1. ABOUT BRONZE
We are Bronzeformat (Bronze, we, our or us) a company registered in England and Wales under company number 09599705 whose registered office is at The Old Dairy. Rear of 55 Whitleigh Avenue, Plymouth PL5 3AU.
3. WHAT PERSONAL DATA DO WE COLLECT ABOUT YOU
This section informs you of what information we collect about you and why. Personal data means any information about an individual from which that individual can be identified.
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
- Identity Data including first name, last name.
- Contact Data including email address.
- Technical Data including internet protocol (IP) address, login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our websites.
- Usage Data including information about how you use the Site and services.
- Marketing and Communications Data including your preferences in receiving marketing from us and third parties and your communication preferences.
Special Category Data includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. We do not seek to collect or otherwise process your Special Category Data.
4. HOW IS YOUR PERSONAL DATA COLLECTED
This section explains how your personal data is collected.
We collect personal data about you if you fill in forms on the Site or correspond with us by telephone, email or otherwise. This includes information you provide when you:
- register to use our Site or sign up to any mailing lists; or
- report a problem with our Site or give us feedback.
AUTOMATED TECHNOLOGIES OR INTERACTIONS:
If you use our Site, we automatically collect the following information:
- web usage information (e.g. IP address), your login information, browser type and version, time zone setting, operating system and platform; and
- information about your visit, including the full Uniform Resource Locators (URLs) clickstream to, through and from our Site (including date and time); time on page, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks and mouse-overs).
Where we collect information about you in the ways described above, we do so on the basis that it is in our legitimate interests to collect and process this data. In most situations this will be anonymised but we collect and process this data to ensure that our site is functioning properly and that our customer experience is to the standard that you and we expect.
5. PURPOSES FOR WHICH WE WILL USE YOUR PERSONAL DATA
This section explains how we will use personal data you provide to us in order to carry out the activities relevant to the provision of our services to you.
We use the information held about you in the following ways:
Information you give to us. We will use this information to:
- provide you with the information, products and services that you request from us;
- respond to your enquiries or to process your requests in relation to your information;
- let you know about important changes or developments to the Site or our services;
- provide and personalise our services generally;
- administer records of our services;
- provide you with information about other goods and services we offer that are similar to those that you have already purchased or enquired about; and
- ensure that content from our site is presented in the most effective manner for you and for your computer, making the site easier for you to use and providing you with access to all parts of the site.
Information we collect about you. We will use this information:
- to administer the Site and for internal operations, including troubleshooting, data analysis, testing and research; and
- as part of our efforts to keep the Site safe and secure;
We must have a lawful basis for processing your personal data. We consider that we have a lawful basis where:
- you have given us consent to process for the specific purposes which we have told you about;
- it is necessary for us to process to enable us to provide you with the services that you have requested from us – for example, sending you further information;
- it is necessary in order to fulfil our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests; or
- the law otherwise permits or requires it.
Where we process your personal data on the basis of our legitimate interests, these are our (or a third party’s) interests in providing our services to you in an efficient and secure manner.
This section is to explain how we will ensure that you only receive communications that you wish to receive.
If you have provided your consent to receive marketing communications from us and you change your mind, you can change your preferences and unsubscribe at any time by clicking on the unsubscribe link on any marketing email from us or by contacting us at email@example.com. If you choose not to receive this information we will be unable to keep you informed of new services, competitions, events and promotions that may interest you.
7. WHO WILL HAVE ACCESS TO YOUR PERSONAL DATA
We take your privacy seriously and have implemented appropriate physical, technical and organisational security measures designed to secure your personal data against accidental loss, destruction or damage and unauthorised access, use, alteration or disclosure.
8. WHO ELSE MIGHT WE SHARE YOUR PERSONAL DATA WITH
We may share your personal data with companies within the Bronze group and the following third parties who assist us with administering the provision of our services to you:
- business partners, suppliers and sub-contractors for the performance of any contract we enter into (e.g. to provide web services); and
- agents we engage to perform functions on our behalf including sending customer communications, analysing data, providing marketing assistance, researching customer satisfaction and providing customer service. They have access to personal data needed to perform their functions, but may not use it for other purposes.
