Privacy Policy of caribbeanwarehouse.co.uk

This Website collects some Personal Data from its Users.

Personal Data processed for the following purposes and using the following services:

    • Advertising

      • Google AdSense

        Personal Data: Cookies; Usage Data

      • Google Ads conversion tracking, Meta ads conversion tracking (Meta pixel), Hotjar Form Analysis & Conversion Funnels and Microsoft Advertising

        Personal Data: Trackers; Usage Data

      • Jetpack

        Personal Data: Tracker; Usage Data

    • Analytics

      • Google Analytics with anonymized IP and Google Analytics

        Personal Data: Cookies; Usage Data

      • Quantcast Measure

        Personal Data: Tracker; Usage Data

      • Google Analytics Advertising Reporting Features

        Personal Data: Trackers; unique device identifiers for advertising (Google Advertiser ID or IDFA, for example); various types of Data as specified in the privacy policy of the service

      • Cloudflare Web Analytics

        Personal Data: device information; language; Usage Data

      • Google Analytics 4

        Personal Data: number of Users; session statistics; Trackers; Usage Data

      • Google Analytics Demographics and Interests reports

        Personal Data: Trackers; unique device identifiers for advertising (Google Advertiser ID or IDFA, for example)

      • Google Analytics Granular location and device data collection

        Personal Data: browser information; city; device information; number of Users; session statistics; Trackers; Usage Data

    • Contacting the User

      • Phone contact

        Personal Data: phone number

      • Mailing list or newsletter

        Personal Data: email address; first name; last name; Usage Data

    • Content commenting

      • Facebook Comments

        Personal Data: Trackers; Usage Data

    • Content performance and features testing (A/B testing)

      • Google Optimize

        Personal Data: Cookies; Usage Data

      • Google Optimize 360

        Personal Data: Trackers; Usage Data

    • Displaying content from external platforms

      • Adobe Fonts

        Personal Data: Usage Data; various types of Data as specified in the privacy policy of the service

      • Google Fonts

        Personal Data: Trackers; Usage Data

    • Heat mapping and session recording

      • Hotjar Heat Maps & Recordings

        Personal Data: Cookies; Usage Data; various types of Data as specified in the privacy policy of the service

    • Hosting and backend infrastructure

      • Cloudinary, DigitalOcean, Algolia, Google App Engine and Google BigQuery

        Personal Data: various types of Data as specified in the privacy policy of the service

    • Infrastructure monitoring

      • Bugsnag, Uptime Robot and Sentry

        Personal Data: various types of Data as specified in the privacy policy of the service

    • Interaction with external social networks and platforms

      • Facebook Like button and social widgets

        Personal Data: Cookies; Usage Data

      • X Post button and social widgets

        Personal Data: Trackers; Usage Data

    • Interaction with live chat platforms

      • Crisp Widget

        Personal Data: Cookies; Data communicated while using the service; Usage Data; various types of Data as specified in the privacy policy of the service

      • Facebook Messenger Customer Chat

        Personal Data: Cookies; Data communicated while using the service; Usage Data

    • Interaction with support and feedback platforms

      • Trustpilot

    • Managing contacts and sending messages

      • SparkPost

        Personal Data: email address; various types of Data as specified in the privacy policy of the service

      • Emarsys Email Marketing

        Personal Data: email address; first name; last name; Trackers; Usage Data

    • Managing data collection and online surveys

      • Typeform

        Personal Data: email address; first name; last name; phone number; various types of Data as specified in the privacy policy of the service

    • Managing support and contact requests

      • Freshdesk

        Personal Data: Data communicated while using the service; various types of Data as specified in the privacy policy of the service

    • Platform services and hosting

      • WordPress.com

        Personal Data: various types of Data as specified in the privacy policy of the service

    • Registration and authentication provided directly by this Website

      • Direct registration

        Personal Data: email address

    • Remarketing and behavioral targeting

      • Facebook Remarketing, Google Ads Remarketing and Remarketing with Google Analytics

        Personal Data: Cookies; Usage Data

      • Google Signals

        Personal Data: Trackers; Usage Data

    • Spam and bots protection

      • Cloudflare Bot Management

        Personal Data: app information; Application opens; browser information; browsing history; city; clicks; country; county; custom events; device information; device logs; geography/region; interaction events; IP address; keypress events; language; latitude (of city); launches; longitude (of city); metro area; motion sensor events; mouse movements; number of sessions; operating systems; page events; page views; province; scroll position; scroll-to-page interactions; search history; session duration; session statistics; state; touch events; Trackers; Usage Data; video views; ZIP/Postal code

    • Tag Management

      • Google Tag Manager

        Personal Data: Usage Data

    • Traffic optimization and distribution

      • Cloudflare

        Personal Data: Cookies; various types of Data as specified in the privacy policy of the service

      • jsDelivr CDN

        Personal Data: Usage Data

Information on opting out of interest-based advertising

In addition to any opt-out feature provided by any of the services listed in this document, Users may learn more on how to generally opt out of interest-based advertising within the dedicated section of the Cookie Policy.

