Please take time to read this document carefully as it contains details of the basis on which we will process (collect, use, share, transfer) and store your information. If you have given us information about someone else, you are deemed to have their permission to do so.

If you have any questions or need further information you can e-mail customerservice@ansacom.co.uk or write to our Customer Service Department, Ansa.Com Limited, Suites 8-10A Southborough Centre, 1 Draper Street, Tunbridge Wells, Kent, TN4 0PG.

Use of Information

We will at, all times, treat all personally identifiable information strictly in accordance with The General Data Protection Regulations (GDPR) with effect from 25th May 2018.

Lawful Bases

Collecting information about you

When we collect information about you, we may collect personal data which may include a variety of information about an individual (e.g. their name, address of residence, communication and contact details, and other personal information such as a date of birth). Where relevant to do so we may also collect information relating to an individual, indirectly by reference to an identifier (e.g. an IP address, which is a unique number identifying your computer, laptop or similar portable device).

Where required and appropriate to so, we will also collect more sensitive personal information (such as details about an individual’s health, and other similarly sensitive information).

Data Controller and Data Processor

We will ensure data is processed lawfully, fairly and in an open and transparent manner and ensure appropriate security measures are in place against unauthorised or unlawful processing or accidental loss, destruction or damage using appropriate technical or organisational measures (such as restricting access to key people within our organisation for certain aspects of your information; and periodically checking the level of security we apply to prevent unauthorised use, accidental loss, or misuse of your information).

The contractual arrangements we have in place with our suppliers (e.g. our Client Database software provider, our telephone software system, scripting software systems and similar providers of services to us, including other third-party companies who use our services), are governed by and shall be deemed to operate strictly in accordance with the terms of such contracts. Importantly, from your perspective these contracts set out to define how data will be processed between us, including circumstances when we act as a processor or controller as is required by the GDPR.

When acting as a controller of your data, we will in certain circumstances, determine the purposes and means of processing your data.

Using information about you

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

The personal information we collect about you will depend on the products and services you use and subscribe to.

We will collect, store, and use the following categories of personal information about you as follows:

Identity Data including personal contact details such as name and title.

Contact Data including addresses, telephone numbers, and personal email addresses.

Financial Data including bank account details, your debit or credit card information, your credit rating information and other banking information.

Transaction Data including your billing history and products and services you use and anything else relating your account.

Profile Data including information you provide to us in your communications with us, information you provide to us when entering prize draws or competitions or participating in surveys.

Marketing and Communications Data including your preferences in receiving marketing from us and our third parties and your communication preferences.

Sharing your information

We may share information, including sensitive information, about you, and other parties because it is:

a) necessary for the performance of the contract; or

b) necessary for compliance with a legal obligation; or

c) necessary to protect your vital interests; or

d) necessary for our own legitimate interests or those of other controllers or third parties; and

e) necessary for a task carried out in the public interest or for an exercise of an official authority (e.g. a regulatory body).

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

What we will not do with your information

Unless required to do so by law, or for other similar reasons other than those outlined (see sharing your information), we will never otherwise share personal information without good reason and without ensuring the appropriate care and necessary safeguards are in place; we will in any other event ask for your consent to share that information and explain the reasons.

How long we will keep information

We will only keep and/or maintain information about an individual for as long as is necessary in providing our products and services or for compliance with a legal or regulatory obligation, including our legitimate interests or of a controller

This means, we will only keep information that is necessary to keep so that we can sufficiently deal with administrative issues, queries, claims and/or for compliance with legal reasons; usually we will keep information for a minimum retention period of 6 years, or maximum period of 40 years, after cessation of a product or service we have provided.

However, we will keep information for much shorter periods if that information related merely to a quotation which did not then result in a contract of services being arranged; in these circumstances we will keep information for a minimum retention period of 12 months and/or a maximum period of 18 months, unless such information becomes manifestly out-of-date in which case we may keep quotation information for shorter periods.

In any event all information shall be stored in strict compliance with the GDPR legislation at all times; and using appropriate technical or organisational measures we will regularly:

a) review the length of time we keep and/or maintain information about you;

b) consider the purpose or purposes why we hold the information about you in deciding whether (and for how long) to retain it;

c) securely delete information about you that is no longer needed for this purpose or these purposes; and

d) update, archive or securely delete information about you if it goes out of date.

