Yolö Creative Limited: Privacy Notice
What is the purpose of this document?
Yolö Creative Limited is committed to protecting the privacy and security of your personal information. This privacy notice describes how we collect and use personal information about you during and after your relationship with us, in accordance with the General Data Protection Regulation (GDPR). It applies to everyone whose personal data we process, with the exception of our employees, workers and contractors.
We are Yolö Creative Limited, a company registered in England and Wales. Our company registration number is 08841136 and our registered office is at The Tall House, 29a West Street, Marlow, Buckinghamshire SL7 2LS. Our registered VAT number is 825 5217 36.
You can contact us by telephoning our customer service team at +44 (0) 2082 400 658 or by writing to us at firstname.lastname@example.org or Yolö Creative Limited, Unit A3B, Rose Business Estate, Marlow Bottom, Buckinghamshire SL7 3ND.
This notice is not contractual and we may update it at any time.
Our collection, use and transfer of your data
We keep a record of the names of all our customers, as well as their address, telephone number, e-mail address and details of their purchases for our legitimate purposes of administering and facilitating your orders and any after-sales enquiries, as well as allocating and recording loyalty points.
We also collect information about you when you contact us in any form whether to make an enquiry or place an order.
We e-mail newsletters to those people who have signed up for them. These contain information about our business and products.
Suppliers and general stakeholders
We also collect information about many other people, mainly in the form of contact details (name, job title, organisation, address, e-mail address and telephone number, as well as other information from e-mail signatures and footers) of people interested in our business or products, contacts at customers and potential customers, contacts at suppliers and potential suppliers, people within the industry and other stakeholders. This information is usually provided directly from you and may be used for the legitimate interest of communicating with you in relation to specific issues or products that you are involved in, or matters that you might be able to assist with. We may also contact you to keep in touch or make introductions.
We keep the details of any complaints for our legitimate interest in trying to improve our business.
The landlord has installed CCTV on the premises for the purpose of crime prevention and investigation.
If you apply for a job with us, we will keep your name, contact details, current salary, covering letter and CV and may use these to contact you about applicable jobs.
We use the contact details of our shareholders to send them updates about the business and their investment in it as well as agreements, resolutions and documents relevant to their shareholding.
Organisations that may see your data
Our banks, accountants and insurers are also entitled to obtain specific data on request as part of our compliance checks and legal obligations, although they rarely need specific personal data. We may provide personal data to our solicitors to the extent relevant to our instructions to them. Any personal data may be held and used for establishing, exercising or defending legal claims.
We use cloud-based servers for e-mails, newsletters, website hosting and data storage as detailed in the section below titled “Transferring information outside the EU”. We only allow our third-party service providers to use your personal data for specified purposes and in accordance with our instructions.
Special category personal data such as health information
"Special categories" of particularly sensitive personal information, being data relating to racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for identifying people, health information and data concerning sex life or sexual orientation, require higher levels of protection.
We may collect, store and use this information if you provide it to us and consent to us using it for a specific purpose, where it is necessary to protect your interests (or someone else's interests) and you are not capable of giving your consent, or where you have already made the information public. We may collect, store and use information about your health where it is useful to ensure your safety whilst you are on our premises.
We will not store or use information about any criminal convictions and offences, unless you have provided your consent to it.
We may share your personal information in the context of our legitimate interests in a possible sale or restructuring of the business. In this situation we will, so far as possible, share anonymised data with the other parties before the transaction completes. Once the transaction is completed, we will share your personal data with the other parties if and to the extent required under the terms of the transaction.
Use of our website
We keep a record of traffic data which is logged automatically by our server, such as your IP address, the URL you visited before ours, the URL you visit after leaving our site and which pages you visit, but not in a way that identifies any individual.
Our website may contain links to enable you to visit other websites of interest easily. We do not have any control over these websites and cannot be responsible for the protection and privacy of any information that you provide whilst visiting such sites and they are not governed by this privacy notice.
Transferring information outside the EU
We use cloud-based servers for e-mails, newsletters, website hosting and data storage. Our providers for e-mails and website hosting use data centres based in the UK. At the time of writing, we use Google for data storage and MailChimp (operated by The Rocket Science Group LLC) for newsletters, both of which may transfer data to servers based in the USA, but have adequate safeguards in place by being self-certified to the Privacy Shield.
Right to withdraw consent
In the limited circumstances where you may have consented to the collection, processing and transfer of your personal information for a specific purpose, you may withdraw your consent for that specific processing at any time. To do so, please contact our Manager. We will then no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
If you fail to provide personal information
If you fail to provide certain information when requested, we may not be able to continue our relationship with you, depending on the specific data, why we need it and what risks the provision of it poses to your rights and freedoms. For example, if a supplier fails to provide contact details of its finance department or the details needed for payments, we may not be able to pay them.
Change of purpose
We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. Please note that we may process your personal information without your knowledge or consent, where this is required or permitted by law.
You will not be subject to electronic decision-making without human intervention that will have a significant impact on you.
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
How long will we use your information for?
We hold this personal data in order to cover any issues that arise afterwards or deal with any further orders or enquiries from you. We will usually keep your records for up to 10 years after your last order, subject to exceptional circumstances. In some situations, we may anonymise data so that it no longer identifies you, in which case we may hold and use that data without notifying you.
Newsletter mailing list
We will keep you on this list until you ask us to remove your name from it.
We will hold your personal data until we are satisfied that there is no longer any purpose for retaining it. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
If you apply for a job with us, we will keep your name, contact details, current salary and CV on file for up to 12 months, although we may delete it before then if we do not anticipate any need for recruitment applicable to you within this time.
In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.
Rights of access, correction, erasure, and restriction
You have a number of rights under the GDPR:
- the right to access personal data we hold;
- the right to ask us to rectify or complete our records;
- the right to ask us to delete personal data;
- the right to object to us processing your personal data;
- the right to restrict our processing; and
- the right to ask us to transfer your personal data to another organisation.
These are not absolute rights and are subject to specific conditions and depend on our processing purposes. If you are interested in using any of these rights, please contact our Data Protection Manager. You will not usually have to pay a fee to exercise any of these rights.
Your duty to inform us of changes
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your relationship with us.
If you are unhappy with any aspect of our processing of your personal data, we ask that you talk to us about it first and discuss your concerns with our Data Protection Manager. If you are not satisfied with the outcome, you may lodge a complaint with the Information Commissioner’s Office.