Further information about the processing of Personal Data

    • Infinity

      OUR PRIVACY POLICY

      Infinity Tracking Limited (“Infinity”) is committed to protecting your personal data. This privacy policy will inform you how we look after your personal data we collect from you when you visit our website (regardless of where you visit it from), or that you provide to us and will tell you about your privacy rights and how the law protects you. By visiting our website, you are accepting and consenting to the practices described in this policy.

      PURPOSE OF THIS PRIVACY POLICY

      This privacy policy aims to give you information on how we collect and process your personal data through your use of this website, including any data you may provide through this website when you sign up to our newsletter, contact us, purchase a product or service or any other interaction etc.

      This website is not intended for children and we do not knowingly collect data relating to children.
      It is important that you read this privacy policy together with any other privacy policy or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This privacy policy supplements any such other notices and is not intended to override them.

      Infinity is the data controller of the personal information that we hold about you. Infinity complies with the requirements of the law and is registered with the Information Commissioner's Office.

      If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact the data privacy manager using the details set out below.

      Full name of legal entity: Infinity Tracking Limited
      Name or title of person to contact: Data Protection Officer
      Email address: legal@infinity.co
      Telephone number: 0808 2502 999
      Postal address: London Court, 39 London Road, Reigate, Surrey, RH2 9AQ

      You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

      Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. Personal data or personal information means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data) (this includes information relating to your name, email address, or other identifiers relating to you such as cookies).

      This policy explains how we collect, use and store the personal information you provide to us when you use our service or website. We will only use personal in accordance with the content of this policy, as amended from time to time.

      WHAT WE COLLECT

      We will collect and process the following data about you:

      Information you give us:

      This is information about you that you give us when you create an account, complete forms on our website or correspond with us by phone, e-mail or otherwise. It includes information you provide when you register to use our site, subscribe to our services and when you report a problem with our site. The information you give us may include your name, address, e-mail address and phone number, financial or credit card information etc.

      Information we collect about you:

      We automatically collect certain information when you use our website and services. In order to manage the service Infinity stores, maintains and processes information relating to your service and account, including:

      Retaining information about your contract and other information relating to your account;
      Call activity information including: call duration, inbound caller line identification (i.e. the phone number calling you), call forwarding information,
      call data/time and duration, and other information required to generate calling reports for your records and our billing purposes;
      Recording calls and retaining the call recording unless you request us to disable call recording; and,
      We also record information when you use our website relating to:
      Technical information: including the Internet protocol (IP) address used to connect your computer to the Internet, your login information and browser
      type and version;
      Information about your visit: including account activity, clickstream to, through and from our site (including date and time) and login information;
      Identity Data includes first name, last name, username or similar identifier, title;
      Contact Data includes billing address, email address and telephone numbers;
      Financial Data includes bank account and payment card details;
      Profile Data includes your username and password, purchases or orders made by you, your interests, preferences, feedback and survey
      responses;
      Usage Data includes information about how you use our website, products and services;
      Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication
      preferences.


      HOW IS YOUR PERSONAL DATA COLLECTED?

      We use different methods to collect data from and about you including through:
      Direct interactions. You may give us your Identity, Contact and Financial Data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:

      Apply for our products or services;
      Create an account on our website;
      Subscribe to our service or publications;
      Request marketing to be sent to you;
      Enter a competition, promotion or survey; or o give us some feedback.

      Automated technologies or interactions. As you interact with our website, we may automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. We may also receive Technical Data about you if you visit other websites employing our cookies. Please see our cookie policy below for further details.

      Third parties or publicly available sources. We may receive personal data about you from various third parties and public sources as set out below:

      Technical Data from the following parties: analytics providers such as Google based outside the EU; advertising networks; and search information providers.
      Contact, Financial and Transaction Data from providers of technical, payment and delivery services.
      Identity and Contact Data from data brokers or aggregators.
      Identity and Contact Data from publicly availably sources such as Companies House and the Electoral Register based inside the EU.

      WHAT WE DO WITH THE INFORMATION WE GATHER

      We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

      Information you give to us - we will use this information:

      Where we need to perform the contract we are about to enter into or have entered into with you and to provide you with the information and services that you request from us;
      To respond to an inquiry or support matter initiated by you;
      Depending on your marketing preferences, we may provide you with information about other services we offer that are similar to those
      that you have already purchased or enquired about;
      To notify you (in accordance with your marketing preferences) about notifications, updates or changes to your service or account; or o to ensure that content from our site is presented in the most effective manner for you and for your computer.
      Information we collect. We will use this information:
      To administer our site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey
      purposes;
      To improve our site to ensure that content is presented in the most effective manner for you and for your computer; o to allow you to participate in interactive features of our service, when you choose to do so; or
      As part of our efforts to keep our site safe and secure.

