Privacy policy
PRIVACY NOTICE
This privacy notice tells you how, why and when we collect and use personal data in line with UK data protection laws.
Prosperra Group Ltd collects and uses personal data about you when you navigate on our website. The protection of personal data is important to us, and we want to comply with related legal requirements. That is why we only process personal data that is strictly necessary, with care and taking account of security needs.
We may make changes to this privacy notice to comply with changes in the law or our organisation. We recommend that you review this page regularly to always know how we use your personal data.
1 – Who is responsible for the processing of your personal data?
We are responsible for processing your personal data as you use our website, subscribe to our newsletter, or contact us. We are the data controller for these activities under Data protection laws.
2 – What personal data do we process, why and on what basis?
The law requires that we provide information to you about the personal data that we process, the reasons for using the personal data (the purpose for processing) and the grounds we rely on to do this (the legal basis for processing).
We have summarised most of that information in the table below to make it easier to read for you.
|
Purposes |
Personal data |
Legal basis |
|
To manage our relationship and communicate with you. |
Identity: first name, last name, form of identification. Contact: electronic or postal address, telephone number. Verbatim communications from you. |
Our legitimate interest to manage our relationship with you. Your consent to receiving unsolicited communications from us. The performance or conclusion of a contract with you. Compliance with a legal obligation applicable to us. |
|
To verify your identity (for instance, to authenticate you on our site or if you want to exercise your individual rights). |
Identity: first name, last name, form of identification. Login information: username, password. Contact: electronic or postal address, telephone number. |
|
|
To deliver promotional material to you. |
Identity: first name, last name, form of identification. Contact: electronic or postal address, telephone number. Technical personal data such as IP address, browser data or device identifiers. |
Your consent to receiving unsolicited communications from us. Our legitimate interest to develop our products or services and grow our business. |
|
To moderate and manage our social platform communities (including organising prize draws and competitions). |
Identity: first name, last name, form of identification. User-generated content: username, verbatim posts, pictures or videos. |
Our legitimate interest to manage our relationship with you. The performance or conclusion of a contract with you. |
|
To improve, operate and protect our website. |
Technical personal data such as IP address, browser data or device identifiers. |
Our legitimate interest to manage the operation of our website effectively. |
|
To administer our business. |
Identity: first name, last name, form of identification. Contact: electronic or postal address, telephone number. Record of past purchases. |
Compliance with a legal obligation applicable to us. Our legitimate interest to manage our business effectively |
|
To process your payments. |
Payment information: payment methods, payment card number, bank account references, record of third-party payment solutions. |
The performance or conclusion of a contract with you. Your consent to keep records of your payment information for future purchases. |
|
To provide personalised suggestions to you. |
Record of past purchases. |
Our legitimate interest to develop our products or services and grow our business. |
There may be other circumstances in which we will have to retain, disclose or process your personal data in another way because of a legal obligation applicable to us.
We do not usually process personal data from social platforms outside of these platforms. This means that where we process your personal data as part of the management of our social accounts, we will not do so outside of each relevant platform.
3 – When do we collect your personal data?
We collect personal data directly from you when you register to receive our newsletter or contact us on our website with questions, suggestions or comments. We also collect personal data directly from you, in line with any applicable platform rules, when you interact with our social accounts.
We may collect technical personal data about you indirectly when you browse on our website.
4 – With whom do we share your personal data?
We may only share your personal data with third parties who provide support services for our website. These third parties include our:
· Website host and content management system: to date, we use Shopify for our website needs.
· Payment service provider: to date, we use Shopify and Shop Pay app.
· Newsletter campaign manager: to date, we use Shopify along with a Google Mail.
We may get help from professional service firms or public institutions in certain circumstances. These may include auditors, accountants, banks, lawyers or the Government tax office.
We may be asked to disclose your personal data in unexpected circumstances for legal or law enforcement reasons. If this ever happens, we will stay committed to protecting your personal data and complying with the law.
5 – How long do we keep your personal data?
We keep your personal data for as long as reasonably necessary for the purposes listed at 2 in this privacy notice. We may need to keep your personal data for longer than expected, for example, to meet legal or accounting obligations or where we anticipate we may need this as part of a legal dispute.
