Last Updated: 7 April 2022
This Policy sets out the basis on which personal data will be processed by us. This Policy applies to personal data we may collect from you, or that you provide to us, through our website at wearesecretmode.com (the "Website"). Please read the Policy carefully to understand our views and practices regarding your personal data.
We will only collect and process information about you in accordance with this Policy and we will only use information collected about you in accordance with applicable data protection laws including without limitation the EU General Data Protection Regulation 2016 (“GDPR”), equivalent legislation of the United Kingdom, and the UK Data Protection Act 2018. Where we decide the purpose or means for the processing of the personal data that you provide when using our Website, we are the “data controller”.
You have the right to object to the processing of your personal data, including where your personal data is being processed for direct marketing purposes. Further information on this right, and your other rights, is set out below.
If you have any concerns over privacy, or this Policy, contact us at the following email address: email@example.com.
1. HOW WE COLLECT AND USE YOUR PERSONAL DATA
1.1 Below explains what data we collect, how we use it, and which recipients it might be shared with.
Your data: Website support / enquiry information (information we receive when you get in touch with us via our Website):
- Contact details (address, phone number, email);
- Details of the organisation you may be contacting us on behalf of; and
- Other personal data you may send to us.
How we use it: In line with the legitimate interest we have in promoting our business, we will process your enquiries to provide you with information about the services we offer.
This might include replying to your enquiry. We may also process enquiries to take steps you ask of us with a view to entering into an agreement to provide you with our services.
You are under no obligation to provide us with any details, but if you don’t provide all relevant information, we may not be able to help.
Third Party Recipients: None
Your data: Website analytics and usage information (collected automatically when you visit the Website):
When you visit our Website, we collect log and analytical information, such as your internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use (“Website Technical Data”).
How we use it: We process this information to understand how visitors use our Website and to compile statistical reports regarding that activity (for example, your IP address is used to approximate the country from which you access our Website, and we aggregate this information together so we know that, for example, most of the visitors to our Website are in England). In many cases the data would be aggregated and/or anonymised so that it would not identify you.
To the extent this data includes your personal data, we rely upon your prior consent for us to process it. You can withdraw your consent at any time by contacting us.
Third Party Recipients: We may receive data about you from Google, Inc. (based outside the EU) through their Google Analytics platform. You can read more about their privacy practices here.
2. YOUR RIGHTS IN RELATION TO YOUR PERSONAL DATA
2.1 You have certain rights over the way we process personal data relating to you. We aim to comply without undue delay, and within one month at the latest, in response to any requests submitted by you to us:
- for a copy of personal data we are processing about you and/or to have inaccuracies corrected;
- to restrict, stop processing, or to delete your personal data;
- for a machine-readable copy of your personal data, which you can use with another service provider. Where it is technically feasible, you can ask us to send this information directly to another provider if you prefer; and
- to make a complaint to a data protection regulator. You may contact them at: https://ico.org.uk/concerns/.
2.2 To object to our processing of your personal data or to make a request in relation to any of the aforementioned rights, please send your request to firstname.lastname@example.org.
2.3 You may request deletion of your personal data by sending an e-mail to email@example.com. Please note that some information may remain in our private records after deletion. We may use any aggregated data derived from or incorporating your personal data but not in any manner that would identify you personally.
3. DISCLOSURE OF YOUR PERSONAL DATA
3.1 We will share your personal data with third parties only in the ways that are described in this Policy.
3.2 Sumo Group,
suppliers, subcontractors, service providers. We keep your personal
data confidential, but may disclose it to any member of our
corporate group, our personnel, our suppliers
or subcontractors insofar as it is reasonably necessary for the purposes set
out in this Policy. We may share your
personal information with our parent company Sumo Group Limited and its subsidiaries
(the “Sumo Group”), but we will not share your personal data with our ultimate
parent, Tencent Holdings Ltd., a public company listed on the Stock Exchange of
Hong Kong (SEHK: 0700) and headquartered in China or any of Tencent Holdings
Ltd.’s affiliates outside the Sumo Group.
3.3 Government authorities. In addition, we may disclose your personal data to the extent that we are required to do so by law (which may include to government bodies and law enforcement agencies); in connection with any legal proceedings or prospective legal proceedings; and to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention).
3.4 Potential acquirers or investors. If we are involved in a merger, acquisition, or sale of all or a portion of our business or assets, the personal data we hold may be included as part of that sale, in which case you will be notified via email, your account and/or a prominent notice on the website of any changes in ownership or use of your personal data, as well as any choices you may have.
3.5 Enforcement. We may also disclose your personal information to third parties in order to enforce or apply the terms of agreements, to investigate potential breaches, or to protect the rights, property or safety of us, our personnel or customers, or others.
3.6 We only permit our suppliers and subcontractors to process your personal data for specified purposes and in accordance with our instructions. All our third-party service providers are required to take appropriate security measures to protect your personal data.
4. DATA RETENTION
4.1 We will only hold data about you for as long as necessary, bearing in mind the purpose for which that data was collected, or as otherwise described in this Policy.
4.2 To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
5.1 We will take commercially reasonable, appropriate technical and organisational measures to ensure a level of security appropriate to the risk that could be encountered via the use of our Website taking into account the likelihood and severity those risks might pose to the rights and freedoms of our Website visitors and customers.
5.2 In particular, we will take precautions to protect against the accidental or unlawful destruction, loss or alteration, and unauthorised disclosure of or access to the personal data transmitted, stored or otherwise processed by us.
6. INTERNATIONAL DATA TRANSFERS
6.1 Our Website servers are located in Europe and that is where all information we collect about you as discussed in this Policy regarding the Website is held, save for Website Technical Data and analytics which we may process with the support of Google, Inc. in the USA.
6.2 Where necessary, there are agreements in place to ensure that personal data is processed using appropriate safeguards that meet the requirements of data protection laws. Such appropriate safeguards may include standard data protection clauses adopted by a data protection regulator and approved by the European Commission, such as the European Commission’s standard contractual clauses, or other appropriate measures.
6.3 If you would like to find out more about these safeguards or if you have any other queries or comments in relation to this Policy, please let us know by emailing us at firstname.lastname@example.org.
We do not use the Website to knowingly solicit data from or market to children under the age of 13. If a parent or guardian becomes aware that his or her child has provided us with information without their consent, he or she should contact us at: email@example.com. We will delete such information within a reasonable time.
8.1 If you follow a link from the Website to any third party websites, you should be aware that those websites may have their own privacy policies. We do not accept any responsibility or liability for those websites. Please check the policies of any third party websites before submitting any personal data to those websites.
8.2 We may make changes to this Policy in the future, which will be posted on this page. You should check this page from time to time to ensure you are aware of any changes. Where appropriate we may notify you of changes by email.
8.3 All questions, comments or enquiries should be directed to us. We will try to respond to you within 48 hours or otherwise within a reasonable time.