      PURPOSES FOR WHICH WE WILL USE YOUR PERSONAL DATA

      We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.

      Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out below.

      Purpose/Activity: To register you as a new customer
      Type of data: (a) Identity (b) Contact
      Lawful basis for processing including basis of legitimate interest: Performance of a contract with you

      Purpose/Activity: To process and deliver your order including: (a) Manage payments, fees and charges (b) Collect and recover money owed to us
      Type of data: (a) Identity (b) Contact (c) Financial (d) Transaction (e) Marketing and Communications
      Lawful basis for processing including basis of legitimate interest: (a) Performance of a contract with you (b) Necessary for our legitimate interests (to recover debts due to us)

      Purpose/Activity: To register you as a new customer
      Type of data: (a) Identity (b) Contact
      Lawful basis for processing including basis of legitimate interest: Performance of a contract with you

      Purpose/Activity: To manage our relationship with you which will include: (a) Notifying you about changes to our terms or privacy policy (b) Asking you to leave a review or take a survey
      Type of data: (a) Identity (b) Contact (c) Profile (d) Marketing and Communications
      Lawful basis for processing including basis of legitimate interest: (a) Performance of a contract with you (b) Necessary to comply with a legal obligation (c) Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services)

      Purpose/Activity: To enable you to partake in a prize draw, competition or complete a survey
      Type of data: (a) Identity (b) Contact (c) Profile (d) Usage (e) Marketing and Communications
      Lawful basis for processing including basis of legitimate interest: (a) Performance of a contract with you (b) Necessary for our legitimate interests (to study how customers use our products/services, to develop them and grow our business)

      Purpose/Activity: To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)
      Type of data: (a) Identity (b) Contact (c) Technical
      Lawful basis for processing including basis of legitimate interest: (a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise) (b) Necessary to comply with a legal obligation

      Purpose/Activity: To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you
      Type of data: (a) Identity (b) Contact (c) Profile (d) Usage (e) Marketing and Communications (f) Technical
      Lawful basis for processing including basis of legitimate interest: Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy)

      Purpose/Activity: To use data analytics to improve our website, products/services, marketing, customer relationships and experiences
      Type of data: (a) Technical (b) Usage
      Lawful basis for processing including basis of legitimate interest: Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)

      Purpose/Activity: TTo make suggestions and recommendations to you about goods or services that may be of interest to you
      Type of data: (a) Identity (b) Contact (c) Technical (d) Usage (e) Profile
      Lawful basis for processing including basis of legitimate interest: Necessary for our legitimate interests (to develop our products/services and grow our business)


      MARKETING

      We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising. We have established the following personal data control mechanisms:

      Promotional Offers From Us

      We may use your Identity, Contact, Technical, Usage and Profile Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you (we call this marketing).

      You will receive marketing communications from us if you have requested information from us or purchased goods or services from us or if you provided us with your details when you entered a competition or registered for a promotion and, in each case, you have not opted out of receiving that marketing.

      Third-Party Marketing

      We will get your express opt-in consent before we share your personal data with any company outside the Infinity group of companies for marketing purposes.

      Opting Out

      You can ask us or third parties to stop sending you marketing messages at any time by Contacting us at any time.
      Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of a product/service purchase, warranty registration, product/service experience or other transactions.

      HOW WE USE COOKIES

      Our website uses cookies to distinguish you from other users of our website and to improve your experience on the website. In this section of the policy you will find out what cookies are, how we use them and how you can switch them off.
      However, for the best experience on our website, we would recommend that you enable cookies in your web browser as disabling our cookies may mean that not all the functions on the website can work properly.

      What is a cookie?

      A cookie is a small file which asks permission to be placed on your computer's hard drive. Once you agree, the file is added, and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us. By continuing to browse this site, you are agreeing to our use of cookies.

      What cookies do we use?

      We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.

      How to control or delete cookies

      You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, for the best experience on our website, we would recommend that you enable cookies in your web browser as disabling our cookies may mean that not all the functions on the website can work properly.

      DISCLOSURE OF YOUR INFORMATION

      We may have to share your personal data if one of these situations occur:

      If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to comply with our regulatory obligations. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

      In the event that we sell or buy any business or assets, in which case we will disclose your personal data to the prospective seller or buyer of such business or assets.

      If Infinity or a substantial part of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.

      We require all third parties to respect the security of your personal data

      INTERNATIONAL TRANSFERS

      We share your personal data within the Infinity group. This will involve transferring your data outside the European Economic Area (EEA).

      Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA. and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

      Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded. Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US. For further details, see European Commission: EU-US Privacy Shield.



      SECURITY

      We are committed to ensuring that your information is secure. To prevent your personal data from being accidentally lost, used or accessed in unauthorised way, altered or disclosed, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online. We will also notify you and any applicable regulator of a breach where we are legally required to do so.

      DATA RETENTION

      We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
      To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

      LINKS TO OTHER WEBSITES

      Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.

