Owner and Data Controller
Blue Bay Travel Ltd, Unit A4 Bellringer Road, Trentham Business Quarter, Stoke on Trent, ST4 8GB
Owner contact email: gdpr@bluebaytravel.co.uk
Types of Data collected
Among the types of Personal Data that this Website collects, by itself or through third parties, there are:
Cookies; Usage Data; email address; Data communicated while using the service; first name; last name; phone number; number of Users; session statistics; unique device identifiers for advertising (Google Advertiser ID or IDFA, for example); language; device information; city; browser information; ZIP/Postal code; state; province; country; county; latitude (of city); longitude (of city); metro area; geography/region; IP address; app information; device logs; operating systems; launches; number of sessions; session duration; scroll-to-page interactions; mouse movements; scroll position; keypress events; motion sensor events; touch events; video views; clicks; browsing history; search history; page views; interaction events; page events; custom events; Application opens.
Complete details on each type of Personal Data collected are provided in the dedicated sections of this privacy policy or by specific explanation texts displayed prior to the Data collection.
Personal Data may be freely provided by the User, or, in case of Usage Data, collected automatically when using this Website.
Unless specified otherwise, all Data requested by this Website is mandatory and failure to provide this Data may make it impossible for this Website to provide its services. In cases where this Website specifically states that some Data is not mandatory, Users are free not to communicate this Data without consequences to the availability or the functioning of the Service.
Users who are uncertain about which Personal Data is mandatory are welcome to contact the Owner.
Any use of Cookies – or of other tracking tools — by this Website or by the owners of third-party services used by this Website serves the purpose of providing the Service required by the User, in addition to any other purposes described in the present document and in the Cookie Policy.
Users are responsible for any third-party Personal Data obtained, published or shared through this Website.
Mode and place of processing the Data
Methods of processing
The Owner takes appropriate security measures to prevent unauthorized access, disclosure, modification, or unauthorized destruction of the Data.
The Data processing is carried out using computers and/or IT enabled tools, following organizational procedures and modes strictly related to the purposes indicated. In addition to the Owner, in some cases, the Data may be accessible to certain types of persons in charge, involved with the operation of this Website (administration, sales, marketing, legal, system administration) or external parties (such as third-party technical service providers, mail carriers, hosting providers, IT companies, communications agencies) appointed, if necessary, as Data Processors by the Owner. The updated list of these parties may be requested from the Owner at any time.
Place
The Data is processed at the Owner's operating offices and in any other places where the parties involved in the processing are located.
Depending on the User's location, data transfers may involve transferring the User's Data to a country other than their own. To find out more about the place of processing of such transferred Data, Users can check the section containing details about the processing of Personal Data.
Retention time
Unless specified otherwise in this document, Personal Data shall be processed and stored for as long as required by the purpose they have been collected for and may be retained for longer due to applicable legal obligation or based on the Users’ consent.
The purposes of processing
The Data concerning the User is collected to allow the Owner to provide its Service, comply with its legal obligations, respond to enforcement requests, protect its rights and interests (or those of its Users or third parties), detect any malicious or fraudulent activity, as well as the following:
Interaction with external social networks and platforms, Content commenting, Platform services and hosting, Displaying content from external platforms, Analytics, Traffic optimization and distribution, Hosting and backend infrastructure, Managing contacts and sending messages, Heat mapping and session recording, Remarketing and behavioral targeting, Interaction with live chat platforms, Tag Management, Advertising, Managing data collection and online surveys, Registration and authentication provided directly by this Website, Spam and bots protection, Managing support and contact requests, Contacting the User and Infrastructure monitoring.
For specific information about the Personal Data used for each purpose, the User may refer to the section “Detailed information on the processing of Personal Data”.
Detailed information on the processing of Personal Data
Personal Data is collected for the following purposes and using the following services:
-
Advertising
This type of service allows User Data to be utilized for advertising communication purposes. These communications are displayed in the form of banners and other advertisements on this Website, possibly based on User interests.
This does not mean that all Personal Data are used for this purpose. Information and conditions of use are shown below.
Some of the services listed below may use Trackers for identifying Users, behavioral retargeting i.e. displaying ads tailored to the User’s interests and behavior, or to measure ads performance. For more information, please check the privacy policies of the relevant services.
Services of this kind usually offer the possibility to opt out of such tracking. In addition to any opt-out feature offered by any of the services below, Users may learn more on how to generally opt out of interest-based advertising within the dedicated section "How to opt-out of interest-based advertising" in this document.
Meta ads conversion tracking (Meta pixel) (Meta Platforms, Inc.)
Meta ads conversion tracking (Meta pixel) is an analytics service provided by Meta Platforms, Inc. that connects data from the Meta Audience Network with actions performed on this Website. The Meta pixel tracks conversions that can be attributed to ads on Facebook, Instagram and Meta Audience Network.
Personal Data processed: Trackers; Usage Data.
Place of processing: United States – Privacy Policy – Opt out.
Microsoft Advertising (Microsoft Corporation)
Microsoft Advertising is an advertising service provided by Microsoft Corporation.
Personal Data processed: Tracker; Usage Data.
Place of processing: United States – Privacy Policy – Opt Out.
Google Ads conversion tracking
Google Ads conversion tracking is an analytics service provided by Google LLC or by Google Ireland Limited, depending on how the Owner manages the Data processing, that connects data from the Google Ads advertising network with actions performed on this Website.
