1) Particularly Important Information
Who we are: For the purpose of applicable data protection legislation, the data controller of your personal data is Bounce Forward, charity number 1170591. Registered address Summit House, 170 Finchley Road, London, NW3 6BP. Our data protection officer is Lucy Bailey. In simple terms, this means that we: (i) “control” your personal data, including making sure that it is kept secure; and (ii) make certain decisions on how to use and protect your personal data, but only to the extent that we have informed you about the use or are otherwise permitted by law.
Must Read Sections: We draw your attention in particular to the sections entitled “International Data Transfer” and “Your Rights.”
Changes to this Policy: We keep this Policy under regular review and will post any modifications or changes to the Policy on our Site. This Policy was last updated on 18 May 2018. If we make any change(s) to the Policy, we will post a notice on our Site prior to such changes(s) taking effect.
2) Purposes of Processing
What is Personal Data?
We collect information about you in a range of forms, including personal data. As used in this Policy, “personal data” is as defined in Regulation (EU) 2017/679 (the General Data Protection Regulation) and any successor legislation, this includes any information which, either alone or in combination with other information we hold about you, identifies you as an individual, including, for example, your name, postal address, email address, date of birth, passport details, employment information and telephone number.
Why do we need your Personal Data?
We will only process your personal data in accordance with applicable data protection and privacy laws. We need certain personal data in order to provide you with access to the Site. We will also use the personal information you provide us with for the following purposes, and pursuant to the corresponding legal bases:
Purpose: To enter into, and perform, contracts with you that you have requested.
Legal Basis: Contractual necessity
Purpose: To enter into, and perform, training and support that you have requested.
Legal Basis: Legitimate interest
Purpose: To improve our Site and the products and services that we offer and notify you about changes to our services.
Legal Basis: Legitimate interest Purpose: To respond to requests for information submitted by you through our Site.
Legal Basis: Legitimate interest
Purpose: To keep a record of your relationship with us.
Legal Basis: Legitimate interest
Please note that we may process your personal data for more than one lawful basis depending on the specific purpose for which we are using your data.
Additionally, we will use your personal information to keep you informed of our products and services based on our legitimate interest where we have an existing relationship with you and we wish to contact you about products and services similar to those which we provide you, in which you may be interested.
No automated decision making, including profiling, is used when processing your personal information.
For the purposes of this section:
“Legitimate interest” means the interest of our business in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
“Contractual necessity” means processing your personal data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.
If you created a profile/registered with us, you will have been asked to tick to agree to provide this information in order to access our services and view our content. This consent provides us with the legal basis we require under applicable law to process your data. You maintain the right to withdraw such consent at any time. If you do not agree to our use of your personal data in line with this Policy, please do not use our Site. It is important that the personal data we hold about you is accurate and up-to-date. Please keep us informed if your personal data changes during your relationship with us.
3) Collecting Your Personal Data
We collect information about you in the following ways:
Information You Give Us
This can include:
- the personal data you provide if you register to use our Site including your name, postal address, email address, telephone number, username, password, medical information, dietary requirements and demographic information (such as your gender);
- the personal data you provide when you make a booking or enquiry through our Site;
- the personal data you provide when you correspond with us by phone, email or otherwise;
- the personal data that may be contained in any video, comment or other submissions you upload or post to the Site, via any social channels you may use;
- the personal data you provide when you report a problem with our Site or when we provide you with customer support; and
- the personal data you provide in connection with a rewards program or other promotions we run on the Site.
Information from Social Networking Sites. Our Site include(s) interfaces that allow you to connect with social networking sites (Facebook, Twitter, Instagram and YouTube) (each a “SNS”). If you connect to a SNS through our Site, you authorise us to access, use and store the information that you agreed the SNS could provide to us based on your settings on that SNS. We will access, use and store that information in accordance with this Policy. You can revoke our access to the information you provide in this way at any time by amending the appropriate settings from within your account settings on the applicable SNS.
Information We Get from Others
We may also get information about you from other sources, for example, if you have agreed to share information with one of our partners we may add this to information we get from our Site.
Information Automatically Collected
We automatically log information about you and your computer or mobile device when you access our Site. For example, when visiting our Site, we log your computer or mobile device operating system name and version, manufacturer and model, browser type, browser language, screen resolution, the website you visited before browsing to our Site, pages you viewed, how long you spent on a page, access times and information about your use of and actions on our Site. We collect this information about you using cookies. Please refer to the sections on cookies below.