      CHANGES TO PRIVACY POLICY

      This version was last updated on May 1st, 2018 and historic versions can be obtained by contacting us.
      We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.
      If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
      Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

      YOUR LEGAL RIGHTS

      Under certain circumstances, you will have rights under data protection laws in relation to your personal data.

      For example, you have rights to:

      Request access to your personal data;
      Request correction of your personal data;
      Request erasure of your personal data;
      Object to processing of your personal data;
      Request restriction of processing your personal data;
      Request transfer of your personal data; and
      Withdraw consent

      If you wish to exercise any of the rights, please contact us at London Court, 39 London Road, Reigate, Surrey, RH2 9AQ, UK or legal@infinity.co

      If you would like a copy of the information held please write to us at the above address.

      If you also believe that any information we are holding is incorrect or incomplete, please write to or email us as soon as possible, at the above address. We will promptly correct any information found to be incorrect.

    • ResponseiQ

      Response IQ Ltd Privacy Policy
      Last updated: April 24, 2018

      https://responseiq.com/ website (the “Website”) is operated by Response IQ Ltd, company registration number 09951115 and the registered office of which is at Response IQ LTD, 124 City Road, London, EC1V 2NX (“We”, “Us” or “ResponseIQ”).
      We take your privacy very seriously and we ask that you read this Privacy Policy carefully as it contains important information on:

      - the personal information we collect about you,
      - what we do with your information, and
      - who your information might be shared with.

      Who we are
      ResponseIQ are a “data controller” for the purposes of the General Data Protection Regulation EU 2016/679 (the “GDPR”), (i.e. we are responsible for, and control the processing of, your personal information).

      What information we collect?

      Personal information provided by you

      We may collect personal information about you (such as your name, address, telephone number, payment card details etc.) when you use our Website, register with us or purchase services from us. We may also collect personal information when you contact us, send us feedback or post material to the Website.

      We may also collect information that your browser sends us whenever you visit our Website. This data may include information such as your computer’s IP address, browser type, browser version, the pages of our Website that you visit and other statistics relating to your use of the Website. This information may be collected in conjunction with third party services such as Google Analytics.

      Personal information provided by third parties

      The nature of the Services we offer means that we may receive information about you from a third-party source, such as one of our clients. We will only accept that information if we have evidence that you have consented for the personal information to be passed to us or it is passed pursuant to another legal basis under the GDPR.

      Personal information about other individuals

      If you give us information on behalf of someone else, you confirm that the other person has appointed you to act on his/her behalf and has agreed that you can:

      - give consent on his/her behalf to the processing of his/her personal data;
      - receive on his/her behalf any data protection notices; and
      - give consent to the transfer of his/her personal data abroad.

      Sensitive personal information
      It is very unlikely that we will ask you to provide sensitive personal information. If we request such information, we will explain why we are requesting it and how we intend to use it.

      Sensitive personal information includes information relating to your ethnic origin, your political opinions, your religious beliefs, whether you belong to a trade union, your physical or mental health or condition, your sexual life, and whether you have committed a criminal offence.

      We will only collect your sensitive personal information with your explicit consent.

      Monitoring and recording communications

      We may monitor and record communications with you (such as telephone conversations and emails) for the purpose of performing the Services we offer to our clients, quality assurance, training, fraud prevention and regulatory compliance.

      Sensitive personal information

      A cookie is a small text file which is placed onto your computer (or other electronic device) when you access our Website. We use cookies on this Website to:

      - keep track of any services you may wish to purchase;
      - recognise you whenever you visit this Website (this speeds up your access to the Website as you do not have to log in each time);
      - obtain information about your preferences, online movements and use of the internet;
      - carry out research and statistical analysis to help improve our content and services and to help us better understand our visitor and customer requirements and interests;
      - target our marketing and advertising campaigns more effectively by providing interest-based advertisements that are personalised to your interests; and
      - make your online experience more efficient and enjoyable.

      The information we obtain from our use of cookies will not usually contain your personal data. Although we may obtain information about your computer or other electronic device such as your IP address, your browser and/or other internet log information, this will not usually identify you personally. In certain circumstances we may collect personal information about you—but only where you voluntarily provide it (e.g. by completing an online form) or where you purchase services from us.

      In most cases we will need your consent in order to use cookies on this Website. The exception is where the cookie is essential in order for us to provide you with a service you have requested (e.g. to enable you to purchase services from us).

      There is a notice on our home page which describes how we use cookies and which also provides a link to this Privacy Policy. If you use our Website after this notification has been displayed to you, we will assume that you consent to our use of cookies for the purposes described in this Privacy Policy.

      We may work with third party suppliers who may also set cookies on our Website. These third-party suppliers are responsible for the cookies they set on our Website. If you want further information, please go to the website of the relevant third party.