Personal Data processed: Trackers; Usage Data.
Place of processing: United States – Privacy Policy; Ireland – Privacy Policy.
-
Analytics
The services contained in this section enable the Owner to monitor and analyze web traffic and can be used to keep track of User behavior.
Google Analytics (Universal Analytics) with anonymized IP (Google Inc.)
Google Analytics (Universal Analytics) is a web analysis service provided by Google Inc. (“Google”). Google utilizes the Data collected to track and examine the use of this Website, to prepare reports on its activities and share them with other Google services.
Google may use the Data collected to contextualize and personalize the ads of its own advertising network.
This integration of Google Analytics anonymizes your IP address. It works by shortening Users' IP addresses within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the complete IP address be sent to a Google server and shortened within the US.
In order to understand Google's use of Data, consult Google's partner policy.
Personal Data processed: Cookies; Usage Data.
Place of processing: United States – Privacy Policy – Opt Out.
Google Analytics (Universal Analytics) (Google LLC)
Google Analytics (Universal Analytics) is a web analysis service provided by Google LLC (“Google”). Google utilizes the Data collected to track and examine the use of this Website, to prepare reports on its activities and share them with other Google services.
Google may use the Data collected to contextualize and personalize the ads of its own advertising network.
In order to understand Google's use of Data, consult Google's partner policy.
Personal Data processed: Tracker; Usage Data.
Place of processing: United States – Privacy Policy – Opt Out.
Google Analytics 4
Google Analytics 4 is a web analysis service provided by Google LLC or by Google Ireland Limited, depending on how the Owner manages the Data processing, (“Google”). Google utilizes the Data collected to track and examine the use of this Website, to prepare reports on its activities and share them with other Google services.
Google may use the Data collected to contextualize and personalize the ads of its own advertising network.
In Google Analytics 4, IP addresses are used at collection time and then discarded before Data is logged in any data center or server. Users can learn more by consulting Google’s official documentation.
In order to understand Google's use of Data, consult Google's partner policy.
Personal Data processed: number of Users; session statistics; Trackers; Usage Data.
Place of processing: United States – Privacy Policy – Opt Out; Ireland – Privacy Policy – Opt Out.
Google Analytics Demographics and Interests reports
Google Analytics Demographics and Interests reports is a Google Advertising Reporting feature that makes available demographic and interests Data inside Google Analytics for this Website (demographics means age and gender Data).
Users can opt out of Google's use of cookies by visiting Google's Ads Settings.
Personal Data processed: Trackers; unique device identifiers for advertising (Google Advertiser ID or IDFA, for example).
Place of processing: United States – Privacy Policy – Opt Out; Ireland – Privacy Policy – Opt Out.
Cloudflare Web Analytics (Cloudflare, Inc.)
Cloudflare Web Analytics is an anonymized analytics service provided by Cloudflare, Inc. that gives the Owner insight into the use of this Website by Users without needing to identify them. Further information may be found here and within the service's privacy policy.
Personal Data processed: device information; language; Usage Data.
Place of processing: United States – Privacy Policy.
Google Analytics Advertising Reporting Features
Google Analytics on this Website has Advertising Reporting Features activated, which collects additional information from the DoubleClick cookie (web activity) and from device advertising IDs (app activity). It allows the Owner to analyze specific behavior and interests Data (traffic Data and Users' ads interaction Data) and, if enabled, demographic Data (information about the age and gender).
Users can opt out of Google's use of cookies by visiting Google's Ads Settings.
Personal Data processed: Trackers; unique device identifiers for advertising (Google Advertiser ID or IDFA, for example); various types of Data as specified in the privacy policy of the service.
Place of processing: United States – Privacy Policy – Opt Out; Ireland – Privacy Policy – Opt Out.
Google Analytics Granular location and device data collection
Google Analytics on this Website has granular data collection activated which collects location and device data on a per-region basis. It allows the Owner to create and analyze User reports that rely on those metrics.
Personal Data processed: browser information; city; device information; number of Users; session statistics; Trackers; Usage Data.
Place of processing: United States – Privacy Policy; Ireland – Privacy Policy.
-
Contacting the User
Mailing list or newsletter (this Website)
By registering on the mailing list or for the newsletter, the User’s email address will be added to the contact list of those who may receive email messages containing information of commercial or promotional nature concerning this Website. Your email address might also be added to this list as a result of signing up to this Website or after making a purchase.
Personal Data processed: country; email address; first name; last name; phone number; Trackers; Usage Data; ZIP/Postal code.
-
Content commenting
Content commenting services allow Users to make and publish their comments on the contents of this Website.
Depending on the settings chosen by the Owner, Users may also leave anonymous comments. If there is an email address among the Personal Data provided by the User, it may be used to send notifications of comments on the same content. Users are responsible for the content of their own comments.
If a content commenting service provided by third parties is installed, it may still collect web traffic data for the pages where the comment service is installed, even when Users do not use the content commenting service.
Facebook Comments (Facebook, Inc.)
Facebook Comments is a content commenting service provided by Facebook, Inc. enabling the User to leave comments and share them on the Facebook platform.
Personal Data processed: Cookies; Usage Data.
Place of processing: United States – Privacy Policy.
-
Displaying content from external platforms
This type of service allows you to view content hosted on external platforms directly from the pages of this Website and interact with them.
This type of service might still collect web traffic data for the pages where the service is installed, even when Users do not use it.
