information from third parties or public sources and we may process that information where it is an essential component of the products and services we offer you.
6 SHARING INFORMATION WITH AFFILIATES AND THIRD PARTIES
6.1 We will not share any of your personal data with third parties except as set out in this policy or otherwise notified to you or agreed between you and us from time to time.
6.2 We may disclose your personal information to third parties:
6.2.1 which are our group companies or partnered companies (together, "Affiliates") in order to facilitate our provision of goods and services (including the use of our platform) and for other purposes as described in this policy;
6.2.2 with whom we are engaged in negotiations for the sale and/or purchase of business assets (but in that case we will ensure that appropriate confidentiality obligations are in place and personal data is redacted as far as possible);
6.2.3 whom we engage to provide services which facilitate our business and who may need to process your personal data to the extent necessary to provide those services, including:
126.96.36.199 our website and data host, Amazon Web Services;
188.8.131.52 our email marketing service provider, Mailchimp;
184.108.40.206 our customer relationship management software, Hubspot;
220.127.116.11 our customer messaging platform, Intercom; and
18.104.22.168 any similar or replacement service providers from time to time.
6.3 We seek to ensure that any third party engaged by us who processes your personal data has policies and procedures in place to ensure compliance with the Data Protection Legislation. For any third parties that are based, or process data, overseas, we only engage such third parties in accordance with paragraph 7.
7 INTERNATIONAL TRANSFERS
7.1 All information you provide to us is stored on our secure servers.
7.2 The information that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers, service providers or Affiliates.
7.3 However, we will not transfer your personal data outside of the EEA unless:
7.3.1 such transfer is to a country or jurisdiction which the EU Commission has approved as having an adequate level of protection (including to the USA where Privacy Shield compliant);
7.3.2 appropriate safeguards are in place as set out in Article 46 GDPR or equivalent provisions of subsequent Data Protection Legislation; or
7.3.3 the transfer is otherwise allowed by applicable Data Protection Legislation (such as in the form of a derogation under Article 49 GDPR).
8 YOUR RIGHTS
Subject to any conditions or requirements set out in the relevant Data Protection Legislation, you may have some or all of the following rights in relation to the personal data we hold about you:
8.1 the right to request a copy of your personal data held by us;
8.2 the right to correct any inaccurate or incomplete personal data held by us;
8.3 the right to request that we erase the personal data we hold about you (see also paragraph 9;
8.4 the right to request that we restrict the processing of your data;
8.5 the right to have your personal data transferred to another organisation;
8.6 the right to object to certain types of processing of your personal data by us; and
8.7 the right to complain (please refer to the final section of this policy).
Please be aware that these rights are not all absolute and we may be unable to comply with your request in some circumstances. For further information, or to find out if and to what extent you can exercise these rights, please contact us at firstname.lastname@example.org or write to Data Protection Enquiries, 2nd Floor, Titchfield House, 69-85 Tabernacle Street, London, EC2A 4RR.
9 STORAGE AND RETENTION OF YOUR PERSONAL DATA
9.1 As a minimum, we will store your data for as long as is reasonably necessary to provide you with the goods and/or services that you have requested from us, but in most cases we will retain certain of your personal data for longer provided it is reasonably necessary for the purposes outlined in this policy. In reaching a decision about how long to retain your personal data, we take into consideration factors such as:
9.1.2 our need to answer any queries or resolve any problems you may have or have contacted us about;
9.1.3 your continued consent to receive marketing and other emails and communications from us;
9.1.4 our continued provision of any services to you; and
9.1.5 our need to comply with legal requirements (e.g. relating to record keeping).
9.2 If you tell us that you would like us to delete your personal data, we will take steps to delete all the personal data we hold about you once it is no longer necessary for us to hold it (e.g. to fulfil any outstanding orders, resolve disputes, or as is permitted by applicable law or regulation). Please note that due to the nature of blockchain technology, it may be technologically impossible or impractical for us to permanently delete all record of your personal data, however the Company ensures that blockchain data is encrypted (so that only the parties who have an interest in the relevant transaction can view it in legible format) and that personal data is only stored in our blockchain to the extent that it is relevant to or necessary for the relevant transaction.
9.3 For as long as we do store your data, the Company follows generally accepted industry standards and maintains reasonable safeguards to attempt to ensure the security, integrity, and privacy of the information you have provided. The Company has security measures in place designed to protect against the loss, misuse, and alteration of the information under our control. Personal data collected by the Company is stored in secure operating environments that are not available to the public. The Company maintains information behind a firewall-protected server and uses SSL encryption for personal data obtained through our site.
9.4 Notwithstanding our efforts to keep your personal data secure, no system can be 100% reliable. To the fullest extent permitted by law, we cannot be held liable for any loss you may suffer if a third party procures unauthorised access to any data you provide through the Channels. In addition, you are responsible for maintaining the strength and confidentiality of your login credentials (if any). Please also refer to the blockchain-specific disclaimer at paragraph 12.
9.5 We will notify you as soon as reasonably practicable if we have reason to believe that there has been a personal data breach by us (or your personal data held by us) which could adversely affect your rights and freedoms.
10 Links to Third Parties
10.1 Our site may link or redirect to other websites that are beyond our control. Such links or redirections are not endorsements of such websites or representation of our affiliation with them in any way and such third party websites are outside the scope of this policy.
10.2 If you access such third party websites, please ensure that you are satisfied with their respective privacy policies before you provide them with any personal data. We cannot be held responsible for the activities, privacy policies or levels of privacy compliance of any website operated by any third party.
11 IP ADDRESSES AND COOKIES
11.1 We may collect information about your computer, including where available your IP address, operating system and browser type, for system administration and to report aggregate information to our advertisers. Most of this data is statistical data about our users’ browsing actions and patterns, and does not identify any individual. Where any such data does or could identify you, we will only process that data in accordance with this policy.
11.3 A “cookie” is a small electronic file that collects information when someone visits a website. A cookie can identify the pages that are being viewed, and this can assist us to select the pages that the viewer sees. Some cookies only exist whilst viewers are online, but “persistent” cookies – which are not session-based – remain on the viewer’s computer, so that he or she can be recognised as a previous visitor when he or she next visits our website. This allows us to collect information about a viewer’s browsing habits whilst on our site, and this can be useful in assisting us to monitor and improve our services.
11.7 Please refer to our cookies policy at https://intercom.help/clicktopurchase/uk-website-policies/cookie-policy for more information.
12 BLOCKCHAIN DISCLAIMER
Our platform uses blockchain technology which provides many benefits to our database infrastructure (you can read more about that on our Information Centre). However, in using our site and platform you acknowledge and agree that:
12.1 as with any new technology, there may be certain risks in using blockchain infrastructure which are currently unknown or poorly documented and that, to the fullest extent permitted by law, the Company will not be liable for any loss of data or other loss or claim arising from any failure in the integrity or infrastructure of our database(s); and
12.2 due to the distributed nature of blockchain technology, information processed using the platform may be published to the blockchain ledger and available to view by other persons. However, as set out in paragraph 9.2, the Company has measures in place to help ensure that no personal data in a legible format is available to any person other than those who need to see it for the purposes for which it is processed.
13 CONTACT US OR LODGE A COMPLAINT
13.1 Questions, comments, requests and complaints regarding this policy or our handling of your personal data generally are welcomed and should be sent to email@example.com or Data Protection Enquiries, 2nd Floor, Titchfield House, 69-85 Tabernacle Street, London, EC2A 4RR.
13.2 You have the right to make a complaint at any time to the relevant supervisory authority for data protection issues, which in the UK is the Information Commissioner's Office (ICO) (www.ico.org.uk).