We view the correct and lawful handling of personal information as key to our success and dealings with third parties. We shall ensure that all personal information is handled correctly, lawfully and in compliance with the GDPR.
Please read the following carefully to understand how we will collect, use and maintain your personal information. This Policy also describes your choices regarding use, access and correction of your personal information.
Information we collect
We collect certain information (including personal information) relevant to the services we provide and the information will be collected and processed in accordance with this Policy. The types of information that we may collect directly from you include your name, username, email address, postal address, telephone numbers, your date of birth, your picture, transactional information (including services purchased and billing address), information collected by cookies or other tracking technologies and any other information you may choose to provide. Please be aware that the information that you choose to provide may reveal or identify information that is not expressly stated (e.g. if you choose to provide your picture, your picture may reveal your gender). We also store the files and other information that you upload or provide to us or in connection with the Fry Services in order to be able to provide you with the features and functionality of the Fry Services.
Information collected by cookies
We (including service providers who work on our behalf) use various technologies to collect information, to help personalise your online experience and in our electronic communications with you. Cookies are small data files placed on your hard drive or in device memory by a web page server. Cookies are designed to help us improve the Fry Services, customise your experience and your preferences, allow you to access and use the Fry Services without re-entering your account ID and/or password, understand which areas and features of the Fry Services are most popular and count visits. You have the ability to accept or decline cookies. If you choose to decline cookies, you may not be able to fully experience the interactive features of the site you visit.
Use of data
We may use the information collected for the limited purpose of providing the Fry Services and related functionality and services for which we have been engaged. The information may be used to perform a variety of purposes, including to:
- Provide, operate, maintain and improve the Fry Services
- Enable you to access and use the Fry Services, including uploading, downloading, collaborating on and sharing content and emails on your behalf;
- Send you technical notices, updates, security alerts and support and administrative messages;
- Provide and deliver any other services and features you may request, process and complete transactions, and send you related information, including purchase confirmations and invoices;
- Respond to your comments, questions, and requests and provide customer service and technical support;
- Communicate with you about services, features, surveys, newsletters, events and provide other news or information about us and our select partners;
- Monitor and analyse trends, usage, and activities in connection with the Fry Services and for marketing or advertising purposes;
- Investigate and prevent fraudulent transactions, unauthorised access to the Fry Services, and other illegal activities;
- Personalize and improve the Fry Services, and provide content, features, and/or advertisements that match your interests and preferences or otherwise customise your experience on the Fry Services;
- We may send you push notifications from time-to-time in order to update you about events or activities related to the Fry Services. If you no longer wish to receive these types of communications, you may turn them off at the device level. To ensure you receive proper notifications, we collect certain information about your device such as operating system and user identification information;
- Link or combine with other information we receive from third parties to help understand your needs and provide you with better service;
- Enable you to communicate, collaborate and share files with users you designate; and
- For other purposes about which we notify you.
Processing personal information
Any and all information collected by us is collected in order to ensure that we can facilitate efficient transactions with third parties including, but not limited to, our customers, partners, associates and efficiently manage our employees, contractors, agents and consultants. Your information may also be used by us in meeting any and all relevant obligations imposed by law.
Information may be disclosed within Fry and information may be passed from one department to another in accordance with this Policy. Under no circumstances will information be passed to any department or any individual within Fry that does not reasonably require access to that information with respect to the purpose(s) for which it was collected and is being processed.
You may update, correct or request deletion of your information about you at any time by emailing us at firstname.lastname@example.org. Please note that deletion may not be automatic as it is subject to applicable laws, legal obligations and legitimate business purposes.
Your access rights
You may make a request at any time to see the information we hold about you or processes on behalf of a third party. To request this information, please contact us in writing at email@example.com. Upon receipt of such request, we shall have a maximum period of 30 days within which to respond.
Retention and deletion
We will retain your information for as long as your account is active or as needed to provide the Fry Services. We will retain and use your information to comply with our legal obligations, resolve disputes and enforce our agreements. At the end of the retention period, we will delete your personal data in a manner designed to ensure that it cannot be reconstructed or read.
Information that we share
We do not share information with companies, organisations and individuals unless one of the following circumstances applies:
With your consent
We will share personal information with companies, organisations or individuals outside Fry when we have your consent to do so. We require opt-in consent for the sharing of any sensitive information.
For external processing
We may provide personal information to trusted businesses or persons to process it for us, based on a legal agreement in place, our instructions and in compliance with this Policy and any other appropriate confidentiality and security measures.
For legal reasons
We will share personal information with companies, organisations or individuals outside Fry if we have a belief in good faith that access, use, preservation or disclosure of the information is reasonably necessary to:
- meet any applicable law, regulation, legal process or enforceable governmental request.
- enforce applicable terms and conditions, including investigation of potential violations.
- detect, prevent or otherwise address fraud, security or technical issues.
We may share non-personal identifiable information (publicly and with our partners – like publishers, advertisers or connected sites. For example, we may share information publicly to show trends about the general use of any of our services).
The security of your information is very important to us. Whilst no security is completely secure, we use physical, electronic, and administrative safeguards that are designed to protect your personal information from loss, theft, misuse and unauthorised access, disclosure, alteration and destruction. In particular:
- We encrypt many of our services using SSL (secure socket layer)
- We review our information collection, storage and processing practices, including physical security measures, to guard against unauthorised access to systems
- We restrict access to personal information to our employees, contractors and agents who need to know that information in order to process it for us, and who are subject to strict contractual confidentiality obligations
In the event that your personal information is acquired, or reasonably believed to have been acquired by an unauthorised person and applicable law requires notification, we will notify you by e-mail or mail. We will give you prompt notice, consistent with the reasonable requirements of law and we will investigate to determine the scope of the breach and restore the integrity of the data system.
Transfer of your data to third countries
We have developed and implemented global data security practices designed to ensure that your personal information is appropriately protected. Please note that personal information may be transferred, accessed and stored outside of the European Economic Area (“EEA”) as necessary for the use of the Fry Services. These countries may have data protection laws that are different from the laws of your country (and, in some cases, may not be as protective). Specifically, our core servers are located in London, Dublin and Frankfurt, and our third party service providers and partners operate around the world. This means that when we collect your personal information we may process it in any of the countries where our service providers are located. However, we have taken appropriate safeguards to require that your personal information will remain protected in accordance with this Policy. These include implementing the European Commission’s Standard Contractual Clauses for transfers of personal information. The Standard Contractual Clauses are available upon request. We have implemented similar appropriate safeguards with our third party service providers and partners and further details are available upon request. By providing your personal information you consent to us transferring your personal information to third party entities that provide services to Fry.
We ask that you do not send us, and you do not share any sensitive personal information (e.g., government-issued or financial account numbers, information related to racial or ethnic origin, political opinions, religion or other beliefs, health, genetic, or biometric data, criminal background or trade union membership).
None of our services are directed to individuals under 13. We do not knowingly collect information from individuals under 13 nor promote or market our services to minors. If you believe that we have mistakenly or unintentionally collected information of a minor without appropriate consent, please notify us at firstname.lastname@example.org, so that we may immediately delete the information from our servers and make any other necessary corrections.
We may update this Policy from time to time. In the event we make any material changes that reduce your rights or our obligations under this Policy, we will post a prominent notice in this section of this Policy notifying you when it is updated.
Implementation of the policy
This Policy shall be deemed effective as of 25th May 2018. No part of this Policy shall have retroactive effect and shall thus apply only to matters occurring on or after this date.
This Policy has been approved & authorised by:
Zahid Malik, CEO
25th May 2018
|1.0||Initial draft||Melanie Davies Glover||May 2018|