We may also pass Aggregated Data on the usage of our site (e.g. we might disclose the numbers of visitors to our site that come from different geographic areas) to third parties but this will not include information that can be used to identify you personally.We may disclose your personal data to law enforcement agencies or court to the extent necessary for purposes including preventing, investigating, detecting, and prosecuting criminal offences.
If a business transfer or change of business ownership takes place or is envisaged, we may transfer your personal data to the new owner (or a prospective new owner). If this happens, you will be informed of this transfer.
9. HOW DO WE PROTECT YOUR PERSONAL DATA
This section explains how we keep your personal data safe and where it will be held.
We take your privacy seriously and are committed to maintaining the privacy and security of the personal data you provide to us, and the choices you have regarding our collection and use of your personal data.
Once we have received your personal data, we follow strict security procedures as to how your personal data is stored and used, and who sees it, to help stop any unauthorised access.
The information that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (EEA). When we transfer and store your personal data outside of the EEA we will ensure that it is adequately protected by using appropriate safeguards as further detailed below.
Our suppliers may operate outside the EEA and process the information. Such suppliers may be engaged in, among other things, the provision of web services or sending customer communications.
Where your personal data is transferred from the EEA to a recipient outside the EEA in a country not recognised by the European Commission as providing an adequate level of protection for personal data, such transfer shall be covered by a framework recognised by the relevant authorities or courts as providing an adequate level of protection for personal data including but not limited to:
- Standard Contractual Clauses (the agreement in the form annexed to the European Commission’s decision of 5 February 2010 on Standard Contractual Clauses for the transfer of personal data to processors established in third countries which can be found here); or
- The EU-US Privacy Shield Framework.
Unfortunately, the transmission of your personal data via the internet is not completely secure and although we do our best to protect your personal data, we cannot guarantee the security of your data transmitted to us over the internet and you acknowledge that any transmission is at your own risk.
10. HOW LONG DO WE KEEP YOUR PERSONAL DATA?
This section explains the length of time that we will retain your personal data.
We will hold your personal information for so long as we are providing services to you and for no more than two (2) years after. We will endeavor to delete any personal data sooner where it is not necessary for us to hold this.
11. WHAT ARE YOUR RIGHTS?
This section explains that you have a number of rights in relation to your personal data. There are circumstances in which your rights may not apply. You have the right to request that we:
- provide you with a copy of the information we hold about you;
- update any of your personal data if it is inaccurate or out of date;
- delete the personal data we hold about you – if we are providing services to you and you ask us to delete personal data we hold about you then we may be unable to continue providing those services to you;
- restrict the way in which we process your personal data;
- stop processing your data if you have valid objections to such processing; and
- transfer your personal data to a third party.
You have the right to object to automated decision-making. This is where a decision, which produces legal effects or similarly significantly affects you, has been based solely on automated processing (including profiling). Where we make an automated decision about you, you have the right to contest the decision and request a human review of the accuracy.
If we make an automated decision on the basis of any particularly sensitive personal data, we must have either your explicit written consent or it must be justified in the public interest, and we must also put in place appropriate measures to safeguard your rights.
For more information on your rights and how to use them, or if you would like to make any of the requests set out above, please contact us using the details provided in this section.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
As explained in the section on Communications even if you consented to the processing of your personal data for marketing purposes (by ticking the relevant box or by requesting information about services), you have the right to ask us to stop processing your personal data for such purposes. You can exercise this right at any time by contacting us at firstname.lastname@example.org.
13. WHO CAN YOU ASK FOR MORE INFORMATION?
If you have any questions or concerns about how we handle your personal data, you can contact us at email@example.com.
If you are unsatisfied with our response to any data protection issues you raise with us, you have the right to make a complaint to the Information Commissioner’s Office (ICO). The ICO is the authority in the UK which is tasked with the protection of personal data and privacy.