Privacy Policy

Privacy Policy

At Spinview, privacy, data protection, and data security are central to what we do. The introduction of General Data Protection Regulation (GDPR) on 25 May 2018 is an important milestone in raising the bar on transparency and how your data is stored and processed across all industries.

We wanted to share our policies on how and what we control and process.  Spinview’s responsibility depends on whether it acts as a controller or a processor of personal data.

 

Information about us

We are Spinview UK Limited, (company number 10174165), and our registered office is at 5 High Street, Pinner, Middlesex, HA5 5PW United Kingdom.

Our Data Protection Officer can be contacted by email at [email protected] or by writing to: DPO, Spinview UK Limited Aldwych House, 71-91 Aldwych, London, WC2B 4HN.

This policy explains how we collect, store and use your personal information and why we do this so please read it carefully. As mentioned above we can act as a data controller or a data processor depending on the particular circumstances which is explained in more detail below.

 

Data Protection Law

For the purposes of this policy data protection law means: (i) unless and until it is no longer directly applicable in the UK, the General Data Protection Regulation ((EU) 2016/679) (GDPR) and any national implementing laws, regulations and secondary legislation, as amended or updated from time to time, in the UK; and then (ii) any subsequent, and successor, legislation to the GDPR or the Data Protection Act 1998.

We will comply with data protection law. Personal information we hold will be:

  • Used lawfully, fairly and in a transparent way.
  • Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
  • Relevant to the purposes we have told you about and limited only to those purposes.
  • Accurate and kept up to date.
  • Kept only as long as necessary for the purposes we have told you about.
  • Kept securely.

 

What is personal data?

Personal data or personal information refers to any information about an individual from which that person can be identified. It does not refer to anonymous data. Anonymous data is information where any personal identifiers have been removed. There are “special categories” of more sensitive personal data which require a higher level of protection.

 

Controlling your data

When we act as a data controller, Spinview decides on the purpose for holding personal data and how to process it.

 

What we may be collecting from you:

  • All personal information disclosed by you to us either consensually during registration or contractually
  • Information that will help us contact you in the future like: name, company name, address, phone and email, this is because we believe there is a legitimate interest for both parties
  • Some personal data may also be collected about you from the forms and surveys you complete, from records of our correspondence and phone calls.

 

Specifically, we log usage data when you visit or otherwise use our services, including our sites, VR experiences, app and platform technology. We may collect:

  • All personal information disclosed by you to us either consensually during registration or contractually such as your name, billing and delivery address, telephone number, email address, items ordered and payment details. We also store passwords for any accounts that are created
  • Authentication cookie allowing you to refresh your browser without logging out of our systems
  • Information that is not personally identifiable for example what browser, operating system and device you have used to access our content, details about the country, city and language you have used to access our services, information about how and when you have interacted with our services
  • We collect information about you when you send, receive, or engage with messages in connection with our services
  • Some personal data may also be collected about you from the forms and surveys you complete

 

Information we collect about you or receive from other sources.

We may also collect, and third-party providers may also collect, information regarding your visit to our Site.  This may include where you are geographically, your browser and device type, the pages you viewed and duration of your visit and any search terms used.  This information may be collected even if you do not register an account with us.

 

How is it data stored?

We store data digitally using our own secure platform and analytics databases which are securely hosted within the EU. We also store data via globally recognised secure third-party software system, this is an integrated part of our business processes and systems.

 

What we do with your data?

We use the information to make telephone contact and to email you information which we believe may be of legitimate interest to you.

We also use your data to produce and share aggregated insights that do not identify you. For example we may use your data to publish demographics for a specific webhosted visualisation or to present results of a survey.

 

Who can access your data?

We do not transfer your personal data to anyone for marketing purposes without your consent. However, it may be necessary for us to share your personal information with third parties in the following circumstances:

Our service providers and suppliers:

  • In order to make certain services available to you, we may need to share your personal information with some of our service providers.
  • We only allow our service providers to handle your personal data when we have confirmed that they apply appropriate data protection and security controls.  We also impose contractual obligations on service providers relating to data protection and security, which mean they can only use your data to provide services to us and to you, and for no other purposes.

