Privacy Policy
SWELLAWAY LTD’S PRIVACY POLICY At Swellaway, we respect your privacy and are committed to protecting your personal data. In this policy, we explain how we collect and use your personal information when you visit our website, download and use our mobile application, and/or purchase one of our products. Please note that links from our website or our mobile application may take you to external websites which are not operated by us or covered by this policy. We recommend that you check the privacy policies of such websites before submitting any personal information to them. 1. ABOUT US The Swellaway website and mobile application are operated by Swellaway Limited (“we”, “us” and “our”). We are based at Great Oak Farm Offices, Mag Lane, Lymm, Cheshire, WA13 0TF and are the data controller for the purposes of the UK General Data Protection Regulation (“GDPR”) and Data Protection Act 2018. If you have any questions about your privacy rights, or our use of your personal data, please contact us. 2. WHAT PERSONAL INFORMATION DO WE COLLECT ABOUT YOU AND HOW DO WE COLLECT THAT PERSONAL INFORMATION? You are not required to provide personal information to us in order to browse our website. However, we will require you to provide your personal information if you wish to purchase our products and/or use our mobile application. At all times, we will only require you to provide personal information to us where it is necessary for you to do so. A. WHAT PERSONAL INFORMATION DO WE COLLECT ABOUT YOU? We may collect personal information about you whenever you contact us, visit our website, purchase our products and/or use our mobile application. This information may include: ● Contact and Identity Data: such as your full name, title, date of birth, email address, postal address and phone number. ● Financial Data: includes bank account and payment card details. ● Transaction Data: includes details about payments from you to us. ● Device Data: includes the type of computer device you use, a unique device identifier (for example, your device’s IMEI number, the MAC address of the device’s wireless network interface or the mobile phone number used by the device, mobile network information, your mobile operating system, the type of mobile browser you use, and time zone settings. ● Content Data: includes information stored on the device that you use to access our website or mobile application. ● Profile Data: includes your username and password, purchase history, Heath Data interests, preferences, feedback and survey responses. ● Usage Data: includes details of your use of any of our website or our mobile application including, but not limited to, traffic data and other communication data, whether this is required for our own billing purposes or otherwise and the resources that you access. ● Marketing and Communications Data: includes your preferences in receiving marketing from us and our third parties and your communication preferences. ● Location data: includes your current location disclosed by GPS technology. Special Categories of Personal Data Save for Health Data, we do not collect any special categories of personal data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, or any trade union membership). Nor do we collect any information about criminal convictions and offences. Health Data If you purchase one of our products and use our mobile application, we will collect data relating to your health to ensure that the particular product and/or our mobile application can be tailored to suit your particular needs and circumstances. We will request your express consent to collect and use such data when you first use our mobile application. If one of our products has been provided to you by a third party and you do not download and use our mobile application, we will not be able to personally attribute to you any health data collected from you through your use of such product. This means that such health data will not be deemed to be personal data under data protection legislation. Please note that the third party who provided you with a particular product of ours may collect and process personal data belonging to you (including health data), and we suggest you review such party’s privacy policy to review how they handle such personal data. If one of our products has been provided to you by a third party and you download and use our mobile application, we will request your express consent to collect such data and share such data with the relevant third party when you first use our mobile application. Aggregated Data We collect, use and share Aggregated Data, such as statistical or demographic data, for any purpose. Aggregated Data may be derived from your personal data (including health data) but is not considered personal data under data protection legislation as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific feature of our products. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we will treat the combined data as personal data which will be used in accordance with this privacy policy. If you do not provide Personal Data? You are not required (by law or by any contract with us) to provide personal information to us. We will only require you to provide personal information to us where it is necessary for us to provide you with a service at your request. If you fail to provide personal data when requested, we may not be able to provide you with our products or access to our website or our mobile application. B. HOW DO WE COLLECT YOUR PERSONAL INFORMATION? We have different methods of collecting data from and about you, including via: ● Direct Interactions: o You may provide us with Contact and Identity Data, Content Data, Profile Data Marketing and Communications Data, Location Data and Health Data by contacting us through our website, via telephone or email, or when downloading, registering and using our mobile application. o You may provide us with Financial Data and Transaction Data when you purchase our products or purchase any additional features that we make available through our mobile application. ● Automated technologies and/or interactions As you interact with our website or our mobile application, we may automatically collect Device Data and Usage Data. This will be collated after using various ‘cookies’ and other similar technologies. Please refer to our cookies policy for further information on how we use cookies on our website or through our mobile application. ● Third Parties or publicly available sources We may receive personal data about you from other sources, including: o information we receive about you if you use any of the other websites that we operate or the other services that we provide; o information from third parties that we work with to provide our products; and o information you have shared publicly, including on social media. 