Personal Data may be provided to us by you directly or by a third party.
Personal Data we hold
Personal Data we may hold and process includes:
Type of Personal Data
Name, address, business address, email and telephone number, confirmation that trade contacts are over 18 years of age.
Training preferences and activities, customer feedback
Training preferences or responses to voluntary customer satisfaction surveys
Online activity information
We may receive Personal Data about you when you use the Website; this may include your IP address and other online identifiers (to the extent that they are Personal Data), and other Personal Data that you provide to us online.
Information we collect about you and your device. Each time you visit/use the Website we may collect the following information:
- technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system; platform; the type of mobile device you use, a unique device identifier (for example, your device's IMEI number, the MAC address of the device's wireless network interface, or the mobile phone number used by the device), mobile network information, the type of mobile browser you use, time zone setting, connection to relevant network;
- information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from the Website (including date and time); products you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone number used to call our customer service number.
- technical information, including details of your use of any of the Website [including, but not limited to, traffic data, weblogs and other communication data] and the resources that you access.
Supplemental information from other sources
We and our service providers may supplement the Personal Data we collect with information obtained from other sources (for example, publicly available information from online social media services and other information resources, third party commercial information sources, and information from our business partners).
How we use Personal Data
We use Personal Data to carry out our business activities. The main purposes include using Personal Data to:
- communicate with you and other individuals (including in respect of policy issues and trade events with our trade customers);
- provide our trainings, products and services and allow you to participate in interactive features of the Website;
- improve the quality of our products and services;
- carry out research and analysis, including analysis of our customer base and other individuals whose Personal Data we collect, complete market research, including satisfaction surveys, and assess the risks faced by our business;
- conduct competitions for entry and communicate with winners;
- provide information in accordance with preferences you have told us about (information may be about products and services offered by our third party partners subject to your preferences);
- personalise your experience when you use the Website;
- manage our business operations and IT infrastructure, in line with our internal policies and procedures; IT systems operation; data and website hosting; data analytics; business continuity; records management; document management; and auditing;
- manage complaints, feedback, messages and queries received through email@example.com including by identifying you through name, email address and contact number;
- comply with applicable laws and regulatory obligations (including laws and regulations outside your country of residence), for example, laws and regulations relating to public health and tobacco, comply with legal process and court orders; and respond to requests from public and government authorities (including those outside your country of residence); and
- establish and defend legal rights to protect our business operations, and those of our group companies or business partners, and secure our rights, and that of our group companies or business partners, you, or other individuals or third parties; to enforce our terms and conditions; and pursue available remedies or limit our damages.
Sharing of Personal Data
In connection with the purposes described above, we may need to share your Personal Data with third parties (this may involve third parties disclosing Personal Data to us and us disclosing Personal Data to them). These third parties may include:
Type of third party
Our service providers
External third party service providers, such as security professionals, auditors and other professional advisors; IT systems, marketing agents, support and hosting service providers; advertising, marketing and market research, and data analysis service providers; and other third party vendors and outsourced service providers and group companies that assist us in carrying out business activities.
Government authorities and third parties involved in court action
We may also share Personal Data with: (a) government or other public authorities (including, but not limited to, courts, regulatory bodies, law enforcement agencies, tax authorities and criminal investigations agencies); and (b) third party participants in legal proceedings and their accountants, auditors, lawyers, and other advisors and representatives, as we believe to be necessary or appropriate.
Other third parties
Trade organisations - Show Me ID supporters.
Processing of Personal Data
Due to the global nature of our business, for the purposes set out above we may, from time to time, transfer Personal Data to parties (including group companies) located in other countries (including the USA and other countries that have data protection regimes which are different to those in the EU, including countries which have not been found by the European Commission to provide adequate protection for Personal Data).
We may transfer information internationally to our service providers, business partners, [and government or public authorities.
When making these transfers, we will take steps to ensure that your Personal Data is adequately protected and transferred in accordance with the requirements of data protection law.
This may involve the use of data transfer agreements in the form approved by the European Commission or another mechanism recognised by data protection law as ensuring an adequate level of protection for Personal Data transferred outside the EEA (for example, the standard contractual clauses).
For further information about these transfers and to request details of the safeguards in place, please contact us using the details below.
Security of Personal Data
We use appropriate technical, physical, legal and organisational measures, which comply with data protection laws to keep Personal Data secure. Where we have given you (or where you have chosen) a password that enables you to access certain parts of the Website, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, no data transmission over the Internet or electronic data storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any Personal Data you might have sent to us has been compromised), please immediately notify us.
Legal justification for our use of Personal Data
To comply with the law, we need to tell you the legal justification we rely on for using your Personal Data for our purposes.
While the law provides several legal justifications, the table below describes the main legal justifications that apply to our purposes for using Personal Data.
