We are Aphaia Ltd, a company incorporated in England and Wales (VAT ID number GB 998 5512 56) whose registered address Eagle House, 163 City Rd, Hoxton, London, UK (referred to herein as “we”, “us” or “our”, as the context requires). Aphaia group comprises Aphaia Ltd and Aphaia Europa, S.L. (Spain). When we mention Aphaia, we, us or our in this Privacy Notice, we are referring to the relevant company in Aphaia responsible for processing your data. Aphaia Ltd and Aphaia Europa S.L. are joint controllers.
This policy (together with our terms and any other documents referred to on them) set out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. It applies to our customers and to other individuals whose data we may process.
We are the controller of or clients and prospects CRM data to the extent it pertains to natural persons. Where we act as Data Protection Officer, we are the data processor with regard to our customers’ data (including but not limited to customers, employees and any other data subject whose data our customers provide to us).
We may change this policy from time to time so please, check our website from time to time for any updates. If we make material changes in the way we use your personal information, we may notify you by posting a notice on our website or sending you an email at the email address provided at the time of registration.
THE BASIS FOR THE PROCESSING OF YOUR DATA
Aphaia processes your data for the performance of the contract that you have entered into for the provision of Aphaia services, and/or in order to take steps at your request to enter into the Contract.
Some data is processed based on Aphaia’s legitimate interest, notably our clients’ and prospects’ employees’ and contractors’ data in order to communicate with the clients and prospects, website visitors’ data such as website analytics for the purposes of analysing website traffic, enhancing website performance, and for cybersecurity and/or error tracking purposes.
Your consent will be required in case we share some of your data with third parties for a purpose different from those comprised in this Privacy Notice and that is not indispensable for the provision of Aphaia’s services.
We may ask for your consent in other cases where we process your data. Such consent can be revoked at any time by contacting us at firstname.lastname@example.org
DATA WE COLLECT ABOUT YOU
We may collect and use your personal information to operate our website and to provide the services you have requested. We may collect, use, store and transfer different kinds of personal data about you, which may include but are not limited to:
Information you provide to us
–Contact details: including name, email address, phone number and country of residence.
–Professional details: including your company name, industry sector and your role in the company.
–Financial data: including bank account and billing address.
–Transaction data: including details about payments from you and other details of services you have required from us.
-Interaction and correspondence: including the information you send us via email, survey, social media, customer service communications or other methods.
Information we collect automatically
We will automatically collect the following information when you visit our website: Your computer’s IP address, browser type and version, source of traffic and/or previous webpage before visiting our website, the pages visited and actions taken within our website, the time spent within our website, access times and dates, page response times, errors and other statistics and technology on the devices you use to access our websites, your location as part of website analytics.
We use the following cookies on our website:
–Strictly necessary cookies. These are cookies that are required for the operation of our website.
-Analytical/performance cookies. They allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.
-Functionality cookies. These are used to recognise you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
You may receive marketing communications from us if you have requested information from us or requested our services if, in each case, you have not opted out of receiving that marketing.
Where you opt out of receiving these marketing communications, we may still process your personal data for other required purposes.
We do not sell, rent or lease or provide in any other way our customer lists to third parties.
You may always object / opt-out by following the link in our email message or by sending us an email to email@example.com
DISCLOSURE OF YOUR INFORMATION
We do not rent or sell your personal information to anyone without your explicit consent, but, subject to the need to perform the contract with you based on the contract you enter with us and our legitimate interests, we may share your personal information in the ways described below:
-Other Aphaia companies for administrative and organisational purposes;
-Our third-party service providers who perform functions on our behalf in connection with the operation of our business such as IT service providers, including cloud storage, analytics and communications providers, and system administrators or third parties who host and manage data;
-Analytics, CRM and other software that assist us in the communication with you and the improvement and optimisation of our website;
-Any other third parties for the purpose of enabling the services you book to be carried out:
-Third parties if we are required to do so by law, or if we believe that such action is necessary to: (a) fulfil a government, or regulatory authority request; (b) conform with the requirements of the law or legal process; (c) protect or defend our legal rights or property, our websites or customers;
-Other reasons – We may also share your personal information with a purchaser or potential purchaser of our business.
-Any other third parties with your express consent.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
INTERNATIONAL DATA TRANSFERS
The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”), where the laws on processing personal data may be less stringent than in your country. It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. This includes staff engaged in, among other things, the fulfilment of your order, the processing of your payment details and the provision of support services.
We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Notice, by ensuring at least one of the following safeguards is implemented:
-transferring your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission;
-entering into specific contractual terms which have been approved by the European Commission and which give personal data the same protection as within the EEA;
-where your data will be transferred to the US, ensuring that the third party to which we are transferring your data is part of the Privacy Shield, which requires them to provide similar protection to personal data shared between the Europe and the US.
For further information on the safeguards used, please contact us at firstname.lastname@example.org
We retain personal information for as long as we require for the purposes for which it is processed or as is otherwise required by applicable law. Our retention periods will vary depending on the type of data involved, but, generally, we will refer to these criteria in order to determine retention period:
-Whether we have a legal or contractual need to retain the data.
-Whether the data is necessary to provide our services.
When calculating the appropriate retention period for your data, we consider the nature and sensitivity of the data, the purposes for which we are processing the data, and any applicable statutory retention periods. YOUR RIGHTS
Under the EU General Data Protection Regulation (GDPR) and any equivalent rules in the UK, you are entitled to certain rights in relation to our handling of your personal data, as described below.
–Request access to your personal data that we hold about you (commonly known as a “data subject access request” or DSAR). This enables you to receive a copy of the personal data we hold about you or are otherwise processing;
-The right to obtain without undue delay the rectification of inaccurate personal data concerning you, including the right to have incomplete personal data completed e.g. by means of providing a supplementary statement. This enables you to have any incomplete or inaccurate data we hold about you corrected. We will need to verify the accuracy of the new data you provide to us;
–Restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data where the data is wrongfully processed but should not be erased for a reason listed in Article 18 (1) GDPR;
–Right to erasure (‘right to be forgotten’). This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it, except for information where a contract or legitimate interest continues to exist (e.g. to pursue claims);
–Object to processing of your personal data where we are relying on a legitimate interest (or those of a third-party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms;
-You may exercise your right of data portability in a common, machine readable form by obtaining your data by sending us an email request.
Where another mechanism is not provided, you can exercise the rights at any time by contacting us at email@example.com.
CONTACT AND COMPLAINTS
Questions, comments and requests regarding this privacy notice are welcomed and should be addressed to firstname.lastname@example.org.
You may always launch a complaint regarding our processing of your data by contacting the UK Information Commissioner’s Office with ico.org.uk