3. HOW AND WHY DO WE USE YOUR PERSONAL INFORMATION? It is necessary for us to use your personal information in order to make our products, our website, our mobile application, and all of their respective features, available to you. When you purchase our products or create an account (where required), and access our mobile application, there is a contract between us (please see our respective Terms and Conditions and End User Licence Agreement) and we need to use your personal data in order to perform our side of that contract. Otherwise, we will only use your information in this way where we have a legitimate interest to do so. Using your information in this context is necessary so that we can: ● Enable you to use, and provide you with information about, our products, our mobile application and our website. ● Contact you about any changes that we make to our products, our mobile application and our website. ● Verify your identity, where necessary. ● Deal with any complaints you may have. ● Administer our mobile application and our website, including troubleshooting problems, analysing statistics, conducting research and tests and keeping our mobile application and website secure. Ordinarily, we do not rely on consent as a legal basis for processing data other than in relation to processing your Heath Data or when sending marketing communications to you via email or text message. You have the right to withdraw consent at any time by contacting us. However, please note in respect of your Health Data, you may be unable to use our products and/or our mobile application if you withdraw your consent for us to process your Health Data. We have set out below, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground on which we are relying to process your personal data where more than one ground has been set out in the table below. Purpose/Activity Type of data Lawful basis for processing including basis of legitimate interest To register you as a new user of our mobile application (a) Contact & Identity Contract Necessary for our legitimate interests (to develop our products and services) To enable you to purchase our products and use our mobile application (a) Contact & Identity (b) Financial (c) Transaction (d) Content (e) Profile (f) Location (g) Device (h) Usage (i) Marketing and Communications (j) Health Contract Necessary for our legitimate interests (to develop our products and service) Consent (a) Notifying you about changes to our terms or privacy policy (b) Asking you to leave a review or take a satisfaction survey (a) Contact & Identity (b) Profile (c) Marketing and Communications Necessary to comply with a legal obligation Necessary for our legitimate interests (to keep our records updated and to study how individuals use our products and services) To administer and protect our business, our mobile application and our website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) (a) Contact & Identity (b) Content (c) Profile (d) Location (e) Device Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise) Necessary to comply with a legal (f) Usage obligation To deliver relevant content through our mobile application and our website as well advertisements to you and measure or understand the effectiveness of the advertising we serve to you (a) Contact & Identity (b) Content (c) Profile (d) Location (e) Device (f) Usage (g) Marketing and Communications Necessary for our legitimate interests (to study how individuals use our products and services, to develop them, to grow our business and to inform our marketing strategy) To use data analytics to improve our products, our mobile application, our website, marketing and experiences (a) Device (b) Usage (c) Profile Necessary for our legitimate interests (to define types of individuals who purchase and use our products, to keep our mobile application and our website updated and relevant, and to develop and inform our marketing strategy) To make suggestions and recommendations to you about our products or services that may be of interest to you (a) Contact & Identity (b) Device (c) Transaction (d) Usage (e) Profile Consent Necessary for our legitimate interests (to develop our products and services) Marketing We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising. You can ask us to stop sending you marketing messages at any time by contacting us to amend your preferences, methods of contact and products/services you wish to hear about. Promotional Offers We may use your Contact & Identity, Device, Usage and Profile Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products and services we offer may be relevant for you (we call this marketing). You will receive marketing communications from us if you have requested information from us or purchased products or services from us and, in each case, you have not opted out of receiving that marketing. Third-Party Marketing We will get your express opt-in consent before we share your personal data with any company for marketing purposes. Opting Out You can opt-out of third-party marketing at any point by contacting us. Change of purpose We will only use your personal information for the purposes for which we collected it, as set out above, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Please note that we may process your personal information without your knowledge or consent (save for your Health Data), in compliance with the above rules, where this is required or permitted by law. 4. WHO DO WE SHARE YOUR PERSONAL INFORMATION WITH? We may also share your personal data with the parties set out below for the purposes set out in the table at paragraph 3. These entities will not use your information to contact you. Selected third parties (including any third party that provides you with any of our products to use) will be subject to obligations to process your personal information in compliance with the same safeguards that we deploy. We may need to disclose your information to any one of the following: ● Third party service providers, for example: Telecommunications, IT systems etc acting as processors based in the United Kingdom whom we engage to deliver our services (e.g. host our dialler system, electronic storing of your personal data). ● HM Revenue & Customs, Regulators (The Charity Commission, Information Commissioner’s Office), and other authorities based in the United Kingdom who require reporting of processing activities in certain circumstances. ● Accountants, Solicitors, Compliance Consultants and other similar services based in the United Kingdom who require the reporting of processing activities in certain legal and compliance circumstances. ● Third parties to whom my may choose to sell, transfer or merge parts of our business or assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change in these circumstances occurs, your personal data will be used in the same way as set out within this privacy policy. If you have any concerns about your personal information being shared, please contact us for more information. There are certain exceptional circumstances in which we may disclose your information to other third parties. This would be where we believe that the disclosure is: ● Required by the law, or in order to comply with judicial proceedings, court orders or legal or regulatory proceedings. ● Necessary to protect the safety of our employees, our property or the public. ● Necessary for the prevention or detection of crime, including exchanging information with other companies or organisations for the purposes of fraud protection and credit risk reduction. 