      If you do not want to accept cookies, you can change your browser settings so that cookies are not accepted. If you do this, please be aware that you may lose some of the functionality of this Website. For further information about cookies and how to disable them please go to the Information Commissioner’s webpage on cookies: https://ico.org.uk/for-the-public/online/cookies/.

      How will we use the information about you?
      We collect information about you so that we can:

      - identify you and manage any accounts you hold with us;
      - process your order or carry out obligations arising from any contract(s) entered into between you and us;
      - conduct research, statistical analysis and behavioural analysis;
      - carry out customer profiling and analyse your purchasing preferences;
      - if you agree, let you know about other products or services that may be of interest to you—see ‘Marketing’ section below;
      detect and prevent fraud;
      - customise our Website and its content to your particular preferences;
      - notify you of any changes to our Website or to our services that may affect you;
      - carry out security vetting; and
      - improve our services and notify you about changes to these services.

      Marketing
      Only where you have provided us with specific, informed and unambiguous consent shall we provide you with marketing materials by the mechanism(s) you have consented to (e.g. email). We will only provide you with marketing materials relating to features that you have explicitly consented to.

      If you have consented to such receive marketing from us, you can opt out at any time. See ‘What rights do you have?’ below for further information.

      Who your information might be shared with

      We may disclose your personal data to:

      - our clients as part of the service offered, but only with your explicit consent or pursuant to another legal basis under the GDPR;
      - our service providers pursuant to strict data processing agreements that protect your personal data to the same or higher standards than we treat it;
      - law enforcement agencies in connection with any investigation to help prevent unlawful activity; and
      a court of law or regulator where we are under a duty to disclose or share your personal data in order to comply with a legal or regulatory obligation.

      Rest assured that we will never pass your information to a third party outside of the categories above without your explicit consent.

      Keeping your data secure
      We will use technical and organisational measures to safeguard your personal data, for example:

      - access to your account is controlled by a password and username that are unique to you;
      - we store your personal data on secure servers; and
      - payment details are encrypted using SSL technology (typically you will see a lock icon or green address bar (or both) in your browser when we use this technology).

      While we will use all reasonable efforts to safeguard your personal data, you acknowledge that the use of the internet is not entirely secure and for this reason we cannot guarantee the security or integrity of any personal data that are transferred from you or to you via the internet. If you have any particular concerns about your information, please contact us (see ‘How can you contact us?’ below).

      Our Website may contain links to other websites of our partners, suppliers, advertisers or other approved third parties. If you follow a link to any of these websites, please note that these websites have (or should have) their own privacy policies. We do not accept any responsibility or liability for these policies or the way in which your personal data may be treated by these third parties. We recommend you check the privacy policy of any third party before you submit any personal data to their website.

      Transfers of your information out of the EEA

      We may need to transfer your personal data to countries which are located outside the European Economic Area (“EEA”), for the purpose of providing the services to you. You may be located in a country outside of the EEA and therefore we may have no choice but to transfer your data outside of the EEA. Rest assured that any transfer of your personal data outside of the EEA will be subject to a GDPR-compliant guarantee (such as the EU-US Privacy Shield or a Model Contract Clause approved by the European Commission) that will safeguard your privacy rights and give you remedies in the unlikely event of a security breach.

      How long do we hold your data for?
      We only keep your personal data as long as necessary for the purpose for which it was obtained. After that period, we either: (1) anonymise the data if we still wish to use it for analytical purposes, or (2) pseudonymise the data if believe in good faith that we may need to process the data in the future for a legitimate purpose, or in all other cases (3) delete it completely from our servers.

      What rights do you have?

      Right to request a copy of your information
      You can request a copy of your information which we hold (this is known as a subject access request). If you would like a copy of some or it, please:

      - email, call or write to us (see ‘How can you contact us?’ below),
      - let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill will suffice), and
      - let us know the information you want a copy of, including any account or reference numbers, if you have them.

      We will acknowledge receipt of your request and will respond within thirty (30) days. We will not charge you for providing the information.

      Right to correct any mistakes in your information
      You can require us to correct any mistakes in your information which we hold free of charge. If you would like to do this, please:

      - email, call or write to us (see ‘How can you contact us?’ below),
      - let us have enough information to identify you (e.g. account number, user name, registration details), and
      - let us know the information that is incorrect and what it should be replaced with.

      We will acknowledge receipt of your request and will respond within thirty (30) days.

      Right to ask us to stop contacting you with direct marketing

      You can ask us to stop contacting you for direct marketing purposes. If you would like to do this, please:

      email, call or write to us (see ‘How can you contact us?’ below). You can also click on the ‘unsubscribe’ button at the bottom of marketing emails from us,
      let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill will suffice), and
      let us know what method of contact you are not happy with if you are unhappy with certain ways of contacting you only (for example, you may be happy for us to contact you by email but not by telephone).
      We will acknowledge receipt of your request and will respond within thirty (30) days.

