We are committed to protecting your personal information and being transparent about the data we hold about you (“personal data”).
1. Who will hold your information?
2. What information do we collect and how?
2.1. We may collect, store and use the following kinds of personal data:
- Identity Data: name, title, username or other identifier, title;
- Contact Data: billing address, delivery address, email address and telephone numbers;
- Transaction Data: details about payments to and from you and other details of services you have purchased from us;
- Technical Data: Internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website;
- Profile Data: your username and password, subscriptions made by you, your interests, preferences, feedback and survey responses;
- Usage Data: information about how you use our sites and services;
- Marketing and Communications Data: your preferences in receiving marketing from us and our third parties and your communication preferences;
Other: any other information you send or otherwise make available to us.
2.2. We use different methods to collect personal data from and about you as follows:
Direct Interactions: You may give us your data directly by filling in forms on our sites or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:
- create an account on our sites;
- subscribe to our newsletter and other publications;
- request marketing materials to be sent to you;
- enter a competition, promotion or survey;
- give us feedback, report a problem with our sites, or contact us.
Automated Technologies or interactions: As you interact with our sites, we will automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies and other similar technologies. We may also receive Technical Data about you if you visit other websites employing our cookies. Please see our Cookies Policy for further details.
Third parties or publicly available sources: We may receive personal data about you from various third parties and public sources as set out below.
Technical Data, for example, from:
- analytics providers such as Google;
- advertising networks;
- search information providers.
Contact Financial and Transaction Data from providers of technical and payment services, such as our third-party card payment service providers.
Identity and Contact Data from publicly available sources such as Companies House.
2.3. We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
2.4. We may keep a record of correspondence, telephone calls or online live chat communications if you contact us.
2.5. We may monitor or record your communications with us to assist us with developing our sites and services to train our staff, and if so requested by order of a court, regulatory body or law enforcement organization.
3. How do we use your personal data?
3.2. We may use your personal information to:
- Verify your identity;
- Provide and administer the sites and our related services and manage internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes, and develop the sites and our services to improve your experience;
- Perform a contract we may have with you, including providing services you have subscribed for, manage payment, fees and charges and collect and recover money owed to us;
- Send you general (non-marketing) commercial communications, including those relating to safety training you have subscribed for from us;
- Send you email notifications that you have specifically requested;
- Send you our newsletter and other marketing communications relating to our business or the businesses of carefully selected third parties that we think may be of interest to you by post or, where you have specifically agreed to this, by email or similar technology;
- Deal with enquiries and complaints made by you;
If you subscribe to our services, you may be required to provide payment card details. We use third-party payment card providers to manage our online card transactions. We do not retain any record of your payment card information. After reviewing their privacy policies, which are available on their website(s), you should only provide your data to those payment card providers. Your payment card information is used solely to process payments you make via our sites or for fraud prevention and detection purposes. Our payment card providers collect data via a secure online payment gateway.
4. Marketing and consent
4.1. We may use your personal data to form a view on what products, services and offers may interest you (“marketing”).
4.2. You will receive marketing communications if you have requested information from us or purchased services from us and have not opted out of receiving that marketing.
4.3. We will always obtain your express opt-in consent before we share your personal data with any third party for marketing purposes.
4.4. You can ask us or third parties to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you.
5. Lawful basis for using your personal data
5.1. We process your personal data based on the lawful basis set out below. We may process the information you provide on multiple legal bases, depending on the specific purpose for which we are using it.
Contract: To enter into a contract with you and fulfil our contractual obligations to you. This processing is necessary for us to provide the service you have requested, including registering and managing your account with us and providing service updates and related information).
Consent: Where you have consented to our use of your personal data, for example, where you opt-in to receive relevant marketing communications from us (e.g. industry news and offers)
Legal Obligation: Where processing is necessary to comply with legal or statutory requirements on us. This may include cooperating with police about their investigations.
Legitimate interest: Where processing is necessary for our legitimate interests (or those of a third party), provided that these do not conflict with your interests or fundamental rights. This may include improving our sites and services, understanding how visitors and customers use our sites and services, undertaking market research and informing our marketing, running our business and maintaining the security of our sites and services for you, us and other site visitors and customers.