Purpose for use of Personal Data
Legal Justifications for use of Personal Data
Needed to perform a contract with you or to enter into a contract with you or a contract to which you are a party
Needed to comply with legal requirements
In our legitimate interests or those of a relevant third party
To communicate with you
e.g. for training purposes and to contact you in relation to Policy issues, and to respond to your queries or feedback
e.g. collection of contact details of retailers,
e.g. contact details of employees of trade customers (where contract is with employing entity), contacting you for training and policy purposes
To provide products and services
To improve the quality of our products and services, for training, and to maintain information security
To manage commercial risks
To carry out research and analysis
To provide training information
(where we obtain your consent)
(where we give you a right to object)
To personalise your experience when using the Website
This includes cookie use
To manage our business operations and IT infrastructure
To manage complaints, feedback and queries
To comply with applicable laws and regulations
e.g. personal data required for tax filings, confirmation of customer details and age for compliance with public health and tobacco legislation; data disclosed in the context of legal proceedings or orders
See previous column for compliance with obligations under foreign legislation or orders not directly applicable to us but applicable to other group companies, made subject to any applicable data protection requirements where necessary
To establish and defend legal rights
Where we rely on our legitimate business interests or the legitimate interests of a third party to justify the purposes for using your Personal Data, our legitimate interests will usually be as set out in the table above and below:
- pursuit of our commercial activities and objectives, or those of a third party (for example, by delivering trainings);
- compliance with applicable legal and regulatory obligations, and any guidelines, standards and codes of conduct (for example, by carrying out age gating or preventing, detecting or investigating fraud);
- improvement and development of our business operations and service offering, or those of a third party;
- analysing competition in the market for our services (for example, by carrying out research, including market research).
Retention of Personal Data
We will keep Personal Data for as long as is necessary for the purposes for which we collect it.
Where we hold Personal Data to comply with a legal or regulatory obligation, we will keep the information for at least as long as is required to comply with that obligation.
Where we hold Personal Data in order to provide a product or service, we will keep the information for at least as long as we provide the product or service, and for a number of years thereafter. The number of years varies depending on the nature of the product or service provided and will be retained for a longer period in the event of legal or prospective legal proceedings.
For further information about the period of time for which we retain your Personal Data, please contact us using the details below.
Personal Data Rights?
The following is a summary of the data protection rights available to individuals in the EEA in connection with their Personal Data. These rights may only apply in certain circumstances and are subject to certain legal exemptions.
When is this right applicable?
Right of access to Personal Data
You have the right to receive a copy of the Personal Data we hold about you and information about how we use it.
This right is applicable at all times when we hold your Personal Data (subject to certain exemptions).
Right to rectification of Personal Data
You have the right to ask us to correct Personal Data we hold about you where it is incorrect or incomplete.
This right is applicable at all times when we hold your Personal Data (subject to certain exemptions).
Right to erasure of Personal Data
This right entitles you to request that your Personal Data be deleted or removed from our systems and records. However, this right only applies in certain circumstances.
Examples of when this right applies to Personal Data we hold include (subject to certain exemptions):
- when we no longer need the Personal Data for the purpose we collected it;
- if you withdraw consent to our use of your information and no other legal justification supports our continued use of your information;
- if you object to the way we use your information and we have no overriding grounds to continue using it;
- if we have used your Personal Data unlawfully; and
- if the Personal Data needs to be erased for compliance with law.
Right to restrict processing of Personal Data
You have the right to request that we suspend our use of your Personal Data.
Where we suspend our use of your Personal Data we will still be permitted to store your Personal Data, but any other use of this information will require your consent, subject to certain exemptions.
You can exercise this right if:
- you think that the Personal Data we hold about you is not accurate, but this only applies for a period of time that allows us to consider if your Personal Data is in fact inaccurate;
- the processing is unlawful and you oppose the erasure of your Personal Data and request the restriction of its use instead;
- we no longer need the Personal Data for the purposes we have used it to date, but the Personal Data is required by you in connection with legal claims; or
- you have objected to our processing of the Personal Data and we are considering whether our reasons for processing override your objection.
Right to data portability
This right allows you to obtain your Personal Data in a format which enables you to transfer that Personal Data to another organisation.
You may have the right to have your Personal Data transferred by us directly to the other organisation, if this is technically feasible.
This right will only apply:
- to Personal Data you provided to us;
- where we have justified our use of your Personal Data based on:
- your consent; or
- the fulfilment by us of a contract with you; and
- if our use of your Personal Data is by electronic means.
Right to object to processing of Personal Data
You have the right to object to our use of your Personal Data in certain circumstances. However, we may continue to use your Personal Data, despite your objection, where there are compelling legitimate grounds to do so or we need to use your Personal Data in connection with any legal claims.
Right to withdraw consent to processing of Personal Data
Where we have relied upon your consent to process your Personal Data, you have the right to withdraw that consent.
This right only applies where we process Personal Data based upon your consent.
Right to complain to the relevant data protection authority
If you think that we have processed your Personal Data in a manner that is not in accordance with data protection law, you can make a complaint to the data protection regulator. If you live or work in an EEA member state, you may complain to the regulator in that state.
This right applies at any time.
If you wish to exercise your rights, please contact us using the details below.
Who to contact about your Personal Data
If you have any questions or concerns about the way your Personal Data is used by us, you can contact us by e-mail at: firstname.lastname@example.org