      Right to erasure
      You can request that we delete all personal data relating to you free of charge. If you would like to do this, please:

      - email, call or write to us (see ‘How can you contact us?’ below), and
      - let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill will suffice), and
      - provide us with the justification for the erasure request (e.g. you are withdrawing your consent, you no longer believe that we should be processing the personal data for the original purpose for which it was obtained, the personal data is being unlawfully processed, there is a legal reason for erasure etc.).

      We will acknowledge receipt of your request and will respond within thirty (30) days.

      Right to Restrict Processing
      You can request that we restrict processing of some of your personal data. If you would like to do this, please:

      - email, call or write to us (see ‘How can you contact us?’ below), and
      - let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill will suffice), and
      - provide us with details of what personal data you would like us to restrict the processing of (e.g. where you contest the accuracy of some personal data, we shall restrict the processing of it whilst its accuracy is verified).

      We will acknowledge receipt of your request and will respond within thirty (30) days. If we agree to restrict the processing of the personal data before the thirty (30) day period, we will inform you as soon as we have put in place the restriction.

      Right to Object
      You can object to us processing any of your personal data. If you would like to do this, please:

      - email, call or write to us (see ‘How can you contact us?’ below), and
      - let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill will suffice), and
      - provide us with details of what personal data you object to us processing.

      We will acknowledge receipt of your request and will respond within thirty (30) days.

      Right to Data Portability
      You can request that be provide some or all of your personal data we hold to a third party free of charge. If you would like to do this, please:

      - email, call or write to us (see ‘How can you contact us?’ below),
      - let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill will suffice), and
      - provide us with sufficient details of the third-party entity to which you would like your data transferred.

      We will acknowledge receipt of your request and will provide your personal to the third-party entity in a commonly used machine-readable format within thirty (30) days providing you have provided us with sufficient information to do so. We will not charge you for this service.

      Rights relating to automated decision making and profiling

      We use software that automatically processes personal data for us. We ensure that processing using this software is fair and we implement all appropriate technical and organisational measures to ensure inaccuracies are minimised. If you are concerned about the use of such software, you have the right to ask for more details about the processing and request that we stop using the software to process your data. If you would like to do this, please:

      - email, call or write to us (see ‘How can you contact us?’ below),
      - let us have enough information to identify you (e.g. account number, user name, registration details), and
      - provide us with details of your concerns and the categories of personal data you believe are being processed by automated software.

      We will acknowledge receipt of your request and will respond within thirty (30) days. Please note that if the automated processing is necessary for the performance of a contract between you and us, if you request that the software is no longer used to process your data, we may not be able to provide you with services anymore.

      Right to complain to the supervisory authority
      If you are unhappy with the way in which we have dealt with a request you have made or you feel that we are not complying with this Privacy Policy in any way, you have the right to complain to the supervisory authority in the country in which you live. The supervisory authority in England and Wales is the Information Commissioners Office and details of how to contact them are available on their website: www.ico.org.uk.

      Time Extensions and Refusals

      We reserve the right to extend the time period to respond to any of the requests listed above by up to sixty (60) days where a request is complex or a large number of requests are made. If we fail to respond to you by the deadline we set, you have a right to complain to the supervisory authority or seek a judicial remedy (see – ‘Right to complain to the supervisory authority’ above).

      We may also refuse a request where there are legitimate reasons to do so. These include, but are not limited to:

      - where a request is manifestly unfounded, excessive or repetitive; or
      - where personal data is being processed:
      • in order to comply with a legal obligation;
      the public interest;
      • in the exercise or defence of a legal claim;
      • in the exercise of the right to freedom of expression and information.

      How to contact us

      Please contact us via help@responseiq.com or call +44 208 629 5280. Our Data Protection Officer is Scott Lee. If you have any questions about this Privacy Policy or the information we hold about you, we will be delighted to assist.

      Changes to this Privacy Policy
      We may change this Privacy Policy from time to time. You should check this policy occasionally to ensure you are aware of the most recent version that will apply each time you access this Website.

    • Emarsys

      1. Preamble
      As part of a separate contract and/or on the basis of separate individual assignments (hereinafter collectively referred to as the “Main Contract”), Emarsys shall provide Caribbean Warehouse with various marketing services, with particular emphasis on planning, implementing, and analysing email communication (hereinafter collectively referred to as “Services”). The Services are described in more detail in the Main Contract and in the descriptions of each respective Service.

      2. Subject Matter

      2.1. Processing of Personal Data
      This agreement (“Contract”) shall provide regulations for processing personal data which Emarsys processes on behalf of Client whilst the Services are being delivered (“Data”). Personal data means any information relating to an identified or identifiable natural person. The Data particularly include the names, e-mail addresses, and areas of interest of the recipients of Caribbean Warehouse’s e-mail newsletters.