Google Fonts (Google Inc.)
Google Fonts is a typeface visualization service provided by Google Inc. that allows this Website to incorporate content of this kind on its pages.
Personal Data processed: Usage Data; various types of Data as specified in the privacy policy of the service.
Place of processing: United States – Privacy Policy.
Adobe Fonts (Adobe Systems Incorporated)
Adobe Fonts is a typeface visualization service provided by Adobe Systems Incorporated that allows this Website to incorporate content of this kind on its pages.
Personal Data processed: Usage Data; various types of Data as specified in the privacy policy of the service.
Place of processing: United States – Privacy Policy.
-
Heat mapping and session recording
Heat mapping services are used to display the areas of a page where Users most frequently move the mouse or click. This shows where the points of interest are. These services make it possible to monitor and analyze web traffic and keep track of User behavior.
Some of these services may record sessions and make them available for later visual playback.
Hotjar Heat Maps & Recordings (Hotjar Ltd.)
Hotjar is a session recording and heat mapping service provided by Hotjar Ltd.
Hotjar honors generic „Do Not Track” headers. This means the browser can tell its script not to collect any of the User's data. This is a setting that is available in all major browsers. Find Hotjar’s opt-out information here.
Personal Data processed: Cookies; Usage Data; various types of Data as specified in the privacy policy of the service.
Place of processing: Malta – Privacy Policy – Opt Out.
-
Hosting and backend infrastructure
This type of service has the purpose of hosting Data and files that enable this Website to run and be distributed as well as to provide a ready-made infrastructure to run specific features or parts of this Website.
Some of these services work through geographically distributed servers, making it difficult to determine the actual location where the Personal Data are stored.
Cloudinary (Cloudinary Ltd.)
Cloudinary is a hosting service provided by Cloudinary Ltd.
Personal Data processed: various types of Data as specified in the privacy policy of the service.
Place of processing: Israel – Privacy Policy.
DigitalOcean (DigitalOcean Inc.)
DigitalOcean is a hosting service provided by DigitalOcean Inc.
Personal Data processed: various types of Data as specified in the privacy policy of the service.
Place of processing: United States – Privacy Policy; United Kingdom – Privacy Policy.
Google BigQuery
Google BigQuery is a hosting and backend service provided by Google LLC or by Google Ireland Limited, depending on how the Owner manages the Data processing.
Personal Data processed: various types of Data as specified in the privacy policy of the service.
Place of processing: United States – Privacy Policy; Ireland – Privacy Policy.
Google App Engine (Google LLC)
Google App Engine is a hosting service provided by Google LLC.
Personal Data processed: various types of Data as specified in the privacy policy of the service.
Place of processing: United Kingdom – Privacy Policy.
Algolia (Algolia SAS)
Algolia is a hosting and backend service provided by Algolia SAS.
Personal Data processed: various types of Data as specified in the privacy policy of the service.
Place of processing: France – Privacy Policy.
-
Infrastructure monitoring
This type of service allows this Website to monitor the use and behavior of its components so its performance, operation, maintenance and troubleshooting can be improved.
Which Personal Data are processed depends on the characteristics and mode of implementation of these services, whose function is to filter the activities of this Website.
Bugsnag (Bugsnag Inc.)
Bugsnag is a monitoring service provided by Bugsnag Inc.
Personal Data processed: various types of Data as specified in the privacy policy of the service.
Place of processing: United States – Privacy Policy.
-
Interaction with external social networks and platforms
This type of service allows interaction with social networks or other external platforms directly from the pages of this Website.
The interaction and information obtained through this Website are always subject to the User’s privacy settings for each social network.
This type of service might still collect traffic data for the pages where the service is installed, even when Users do not use it.
It is recommended to log out from the respective services in order to make sure that the processed data on this Website isn’t being connected back to the User’s profile.
Twitter Tweet button and social widgets (X Corp.)
The Twitter Tweet button and social widgets are services allowing interaction with the Twitter social network provided by Twitter, Inc.
Personal Data processed: Cookies; Usage Data.
Place of processing: United States – Privacy Policy.
Facebook Like button and social widgets (Facebook, Inc.)
The Facebook Like button and social widgets are services allowing interaction with the Facebook social network provided by Facebook, Inc.
Personal Data processed: Cookies; Usage Data.
Place of processing: United States – Privacy Policy.
-
Interaction with live chat platforms
This type of service allows Users to interact with third-party live chat platforms directly from the pages of this Website, for contacting and being contacted by this Website support service.
If one of these services is installed, it may collect browsing and Usage Data in the pages where it is installed, even if the Users do not actively use the service. Moreover, live chat conversations may be logged.
Crisp Widget (Crisp IM SARL)
The Crisp Widget is a service for interacting with the Crisp live chat platform provided by Crisp IM SARL.
Personal Data processed: Cookies; Data communicated while using the service; Usage Data; various types of Data as specified in the privacy policy of the service.
Place of processing: France – Privacy Policy.
-
Managing contacts and sending messages
This type of service makes it possible to manage a database of email contacts, phone contacts or any other contact information to communicate with the User.
These services may also collect data concerning the date and time when the message was viewed by the User, as well as when the User interacted with it, such as by clicking on links included in the message.
SparkPost (Message Systems, Inc.)
SparkPost is an email address management and message sending service provided by Message Systems, Inc.
Personal Data processed: email address; various types of Data as specified in the privacy policy of the service.
