Privacy Policy

Privacy Notice


Puraffinity is committed to protecting and respecting the privacy of your personal data. This privacy notice explains how your data is collected, used, transferred, and disclosed by Puraffinity. It applies to data collected when you use our websites, when you interact with us through social media, email, or phone, or when you participate in surveys, questionnaires, or any other marketing events where your personal data may be collected.

This privacy notice covers:

·     The personal data that we collect

·     How we collect your data

·     The purpose and the legal basis for collecting your data

·     How we store your data and with whom we share it

·     Your rights under GDPR

·     How we protect your data

·     Our use of third-party processors

·     Use of cookies

·     Changes to this privacy notice

·     How to contact us


1. General

Puraffinity LTD, of 58 Wood Lane, Scale Space, London, England, W12 7RZ (referred to as “Puraffinity”, “we”, “us” and “our” in this privacy notice) is what is referred to as a “Controller”. Puraffinity is responsible for your personal data collected through the www.puraffinity.com website (the “website”).


“Controllers” make decisions about processing activities. They exercise overall control of the personal data being processed and are ultimately in charge of and responsible for the security of the data and its processing.

“Processors” act on behalf of the controller and under their authority. In doing so, they serve the controller’s interests rather than their own.


A processor might wish to sub-contract all or some of the processing to another processor. We refer to such arrangements as a “sub-processor”.


The General Data Protection Regulation (referred to as “GDPR” in this notice), is a data privacy law that establishes a framework for the collection, processing, storage, and transfer of personal data. It requires that all personal data be processed securely and includes fines and penalties for businesses that do not comply with its requirements. It also provides you with rights regarding your personal data, which are explained in this notice.


Details of our Data Protection Officer responsible for overseeing questions in relation to this privacy notice, and our details are set out in the “How to Contact Us” section at the end of this notice.


2. Collection of personal data

Personal data means any information about an individual from which that person can be identified. It does not include anonymised data, where the identity and identifying information has been removed.

We will not knowingly collect any data from children under the age of 13. If you are under the age of 13, you are not permitted to use or submit your data to our website.


The following groups of personal data are collected:

·     Identity Data includes information such as: first name, last name, title, organisation, role, personal description, photo and gender.

·     Contact Data includes information such as: email address and telephone number.

·     Technical Data includes information such as: details of the device(s) you use to access our website, your internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform.

·     Profile Data includes information such as: your preferences, feedback, and survey responses.

·     Usage Data includes information such as: how and when you use our website, how you moved around it, website performance statistics, traffic, location, and other communication data.

·     Marketing and Communications Data includes information such as: your preferences in receiving marketing or other communication from us.


How we collect your personal data
We collect personal data about you when you interact with us in the following ways:

  • Direct interactions – you may give us your Identity, Contact, Profile and Marketing Communications data (as described above) by filling in forms on the website or by corresponding with us by post, telephone, or email.
  • Automated technologies or interactions - as you interact with our website, we may automatically collect the following types of data (all as described above): Technical Data about your equipment, Usage Data about your browsing actions and patterns. We collect this data by using cookies, server logs and other similar technologies.
  • Third parties - we may collect Identity and Contact data about you (as described above) when interacting with us using a third-party source such as Facebook or LinkedIn.


Purpose and lawfulness of processing
We will only collect and process your personal data where we have a legal basis to do so. As a data controller, the legal basis for our collection and use of your personal data varies depending on the manner and purpose for which we collected it.


We will only collect personal data from you when:

  • we have your consent to do so, or
  • we need your personal data to perform a contract that we have with you, or
  • the processing is in our legitimate interests and not overridden by your rights, or
  • we have a legal obligation to collect or disclose personal data from you.

                                   

Personal data that is processed with the purpose of aggregated analysis or market research is always made unidentifiable. Such personal data cannot be used to identify you. Thus, such data is not considered personal data and is not covered by GDPR.


The consent of the data subject
You consent to the processing of your personal data when you;

  • use our website and accept the use of cookies, you can amend the data that we collect about you through cookies by modifying the settings in the Advanced Cookie Settings dialogue box before browsing our website;
  • provide your identity details in our contact form on the website and you check the checkbox to indicate that you agree with our terms and conditions of use;
  • you agree to marketing contact when you check the checkbox to subscribe to our newsletter;
  • you interact with us via a third-party source such as Facebook or LinkedIn.
  • You contact us directly by telephone, email or post.

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we wish to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. We may process personal data without your consent, in compliance with the above rules, where this is required or permitted by law.


You have the right to withdraw your consent at any time, by contacting us using the contact details listed in section 9.