What are Cookies?
We may collect information using “cookies.” Cookies are small data files stored on the hard drive of your computer or mobile device by a website. We may use both session cookies (which expire once you close your web browser) and persistent cookies (which stay on your computer or mobile device until you delete them) to provide you with a more personal and interactive experience on our Site.
We use two broad categories of cookies: (1) first party cookies, served directly by us to your computer or mobile device, which are used only by us to recognize your computer or mobile device when it revisits our Site; and (2) third party cookies, which are served by service providers on our Site, and can be used by such service providers to recognise your computer or mobile device when it visits other websites.
Cookies We Use
Our Site uses the following types of cookies for the purposes set out below:
Essential Cookies– These cookies are essential to provide you with services available through our Site and to enable you to use some of its features. For example, they allow you to log in to secure areas of our Site and help the content of the pages you request load quickly. Without these cookies, the services that you have asked for cannot be provided, and we only use these cookies to provide you with those services.
Functionality Cookies– These cookies allow our Site to remember choices you make when you use our Site, such as remembering your language preferences, remembering your login details and remembering the changes you make to other parts of our Site which you can customise. The purpose of these cookies is to provide you with a more personal experience and to avoid you having to re-enter your preferences every time you visit our Site.
Analytics & Performance Cookies – These cookies are used to collect information about traffic to our Site and how users use our Site. The information gathered does not identify any individual visitor. The information is aggregated and anonymous. [It includes the number of visitors to our Site, the websites that referred them to our Site, the pages they visited on our Site, what time of day they visited our Site, whether they have visited our Site before, and other similar information. We use this information to help operate our Site more efficiently, to gather broad demographic information and to monitor the level of activity on our Site.
Social Media Cookies– These cookies are used when you share information using a social media sharing button or “like” button on our Site or you link your account or engage with our content on or through a social networking website such as Facebook, Twitter or Google+. The social network will record that you have done this.
You can typically remove or reject cookies via your browser settings. In order to do this, follow the instructions provided by your browser (usually located within the “settings,” “help” “tools” or“edit” facility). Many browsers are set to accept cookies until you change your settings.
Further information about cookies, including how to see what cookies have been set on your computer or mobile device and how to manage and delete them, visit www.allaboutcookies.org and www.youronlinechoices.com.uk.If you do not accept our cookies, you may experience some inconvenience in your use of our Site. For example, we may not be able to recognise your computer or mobile device and you may need to log in every time you visit our Site.
We may use other companies to serve third-party advertisements when you visit and use the Site. These companies may collect and use click stream information, browser type, time and date, subject of advertisements clicked or scrolled over during your visits to the Site and other websites in order to provide advertisements about goods and services likely to be of interest to you. These companies typically use tracking technologies to collect this information. Other companies’ use of their tracking technologies is subject to their own privacy policies and we accept no responsibility for their use of such tracking technologies.
In order to serve offers and advertisements that may interest you, we may display targeted advertisements on the Site, or other digital properties or applications in conjunction with our content based on information provided to us by our users and information provided to us by third parties that they have independently collected. We do not provide personal data to advertisers when you interact with an advertisement.
Your Ad Choices
Some of the third-party services providers and/or advertisers may be members of the Network European Interactive Digital Advertising Alliance (“EDAA”) Self-Regulatory Program for Online Behavioural Advertising. To learn more, visit http://www.edaa.eu/edaa-for-users
which provides information regarding targeted advertising and the “opt-out” procedures of EDAA members.
We may, from time to time, offer certain location or pinpoint based services, such as location assisted navigation instruction. If you elect to use such location-based services, we must periodically receive your location in order to provide such location-based services to you. By using the location-based services, you authorise us to: (i) locate your hardware; (ii) record, compile and display your location; and (iii) publish your location to third parties designated by you by means of location publication controls available within the applications (for example, settings, user preferences). As part of the location-based services, we may also collect and store certain information about the users who elect to use such location-based services, such as a device ID. This information will be used to provide you with the location-based services. We may use third-party providers to help provide such location-based services through mobile systems and we may make information available to such providers to enable them to provide their location-based services, provided that such third-party providers may use the information only in accordance with this Policy.