Place of processing: United States – Privacy Policy.
Trustpilot Automatic Feedback Service (Trustpilot A/S)
The Trustpilot Automatic Feedback Service is a message-sending service provided by Trustpilot A/S that automates the sending of email requests for product or service reviews based on specific Users’ actions performed on this Website.
Personal Data processed: Trackers.
Place of processing: Denmark – Privacy Policy.
Emarsys Email Marketing
Emarsys Email Marketing is an email address management and message-sending service provided by SAP Emarsys eMarketing Systems GmbH or by Emarsys North America, Inc., depending on how the Owner manages the Data processing.
Personal Data processed: email address; first name; last name; Trackers; Usage Data.
Place of processing: Austria – Privacy Policy; United States – Privacy Policy.
-
Managing data collection and online surveys
This type of service allows this Website to manage the creation, deployment, administration, distribution and analysis of online forms and surveys in order to collect, save and reuse Data from any responding Users.
The Personal Data collected depend on the information asked and provided by the Users in the corresponding online form.
These services may be integrated with a wide range of third-party services to enable the Owner to take subsequent steps with the Data processed - e.g. managing contacts, sending messages, analytics, advertising and payment processing.
Typeform (TYPEFORM S.L)
Typeform is a form builder and data collection platform provided by TYPEFORM S.L.
Personal Data processed: email address; first name; last name; phone number.
Place of processing: Spain – Privacy Policy.
-
Managing support and contact requests
This type of service allows this Website to manage support and contact requests received via email or by other means, such as the contact form.
The Personal Data processed depend on the information provided by the User in the messages and the means used for communication (e.g. email address).
Freshdesk (Freshworks, Inc.)
Freshdesk is a support and contact request management service provided by Freshworks, Inc.
Personal Data processed: Data communicated while using the service; various types of Data as specified in the privacy policy of the service.
Place of processing: United States – Privacy Policy.
-
Platform services and hosting
These services have the purpose of hosting and running key components of this Website, therefore allowing the provision of this Website from within a unified platform. Such platforms provide a wide range of tools to the Owner – e.g. analytics, user registration, commenting, database management, e-commerce, payment processing – that imply the collection and handling of Personal Data.
Some of these services work through geographically distributed servers, making it difficult to determine the actual location where the Personal Data are stored.
WordPress.com (Automattic Inc.)
WordPress.com is a platform provided by Automattic Inc. that allows the Owner to build, run and host this Website.
Personal Data processed: various types of Data as specified in the privacy policy of the service.
Place of processing: United States – Privacy Policy.
-
Registration and authentication provided directly by this Website
By registering or authenticating, Users allow this Website to identify them and give them access to dedicated services. The Personal Data is collected and stored for registration or identification purposes only. The Data collected are only those necessary for the provision of the service requested by the Users.
Direct registration (this Website)
The User registers by filling out the registration form and providing the Personal Data directly to this Website.
Personal Data processed: email address.
-
Remarketing and behavioral targeting
This type of service allows this Website and its partners to inform, optimize and serve advertising based on past use of this Website by the User.
This activity is facilitated by tracking Usage Data and by using Trackers to collect information which is then transferred to the partners that manage the remarketing and behavioral targeting activity.
Some services offer a remarketing option based on email address lists.
In addition to any opt-out feature provided by any of the services below, Users may opt out by visiting the Network Advertising Initiative opt-out page.
Users may also opt-out of certain advertising features through applicable device settings, such as the device advertising settings for mobile phones or ads settings in general.
Google Ads Remarketing (Google LLC)
Google Ads Remarketing is a remarketing and behavioral targeting service provided by Google LLC that connects the activity of this Website with the Google Ads advertising network and the DoubleClick Cookie.
Users can opt out of Google's use of cookies for ads personalization by visiting Google's Ads Settings.
Personal Data processed: Cookies; Usage Data.
Place of processing: United States – Privacy Policy – Opt Out.
Facebook Remarketing (Facebook, Inc.)
Facebook Remarketing is a remarketing and behavioral targeting service provided by Facebook, Inc. that connects the activity of this Website with the Facebook advertising network.
Personal Data processed: Cookies; Usage Data.
Place of processing: United States – Privacy Policy – Opt Out.
Google Signals
This Website uses Google Signals, a feature of Google Analytics, which will associate the visitation information that it collects from this Website with Google information from accounts of signed-in Google-account users who have consented to this association for the purpose of ads personalization. This Google information may include User location, search history, YouTube history and Data from sites that partner with Google – and is used to provide aggregated and anonymized insights into Users' cross device behaviors.
If a User falls under the described association, they may access and/or delete such Data via My Activity provided by Google.
Personal Data processed: Trackers; Usage Data.
Place of processing: United States – Privacy Policy – Opt Out; Ireland – Privacy Policy – Opt Out.
-
Spam and bots protection
This type of service analyzes the traffic of this Website, potentially containing Users' Personal Data, with the purpose of filtering it from unwanted parts of traffic, messages and content that are recognized as spam or protecting it from malicious bots activities.
Cloudflare Bot Management (Cloudflare, Inc.)
Cloudflare Bot Management is a malicious bot protection and management service provided by Cloudflare, Inc.
