This policy sets out how Indiespring uses and protects any information that you give, when you use this website. Indiespring is committed to ensuring that your privacy is protected. This notice, which covers your use of our website and online services provides you with information about what personal data we collect, how we use your data, how we ensure your privacy is maintained, and your legal rights relating to your personal data. Indiespring may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes. Who We Are We are Indiespring Our registered office is 77 Lancaster Building, Deansgate, Manchester, M3 2BW You can contact us by: Telephone: 0161 660 6756 Email: email@example.com Post: Indiespring, 77 Lancaster Building, Deansgate, Manchester, M3 2BW Our Data Protection Officer is: Rob Sandbach What Data We Collect On You Name, Email, Enquiry Information and we also obtain system information such as IP addresses for security reasons. How We Use Your Data All personal data is processed and stored securely. We do not keep your personal data for longer than it is necessary in light of which it was first collected. Your personal data will be deleted as soon as the purpose for which it was collected has been completed. Where we have a legal obligation to keep it longer than that we will delete it soon as our legal obligation is discharged. Our use of your data will always have a legal basis (as set out in Section 5), and we may use your data for the following purposes. Providing and managing your access to our website and services. Personalising and tailoring your experience on our website and services. Communicating with you (replying to your emails and enquiries). To provide you with goods and services as ordered. Market Research. Analysing your use of our site and services, gathering feedback, to continually improve our site and your experience. Legal Basis We will only process your data where we have a legal basis under the General Data Protection Regulation (GDPR) to do so. Our use of your personal data will always have a legal basis, either because: It is necessary for our performance of a contract with you; or You have consented to our use of your personal data; or We are complying with a legal obligation; or It is necessary in pursuit of our legitimate interests – detailed below. Where our processing of your data is based on our legitimate interests, we will have ensured that such processing is necessary and we will not do so where our interests are overridden by yours. Our legitimate interests include: Selling & supplying our goods and services to customers and potential customers. Handling customer and potential customer contacts, queries, complaints or disputes. Understanding our customers (or potential customers) behaviour, activities & preferences. Improving our products and services, including developing new products and services. Promoting, marketing and advertising our goods and services. Complying with regulatory obligations. Storing & Sharing Your Data Data security is very important to us and we take appropriate security measures to safeguard and secure your data which is collected via our website and services. We endeavour to keep all of your personal information in the European Economic Area (EEA). The EEA includes all EU Member States plus Norway, Iceland & Liechtenstein. In limited, and necessary, circumstances your information may be transferred outside of the EEA; this will only happen where it can’t be avoided. Where this does happen we will put special protections in place. We will only move data to countries or organisations: Where the EU Commission has deemed their data protection measures to be adequate. Or under a contract which enforces the EU Commission approved “standard data protection clauses” which can be viewed at: http://ec.europa.eu/justice/data-protection/international-transfers/transfer/index_en.htm We will never sell or otherwise transfer or disclose your personal data to any third party. We may sometimes contract with trusted service providers to provide goods and services on our behalf. These may include payment processing, delivery of goods, search engine facilities, advertising, marketing and IT systems. This will sometimes necessitate the transfer of your personal data to those trusted service providers. Where we transfer your data to our trusted service providers we will have confirmed that they will apply data protection and security measures to the same standard we would. We will always impose contractual terms on all of our providers to ensure your data remains secure. In certain limited circumstances we may be legally required to share your personal data – for example where we are involved in legal proceedings, where we complying with a court order, regulatory requirement or government department with appropriate legal authority to compel us to do so. Your Rights Under the General Data Protection Regulation (GDPR) and The Data Protection Act (DPA) you have a number of rights with regard to your personal data; which this policy and our use of your data have been designed to uphold: Right to be informed – you have the right to be informed about our collection & use of your personal data. Right of access – you have the right to request a copy of the information that we hold about you. You can do this by contacting us using the above details. Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete. Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records. Right to restriction of processing – where certain conditions apply, you have a right to restrict our processing. Right of portability – you have the right to have the data we hold about you transferred to another organisation. Right to object – you have the right to object to certain types of processing (such as direct marketing). Right to object to automated processing & profiling – you also have the right not to be subject to legal effects of automated decision making and profiling. Withdrawal of consent – Where our processing is based on your consent you have the right to withdraw this at any time. If you have cause for complaint about our use of your data, or you would like to exercise any of your rights, then please contact us using the details provided in Section 1 and we will do our best to solve the problem for you. If we are unable to help, or you aren’t satisfied with our response, you also have the right to lodge a complaint with the UK’s supervisory authority – The Information Commissioner’s Office (ICO). The ICO can be contacted: By post – The Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF. By telephone – 0303 123 1113 Via their website – www.ico.org.uk Changes To This Notice We may change this Privacy Notice from time to time (for example, if the law changes). Any changes will be immediately posted on our site. We recommend you check the privacy notice regularly to remain up to date. This privacy notice was last updated in May 2018.