The DPO Ltd trading as The DPO® (”We”) are committed to protecting and respecting your privacy. Accordingly, we are incorporate the recitals and articles of the General Data Protection Regulation (GDPR) in this Privacy Notice (“the Notice”)
For the purpose of the Data Protection Act 2018 (the Act), the data controller is The DPO Ltd 3rd Floor, Capital Tower, Greyfriars Road, Cardiff. CF10 3AZ United Kingdom.
Our nominated representative for the purpose of the Act is Philip Griffiths
INFORMATION WE COLLECT FROM YOU
We will collect and process the following data about you:
- Information you give us. This is information about you that you give us by filling in forms on our site www.thedpo.co.uk (our site) or by corresponding with us by phone, e-mail or otherwise. It includes information you provide when you register to use our site, subscribe to our service, search for a product, place an order on our site, participate in discussion boards or other social media functions on our site, promotion, survey, or self-assessment and when you report a problem with our site. The information you give us may include your name, address, e-mail address and phone number, financial and credit card information, personal description and photograph.
- Information we collect about you. With regard to each of your visits to our site we will automatically collect the following information:
(i) technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;
(ii) information about your visit, including the full Uniform Resource Locators (URL), clickstream to, through and from our site (including date and time), products you viewed or searched for’ page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page, and any phone number used to call our customer service number.
- Information we receive from other sources. This is information we receive about you if you use any of the other websites we operate or the other services we provide. In this case we will have informed you when we collected that data if we intend to share those data internally and combine it with data collected on this site. We will also have told you for what purpose we will share and combine your data. We are working closely with third parties (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies). We will notify you when we receive information about you from them and the purposes for which we intend to use that information.
THE LEGAL BASIS FOR PROCESSING
We apply the articles of the General Data Protection Regulation (GDPR) in this Privacy Notice. In the first instance we inform you that we will ensure that we have a lawful basis to each particular aspect of the processing of your personal data. Where we are processing your personal data in the performance of a contract between us or preparatory to such a contract no further consent will be required. It may be that we may further process your personal data as it is necessary in our legitimate interests to do so (except where such interests are overridden by your interests or fundamental rights). We shall undertake a three part Legitimate Interest Assessment (LIA) in order to test (i) whether such a legitimate interest exists, and (ii) to establish the necessity of processing and (iii) a balancing act to decide if a particular processing operation can rely on the legitimate interest provision in GDPR.
Consent is required for us to process special categories of personal data, but it must be explicitly given. On the rare occasions where we are asking you for sensitive personal data we will always tell you why and how the information will be used.
USES MADE OF THE INFORMATION
We use information held about you in the following ways:
- Information you give to us. We will use this information:
(i) to carry out our obligations arising from any contracts entered into between you and us and to provide you with the information, products and services that you request from us;
(ii) to provide you with information about other services we offer that are similar to those that you have already purchased or enquired about;
(iii) Where you are an existing customer, we will only contact you by electronic means (e-mail or SMS) with information about services similar to those which were the subject of a previous sale or negotiations of a sale to you.
(iv) If you are a new customer, we will contact you by electronic means only if you have consented to this or, where this was not possible due to the means of your enquiry, it is in our legitimate interests to do so. If you do not want us to use your data in this way, you have the right to object and you may do so by unsubscribing to the communication issued.
(v) to notify you about changes to our service;
(vi) to ensure that content from our site is presented in the most effective manner for you and for your computer.
- Information we collect about you. We will use this information:
(i) to administer our site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
(ii) to improve our site to ensure that content is presented in the most effective manner for you and for your computer;
(iii) to allow you to participate in interactive features of our service, when you choose to do so;
(iii) as part of our efforts to keep our site safe and secure;
(iv) to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you;
(v) to make suggestions and recommendations to you and other users of our site about services that may interest you or them.
- Information we receive from other sources. We will combine this information with information you give to us and information we collect about you. We will use this information and the combined information for the purposes set out above (depending on the types of information we receive).
DISCLOSURE OF YOUR INFORMATION
You agree that we have the right to share your personal information with:
- Any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.
- Selected third parties including:
(i) business partners, suppliers and sub-contractors for the performance of any contract we enter into with them or you;
(ii) advertisers and advertising networks that require the data to select and serve relevant adverts to you and others. We do not disclose information about identifiable individuals to our advertisers, but we will provide them with aggregate information about our users. We may also use such aggregate information to help advertisers reach the kind of audience they want to target. We may make use of the personal data we have collected from you to enable us to comply with our advertisers’ wishes by displaying their advertisement to that target audience;
(iii) analytics and search engine providers that assist us in the improvement and optimisation of our site;
(iv) credit reference agencies for the purpose of assessing your credit score where this is a condition of us entering into a contract with you.
We will disclose your personal information to third parties:
(i) In the event that we sell or buy any business or assets, in which case we will disclose your personal data to the prospective seller or buyer of such business or assets.
(ii) If The DPO Ltd or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
WHERE WE STORE YOUR PERSONAL DATA
All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted using SSL technology. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
We will store your personal data for no longer than 18 months when it shall be destroyed unless we are processing your personal data in the performance of a contract between us or preparatory to such a contract.
At any point while we are in possession of or processing your personal data, you, the data subject, have the following rights:
(i) Right of access – you have the right to request a copy of the information that we hold about you.
(ii) Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
(iii) Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records.
(iv) Right to restriction of processing – where certain conditions apply to have a right to restrict the processing.
(v) Right of portability – you have the right to have the data we hold about you transferred to another organisation.
(vi) Right to object – you have the right to object to certain types of processing such as direct marketing.
(viii) Right to object to automated processing, including profiling – you also have the right to be subject to the legal effects of automated processing or profiling.
(ix) Right to judicial review: in the event that we refuse your request under rights of access, we will provide you with a reason as to why. You have the right to complain to the Information Commissioner as outlined below
In the event that you wish to make a complaint about how your personal data is being processed by us, or how your complaint has been handled, you have the right to lodge a complaint directly with the Supervisory Authority and our data protection representative Philip Griffiths.
The Supervisory Authority is the Information Commissioner’s Office (ICO), https://ico.org.uk/concerns/handling/, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. Telephone 0303 1231113 email firstname.lastname@example.org.