Personal Data processed: app information; Application opens; browser information; browsing history; city; clicks; country; county; custom events; device information; device logs; geography/region; interaction events; IP address; keypress events; language; latitude (of city); launches; longitude (of city); metro area; motion sensor events; mouse movements; number of sessions; operating systems; page events; page views; province; scroll position; scroll-to-page interactions; search history; session duration; session statistics; state; touch events; Trackers; Usage Data; video views; ZIP/Postal code.
Place of processing: United States – Privacy Policy.
-
Tag Management
This type of service helps the Owner to manage the tags or scripts needed on this Website in a centralized fashion.
This results in the Users' Data flowing through these services, potentially resulting in the retention of this Data.
Google Tag Manager (Google LLC)
Google Tag Manager is a tag management service provided by Google LLC.
Personal Data processed: Usage Data.
Place of processing: United States – Privacy Policy.
-
Traffic optimization and distribution
This type of service allows this Website to distribute their content using servers located across different countries and to optimize their performance.
Which Personal Data are processed depends on the characteristics and the way these services are implemented. Their function is to filter communications between this Website and the User's browser.
Considering the widespread distribution of this system, it is difficult to determine the locations to which the contents that may contain Personal Information of the User are transferred.
Cloudflare (Cloudflare)
Cloudflare is a traffic optimization and distribution service provided by Cloudflare Inc.
The way Cloudflare is integrated means that it filters all the traffic through this Website, i.e., communication between this Website and the User's browser, while also allowing analytical data from this Website to be collected.
Personal Data processed: Cookies; various types of Data as specified in the privacy policy of the service.
Place of processing: United States – Privacy Policy.
jsDelivr (Prospect One Sp. z o.o. sp. k.)
jsDelivr is a traffic optimization and distribution service provided by Prospect One Sp. z o.o. sp. k.
Personal Data processed: Usage Data.
Place of processing: Poland – Privacy Policy.
Information on opting out of interest-based advertising
In addition to any opt-out feature provided by
any of the services listed in this document, Users may learn more on
how to generally opt out of interest-based advertising within the
dedicated section of the Cookie Policy.
Further information about the processing of Personal Data
-
ResponseIQ
Response IQ Ltd Privacy Policy
Last updated: April 24, 2018
https://responseiq.com/ website (the “Website”) is operated by Response IQ Ltd, company registration number 09951115 and the registered office of which is at Response IQ LTD, 124 City Road, London, EC1V 2NX (“We”, “Us” or “ResponseIQ”).
We take your privacy very seriously and we ask that you read this Privacy Policy carefully as it contains important information on:
- the personal information we collect about you,
- what we do with your information, and
- who your information might be shared with.
Who we are
ResponseIQ are a “data controller” for the purposes of the General Data Protection Regulation EU 2016/679 (the “GDPR”), (i.e. we are responsible for, and control the processing of, your personal information).
What information we collect?
Personal information provided by you
We may collect personal information about you (such as your name, address, telephone number, payment card details etc.) when you use our Website, register with us or purchase services from us. We may also collect personal information when you contact us, send us feedback or post material to the Website.
We may also collect information that your browser sends us whenever you visit our Website. This data may include information such as your computer’s IP address, browser type, browser version, the pages of our Website that you visit and other statistics relating to your use of the Website. This information may be collected in conjunction with third party services such as Google Analytics.
Personal information provided by third parties
The nature of the Services we offer means that we may receive information about you from a third-party source, such as one of our clients. We will only accept that information if we have evidence that you have consented for the personal information to be passed to us or it is passed pursuant to another legal basis under the GDPR.
Personal information about other individuals
If you give us information on behalf of someone else, you confirm that the other person has appointed you to act on his/her behalf and has agreed that you can:
- give consent on his/her behalf to the processing of his/her personal data;
- receive on his/her behalf any data protection notices; and
- give consent to the transfer of his/her personal data abroad.
Sensitive personal information
It is very unlikely that we will ask you to provide sensitive personal information. If we request such information, we will explain why we are requesting it and how we intend to use it.
Sensitive personal information includes information relating to your ethnic origin, your political opinions, your religious beliefs, whether you belong to a trade union, your physical or mental health or condition, your sexual life, and whether you have committed a criminal offence.
We will only collect your sensitive personal information with your explicit consent.
Monitoring and recording communications
We may monitor and record communications with you (such as telephone conversations and emails) for the purpose of performing the Services we offer to our clients, quality assurance, training, fraud prevention and regulatory compliance.
Sensitive personal information
A cookie is a small text file which is placed onto your computer (or other electronic device) when you access our Website. We use cookies on this Website to:
- keep track of any services you may wish to purchase;
- recognise you whenever you visit this Website (this speeds up your access to the Website as you do not have to log in each time);
- obtain information about your preferences, online movements and use of the internet;
- carry out research and statistical analysis to help improve our content and services and to help us better understand our visitor and customer requirements and interests;
- target our marketing and advertising campaigns more effectively by providing interest-based advertisements that are personalised to your interests; and
- make your online experience more efficient and enjoyable.
The information we obtain from our use of cookies will not usually contain your personal data. Although we may obtain information about your computer or other electronic device such as your IP address, your browser and/or other internet log information, this will not usually identify you personally. In certain circumstances we may collect personal information about you—but only where you voluntarily provide it (e.g. by completing an online form) or where you purchase services from us.
In most cases we will need your consent in order to use cookies on this Website. The exception is where the cookie is essential in order for us to provide you with a service you have requested (e.g. to enable you to purchase services from us).
