%402x.svg)
Password One is deeply committed to respecting and safeguarding your personal data. We hold your privacy in high regard and treat it with the utmost respect. This policy is applicable when Password One Ltd ("Password One") and its subsidiaries function as a data controller, indicating that we are responsible for determining how and why your personal information is processed. It encompasses instances where your personal data is provided through various channels such as our website, app, or interactions with our Customer Account Management team. In essence, we are outlining our commitment to safeguarding your privacy and detailing how we handle the personal information you share with us across different platforms.
We urge you to read this policy attentively to gain an understanding of our views and practices regarding your personal data and how we handle that data.
In this section, we delineate the methods by which we may handle your personal data. The personal data we manage encompasses one or more of the following categories:
Order Data Processing: When you place an order, we collect and use information like your name, billing address, delivery address, phone number, and email.. This data is processed to fulfill your orders, and the legal basis for this is the performance of a contract between you and Password One Ltd.
Transaction Data: (Purchase History) We handle transaction data, which encompasses details of your past transactions like product and/or service purchases. This information may cover your name, billing and delivery addresses, phone number, email, and what you've bought. Our processing of this data serves the essential purpose of delivering the products or services you've purchased and maintaining precise records of these transactions. The legal foundation for this lies in the execution of a contractual agreement established between you and Password One Ltd. This meticulous record-keeping is fundamental to ensuring the fulfillment of our commitments to you.
Financial Data: (Financial Information Handling) We process financial data, which includes details about your company, your name, and billing address. This information is utilised for the secure processing of payments and the implementation of measures to prevent fraudulent activities. The legal justification for this data processing is rooted in the performance of a contractual agreement established between you and Password One Ltd. It ensures a robust and secure financial transaction process in line with our commitment to contractual obligations.
Internal Social Data: Internal Social Data at Password One pertains to information generated within our internal communication and collaboration platforms. This includes data from social features embedded in our business applications or dedicated internal social networks where our team members interact, share information, and collaborate. Examples of internal social data may include posts, comments, likes, shares, or other digital communications within our internal platforms. This data is valuable for fostering teamwork, knowledge sharing, and overall collaboration within the Password One team. This internal social data, encompassing public reviews, posts, comments, likes, and shares, holds a distinct status in that it is exempt from our standard data retention rules. Despite this exemption, we acknowledge the importance of user control and privacy. Therefore, should you wish for any of this internal social data to be removed, it may be deleted upon your explicit request. We value transparency and strive to empower users in managing their data within the bounds of our policies.
Interaction Data: we may undertake the examination of user interactions with our website, app, and responses to emails and services, collectively termed as "interaction data." This comprehensive dataset comprises critical elements such as geographical location, browser specifications, operating systems, referral sources, visit duration, page views, website navigation paths, and nuanced insights into timing, frequency, and utilisation patterns.
We derive the usage data from our array of analytics tools, with Google Analytics among the notable platforms we employ. and email service providers. The justification for conducting this data processing lies in our legitimate corporate interests, specifically focused on overseeing and enhancing the functionality of our website and services.
Communication Data: Processing Subscription Information, If you choose to subscribe to our direct marketing communications, we may handle the information you provide for this purpose, termed as "communication data." This dataset encompasses details like your name, email address, postal address, phone number, and marketing preferences. The primary objective of processing this communication data is to keep you informed through essential service notifications, for instance, updates on your order processing. Additionally, we use this information to reach out with relevant offers and messages. The legal foundation for undertaking this processing activity is twofold: the performance of a contractual agreement specifically related to service notifications and our legitimate interests in conducting direct marketing communications.
Inquiry Information Data: Inquiry Details Handling, When you submit inquiries regarding our goods and services, the information you provide, referred to as "Inquiry Information Data," undergoes processing. This process aims to offer clarification, address concerns, and potentially introduce you to relevant goods and services. The legal foundation for this processing is grounded in the performance of a contractual agreement between you and Password One Ltd, ensuring a swift and effective response to your inquiry.