6. Disclosing your personal data
6.3. We may disclose your personal data to any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries.
6.4. We may also use or disclose your personal data as follows:
- To provide third parties with statistical information about our users, but this information will not be used to identify you personally;
- To third-party service providers who may occasionally support our sites and services, including our third-party Live Help Chat provider.
6.5. In addition, we may disclose your personal data:
- To the extent that we are required to do so by law or in connection with any legal proceedings;
- to establish, exercise or defend our legal rights (including providing information to others for fraud prevention and reducing credit risk);
- if we sell or buy any business or assets to the prospective buyer or seller of such business and assets and their advisers. Your details will be passed on to the new owner if our business is sold.
6.6. We may share any information that we collect with parties, including our legal and professional advisors, the police, other public or private sector agencies, governmental or representative bodies (which may include insurance companies, finance companies and/or other agencies) by the relevant legislation for the prevention or detection of offences, and/or the apprehension organization prosecution of offenders
7. Storing and transferring your data
7.1 Your personal data may be collected by our Group Companies in Romania according to the location where you are based. They may be transferred to and stored by another Group Company and the third parties disclosed in section 6 in locations outside your jurisdiction for the purposes and under the lawful bases set out in this policy.
7.2 Your personal data may, therefore, be processed outside of your jurisdiction and in countries that are not subject to an adequacy decision by the European Commission or, as the case may be, your local regulator/competent body and that may not provide the same level of data protection as your jurisdiction, for example in the EEA. As such, we put in place adequate measures to ensure that any transfer of personal data outside of your authority is protected according to the applicable data protection laws, including, as required, to ensure that a similar degree of protection is afforded to the transferred data by the recipient. Such safeguarding measures may consist of putting back-to-back agreements in place and, if required, standard contractual clauses as approved by the European Commission (Art 46 GDPR) or similar model clauses as may be adopted occasionally.
7.3 Please contact us as set out in section 14 below if you would like further information on the specific mechanisms used by us when transferring your data outside of your jurisdiction.
8. Security of your data
8.1. Data transmission over the Internet is inherently insecure, and we cannot guarantee the security of data sent.
8.2. We have implemented appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your data on our instructions and are subject to a duty of confidentiality.
8.3. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
8.4. You are responsible for keeping your password and user details confidential. We will not ask you for your password.
9. Retention period
9.1. We will process personal data for as long as necessary to fulfil the purpose we collected it for, including the definition of legal, accounting and reporting requirements, and for as long as needed for preventing and detecting criminal activity. The period we process and store personal data varies depending on your use of our sites and services. Where you register an account or subscribe to our services, we will retain your personal data for as long as your account is live or as necessary to continue to provide you with our services and for a further period thereafter to enable us to satisfy our legal, accounting and reporting requirements.
9.2. In some circumstances, you can ask us to delete your data: see Right to be Forgotten below for further information.
9.3. In some circumstances, we may anonymize your personal data (so that it can no longer be associated with you) for research or statistical purposes. We may use this information indefinitely without further notice.
10. Your rights
10.1. At any point while we are in possession of or processing your data, you, the data subject, have the following rights:
Right of access – you can request a copy of the information we hold about you. If we refuse your request under rights of access, we will provide you with a reason as to why;
Right of rectification – You have a right to correct data that we hold about you that is inaccurate or incomplete;
Right to be forgotten – In certain circumstances, you can ask for the data we hold about you to be erased from our records;
Right to restriction of processing – Where certain conditions apply to have a right to restrict the processing;
Right of portability – In certain circumstances, you have the right to have the data we hold about you transferred to another organization;
Right to object – You have the right to object to certain types of processing, such as direct marketing, automated processing or profiling;
Right to complain to the supervisory authority – You have the right to complain as outlined in section 14 below;
11. Updating information
11.1. Please let us know if the personal information we hold about you needs to be corrected or updated.
12. Policy amendments
13. Third party websites
14. Contact and complaints
14.1. If you wish to make a complaint about how your data is being processed by eSafety First Canada (or third parties as described above) or how your complaint has been handled, in the first instance, please email your concerns to [email protected].You also have the right to complain directly to the Romanian supervisory authority.