      3. Duties of Caribbean Warehouse

      3.1. Client as controller
      Emarsys shall exclusively process the Data as part of, and for the purpose of, delivering Services for Caribbean Warehouse and in accordance with Caribbean Warehouse’s documented instructions. Emarsys shall process the personal data in no other way, and for no other purpose, unless required to do so by EU or EU Member State law to which Emarsys is subject; in such a case, Emarsys shall inform Caribbean Warehouse of that legal requirement before processing, unless that law prohibits such information on important grounds of public interest.

      3.2. Obligation to notify
      If in Caribbean Warehouse’s area of accountability, Data which has been processed by Emarsys in accordance with this Contract becomes inadvertently known to unauthorized third parties, Caribbean Warehouse shall inform Emarsys about this in due time to enable Emarsys to take necessary technical and organizational measures on its side.

      3.3. Obligation to indemnify
      If a third party (inclusive of public authorities) makes claim(s) against Emarsys and/or accuses Emarsys to be in breach of contract which is/are based on Caribbean Warehouse’s breach of its duties, the following shall apply: Caribbean Warehouse shall grant Emarsys indemnity against these claims, provide Emarsys with appropriate support for their legal defence, and indemnify Emarsys for the reasonable cost of the legal defence. The obligation to indemnify shall only be valid if Emarsys informs Caribbean Warehouse of any asserted claims in writing and without undue delay, does not make a confession or any other similar statement to that effect, and allows Caribbean Warehouse, at Caribbean Warehouse’s own expense and as far as is procedurally possible, to conduct all legal and out of court proceedings regarding the claims.

      4. Duties of Emarsys

      4.1. Obligation to inform
      Emarsys shall immediately inform Caribbean Warehouse if, in its opinion, an instruction given by Caribbean Warehouse violates applicable provisions in relation to data protection. Emarsys shall be entitled to suspend the performance of said instruction until it is confirmed or modified by Caribbean Warehouse. Emarsys is not under any obligation to carry out a legal review of the instructions. Caribbean Warehouse remains the sole controller regarding the Data, and is responsible for the legality of the Data processing and protecting the rights of the data subjects. Caribbean Warehouse shall inform the data subjects or obtain their consent with regards to the processing of Data where required.

      4.2. Obligation to Provide Support
      Emarsys shall, upon Caribbean Warehouse’s request, adequately assist Caribbean Warehouse in the event that Caribbean Warehouse is only able to fulfil its obligations towards the data subjects (particularly the obligation to provide a data subject with details regarding the processing of his/her personal data) with Emarsys’s assistance. Emarsys shall forward to Caribbean Warehouse data subject requests directed to Emarsys. Emarsys shall also, upon Caribbean Warehouse’s request, assist Caribbean Warehouse in ensuring its compliance regarding the security of personal data (security of processing, notification of a personal data breach to the supervisory authority, communication of a personal data breach to the data subject) as well as a potentially necessary data protection impact assessment and prior consultations, in each case taking into account the nature of processing and the information available to Emarsys.

      4.3. Rectifying, deleting, and blocking
      Should personal data need to be rectified, deleted, or blocked, Caribbean Warehouse shall undertake this themselves by using the corresponding functions available in the software provided. If this is not possible, Emarsys shall take on the tasks of rectifying, deleting, and blocking, following the instructions from Caribbean Warehouse. Item 7.2 applies to the deletion of the Data at the end of the contract term.

      4.4. Location of Data processing
      The Data shall be processed solely in the European Union (EU) and/or in the member states which are included in the agreement covering the European Economic Area (EEA), provided that Caribbean Warehouse has not permitted Emarsys to process the Data in a country outside of the EU and the EEA in this Contract or in any other manner.

      4.5. Data protection officer
      Emarsys shall have a designated data protection officer. Emarsys shall provide its data protection officer’s contact details to Caribbean Warehouse upon request.

      4.6. Confidentiality of the Data
      Emarsys shall familiarize its employees who are assigned with the task of processing personal data with the regulatory provisions of data protection, and shall commit them in writing to maintaining confidentiality and data secrecy. This obligation of secrecy especially applies to persons assigned with the task of processing data, and for data relating to legal bodies or an association, and shall continue to apply for Emarsys even after the employment is terminated.

      4.7. Obligation to notify
      If Client Data becomes known to unauthorized third parties in an unlawful manner, i.e. in breach of applicable data protection laws, this Contract, or instructions given by Caribbean Warehouse, Emarsys must immediately inform Caribbean Warehouse of this.

      4.8. Technical and organizational measures
      Taking into account the state of the technology, the costs of implementation, and the nature, scope, context, and purposes of processing, as well as the risk of varying likelihood and severity for the rights and freedoms of persons, Emarsys shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk. Furthermore, Emarsys shall take steps to ensure that any person acting under its authority who has access to the personal Data does not process it except on instructions from Caribbean Warehouse, unless he or she is required to do so by EU or EU Member State law.