Digital Marketing Data: We might analyse information you share with us to enhance our digital marketing efforts referred to as ("digital marketing data"). undergoes various applications. This includes tailoring advertisements for our products and services on external Third party platforms like Facebook, Instagram, Linkedin and X. Alternatively, to promote/advertise our products and services to comparable audiences (lookalikes) or to showcase our offerings on external platforms such as Facebook, Instagram, LinkedIn, and X. We may utilise digital marketing data to refrain from displaying advertisements to you on third-party websites, including platforms like Facebook, Instagram, LinkedIn, and X. The digital marketing data we collect may encompass details such as your name, email address, billing address, phone number, date of birth, gender, and the user ID associated with any social platforms where you have established a connection with us. The legal grounds for conducting this processing lie in our legitimate interests, which revolve around our commitment to optimising service delivery and strategically expanding our customer base. This ensures that our digital marketing efforts align with customer preferences, resulting in a more tailored and enriched experience for our audience.
We reserve the right to process any of your personal data as outlined in this policy when deemed necessary for initiating, exercising, or defending legal claims. This may occur in various legal contexts, including court proceedings or administrative and out-of-court procedures. The legal foundation for this processing aligns with our legitimate interests, specifically focused on safeguarding and asserting our legal rights, along with the rights of both you and others.
We might additionally engage in the processing of your personal data to secure or uphold insurance coverage, oversee risk management, or seek professional advice. The legal justification for this processing is rooted in our legitimate interests, specifically aimed at effectively safeguarding our business against potential risks and uncertainties.
Please do not supply any other person's personal data to us.
We do not and will not sell any of your personal data to any third party, including your name, address, email address, or credit card information. Building and maintaining your trust is of utmost importance to us, and we believe this trust is essential for our operations. However, we may disclose your personal data to the following categories of companies as an essential part of providing our services to you, as outlined in this policy:
Additionally, we may disclose your personal data to law enforcement and fraud prevention agencies to combat fraud or when such disclosure is required for compliance with a legal obligation, protection of vital interests, or for the establishment, exercise, or defense of legal claims, whether in court proceedings or in an administrative out-of-court procedure.
We do not transfer data outside of the European Economic Area (EEA) and do not disclose your data to any third parties beyond those referenced in the sections above.
We retain personal data only for as long as necessary for the specific purpose or purposes for which it was processed. The retention periods vary depending on the nature of the data and the purposes of processing.
Within the scope of this policy, an interaction is delineated as a distinct website or app session, or any engagement with our Customer Account Management Team. Prior to anonymising your data, we will provide formal notification, affording you the opportunity to retain your information and thereby facilitating ongoing service provision. This procedure ensures transparency and compliance with data protection protocols.
In all the aforementioned scenarios, the process of anonymising your data may require a period of up to one calendar month. In specific circumstances, we may retain your personal data when such retention is essential to comply with a legal obligation to which we are bound, to resolve disputes, and to enforce our agreements.
You possess several rights with respect to your personal data. We have concisely outlined these rights within the purview of data protection law. It is advisable to refer to the pertinent legislation and guidance provided by the regulatory authorities for a comprehensive elucidation of these rights. You can exercise any of these rights pertaining to your personal data by either (a) contacting us via email at info@passwordone.co.uk or by calling our primary phone line at +44 (0)203 758 7301
You hold the right to ascertain whether we process your personal data and, if we do, to access this data along with certain supplementary information. This supplementary information includes details about the purposes of the processing, the categories of personal data involved, and the recipients of the personal data. Subject to the rights and freedoms of other individuals, we will provide you with a complimentary copy of your personal data. To fulfill this right, we may request government-issued identification to verify your identity. Upon receiving this, we will respond with the relevant information within one calendar month from the date of your request.
You possess the right to rectify any inaccurate personal data pertaining to you and, considering the objectives of the processing, to complete any incomplete personal data about you.