6) Using Your Personal Data
We may use your personal data as follows:
7) Sharing Your Personal Data
- to operate, maintain, and improve our Site, products, and services;
- to manage your account, including to communicate with you regarding your account, if you have an account on our Site;
- to operate and administer our rewards program and other promotions you participate in on our Site;to respond to your comments and questions and to provide customer service;
- to send information including technical notices, updates, security alerts, and support and administrative messages;
- with your consent, to send you marketing e-mails about upcoming promotions, and other news, including information about products and services offered by us and our affiliates. You may opt-out of receiving such information at any time: such marketing emails tell you how to “opt-out.” Please note, even if you opt out of receiving marketing emails, we may still send you non-marketing emails. Non-marketing emails include emails about your account with us (if you have one) and our business dealings with you;
- to process payments you make via our Site;to link or combine user information with other personal data;
- as we believe necessary or appropriate (a) to comply with applicable laws; (b) to comply with lawful requests and legal process, including to respond to requests from public and government authorities; (c) to enforce our Policy; and (d) to protect our rights, privacy, safety or property, and/or that of you or others; and as described in the “Sharing of your Personal Data” section below.
We may share your personal data as follows:
- Third Parties Designated by You. We share your personal data with third parties where you have provided your consent to do so.
- Our Third-Party Service Providers. We share your personal data with our third-party service providers who provide services such as data analysis, payment processing, information technology and related infrastructure provision, customer service, email delivery, auditing and other similar services.
- We share some or all of your personal data with our affiliates.
- Corporate Restructuring. We will also share personal data if we do a business deal, or negotiate a business deal, involving the sale or transfer of all or a part of our business or assets. These deals can include any merger, financing, acquisition, or bankruptcy transaction or proceeding.
- Other Disclosures. We will also share personal data as we believe necessary or appropriate: (a) to comply with applicable laws; (b) to comply with lawful requests and legal process, including to respond to requests from public and government authorities to meet national security or law enforcement requirements; (c) to enforce our Policy; and (d) to protect our rights, privacy, safety or property, and/or that of you or others.
We will require that any third party that provides a service to or for us, which involves the processing of your personal data:
- enters into an agreement with us and meets our standards for data security;
- does not use your personal information for any purpose other than the clearly defined purpose relating to the service that such party is providing;
- treats your personal information as confidential; and
- holds your personal information securely and retains it only for such period of time as we instruct.
When we use the term “anonymous data,” we are referring to data and information that does not permit you to be identified or identifiable, either alone or when combined with any other information available to a third party.
We may create anonymous data from the personal data we receive about you and other individuals whose personal data we collect. Anonymous data might include analytics information and information collected by us using cookies. We make personal data into anonymous data by excluding information (such as your name) that makes the data personally identifiable to you. We use this anonymous data to analyse usage patterns in order to make improvements to our Site.
8) Third Party Sites
Our Site may contain links to third-party websites and features (for example Twitter, Facebook, Instagram and YouTube). This Policy does not cover the privacy practices of such third parties. These third parties have their own privacy policies and we do not accept any responsibility or liability for their websites, features or policies. Please read their privacy policies before you submit any data to them.
9) User-Generated Content
You may share personal data with us when you submit user generated content to our Site, including via our rewards program, forums, message boards and blogs on our Site. Please note that any information you post or disclose on our Site will become public information, and will be available to other users of our Site and to the general public. We urge you to be very careful when deciding to disclose your personal data, or any other information, on our Site. Such personal data and other information will not be private or confidential once it is published on our Site.
If you provide feedback to us, we may use and disclose such feedback on our Site, provided we do not associate such feedback with your personal data. If you have provided your consent to do so, we may post your first and last name along with your feedback on our Site. We will collect any information contained in such feedback and will treat the personal data in it in accordance with this Policy.
10) International Data Transfer
Your information, including personal data that we collect from you, may be transferred to, stored at and processed by us and our affiliates, outside the country in which you reside, including, but not limited to the United States, where data protection and privacy regulations may not offer the same level of protection as in other parts of the world. By using our Site, you agree to this transfer, storing or processing. We will take all steps necessary to ensure that your data is treated securely and in accordance with this Policy and have appropriate safeguarding measures (under the terms of the EU controller to controller model contract clauses) in place to ensure this.
We are committed to protecting the personal information you entrust to us, and to that end, we employ appropriate organisational, technical and administrative measures to protect personal data within our organisation. Unfortunately, no transmission or storage system can be guaranteed to be completely secure, and transmission of information via the internet is not completely secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any account you might have with us has been compromised), please immediately notify us of the problem by contacting us using the details in Section 16 below.
We also train and instruct our employees that all personal information must be handled in accordance with this Policy and applicable privacy and data protection laws, and any misuse by employees is subject to disciplinary action.
We limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. We also train and instruct our employees that all personal data must be handled in accordance with this Policy and applicable privacy and data protection laws, and any misuse by employees is subject to disciplinary action.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
We will only retain your personal data as long reasonably required for you to use the Site until you close your account unless a longer retention period is required or permitted by law (for example for regulatory purposes). To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.
13) Our Policy on Children
Although our work is youth-oriented, our Site is not primarily directed at children under 16 and we do not knowingly collect or solicit personal information from anyone under the age of 16. If a parent or guardian becomes aware that his or her child has provided us with information without their consent, he or she should contact us on firstname.lastname@example.org
. We will delete such information from our files as soon as reasonably practicable.
14) Sensitive Personal Data
We do not collect any special category personal data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
Subject to the following paragraph, we ask that you not send us, and you do not disclose, any sensitive personal data including the categories set out in the paragraph above on or through the Site or otherwise to us.
If you send or disclose any sensitive personal data to us when you submit user generated content to our Site, you consent to our processing and use of such sensitive personal data in accordance with this Policy. If you do not consent to our processing and use of such sensitive personal data, you must not submit such user-generated content to our Site.
15) Your Rights
To the extent that you reside in the European Union, or EU data privacy legislation applies to you, you have the right to access the personal information we hold about you, and there are, subject to certain limitations, a number of ways you can control the way in which and what information we store and process about you. We have explained these individual rights and controls below. To exercise these rights and controls, please email email@example.com
Access – you may access the information we hold about you at any time via your profile/account or by contacting us directly. Access will be provided free of charge (subject to certain situations where we may charge a small “reasonable fee”).
Correction– you can also contact us to update or correct any inaccuracies in your personal data.
Erase and forget– in certain situations, for example, when the information we hold about you is no longer relevant or is incorrect, you can request that we erase your data (subject to any legal obligations for us to retain it).
Restrictions on use – you may request that we stop processing your personal information (other than storing it): (i) whilst its accuracy is verified; (ii) if the processing is illegal; (iii) if the processing is no longer necessary for the purposes for which it was collected; or (iv) if you object to the processing and we are verifying whether our legitimate grounds to process your personal information override your own rights.
Object – you have the right to object to processing, including: (i) for direct marketing (see “Opt-out “below”); (ii) for research or statistical purposes; and/or (iii) where processing is based on legitimate interests.
Withdrawal of consent– if you previously gave us your consent to process your personal information for a particular purpose, you may withdraw that consent at any time. If you do not do so, we may continue to rely upon that previous consent to keep using and processing your personal information in the same way.
Portability– f you wish to transfer your personal data to another organisation (and certain conditions are satisfied), you may ask us to do so, and we will send it directly if we have the technical means.
Opt-out –you may contact us anytime to opt-out of (i) direct marketing communications; (ii) automated decision-making and/or profiling; (iii) our collection of sensitive personal data; (iv) any new processing of your personal data that we may carry out beyond the original purpose; or (v) the transfer of your personal data outside the EEA. Please note that your use of some of the Site may be ineffective upon opt-out. In your request, please make clear: (i) what personal data is concerned; and (ii) which of the above rights you would like to enforce. For your protection, we may only implement requests with respect to the personal data associated with the particular email address that you use to send us your request, and we may need to verify your identity before implementing your request. We will try to comply with your request as soon as reasonably practicable and in any event, within one month of your request. Please note that we may need to retain certain information for recordkeeping purposes and/or to complete any transactions that you began prior to requesting such change or deletion.
We are committed to resolving any complaints about our collection or use of your personal data. If you would like to make a complaint regarding this Policy or our practices in relation to your personal data, please contact us at firstname.lastname@example.org
We will reply to your complaint as soon as we can and in any event, within 45 days. We hope to resolve any complaint brought to our attention, however, if you feel that your complaint has not been adequately resolved, you reserve the right to contact your local data protection supervisory authority, which for the UK, is the Information Commissioner’s Office.
17) Contact Information
We welcome your comments or questions about this Policy. You may contact us in writing at email@example.com
or to our communications address 23 Heath drive, Ware, Hertfordshire, SG12 0RE.
18) Employee Personal Data
How to Thrive commits to cooperate with the panel established by the EU data protection authorities (DPAs) and comply with the advice given by the panel with regard to human resources data transferred from the EU in the context of the employment relationship. Please contact us to be directed to the relevant DPA contacts.