There is a notice on our home page which describes how we use cookies and which also provides a link to this Privacy Policy. If you use our Website after this notification has been displayed to you, we will assume that you consent to our use of cookies for the purposes described in this Privacy Policy.
We may work with third party suppliers who may also set cookies on our Website. These third-party suppliers are responsible for the cookies they set on our Website. If you want further information, please go to the website of the relevant third party.
If you do not want to accept cookies, you can change your browser settings so that cookies are not accepted. If you do this, please be aware that you may lose some of the functionality of this Website. For further information about cookies and how to disable them please go to the Information Commissioner’s webpage on cookies: https://ico.org.uk/for-the-public/online/cookies/.
How will we use the information about you?
We collect information about you so that we can:
- identify you and manage any accounts you hold with us;
- process your order or carry out obligations arising from any contract(s) entered into between you and us;
- conduct research, statistical analysis and behavioural analysis;
- carry out customer profiling and analyse your purchasing preferences;
- if you agree, let you know about other products or services that may be of interest to you—see ‘Marketing’ section below;
detect and prevent fraud;
- customise our Website and its content to your particular preferences;
- notify you of any changes to our Website or to our services that may affect you;
- carry out security vetting; and
- improve our services and notify you about changes to these services.
Marketing
Only where you have provided us with specific, informed and unambiguous consent shall we provide you with marketing materials by the mechanism(s) you have consented to (e.g. email). We will only provide you with marketing materials relating to features that you have explicitly consented to.
If you have consented to such receive marketing from us, you can opt out at any time. See ‘What rights do you have?’ below for further information.
Who your information might be shared with
We may disclose your personal data to:
- our clients as part of the service offered, but only with your explicit consent or pursuant to another legal basis under the GDPR;
- our service providers pursuant to strict data processing agreements that protect your personal data to the same or higher standards than we treat it;
- law enforcement agencies in connection with any investigation to help prevent unlawful activity; and
a court of law or regulator where we are under a duty to disclose or share your personal data in order to comply with a legal or regulatory obligation.
Rest assured that we will never pass your information to a third party outside of the categories above without your explicit consent.
Keeping your data secure
We will use technical and organisational measures to safeguard your personal data, for example:
- access to your account is controlled by a password and username that are unique to you;
- we store your personal data on secure servers; and
- payment details are encrypted using SSL technology (typically you will see a lock icon or green address bar (or both) in your browser when we use this technology).
While we will use all reasonable efforts to safeguard your personal data, you acknowledge that the use of the internet is not entirely secure and for this reason we cannot guarantee the security or integrity of any personal data that are transferred from you or to you via the internet. If you have any particular concerns about your information, please contact us (see ‘How can you contact us?’ below).
Our Website may contain links to other websites of our partners, suppliers, advertisers or other approved third parties. If you follow a link to any of these websites, please note that these websites have (or should have) their own privacy policies. We do not accept any responsibility or liability for these policies or the way in which your personal data may be treated by these third parties. We recommend you check the privacy policy of any third party before you submit any personal data to their website.
Transfers of your information out of the EEA
We may need to transfer your personal data to countries which are located outside the European Economic Area (“EEA”), for the purpose of providing the services to you. You may be located in a country outside of the EEA and therefore we may have no choice but to transfer your data outside of the EEA. Rest assured that any transfer of your personal data outside of the EEA will be subject to a GDPR-compliant guarantee (such as the EU-US Privacy Shield or a Model Contract Clause approved by the European Commission) that will safeguard your privacy rights and give you remedies in the unlikely event of a security breach.
How long do we hold your data for?
We only keep your personal data as long as necessary for the purpose for which it was obtained. After that period, we either: (1) anonymise the data if we still wish to use it for analytical purposes, or (2) pseudonymise the data if believe in good faith that we may need to process the data in the future for a legitimate purpose, or in all other cases (3) delete it completely from our servers.
What rights do you have?
Right to request a copy of your information
You can request a copy of your information which we hold (this is known as a subject access request). If you would like a copy of some or it, please:
- email, call or write to us (see ‘How can you contact us?’ below),
- let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill will suffice), and
- let us know the information you want a copy of, including any account or reference numbers, if you have them.
We will acknowledge receipt of your request and will respond within thirty (30) days. We will not charge you for providing the information.
Right to correct any mistakes in your information
You can require us to correct any mistakes in your information which we hold free of charge. If you would like to do this, please:
- email, call or write to us (see ‘How can you contact us?’ below),
- let us have enough information to identify you (e.g. account number, user name, registration details), and
- let us know the information that is incorrect and what it should be replaced with.
We will acknowledge receipt of your request and will respond within thirty (30) days.
Right to ask us to stop contacting you with direct marketing
You can ask us to stop contacting you for direct marketing purposes. If you would like to do this, please:
email, call or write to us (see ‘How can you contact us?’ below). You can also click on the ‘unsubscribe’ button at the bottom of marketing emails from us,
let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill will suffice), and
let us know what method of contact you are not happy with if you are unhappy with certain ways of contacting you only (for example, you may be happy for us to contact you by email but not by telephone).
We will acknowledge receipt of your request and will respond within thirty (30) days.
Right to erasure
You can request that we delete all personal data relating to you free of charge. If you would like to do this, please:
- email, call or write to us (see ‘How can you contact us?’ below), and
- let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill will suffice), and
- provide us with the justification for the erasure request (e.g. you are withdrawing your consent, you no longer believe that we should be processing the personal data for the original purpose for which it was obtained, the personal data is being unlawfully processed, there is a legal reason for erasure etc.).