5. HOW LONG DO WE KEEP YOUR PERSONAL INFORMATION? How long will we hold your personal data? We will only retain your personal data for as long as we need it for the purposes for which it was collected (as set out in paragraph 3), as well as for any purposes necessary to satisfy any legal, accounting or reporting requirements. If you create and maintain an account on our mobile application, we will retain any information you provide to us at least for as long as you keep your account on our mobile application, and afterwards for a period of 6 (six) years from the date of your last log in. If you purchase one of our products, we will retain any information you provide to us for a period of 6 (six) years from the date of your purchase. Where you contact us, but you do not have an account on our mobile application and/or we don’t have an ongoing relationship with you, we will retain your information for a period of 12 (twelve) months, so that we can recognise you if you contact us again in the near future. If you would like us to delete your personal information before the end of these periods, please contact us. 6. INTERNATIONAL TRANSFERS We do not transfer your personal data outside of the United Kingdom. 7. HOW DO WE PROTECT YOUR PERSONAL INFORMATION? We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy. We try to ensure that all information you provide to us is transferred securely. Before submitting any personal information through our website in particular, we recommend that you check for the padlock symbol in your browser and “https” in the URL. Unfortunately, the transmission of information via the internet is not always completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our website or via our mobile application; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access. All information which you provide to us is stored on third party secure servers in the UK. Where you have been provided with any passwords or other credentials which enable you to access certain parts of our website or mobile application, you are responsible for keeping these details confidential. 8. WHAT RIGHTS DO YOU HAVE IN RESPECT OF YOUR PERSONAL INFORMATION? In accordance with the current data protection legislation, you are entitled to a range of specific data subject rights that you may exercise under particular conditions, with a few exceptions. Your right to ACCESS You have the right to ask us to confirm whether or not we hold any of your personal information. If we do, you have the right to have a copy of your information and to be informed of the following: • Why we have been using your information. • What categories of information we were using. • Who we have shared the information with. • How long we envisage holding your information. In order to maintain the security of your information, we will have to verify your identity before we provide you with a copy of the information we hold. The first copy of your information that you request from us will be provided free of charge. If you require further copies, we may charge an administrative fee to cover our costs. Your right to RECTIFICATION You have the right to have inaccurate personal data rectified. You may also be able to have incomplete personal data completed, although this will depend on the purposes for the processing. This may involve providing a supplementary statement to the incomplete data. Your right to ERASURE Under certain circumstances, you have the have the right to have personal data erased. Also known as ‘the right to be forgotten’. This could be if: • The information is no longer needed for the original purpose for which we collected it. • You withdraw your consent for us to use the information (and we have no other legal reason to keep using it). • You object to us using your information and we have no overriding reason to keep using it. • We have used your information unlawfully. • We are subject to a legal requirement to delete your information. In those situations, you have the right to have your personal data deleted. If you believe that one of these situations applies to you, please contact us Your right to RESTRICT PROCESSING Under certain circumstances, you have the right to request the restriction or suppression of your personal data. Restriction of processing means we are permitted to store your personal data but we are unable to use it. This right is available where: • You have informed us that the information we hold about you is inaccurate, and we have not yet been able to verify this. • You have objected to us using your information for our own legitimate interests and we are in the process of considering your objection. • We have used your information in an unlawful way, but you do not want us to delete your data. • We no longer need to use the information, but you need it for a legal claim. Your right to DATA PORTABILITY You have the right to obtain a copy of your personal data for your own purposes. This allows you to move, copy or transfer your personal data more easily from one IT environment to another, safely and securely, without affecting the usability of the data. Your right to OBJECT We aim to always ensure that your rights and information are properly protected. If you believe that the way we are using your data is not justified due to its impact on you or your rights, you have the right to object. Unless we have a compelling reason to continue, we must stop using your personal data for these purposes. You can tell us at any time that you would prefer that we do not use your information for direct marketing purposes. If you would not like to receive any direct marketing from us, please contact us or use the links provided in any of our marketing communications. Your right to be INFORMED You have the right to be informed about the collection and use of your personal data. Your right to be informed forms part of this policy, and provides the purposes for processing your data, our retention periods and who it will be shared with. Your rights in relation to AUTOMATED DECISIONMAKING AND PROFILING Any automated decision-making or profiling we undertake is solely for the purpose of tailoring the information which we provide to you. We will not use automated decision-making or profiling to make decisions which will have a legal effect upon you or otherwise significantly affect you, and you have the right not to be subject to such decisions. If you have any concerns or questions about this right, please contact us. 9. CHANGES TO OUR PRIVACY POLICY Any changes we make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by email. Please check back frequently to see any updates or changes to our privacy policy. This version was last updated on 15th October 2021 and historic versions can be obtained by contacting us. 10. COMPLAINTS If you wish to make a complaint about our collection or use of your personal data, we ask that you please contact us in the first instance so that we may seek to resolve your complaint. You have the right to lodge a complaint with the relevant supervisory authorities that oversee data protection law. In the UK, you may contact the Information Commissioner’s Office if you wish to make a complaint. 11. CONTACT US If you wish to speak to us regarding your privacy, or our use of your personal data, please contact us using the following details: Full Name: Swellaway Limited Post: Great Oak Farm Offices, Mag Lane, Lymm, Cheshire, WA13 0TF Email: customerservices@swellaway.com Telephone Number: 0845 901 0227