Storage and transfers


The personal data collected through our website or via any interaction with us (as described above), is stored and processed inside the EU/EEA, or any such third country that is considered by the ICO to have an adequate level of protection, or processed by such suppliers that have entered into such binding agreements that fully complies with the lawfulness of third country transfers or to other suppliers where adequate safeguards are in place to protect the rights of the data subjects whose data is transferred.


To obtain documentation regarding such adequate safeguards, contact us using the contact details listed in section 9.


How long the personal data will be processed
We will keep your personal data for no longer than is necessary for the purpose(s) it was provided and to meet our legal obligations. Further details of the periods for which we retain data are available on request. 


3. Users’ rights

You have several rights under the data privacy legislation. This includes, under certain circumstances, the right to:

·     request access to your personal data processed by us, by notifying us in writing using the contact details below under paragraph 9. Users have the right to one (1) copy of the processed personal data which belongs to them without any charge. We have the right to charge a reasonable fee based on the administrative costs for further copies beyond this.

·     request correction of your personal data - you have the right to have us correct any inaccurate personal data that we hold about you. Please submit a written request, using the contact details in paragraph 9 below.

·     request erasure of your personal data – you have the right to request the deletion of any personal data that we hold about you. we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.

·     request restriction of processing of your personal data – under certain circumstances you have the right to restrict the processing of your personal data. For example, if you want to establish the accuracy of the data or you have objected to the use of your personal data, but we need to verify whether we retain legitimate grounds to use it. Where processing is restricted, we are allowed to retain sufficient information about you to ensure that the restriction is respected in future.

·     request the transfer of your personal data you have the right to receive a digital copy or request a transfer to another company of the personal data that we hold about you. This applies to automated data which you initially provided consent for us to use or where we use data to a perform a contract with you.

·     object to processing of your personal data – you have the right to revoke your consent to processing your personal data where we believe that we have a legitimate interest processing it (as detailed in this policy notice) at any time. You also have the right to object to us using your personal data for direct marketing purposes. In some case we may demonstrate that we retain a compelling legitimate interest to process your data which override your rights and freedoms. 

·     request human intervention for automated decision making and profiling – you have the right to request human intervention where we carry out automated decision making when processing your personal data. This form of processing is permitted, for example, as part of a contract we have with you, providing that appropriate safeguards are in place or your explicit consent has been obtained.


We will endeavour to respond to all legitimate requests within one month. Occasionally, it may take us longer than a month if your request is particularly complex or you have made several requests. In this case, we will notify you and keep you updated. We may need to request specific information from you to help us confirm your identity and ensure your right to exercise any of the above rights. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.


If after contacting us (using the details in section 9) you remain dissatisfied with our response or service that you have received, you retain the right to lodge a complaint to the supervisory authority if you consider that your rights under General Data Protection Regulations have been infringed.


4. Security

We prioritize the security and integrity of your personal data and actively work to ensure that it is processed with the utmost care. We take all measures that can be reasonably expected to the ensure that your personal data is processed safely and in accordance with this Privacy Notice and the GDPR regulation.


5. Transfer of personal data to third parties

We will never sell your personal data to third parties.

We may transfer your personal data to:

  • our contractors and sub-contractors, acting as processors or sub-processors, in accordance with our instructions;
  • authorities or legal advisors in case criminal or improper behaviour is suspected; and
  • authorities, legal advisors or other actors, if required by us according to law or authority’s injunction.

 

We will only transfer your personal data to contracted third parties where we have undertaken due diligence to ensure that their systems and processes are in compliance with data privacy regulations.


We may use the following categories of processors of personal data; cloud server and data hosting, e-mail processing, video processing, information-sourcing, analytical services and other companies with regards to the supply of our services and products.


6. Aggregated data (non-identifiable personal data)

We may share aggregated data with third parties. Aggregated data may consist of statistics of internet traffic or the geological location when using our website. The aggregated data will not contain any information that can be used to identify individual persons and is thus not considered personal data.


7. Cookies

When you use our website, information about your usage may be stored as cookies. Cookies are passive text files that are stored in the internet browser of your device, such as your computer, mobile phone, or tablet. We use cookies to improve the user experience and to gather information and statistics about the usage of the website.

You can disable the use of non-essential cookies at any time by changing the local settings on your device. Disabling some cookies may affect the user experience and performance of our websites, for example, disabling auto-complete functions or the ability to recognise the preferences that you previously configured.


8. Changes

From time to time, we may change this privacy notice. If there are any significant changes, we will post updates on our website or let you know by email.


9. Contact

For questions, further information about our handling of your personal data or to contact us regarding any other matter related to this Privacy Notice, please email our Data Protection Officer at dpo@puraffinity.com


Share by: