Personal data we collect
We may collect, use, store and transfer different kinds of personal data about you as follows:
Special Categories of Personal Data
We do not collect any “Special Categories of Personal Data” about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, data about your health, and genetic and biometric data). Nor do we collect any data about criminal convictions and offences.
Data protection principles
Spinderok adheres to the following principles when processing your personal data as data controller:
1. Lawfulness, fairness and transparency – data must be processed lawfully, fairly and in a transparent manner.
2. Purpose limitation – data must be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
3. Data minimization – data must be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
4. Accuracy – data must be accurate and, where necessary, kept up to date.
5. Storage limitation – data must be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.
6. Integrity and confidentiality – data must be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage by using appropriate technical or organizational measures.
How we collect your personal data
We use different methods to collect data from and about you including through:
How we use your personal data
We will only use your personal data if we have a legal basis for doing so. The purpose for which we use and process your personal data and the legal basis on which we carry out each type of processing is explained in the table below.
Purposes for which we will process the personal data
Generally, we do not rely on consent as a legal basis for processing your personal data although we may need your consent before sending direct marketing communications to you via email or text message. Where you provide consent, you can withdraw your consent at any time and free of charge, but without affecting the lawfulness of processing based on consent before its withdrawal. You can update your details or change your privacy preferences by contacting us.
We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising.
Promotional offers from us
We may use your Identity, Contact, Technical, Usage and Profile Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you.
You will receive marketing communications from us if you have not opted out of receiving that communications.
We will get your express opt-in consent before we share your personal data with any third party for marketing purposes.
You can ask us or third parties to stop sending you marketing messages at any time.
Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us because of a service we provide pursuant to an agreement with you or your employer.
Change of use of your personal data:
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you in a timely manner and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, where this is required or permitted by law.
If you fail to provide personal data:
Where we need to collect personal data by law, or under the terms of a contract we have with you or your employer, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you or your employer (for example, to provide you or your employer with goods or services). In this case, we may have to cancel a product or service you or your employer has with us, but we will notify you if this is the case at the time.
Disclosure of your personal data to third parties
We will share your personal data within Spinderok as necessary to carry out the purpose for which the data was supplied or collected.
Personal data will also be shared with our third-party service providers and business partners who assist with the running of this website and our services including hosting providers and email service providers. Our third-party service providers and business partners are subject to security and confidentiality obligations and are only permitted to process your personal data for specified purposes and in accordance with our instructions.
In addition, we may disclose your personal data:
Security of your personal data
We use appropriate technical and organizational security measures to protect personal data both online and offline from unauthorized use, loss, alteration or destruction. We use industry standard physical and procedural security measures to protect personal data from the point of collection to the point of destruction.
Only authorized personnel and third-party service providers are permitted access to personal data, and that access is limited by need. Where data processing is carried out on our behalf by a third party, we take steps to ensure that appropriate security measures are in place to prevent unauthorized disclosure of personal data.
However, we cannot guarantee the security of personal data transmitted over the Internet or that unauthorized persons will not obtain access to personal data. In the event of a data breach, we has put in place procedures to deal with any suspected data breach and will notify you and any applicable regulator of a breach where legally required to do so.
How long we keep your personal data
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect of our relationship with you.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
The criteria we use for retaining different types of personal data, includes the following:
In some circumstances we will make your personal data anonymous so that it can no longer be associated with you for research or statistical purposes, in which case we may use this data indefinitely without further notice to you.
This website is not intended for or directed at children under the age of 16 years, and we do not knowingly collect data relating to children under this age.
Access to and updating your personal data
You have the right to access information which we hold about you (“data subject access request”). You may also have the right to receive personal data which you have provided to us in a structured and commonly used format so that it can be transferred to another data controller (“data portability”).
The right to data portability only applies where your personal data is processed by us with your consent or for the performance of a contract and when processing is carried out by automated means. We want to make sure that your personal data is accurate and up to date. You may ask us to correct or remove information you think is inaccurate. Please keep us informed if your personal data changes during your relationship with us.
Right to object
You have the right to object at any time to our processing of your personal data for direct marketing purposes.
Where we process your personal data based on our legitimate interests
You also have the right to object, on grounds relating to your situation, at any time to processing of your personal information which is based on our legitimate interests. Where you object on this ground, we shall no longer process your personal information unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.
Your other rights
You also have the following rights under data protection laws to request that we rectify your personal data which is inaccurate or incomplete.
In certain circumstances, you have the right to:
Please note that the above rights are not absolute and we may be entitled to refuse requests, wholly or partly, where exceptions under the applicable law apply.
For example, we may refuse a request for erasure of personal data where the processing is necessary to comply with a legal obligation or necessary for the establishment, exercise or defense of legal claims. We may refuse to comply with a request for restriction if the request is manifestly unfounded or excessive.
Exercising your rights
Where we have reasonable doubts concerning the identity of the person making the request, we may request additional information necessary to confirm your identity. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made several requests. In this case, we will notify you and keep you updated.
This website may, from time to time, contain links to and from the websites of our business partners, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal information to these websites.
If you are in located in the EEA, you also have the right to complain to the relevant supervisory authority in the EEA. In the UK, this is the Information Commissioner’s Office (https://ico.org.uk/).
We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
effective April 23, 2023