In order to manage our business and provide our services to customers, Vavista (we, us, our) collect a certain amount of personal data. “Personal data” means data relating to a living individual who is or can be identified either from the data or from the data in conjunction with other information.
This Data Protection Notice sets out the basis on which we gather, use, process and disclose any personal data we collect from You, or that You provide to us. We will use Your personal data only for the purposes and in the manner set forth below which describes the steps we take to ensure our processing of Your personal data is in compliance with the General Data Protection Regulation ((EU) 2016/679) and any implementing legislation.
Please read the following carefully to understand our use of Your personal data.
Your Right to Object – Please note that You have a right to object to the processing of Your personal data where that processing is carried out for our legitimate interests.
The Vavista Website (“the website”) will contain links to the websites of third parties (such as advertisers and affiliates). If you follow a link to any of these websites, please note that these websites are subject to their own privacy policies and we do not accept any responsibility or liability for these policies or their use of your personal information. Please check these policies before you submit any personal data to these websites.
1 What Personal Data may we collect about you?
- If you contact us, we may keep a record of that correspondence. We are committed to protecting your privacy, and will only use your personal information and any sensitive information in accordance with the General Data Protection Regulation 2016/679 and such legislation as may be enforced in the UK from time to time in order to implement this Regulation.
- You are entitled by law to ask for a copy of your personal information at any time by contacting us at the following email address: firstname.lastname@example.org or such other email address as may be displayed on the “Contact Us” section of the website from time to time.
2 How do we use your data?
- We may use your personal information where it is necessary:
- to comply with our contractual, legal and regulatory obligations;
- to support our legitimate interests in managing our business, including in connection with (i) the administration of any products and services you may purchase through us (ii) improving our products and services, (iii) prevention and detection of crime, (iv) general risk modelling, (v) transferring books of business, company sales and reorganizations; and (vi) analytics provided in each such interests are not overridden by Your interests and rights;
- and You have consented to processing Your information in such a way;
- to ensure that content on the websites is presented in the most effective manner for you and your computer;
- to provide you with information, products or services as requested by you either through us or our experts; and
- for record keeping.
2.2 In the event that you have provided us with sensitive data we will only hold/process that sensitive data where:
2.2.1 you have given your explicit consent;
2.2.2 the processing is necessary to protect your, or another’s vital interest;
2.2.3 you have manifestly made this sensitive data publicly available;
2.2.4 the processing is necessary for the establishment, exercise or defence of legal claims; and
2.2.5 necessary for reasons of substantial public interest on the basis of law.
2.3 If you have provided your consent to us doing so, We may use your data to contact you by post, email or telephone from time to time to tell you about goods and services of Vavista Ltd. which we consider may be of interest to you. If you do not want us to contact you in this way you can “opt out” by emailing us at any time at email@example.com inserting “UNSUBSCRIBE” as the subject or when checking certain boxes on the forms which we use to collect your personal information.
3 Who do we share your information with?
3.1 We do not store credit or debit card details nor do we share customer payment details with any 3rd parties. We may however need to disclose your personal data:-
3.1.1 in the event that we sell any business or assets, in which case we may disclose your personal
data to the prospective buyer of such business or assets;
3.1.2 if all, or substantially all, of our assets, or those of a member of our group, are acquired by a
third party, in which case personal data held by it about our customers may be one of the transferred assets;
3.1.3 if we are under a duty to disclose or share your personal data in order to comply with any
to our relationship, or to protect the rights, property, or safety of us, our experts, or others.
This includes exchanging information with other companies and organisations for the
purposes of fraud protection and credit risk reduction; and
3.1.4 if we determine that such disclosure is necessary in connection with any investigation or
complaint regarding your use of the website.
3.2 We may disclose your personal information to any member of our group, which means any subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the Companies Act 2006 who may use it for the purposes described above.
3.3 You consent to us disclosing your personal information to our experts for the purpose of them dealing with a request made by you for contact with an expert.