We will acknowledge receipt of your request and will respond within thirty (30) days.
Right to Restrict Processing
You can request that we restrict processing of some of your personal data. If you would like to do this, please:
- email, call or write to us (see ‘How can you contact us?’ below), and
- let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill will suffice), and
- provide us with details of what personal data you would like us to restrict the processing of (e.g. where you contest the accuracy of some personal data, we shall restrict the processing of it whilst its accuracy is verified).
We will acknowledge receipt of your request and will respond within thirty (30) days. If we agree to restrict the processing of the personal data before the thirty (30) day period, we will inform you as soon as we have put in place the restriction.
Right to Object
You can object to us processing any of your personal data. If you would like to do this, please:
- email, call or write to us (see ‘How can you contact us?’ below), and
- let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill will suffice), and
- provide us with details of what personal data you object to us processing.
We will acknowledge receipt of your request and will respond within thirty (30) days.
Right to Data Portability
You can request that be provide some or all of your personal data we hold to a third party free of charge. If you would like to do this, please:
- email, call or write to us (see ‘How can you contact us?’ below),
- let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill will suffice), and
- provide us with sufficient details of the third-party entity to which you would like your data transferred.
We will acknowledge receipt of your request and will provide your personal to the third-party entity in a commonly used machine-readable format within thirty (30) days providing you have provided us with sufficient information to do so. We will not charge you for this service.
Rights relating to automated decision making and profiling
We use software that automatically processes personal data for us. We ensure that processing using this software is fair and we implement all appropriate technical and organisational measures to ensure inaccuracies are minimised. If you are concerned about the use of such software, you have the right to ask for more details about the processing and request that we stop using the software to process your data. If you would like to do this, please:
- email, call or write to us (see ‘How can you contact us?’ below),
- let us have enough information to identify you (e.g. account number, user name, registration details), and
- provide us with details of your concerns and the categories of personal data you believe are being processed by automated software.
We will acknowledge receipt of your request and will respond within thirty (30) days. Please note that if the automated processing is necessary for the performance of a contract between you and us, if you request that the software is no longer used to process your data, we may not be able to provide you with services anymore.
Right to complain to the supervisory authority
If you are unhappy with the way in which we have dealt with a request you have made or you feel that we are not complying with this Privacy Policy in any way, you have the right to complain to the supervisory authority in the country in which you live. The supervisory authority in England and Wales is the Information Commissioners Office and details of how to contact them are available on their website: www.ico.org.uk.
Time Extensions and Refusals
We reserve the right to extend the time period to respond to any of the requests listed above by up to sixty (60) days where a request is complex or a large number of requests are made. If we fail to respond to you by the deadline we set, you have a right to complain to the supervisory authority or seek a judicial remedy (see – ‘Right to complain to the supervisory authority’ above).
We may also refuse a request where there are legitimate reasons to do so. These include, but are not limited to:
- where a request is manifestly unfounded, excessive or repetitive; or
- where personal data is being processed:
• in order to comply with a legal obligation;
the public interest;
• in the exercise or defence of a legal claim;
• in the exercise of the right to freedom of expression and information.
How to contact us
Please contact us via help@responseiq.com or call +44 208 629 5280. Our Data Protection Officer is Scott Lee. If you have any questions about this Privacy Policy or the information we hold about you, we will be delighted to assist.
Changes to this Privacy Policy
We may change this Privacy Policy from time to time. You should check this policy occasionally to ensure you are aware of the most recent version that will apply each time you access this Website.
Cookie Policy
This Website uses Trackers. To learn more, Users may consult the Cookie Policy.
Legal basis of processing
The Owner may process Personal Data relating to Users if one of the following applies:
- Users have given their consent for one or more specific purposes.
- provision of Data is necessary for the performance of an agreement with the User and/or for any pre-contractual obligations thereof;
- processing is necessary for compliance with a legal obligation to which the Owner is subject;
- processing is related to a task that is carried out in the public interest or in the exercise of official authority vested in the Owner;
- processing is necessary for the purposes of the legitimate interests pursued by the Owner or by a third party.
In any case, the Owner will gladly help to clarify the specific legal basis that applies to the processing, and in particular whether the provision of Personal Data is a statutory or contractual requirement, or a requirement necessary to enter into a contract.
Further information about retention time
Unless specified otherwise in this document, Personal Data shall be processed and stored for as long as required by the purpose they have been collected for and may be retained for longer due to applicable legal obligation or based on the Users’ consent.
Therefore:
- Personal Data collected for purposes related to the performance of a contract between the Owner and the User shall be retained until such contract has been fully performed.
- Personal Data collected for the purposes of the Owner’s legitimate interests shall be retained as long as needed to fulfill such purposes. Users may find specific information regarding the legitimate interests pursued by the Owner within the relevant sections of this document or by contacting the Owner.
The Owner may be allowed to retain Personal Data for a longer period whenever the User has given consent to such processing, as long as such consent is not withdrawn. Furthermore, the Owner may be obliged to retain Personal Data for a longer period whenever required to fulfil a legal obligation or upon order of an authority.
Once the retention period expires, Personal Data shall be deleted. Therefore, the right of access, the right to erasure, the right to rectification and the right to data portability cannot be enforced after expiration of the retention period.