Sensitive Data

In carrying out our duties as Data Controller and Data Processor we will collect sensitive information, about you, and other related parties because it is:

a) necessary for the performance of, or to take steps for you to enter into, a contract of services; or

b) necessary for compliance with a legal obligation;

c) necessary to protect your vital interests;

d) necessary for our own legitimate interests or those of other controllers or third parties; and

e) necessary for a task carried out in the public interest or for an exercise of an official authority (e.g. a regulatory body).

What we mean by sensitive data includes information about an individual’s health including medical conditions;

We will always apply additional organisational and technical measures for this category of data, including restrictions to access this data (this is where data may be secured with additional layers of security to prevent misuse and protect personally identifiable information).

Use and storage of your information overseas

We will never knowingly transfer, store, or process information about you or an individual, outside the European Economic Area (EEA). In any event, if we are compelled to transfer your information outside the EEA it shall be in compliance with the conditions for transfer set out in the GDPR and/or restricted to a country which is considered to have adequate data protection laws. All reasonable steps shall typically have been undertaken to ensure the firm to which information is being transferred has suitable standards in place to protect such information.

Using our Website and Cookies

You will be asked to accept a cookie, which is a small file of letters and numbers that is downloaded on to your computer when you visit our companies’ website. This will be clearly explained to you when you visit the website and you will typically have to accept the cookie to benefit from the services the website can offer.

Cookies are operated in strict accordance with Privacy and Electronic Communications Regulations 2011 (PECR) and are widely used by many websites and primarily enable the website to remember an individual’s preferences, recording information the individual may have entered into the web pages.

These same rules also apply if any individual accesses or uses any other type of technology to gain access to information stored electronically by us

Individual Rights

Individuals have a number of rights relating to the information we hold. These rights include but are not limited to:

a) a copy of the personal information we hold (once requested, we have a maximum of one month to give an individual such information);

b) rectify information, if it is inaccurate or incomplete;

c) request the deletion or removal of an individual’s personal data where there is no compelling reason for its continued processing;

d) suppress processing of an individual’s personal data. When processing is restricted, we are permitted to store the personal data, but not carry out further processes. We will retain sufficient information about the individual to ensure that the restriction is respected in future (see Marketing);

e) object to certain uses of an individual’s personal information (see Marketing);

f) in certain circumstance to not be subject to a decision when it is based on automated processing; and/or it produces a legal effect or a similarly significant effect on an individual;

g) withdraw any permission you or an individual may have previously provided; and

h) complain to the Information Commissioner’s Office at any time if you or an individual is not satisfied with our use of such information.

Individuals can request a copy of the personally identifiable information we hold by contacting us about it, including the right to have such information in a portable form ‘a right to data portability’ so we will normally provide the information free of charge (however we may apply a charge where information requests are excessive). We will provide that information in a format that is easily accessible, sometimes in a CSV format, should an individual require it in that format to ensure information can be exchanged easily with other organisations.

If you would like further information or wish to make a Subject Access Request (SAR) you can e-mail customerservice@ansacom.co.uk or write to our Customer Service Department, Ansa.Com Limited, Suites 8-10A Southborough Centre,1 Draper Street, Tunbridge Wells, Kent, TN4 0PG.

Marketing

When marketing to you as an individual (including, individual sole traders and partnerships), we will either rely on the permission we have (if we are able to do so) or we will ask for your permission (consent) to contact you, including the means to contact you (such as by phone, or e-mail, push notifications, SMS text, or post) to tell you about;

a) new products or services we have, or are developing;

b) trialling products and services which we think may improve our service to you or our business processes;

c) offer you rewards;

d) enter you into a competition;

We will typically ask for permission when you first contact us, (usually but not limited to our websites), however, you will maintain the right to easily withdraw such consent when-ever you wish (unsubscribe). We will regularly review any such consent to check that your relationship with us and any processing including the purposes have not changed.

In all situations where we market to a business we will observe both the market standards and those rules and guidelines of the Privacy and Electronic Communication regulations (PECR).

Research and analysis

Personal information we hold may be converted into statistical or aggregated data (e.g. this is data which cannot be traced back to an individual) to produce or undertake statistical or analytical research and development work.