6 – What individual rights do you have under data protection laws?
We want you to know the full extent of your individual rights under data protection laws, so we have listed all your rights in the table below. However, all these rights do not apply to your relationship with us.
If you request to exercise your rights, we will let you know how we can help in your specific circumstances. We may ask for proof of identity to comply with a request to exercise your rights.
|
Your rights |
What it means |
|
Access |
You can ask for a copy your personal data we hold about you or ask us why and how we process your personal data. Part of this information is already in this privacy notice. |
|
Delete |
You can ask us to delete your personal data. However, we are not always able to comply with that request. For instance, we cannot delete personal data that is necessary to comply with a legal obligation. |
|
Object to automated decision making |
You can ask us not to be subject to a decision based solely on automated processing which produces legal effects or impacts significantly in another way. Our website does not use technology relevant to this right. |
|
Object to a processing operation |
You can object to a processing operation of your personal data where we rely on our legitimate interests as a legal basis if you consider that the processing is a violation of your fundamental rights. |
|
Portability |
You can ask us to provide your personal data to another company in a structured, commonly used, machine-readable format. This right is usually not relevant to website processing. |
|
Rectify |
You can ask us to correct inaccurate records of your personal data (for instance, rectify your e-mail address). |
|
Restrict the processing |
You may ask us to continue holding but limiting how we process your personal data in limited circumstances. |
7 – How do we protect your personal data?
Although we rely on industry-standard security measures implemented by our service providers, we always strive to keep all information you provide to us confidential and secure. This is why we are cautious about using secure passwords on our device and only to work with reputable service providers for our website.
Our payment service provider complies with the Payment Card Industry Data Security Standard (PCI DSS) to secure your payments on our website.
8 – Do we process your data outside the UK?
We do not send process your data outside the European Economic Area or the UK. If our service providers do, they are legal required to do so where appropriate mechanisms are in place to ensure your personal data remains secure in the third countries.
9 – Do we process personal data using cookies, other trackers or for targeting purposes?
We do not knowingly use any non-essential cookies on our website. However, please note that make use of the full extent of tools available to us through our service providers to comply with any laws applicable to us. If any technical cookies are deployed on the site, we will use the tools made available by our hosting provider to manage these.
10 – How can you contact us or raise a complaint?
If you have any questions or requests related to the way we process your personal data, you can contact us at hello@stchand.co.
You can also raise a formal complaint with your local data protection authority. In the United Kingdom, this is the:
Information Commissioner’s Office (ICO)
Wycliffe House Water Lane Wilmslow
Cheshire SK9 5AF3
Phone : +44303 123 1113
Website: Site web: https://ico.org.uk/
If you have a complaint, please contact us first, and we will try to resolve it as best we can.
DEFINITIONS
|
Data controller |
According to data protection laws, the data controller is responsible for deciding why and how personal data is processed. Prosperra Group Ltd is the data controller when it comes to processing operations on our website. |
|
Individual rights |
Data protection laws give you individual rights so that you keep control of your personal data. These are the rights listed at point 6 in our privacy notice. |
|
Data protection laws |
Data protection laws include the General Data Protection Regulation, the e-Privacy Directive and any local data protection laws applicable in a Member State or the UK. |
|
Legal basis |
We are always required to rely on a ground set in the law to process personal data. We only ever rely on our legitimate interest, your consent, a legal obligation or a contract with you. For more information, go to point 2. |
|
Personal data |
Personal data means any information which directly or indirectly identifies you. We have listed the personal data we process at point 2. |
|
Processing |
Any activity impacting personal data, including collecting, holding or anonymising, is considered processing personal data under Data protection laws. |
|
Purpose for processing |
We are required to disclose the reason for processing personal data to you; that is what we call the purpose for processing. We have detailed our purposes at point 2. |
|
Social platforms |
According to Data protection laws, we are also responsible for the way we process your personal data on social media platforms. We may use Instagram, WhatsApp and Facebook and the term social platforms only refers to these in this privacy notice. |
|
Website |
Our website relevant to this privacy notice is our StchandCo. website. |