References to “we”, “us” and “our” are references to Bright Tide Ltd at registered office address 152a Walton Street, London, United Kingdom, SW3 2JJ with company number 13239982.
We are responsible for ensuring that we use your personal data in compliance with data protection law.
This privacy notice applies to you if (i) your personal data has been provided to us by another person or (ii) you enter into communications with us by email or other means.
This privacy notice sets out the basis on which personal data about you that you provide to us, that we create about you or that we obtain about you from other sources, will be processed by us. Please take the time to read and understand this privacy notice.
Personal data that we collect about you
We might process the following personal data about you:
Information provided to us by you. This includes information about you that you give us by communicating with us via our website, social media, face-to-face, by telephone, by email or otherwise. This information may include:
Identity Data this includes your name, contact details, date of birth, gender, occupation and job title;
Financial information such as bank account details for the purpose of making donations;
Records of communications and interactions we have had with you, including information provided through our website or via social media;
Where you provide us with personal data relating to others, we understand that you are authorised to provide that information to us and that you have provided this privacy notice to such other parties as appropriate.
Information that we collect or generate. This includes:
Identity Data, which includes first name, last name, title, date of birth and gender;
Contact Data, which includes billing address, email address, and telephone numbers;
Financial Data, which includes bank or other payment details;
Transaction Data, which includes details about payments to and from you and other details of services you have provided to us;
Technical Data, which includes internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access the website;
Profile Data, which includes services provided to you, your interests, preferences and feedback;
Usage Data, which includes information about how you use our website, products and services;
Marketing and Communications Data, which includes your preferences in receiving marketing from us;
Information about our relationship with you (including correspondence, meeting notes, attendance at events and participation in mentoring schemes); and
Information in order to form fundraising policy, strategy and record keeping.
Other information we may collect, use or share. This includes:
Information about your visit to our website, this includes the full Uniform Resource Locators (URL), clickstream to, through and from Bright Tide’s websites and partners sites (including date and time).
Information we do not collect. This includes:
Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data); and
Any information about criminal convictions and offences.
How we use your personal data
We will only use your personal data when the law allows us to and in the following circumstances:
Where we need to perform the contract we are about to enter into or have entered into with you.
Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
Where we need to comply with a legal obligation.
We do not send marketing information nor do we pass your data on to any third parties, unless we have your explicit consent to do so.
Purposes for which we will use your personal data
We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out below.
To register you as a new partner to the website
(ii)Type of Data
(iii)Lawful basis for processing including basis of legitimate interest
Performance of a contract with you
To manage our relationship with you which will include:
(v)Type of Data
(vi)Lawful basis for processing including basis of legitimate interest
(a) Performance of a contract with you
(b) Necessary to comply with a legal obligation
(c) Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services)
To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)
(viii)Type of Data
(ix)Lawful basis for processing including basis of legitimate interest
(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)
(b) Necessary to comply with a legal obligation
To use data analytics to improve our website, products/services, marketing, customer relationships and experiences
(xi)Type of Data
(xii)Lawful basis for processing including basis of legitimate interest
(a) Required for functionality on the website; such as signing in and saving preferences or submitting a contact form.
(b) Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)
To make suggestions and recommendations to you about goods or services that may be of interest to you based on interactions with our website in the past.
(xiv)Type of Data
(f) Marketing and Communications
(xv)Lawful basis for processing including basis of legitimate interest
Necessary for our legitimate interests (to develop our products/services and grow our business)
We may form a view on what products, services and offers may be relevant for you and send you marketing communications from us if you have requested information from us or engaged our services.
We do not share your personal data with any third parties for marketing purposes. If we wish to do so, we will only go ahead with your express consent.
You can ask us to stop sending you marketing messages at any time by contacting us. Where you opt out of receiving marketing messages, this will not apply to personal data provided to us as a result of engaging our services.
Change of purpose
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the
above rules, where this is required or permitted by law.
Disclosure of your personal data to third parties
We will not disclose your personal data with anyone else or to any third parties unless it is necessary for the purpose for which you have given us the data. Examples of where we may share your data include:
Third party service providers, including IT services, based in the US. Such companies include Google and WordPress;
Our external advisers including accountants, auditors and lawyers;
Tax and regulatory bodies with whom we may be required to share your information by law; and
We require all third parties to respect the security of your personal data and to treat it in accordance with the law.
We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to employees and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Transfers of personal data outside European Economic Area / United Kingdom
The personal data that we collect from you may be transferred to a destination outside the European Economic Area (“EEA”) / United Kingdom (“UK”). It may also be processed by staff operating outside of the EEA / UK who work for our affiliates or for one of our partners.
Where we transfer your personal data outside the EEA / UK, we will ensure that it is protected in a manner that is consistent with how your personal data will be protected by us in the EEA / UK. This can be done in a number of ways, for instance:
The country that we send the data to might be approved by the European Commission / UK Government; or
The recipient might have signed up to a contract based on “model contractual clauses” approved by the European Commission / UK Government, obliging them to protect your personal data.
We may also make such a transfer outside the EEA / UK where we have a person’s consent to do so or where another legal exception from the requirement to provide appropriate safeguards to protect such information applies. If we rely on your consent to transfer personal data outside the EEA / UK, you have the right to withdraw such consent at any time.
In all cases, however, we will ensure that any transfer of your personal data is compliant with data protection law.
You can obtain more details of the protection given to your personal data when it is transferred outside the EEA / UK (including a copy of the standard data protection clauses which we have entered into with recipients of your personal data) by contacting us in accordance with the “Contacting us” section below.
Retention of personal data
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
In some circumstances you can ask us to delete your data.
You have a number of legal rights in relation to the personal data that we hold about you. These rights include the following:
The right to obtain information regarding the processing of your personal data and to access to the personal data that we hold about you.
In some circumstances, the right to receive some personal data in a structured, commonly used and machine-readable format and the right to request that we transmit that data to a third party where this is technically feasible. Please note that this right only applies to personal data which you have provided to us.
The right to request that we rectify your personal data if it is inaccurate or incomplete.
The right to request that we erase your personal data in certain circumstances. Please note that there may be circumstances where you ask us to erase your personal data but we are legally entitled to retain it.
The right to object to, and the right to request that we restrict, our processing of your personal data in certain circumstances. Again, there may be circumstances where you object to, or ask us to restrict, its processing of your personal data but we are legally entitled to continue processing your personal data or to refuse that request.
The right to lodge a complaint with the data protection regulator (details of which are provided below) if you think that any of your rights have been infringed by us.
You can exercise your rights by contacting us using the details set out under “Contacting us” below. You can find out more information about your rights by contacting an EU data regulator such as the UK’s Information Commissioner’s Office, or by searching its website at ico.org.uk.
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
If you would like further information on the collection, use, disclosure, transfer or processing of your personal data or the exercise of any of the rights listed above, please address questions and requests to:
Bright Tide: Please contact Harry Wright: email@example.com.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.