 

Other third parties:

  • in processing orders we may send your details to and use information from credit reference and fraud prevention agencies;
  • if we or our business are acquired by a third party when our customers’ personal data will be transferred to the buyer;
  • If we have to disclose in order to comply with a legal obligation;
  • in order to enforce or apply the terms of our contract with you; or
  • to protect the rights, property, or safety of Spinview, our customers, or others.

We will not disclose any confidential information, except to employees and/or professional advisors (e.g., maintenance, analysis, audit, payments, fraud detection, marketing and development) who need to know it and who have agreed in writing (or in the case of professional advisors are otherwise bound) to keep such information confidential.

We will ensure that those people and entities: (a) use such confidential information only to exercise rights and fulfil obligations, and (b) keep such confidential information confidential. Spinview may also disclose confidential information when required by law after giving reasonable notice to the discloser, such notice to be sufficient to give the discloser the opportunity to seek confidential treatment, a protective order or similar remedies or relief prior to disclosure.

 

How long will we keep your information?

We will retain your personal information no longer than is necessary for the purpose we obtained it for thereby reducing the risk that it will become inaccurate, out of date or irrelevant.  Information that is no longer needed will be securely deleted. Different retention periods apply for different types of data, however the longest we will normally hold any personal data is 6 years.

 

What are the consequences of failing to provide personal information or withdrawing consent?

If you fail to provide certain information when requested:

  • We may not be able to fulfil your orders or perform other aspects of any contract we have entered into with you.
  • We may be prevented from complying with our legal obligations
  • You may not be able to participate in the interactive aspects of our site.

 

Informing us of changes

It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your relationship with us.

 

Change of purpose

We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.  Please note that we may process your personal information without your knowledge or consent where this is required or permitted by law.

 

International transfers

To deliver products and services to you, it may sometimes be necessary for us to share your personal information outside of the European Economic Area, usually when service providers are located outside the EEA or if you are based outside the EEA.  These transfers are subject to special rules under data protection laws. If this happens, we will ensure that the transfer will be compliant with data protection law and your personal information will be kept secure.

 

What are your rights?

You have the right to:

    • Be informed about how Spinview uses your personal data
    • Request access to a copy of the personal data that Spinview holds on you
    • Request that your personal data is amended if it is inaccurate or incomplete
    • Request that your personal data is erased
    • Request that the processing of your data is restricted
    • Request that the data we hold about you is transferred to another organisation
    • Object to automated processing, including profiling
    • Object to certain types of processing such as direct marketing. You can object to any processing which is for our legitimate interests or those of a third party in which case, the processing must stop, unless there are compelling legitimate grounds for the processing which override your rights, or where the processing is necessary in relation to legal action.

 

 

Right to Complain

If you have any concerns with how we keep and use your information please contact our DPO at [email protected].

You may also complain to our Supervisory Authority, the Information Commissioner’s Office by email: https://ico.org.uk/global/contact-us/email, by phone on 0303 123 1113, by post to The ICO, Wycliffe House, Water Lane, Wilmslow, SK9 5AF or, where different, the Supervisory Authority where your data has been processed.  We will advise you of this where appropriate.

 

Requesting access to a copy of the personal data that Spinview holds on you

You have the right to obtain confirmation that your data is being processed and request access to your personal data. You can make a request by email to [email protected], or in writing to DPO, Spinview UK Limited Aldwych House, 71-91 Aldwych, London, WC2B 4HN.

In the first instance we will provide a copy of the information free of charge. However, we may charge a reasonable administration fee when a request is manifestly unfounded or excessive or to comply with requests for further copies of the same information.

We will without delay and within 1 month of your request (subject to extensions in some cases):

  • confirm what personal data we hold about you;
  • provide a copy of the data in electronic format if the request is made electronically.
  • provide any supporting explanatory materials.

We can extend the time to respond by a further two months where requests are complex or numerous. If this is the case, we will inform you of this within one month of the receipt of the request and explain why the extension is necessary.  Where requests are obviously unfounded or excessive we can refuse to respond. In such cases, we will, within 1 month, explain why and will inform you of your right to complain to our Supervisory Authority and to pursue a legal remedy.

 

To access what personal data is held, identification will be required

We will accept the following forms of ID when information on your personal data is requested: a copy of your driving licence, passport, birth certificate and a utility bill not older than three months. A minimum of one piece of photographic ID listed above and a supporting document is required. If Spinview is dissatisfied with the quality, further information may be sought before personal data can be released.

 

Marketing communications

You can sign up to receive our newsletter through our online sign up form.   Marketing communications may be sent by either electronically via email or physically through the post. If you have an online account you can choose your preferences for each or opt-in/opt-out.

If you do not wish to continue to receive marketing from us, click on the ‘Unsubscribe’ link in any email communications or log into your account to change your preferences.

Automated decision making

You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making, unless we have a lawful basis for doing so and we have notified you.  We do not envisage that any decisions will be taken about you using automated means, however we will notify you in writing if this position changes.

The bit we cannot control…

Third party sites: Our site may contain links to and from the websites of our partner networks, advertisers and other third parties. If you follow a link to any of these websites, please note that they have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

How we keep your information secure

We use Secure Server Software (SSL) to ensure that personal information, including credit card details, remains private and secure.  Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential.

We will maintain appropriate safeguards to ensure the security, integrity and privacy of your information and will take reasonable steps to try to ensure that third parties to whom we transfer any of your information will provide sufficient protection of that information.

How we use cookies

Cookies are text files placed on your computer to collect standard internet log information and visitor behaviour information. This is used to track visitor use of the website and to compile statistical reports. For further information visit www.aboutcookies.org or www.allaboutcookies.org.  You can set your browser not to accept cookies and the websites mentioned tell you how to remove cookies from your browser. However in a few cases some of our website features may not function as a result.  For more information on the cookies we use and the purposes for which we use them see our Cookie Policy.

Changes to our privacy policy

We will regularly review this Privacy Policy, taking account of any complaints about information handling and updating it as necessary to reflect any changes in our collection and use of personal data.  Any changes we may make in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes.  The Privacy Policy was last updated in May 2018.

 

Processing data

As a data processor, we process personal data on behalf of a data controllers (as defined in the GDPR), typically these are clients who use our services to conduct research (each a Controller).  Data controllers have specific obligations in relation to personal data which will be collected and used in accordance with their respective Privacy Notices and subject to their obligations under data protection laws.

 

Under data protection laws we also have obligations in relation to the data we process on behalf of Controllers.

1. As a processor, Spinview’s obligations are as follows:

The direct obligations that data protection laws imposes on data processors include:

  • to only process personal data according to the data controller’s written instructions.
  • to only engage other data processors in compliance with data protection laws.
  • to implement appropriate technical and organizational measures to secure personal data.
  • to comply with data breach notification requirements set out in data protection laws.
  • to comply with restrictions on transferring personal data to countries outside of the EU.
  • to implement appropriate record keeping processes.

2. Spinview will not disclose any confidential information, except to employees and/or professional advisors who need to know it and who have agreed in writing (or in the case of professional advisors are otherwise bound) to keep such information confidential. Spinview will ensure that those people and entities: (a) use such confidential information only to exercise rights and fulfil obligations, and (b) keep such confidential information confidential. Spinview may also disclose confidential information when required by law after giving reasonable notice to the discloser, such notice to be sufficient to give the discloser the opportunity to seek confidential treatment, a protective order or similar remedies or relief prior to disclosure.

3. On receiving written instructions to process data on behalf of a Controller, Spinview shall: (a) comply with the requirements of data protection law; (b) process the information only in accordance with the Controller’s reasonable written instructions which must be compliant with data protection law.

4. The Controller may request by written notice that any specific item of personal data contained in data processed by Spinview be amended or deleted.

5. Spinview has in place appropriate technical and organisational security measures governing the processing of the data; and will notify the Controller if it receives any notice of non-compliance with, or a request for information under data protection law.

6. Spinview shall not transfer any personal data (as defined in data protection law) that it is processing to any country or territory outside the European Economic Area in breach of data protection law.

7. Data Controllers are requested to warrant that Spinview is permitted to process data of which the Controller is the data ontroller and Controller shall notify Spinview immediately if it receives any notice of non-compliance with, or a request for information under data protection law.

 

If you have a concern about how Spinview is collecting or processing your personal data, we request that you raise your concern in the first instance with our DPO at [email protected].

You may also complain to our Supervisory Authority, the Information Commissioner’s Office by email: https://ico.org.uk/global/contact-us/email, by phone on 0303 123 1113, by post to The ICO, Wycliffe House, Water Lane, Wilmslow, SK9 5AF or, where different, the Supervisory Authority where your data has been processed.  We will advise you of this where appropriate.