4.1 Certain parts of the Websites use “cookies” to keep track of your visit and to help you navigate between sections. A cookie is a small data file that may be stored on your computer’s hard-drive when you visit a website. Cookies can contain information such as your user ID and the pages you have visited.
5 Automated Decision Making
You have a right not to be subjected to decisions based on automated processing, including profile, which produce legal effects concerning You or similarly significantly affects You. However, in certain circumstances we are entitled to use automated decision-making and profiling. These cases are restricted to situations where the decision is necessary for entering into a contract, or for performing that contract, where it is automated by law or where You have provided Your explicit consent. Where we use automated decision-making You will always be entitled to have a person review the decision so that You can contest it and put Your point of view and circumstances forward.
If you register to use any parts of the website, you may be asked to create a password. You must keep this password confidential and must not disclose it or share it with anyone. You will be responsible for all activities that occur under your password. If you know or suspect that someone else knows your password you should notify us immediately at firstname.lastname@example.org. If we have reason to believe that there is likely to be a breach of security or misuse of the website, we may require you to change your password or we may suspend your account until your identity has been verified and the account has been satisfactorily secured.
7 Transfer of Data outside of the EEA
The personal data we collect from You may be transferred to, and stored at a destination outside of the European Economic Area (EEA) for purposes described above. Those countries may not provide an adequate level of protection in relation to processing Your personal data. Due to the global nature of our business, Your personal data may be disclosed to members of our group outside of the EEA, including in particular Switzerland, Bermuda and the U.S.
8 How long will we keep your personal data?
We are required to ensure that your personal data is accurate and maintained in a secure environment for a period of time which is no longer than necessary for the purposes for which we are processing your personal data.
Information submitted for a quotation for goods/services may be retained by us for a period of up to 15 months from the date of the quotation. Where you purchase a product or service we will retain your personal data for the duration of that product or service and for a period of at least 7 years after the end of our relationship unless GDPR requires us to delete it prior to this time. We keep information after our relationship has ended in order to comply with applicable laws and regulations and for use in connection with any legal claims.
9 Your Data Rights
You have several rights in relation to Your personal data. You have a right to:
- access a copy of Your personal data held by us;
- request rectification of Your personal data if it is inaccurate or incomplete;
- request erasure of Your personal data in certain circumstances;
- restrict our use of Your personal data in certain circumstances;
- move (or port) personal data which You have given us to process on the basis of Your consent or for automated processing;
- object to the processing of Your data where our legal basis for processing Your data is our legitimate interests; and
- not to be subject to a decision based on automated processing, including profiling which has legal or similar significant affects.
However, these rights may not be exercised in certain circumstances, such as when the processing of Your data is necessary to comply with a legal obligation or for the exercise or defence of legal claims.
You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data. You can also exercise the right at any time by contacting us at email@example.com.
We will respond to Your request in writing, or orally if requested, as soon as practicable and in any event not more than within one month after of receipt of Your request. In exceptional cases, we may extend this period by two months and we will tell you why. We may request proof of identification to verify Your request.
In the event that your request to stop processing and/or delete your data means that we are unable to continue to offer you a product or service, we will advise you of the consequences of your request in advance.
11 Further information
You may request further information about how we use your data or if you want to exercise your rights under this Data Protection Notice at any time by contacting us at the following email address: firstname.lastname@example.org or such other email address as may be displayed on the “Contact Us” section of the website from time to time.
12 Your right to complain to the ICO
If You are not satisfied with our use of Your personal data or our response to any request by You to exercise any of Your rights, You have the right to lodge a complaint with the Information Commissioner’s Office. Please see the below contact details:
Information Commissioner’s Office
Phone: 0303 123 1113 (local rate) or 01625 545 745 (national rate)
Information Commissioner’s Office
45 Melville Street
Phone: 0131 244 9001
Information Commissioner’s Office
Phone: 029 2067 8400
Information Commissioner’s Office
14 Cromac Place
Phone: 0303 123 1114 (local rate) or 028 9027 8757 (national rate)