Your information – what we collect and how we use it, in detail
1. Blue Swizz Limited and its subsidiary companies (“the business”, “we” or “us”) take the protection of your privacy seriously.
We’ll only use your personal data for two reasons: 1) to deliver the products and services you’ve requested from us, and 2) to meet our legal responsibilities.
2. We’d collect personal data about you when:
- you place an order with us.
- you get in touch with us. That could be by email, phone, post, social media or through our website
3. Here’s the kind of information we might keep hold of:
- your personal details such as your name or address
- details of the communication we’ve had with you relating to the delivery or proposed delivery of a service
- details of any services and orders you’ve received from us
- our correspondence and communications with you
- information about any complaints you make (although we try to keep these to a minimum!) and any questions you ask us
- information from research, surveys and marketing activities
4. How we use personal data we hold about you
We may process your personal data:
- to help us perform the things we said we’d deliver, such as placing and shipping your orders.
- for the purposes of our own interests. And providing these interests don’t override any of your own interests, rights and freedoms which require the protection of your personal data. These interests might include marketing, business development, statistical and management purposes
- for certain additional purposes with your consent. And please bear in mind: where we ask for your consent in using your data, you have the right to withdraw this consent at any time.
We might use your personal data for more than one of these purposes at the same time.
We might use your personal data to:
- get in touch with you by post, email or telephone
- verify your identity where we need to
- understand what you need and how we can achieve this
- maintain our records in accordance with legal and regulatory obligations
- process financial transactions
- provide you with information on our services, events and activities that we think you’ll be interested in – you’ll have needed to provide your consent for us to send you information on these
- ask you your thoughts and opinions on the services we provide
- let you know about any changes to our services
- prevent and detect crime, fraud and corruption.
5. How long do we keep your personal data?
We’ll hang on to personal data after we have used it, as set out below.
When assessing how long we keep your personal data, we think about:
- the requirements of our business and the services we provide
- any statutory or legal obligations
- the reason why we originally collected the personal data
- the lawful grounds on which we base our processing
- the types of personal data we’ve collected
- the amount and categories of your personal data
- whether the purpose of the processing could reasonably be fulfilled in other ways.
We’ll keep your data for six years too – even if we stop working with you
Legislation, regulations and our professional indemnity insurers ask us to retain your data after we’ve stopped acting for you. The period of data retention varies but it’s typically five or six years. So, we keep it for six just to make sure. Where we can, we measure how long we keep the data from the end of the accounting period to which it relates.
6. Where there’s a change of purpose
If we need to use your data for another purpose other than the reason we collected it, we’ll only do this if the new purpose is compatible with the original one.
If we think it’s necessary to use your personal data for a new purpose, we’ll let you know and tell you about the legal side of things before we start any new processing of your data.
7. Who has access to your personal data?
We won’t sell or rent your information to third parties.
We won’t share your information with third parties for marketing purposes.
Any of our people with access to your information have a duty of confidentiality. These fall under the ethical standards, which we’re all required to follow.
8. People (or “Third Party Service Providers”) working on our behalf
In some cases, we use other people (or what we call “third party service providers”) to deliver professional advice and cloud-based information storage facilities.
Whenever we use third party service providers, we disclose only the personal information that’s necessary to deliver the service. We also have a contract in place that requires them to keep your information secure and not to use it for their own purposes.
All of our third party service providers are required to take commercially reasonable and appropriate security measures to protect your personal data.
We’ll not release your information to other third parties unless you’ve requested that we do so, or we’re required to do so by law. For example, by a court order or for the purposes of prevention and detection of crime, fraud or corruption.
9. Security measures in place to prevent the loss, misuse or alteration of your personal data
We’ve put security measures in place to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way. We also limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They’ll only process your personal data on our instructions and they’re subject to a duty of confidentiality.
We’ve put procedures in place to deal with any suspected data security breaches. If this happens, we’ll notify you and any applicable regulator of a suspected breach where we’re legally required to do so.
Your data will usually be processed in our offices in the UK. However, to allow us to operate efficient digital processes, we sometimes need to store information in servers located outside the UK. When we do this, your data remains within the European Economic Area (EEA). We’d never transfer your data to somewhere outside the EEA.
10. Your duty to inform us of changes in your personal data
It’s important that the personal data we hold about you is accurate and current. If it changes, please let us know of any changes of which we need to be made aware by getting in touch using the contact details below.
11. Your rights in connection with personal data
Under certain circumstances, by law you have the right to:
- ask for access to your personal data. You can have access to all the personal data we hold about you and you can check that we’re processing it lawfully
- ask us to correct the personal data that we hold about you
- ask us to delete your personal data. This means we’ll remove personal data where there’s no good reason for us to continue to process it. You also have the right to ask us to delete or remove your personal data where you’ve objected to us processing it (see below)
- object to us processing your personal data where we’re relying on a legitimate interest of ours or a third party, and you have a situation which makes you want to object to us processing your data. You also have the right to object on these grounds when it comes to direct marketing purposes
- ask for the restriction of the processing of your personal data. This means you can ask us to suspend the processing of personal data about you
- ask for the transfer of your personal data to you or another data controller if the processing is based on consent, carried out by automated means and this is technically possible.
If you wish to exercise any of these rights, please get in touch with us. Our contact details are below.
It’s worth mentioning: you won’t have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. It’s not like us, but we might even decline to comply with the request in such circumstances.
Also, to confirm your identity, we might need to request specific information from you. This is to ensure your right to access the information or to exercise any of your other rights, and to make sure your personal information isn’t disclosed to anyone who has no right to receive it.
12. Your right to withdraw consent
You have the right to withdraw your consent for us to collect, process and transfer your data at any time. This applies to specific circumstances too, where you might’ve provided your consent. To withdraw your consent, please get in touch using the contact details below.
Once we’ve received notification that you’ve withdrawn your consent, we’ll no longer process your personal data for the purpose or purposes you originally agreed to. That’s unless we have another legitimate basis for doing so.
13. Changes to this privacy notice
We keep this privacy notice under regular review and will place any updates on our website at www.blueswizz.com/privacy-policy.html. You can get paper copies of this privacy notice by sending an email to email@example.com
This privacy notice was last updated on 16 March 2019.
14. Contact details
If you have any questions regarding this notice or if you’d like to speak to us about how we process your personal data, please email us at firstname.lastname@example.org
You also have the right, at any time, to make a complaint to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues. Here are the ICO’s contact details:
Information Commissioner’s Office
Telephone: (0303) 123 1113 (local rate) or (01625) 545 745