The rights of Users based on the General Data Protection Regulation (GDPR)
Users may exercise certain rights regarding their Data processed by the Owner.
In particular, Users have the right to do the following, to the extent permitted by law:
- Withdraw their consent at any time. Users have the right to withdraw consent where they have previously given their consent to the processing of their Personal Data.
- Object to processing of their Data. Users have the right to object to the processing of their Data if the processing is carried out on a legal basis other than consent.
- Access their Data. Users have the right to learn if Data is being processed by the Owner, obtain disclosure regarding certain aspects of the processing and obtain a copy of the Data undergoing processing.
- Verify and seek rectification. Users have the right to verify the accuracy of their Data and ask for it to be updated or corrected.
- Restrict the processing of their Data. Users have the right to restrict the processing of their Data. In this case, the Owner will not process their Data for any purpose other than storing it.
- Have their Personal Data deleted or otherwise removed. Users have the right to obtain the erasure of their Data from the Owner.
- Receive their Data and have it transferred to another controller. Users have the right to receive their Data in a structured, commonly used and machine readable format and, if technically feasible, to have it transmitted to another controller without any hindrance.
- Lodge a complaint. Users have the right to bring a claim before their competent data protection authority.
Users are also entitled to learn about the legal basis for Data transfers abroad including to any international organization governed by public international law or set up by two or more countries, such as the UN, and about the security measures taken by the Owner to safeguard their Data.
Details about the right to object to processing
Where Personal Data is processed for a public interest, in the exercise of an official authority vested in the Owner or for the purposes of the legitimate interests pursued by the Owner, Users may object to such processing by providing a ground related to their particular situation to justify the objection.
Users must know that, however, should their Personal Data be processed for direct marketing purposes, they can object to that processing at any time, free of charge and without providing any justification. Where the User objects to processing for direct marketing purposes, the Personal Data will no longer be processed for such purposes. To learn whether the Owner is processing Personal Data for direct marketing purposes, Users may refer to the relevant sections of this document.
How to exercise these rights
Any requests to exercise User rights can be directed to the Owner through the contact details provided in this document. Such requests are free of charge and will be answered by the Owner as early as possible and always within one month, providing Users with the information required by law. Any rectification or erasure of Personal Data or restriction of processing will be communicated by the Owner to each recipient, if any, to whom the Personal Data has been disclosed unless this proves impossible or involves disproportionate effort. At the Users’ request, the Owner will inform them about those recipients.
Additional information about Data collection and processing
Legal action
The User's Personal Data may be used for legal purposes by the Owner in Court or in the stages leading to possible legal action arising from improper use of this Website or the related Services.
The User declares to be aware that the Owner may be required to reveal personal data upon request of public authorities.
Additional information about User's Personal Data
In addition to the information contained in this privacy policy, this Website may provide the User with additional and contextual information concerning particular Services or the collection and processing of Personal Data upon request.
System logs and maintenance
For operation and maintenance purposes, this Website and any third-party services may collect files that record interaction with this Website (System logs) or use other Personal Data (such as the IP Address) for this purpose.
More details concerning the collection or processing of Personal Data may be requested from the Owner at any time. Please see the contact information at the beginning of this document.
Changes to this privacy policy
The Owner reserves the right to make changes to this privacy policy at any time by notifying its Users on this page and possibly within this Website and/or - as far as technically and legally feasible - sending a notice to Users via any contact information available to the Owner. It is strongly recommended to check this page often, referring to the date of the last modification listed at the bottom.
Should the changes affect processing activities performed on the basis of the User’s consent, the Owner shall collect new consent from the User, where required.
Definitions and legal references
Personal Data (or Data)
Any information that directly, indirectly, or in connection with other information — including a personal identification number — allows for the identification or identifiability of a natural person.
Usage Data
Information collected automatically through this Website (or third-party services employed in this Website), which can include: the IP addresses or domain names of the computers utilized by the Users who use this Website, the URI addresses (Uniform Resource Identifier), the time of the request, the method utilized to submit the request to the server, the size of the file received in response, the numerical code indicating the status of the server's answer (successful outcome, error, etc.), the country of origin, the features of the browser and the operating system utilized by the User, the various time details per visit (e.g., the time spent on each page within the Application) and the details about the path followed within the Application with special reference to the sequence of pages visited, and other parameters about the device operating system and/or the User's IT environment.
User
The individual using this Website who, unless otherwise specified, coincides with the Data Subject.
Data Subject
The natural person to whom the Personal Data refers.
Data Processor (or Processor)
The natural or legal person, public authority, agency or other body which processes Personal Data on behalf of the Controller, as described in this privacy policy.
Data Controller (or Owner)
The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data, including the security measures concerning the operation and use of this Website. The Data Controller, unless otherwise specified, is the Owner of this Website.
This Website (or this Application)
The means by which the Personal Data of the User is collected and processed.
Service
The service provided by this Website as described in the relative terms (if available) and on this site/application.
European Union (or EU)
Unless otherwise specified, all references made within this document to the European Union include all current member states to the European Union and the European Economic Area.
Cookie
Cookies are Trackers consisting of small sets of data stored in the User's browser.
Tracker
Tracker indicates any technology - e.g Cookies, unique identifiers, web beacons, embedded scripts, e-tags and fingerprinting - that enables the tracking of Users, for example by accessing or storing information on the User’s device.
Legal information
This privacy policy relates solely to this Website, if not stated otherwise within this document.