      4.8.1. Pseudonymisation And Encryption Of Personal Data
      Measures implemented my Emarsys which generally prevent unauthorized processing of personal data: data cannot be read, copied, altered, or removed without authorization during processing or utilization and after being saved (including encryption processes):

      4.8.1. Personal data are encrypted when transmitted.
      To the extent reasonably possible (without preventing the rendering of the agreed services) personal data are anonymized and/or pseudonymized by hashing or reference to a database whether personal data are stored.


      4.9. Obligation to indemnify
      If a third party (inclusive of public authorities) makes claim(s) against Caribbean Warehouse and/or accuses Caribbean Warehouse to be in breach of contract which is/are based on Emarsys’s breach of its duties, the following shall apply: Emarsys shall grant Caribbean Warehouse indemnity against these claims, provide Caribbean Warehouse with appropriate support for their legal defense, and indemnify Caribbean Warehouse for the reasonable cost of the legal defence. The obligation to indemnify shall only be valid if Caribbean Warehouse informs Emarsys of any asserted claims in writing and without undue delay, does not make a confession or any other similar statement to that effect, and allows Emarsys, at Emarsys’s own expense and as far as is procedurally possible, to conduct all legal and out of court proceedings regarding the claims.

      5. Caribbean Warehouse’s right to carry out audits

      5.1. Certification
      Emarsys must use an information security management system that is certified according to ISO 27001 during the term of this Contract, and shall provide proof of same upon request.

      5.2. Audits
      To the extent required, Caribbean Warehouse is permitted to audit (or to have another auditor, mandated by Caribbean Warehouse, audit) Emarsys’s compliance with: a) the legal regulations in relation to data protection, b) the contractual agreements made by the parties and c) Caribbean Warehouse’s instructions. Emarsys shall contribute to such audits and make available to Caribbean Warehouse all information necessary to demonstrate its compliance. Caribbean Warehouse must give at least two weeks written notice prior to carrying out audits at Emarsys’s business
      premises. The audits shall be carried out by Caribbean Warehouse during the normal business hours, and without causing a significant disruption to business operations. Each party shall cover its own costs of, or in connection with, audits.

      5.3. Legitimate interests of Emarsys
      If by carrying out the audits Emarsys’s trade and business secrets may be revealed, or intellectual property belonging to Emarsys could be compromised, Caribbean Warehouse must have the audits carried out by an independent specialist third party which is under the obligation to maintain confidentiality with respect to Emarsys.

      6. Subcontracting

      6.1. Engaging subcontractors
      Emarsys shall be authorized to engage subcontractors to process the Data if Emarsys enters into a written or electronic contract with the subcontractor regarding the processing of the Data, and the level of protection provided by said contract is equal or greater than that of this Contract, and Caribbean Warehouse gives its prior written or electronic consent to engage the subcontractor. Emarsys shall inform Caribbean Warehouse in writing or electronic form of any intended changes concerning the addition or replacement of subcontractors, thereby giving Caribbean Warehouse the opportunity to object to such changes. Caribbean Warehouse’s consent shall be deemed given if Caribbean Warehouse does not object in writing or electronic form within one month after receipt of this information.

      6.2. Liability for subcontractors
      Where a subcontractor fails to fulfil its data protection obligations, Emarsys shall remain fully liable to Caribbean Warehouse for the performance of that subcontractor's obligations.

      7. Terms of termination

      7.1. Data at the point of contract termination
      Emarsys shall delete Caribbean Warehouse’s Data from its data storage media and destroy any relevant documentation it holds, 30 days after the Main Contract has ended, provided that Emarsys is not legally obliged to continue storing it. Caribbean Warehouse shall be responsible for exporting the Data in a timely manner before the end of this period, and to save it for its own continued use. Caribbean Warehouse shall separately commission and remunerate Emarsys for Data that is published or exported in such a way that is not covered by the services included in the standard functions (e.g. downloading files).

      7.2. Backup copies
      The above obligation to delete shall not apply to copies of the Data which are included in regularly created back-up copies of Emarsys’s comprehensive data sets, which would require Emarsys to invest significant resources to achieve an isolated deletion, and which will be automatically deleted or replaced after a maximum of 14 days as part of the back-up cycle that Emarsys applies. Until the automatic deletion or replacement occurs, any recovery or other use of such copies is prohibited after the termination of this Contract. Caribbean Warehouse may request Emarsys delete such backup copies immediately if Caribbean Warehouse reimburses Emarsys for the reasonable costs which are incurred by this; this also includes compensation for the incurred working hours of Emarsys’s personnel.

    • Selling goods and services online

      The Personal Data collected are used to provide the User with services or to sell goods, including payment and possible delivery.
      The Personal Data collected to complete the payment may include the credit card, the bank account used for the transfer, or any other means of payment envisaged. The kind of Data collected by this Website depends on the payment system used.

Contact information

    • Owner and Data Controller

      Data Protection Manager, Blue Bay Travel Ltd., Unit A4 Bellringer Road, Trentham Business Quarter, Stoke-on-Trent, England (UK), ST4 8GB

      Owner contact email: gdpr@bluebaytravel.co.uk