Under specific circumstances, you have the right to request the prompt erasure of your personal data. However, there are exceptions to this right, such as situations where processing is required to uphold the right to freedom of expression and information, to adhere to legal obligations, or to establish, exercise, or defend legal claims. If you have engaged in a transaction with us, we will retain a record of your personal data for seven years following the date of your last transaction. We will make every effort to respond to your request within one month, but if your request is intricate or if we receive multiple similar requests concurrently, it may necessitate more time. In such cases, we will inform you within one month of receiving the request, elucidating the reasons for an extension.
In specific circumstances, you possess the right to restrict the processing of your personal data. These circumstances include situations where you dispute the accuracy of the personal data, where processing is unlawful, but you oppose erasure, where we no longer require the personal data for processing purposes, but you need the data for the establishment, exercise, or defense of legal claims, and when you object to processing, pending verification of the objection. In cases where processing has been restricted on these grounds, we may continue to store your personal data. Nonetheless, we will only process it in the following circumstances: (a) with your consent, (b) for the establishment, exercise, or defense of legal claims, (c) to protect the rights of another natural or legal person, or (d) for important public interest reasons.
You retain the right to object to our processing of your personal data based on your specific circumstances. However, this right is applicable only if the legal basis for processing is the necessity of processing for: (a)The processing of your personal data may be necessary if it involves tasks performed for the public good or in the exercise of official authority delegated to us. This may include activities aimed at fulfilling obligations or duties that serve broader societal interests or fall within our official responsibilities, or (b) For reasons of legitimate interests pursued by us or another party, processing of your personal data may be necessary. This includes activities that are considered reasonable and aligned with our or another party's legitimate objectives or activities. Should you raise such an objection, we will cease processing your personal information unless (a) we can demonstrate compelling legitimate grounds for processing that override your interests, rights, and freedoms, or (b) Processing may be necessary if it is required to establish, exercise, or defend legal claims. This encompasses activities aimed at initiating, carrying out, or protecting legal proceedings or rights.. This provision upholds your rights and ensures adherence to legal standards governing data processing.
.
You also possess the right to object to our processing of your personal data for scientific, historical research, or statistical purposes, based on your particular circumstances, unless such processing is essential for tasks performed in the public interest. This provision upholds your rights while balancing the broader societal interests that may necessitate certain data processing activities.
Under specific circumstances, you have the right to receive your personal information in a format that is structured, commonly used, and machine-readable format. This allows you to transfer your data to another organization for your own purposes. This right applies to personal data that you provided to us, based on your consent or for fulfilling a contract, and when the processing is done automatically.If you request it, we will try to directly transmit your data to another organisation, provided it's technically feasible. However, we are not obligated to adopt or maintain systems that are compatible with other organisations' systems. Also, when personal data relates to more than one person, we need to consider whether sharing this information would affect the rights of those individuals.
If you choose to exercise your right to data portability, we will make every effort to respond to your request within one month. However, if your request is intricate or if we receive multiple similar requests concurrently, it may take longer. In such instances, we will notify you within one month of receiving the request and explain the reasons for any required extension.
You have the option to modify your marketing preferences at any time, either to reduce, remove, or increase the frequency of our direct marketing communications to you. You may exercise this right by either (a) contacting us via email at info@passwordone.co.uk or by calling our main number at +44 (0)203 758 7301 and reaching out to your Customer Account Manager.
If the legal basis for our processing of your personal information relies on your consent, you have the right to withdraw that consent at any time.
If you wish to file a complaint about how we process your personal data, we urge you to contact us initially, and we will make every effort to address your request expeditiously. In the event that you believe our processing of your personal information violates data protection laws, you possess the legal right to lodge a complaint with the appropriate supervisory authority responsible for data protection. This can be done in the EU member state where you habitually reside, your place of employment, or the location where the alleged infringement has occurred. Our supervisory authority is the Information Commissioner's Office, and you can contact them here.
We are pleased to provide details of our recruitment data retention policy upon request, outlining the manner in which we process information related to external candidates.
We may periodically update this policy by releasing a revised version on our website. We will not implement changes without notifying you and encourage you to visit our website to confirm your satisfaction with any updates.
