UnderPinned Ltd (“we”, “our” or “us”) take the privacy of your information very seriously. This Privacy Notice is designed to tell you about our practices regarding the collection, use and disclosure of personal information which may be collected in person from you, obtained via our apps and/or websites or collected through other means such as by an online form, email, or telephone communication. This notice applies to personal information provided by our contacts, users and customers whose data we process. In this notice “you” refers to any individual whose personal data we hold or process in accordance with the UK GDPR and the Data Protection Act 2018.
Below we have set out the categories of data we collect, the legal basis we rely on to process the data and how we process the data:
Much of the personal data described above, particularly Contact Information, Profile Information, and Communication Information, is necessary for our apps, websites, and events etc. to function, and without this information we cannot provide our services to you.
While we may ask you to provide us with credit card details, we provide these details directly to Stripe and do not make a record of them.
Our current data retention policy is to delete or destroy (to the extent we are able to) personal data after the following periods:
For any category of personal data not specifically defined in this notice, and unless otherwise specified by applicable law, the required retention period for any personal data will be deemed to be 7 years from the date of receipt by us of that data. The retention periods stated in this notice can be prolonged or shortened as may be required (for example, in the event that legal proceedings apply to the data or if there is an on-going investigation into the data).
We may disclose information to third parties in the following circumstances:
If we do supply your personal data to a third party we will take steps to ensure that your privacy rights are protected and that third party complies with the terms of this notice.
We will take all reasonable steps to ensure that appropriate technical and organisational measures are carried out in order to safeguard the information we collect from you and protect against unlawful access and accidental loss or damage.
With respect to your personal data, you have the right to:
Please note that none of these rights are unqualified and exceptions may apply.
All requests or notifications in respect of your above rights may be sent to us in writing at the contact details listed below. We will endeavour to comply with such requests as soon as possible but in any event we will comply within one month of receipt (unless a longer period of time to respond is reasonable by virtue of the complexity or number of your requests).
If personal data we hold about you is subject to a breach, including any unauthorised disclosure or access, we will report this to the Information Commissioner’s Office (ICO) and/or our data protection manager. If a breach is likely to result in a risk to your data rights and freedoms, we will notify you as soon as possible.
We will not transfer your personal data in a systematic way outside of the United Kingdom or European Economic Area (“EEA”) but there may be circumstances in which certain personal information is transferred outside of the UK or EEA, in particular:
If at any time you would like to contact us with your views about our privacy practices, or with any enquiry or complaint relating to your personal information or how it is handled, you can do so by us using the details below:
Address: 1 Gossamer Gardens, E2 9FN, London, UK
Email: [email protected]