Privacy Notice

1. Introduction

1.1. This privacy notice applies between you (the “user”) of this Website (“site”) and Kerry Chumbley trading as Positive Twists, (referred to as “we”, “us” or “our” in this privacy notice) the owner and provider of this Website. We take the privacy of your information very seriously. This privacy notice applies to our use of any and all Data collected by us and /or provided by you, in accordance with General Data Protection Regulations and Privacy and Electronic Communications Regulations.

1.2. This privacy notice should be read alongside, and in addition to, our Terms and Conditions, and our Cookie Notice Please make sure you are comfortable with all policies and /or notices prior to engaging our services.

1.3. Kerry Chumbley trading as Positive Twists Contact Details:

137 Camps Rigg, Livingston, EH54 8PE.
Email: kerry@positivetwists.com. Tel: +44 (0)7900688309

1.4. This privacy notice applies only to the actions of Kerry Chumbley trading as Positive Twists and Users with respect to this Website. It does not extend to any websites that can be accessed from this site including, but not limited to, any links we may provide to social media websites. You are advised to read the privacy policy, notice or statement of other websites prior to using them.

1.5. For purposes of the applicable Data Protection Laws, Kerry Chumbley trading as Positive Twists is the “data controller”. This means that Kerry Chumbley trading as Positive Twists determines the purposes for which, and the manner in which, your Data is processed.

1.6. If you are not happy with any aspect of how we collect and use your data, firstly contact us so that we can try to resolve it for you as quickly as possible. If you are still not happy following communication with us, you have the right to complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk).

2. What Data We Collect

2.1. The types of Data we may collect:

 Identity Data may include your first name, last name, username, title,

 Contact Data may include your billing address, delivery address, email address and telephone numbers.

 Financial & Transactional Data may include your bank account and payment card details and details about payments between us and purchases made by you from us.

 Analytical, Technical & Usage Data may include information about how you use our website, products and services. It may also include your IP address, web browser type and version, operating system, location, platform and other technology on the devices you use to access this site. (Please see our Cookie Notice for further information)

 Profile Data may include your username, purchases or orders, your interests, preferences, feedback and survey responses.

 Marketing and Communications Data may include your preferences in receiving marketing communications from us and our third parties and your communication preferences.

 Data Relating to Service Provision: As a client you may be asked to provide access (including login details) to various profiles, accounts and information in order for the work to be carried out. This is set out in the terms and conditions of service and service agreement.

2.2. We do not collect any Sensitive Data about you. Sensitive data refers to data that includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. We do not collect any information about criminal convictions and offences.

2.3. Confidential Information may not be shared (disclosed whether directly or indirectly or orally or by any other means and whether marked confidential or not) by you to us and us to you, throughout the duration of our communications. Confidential information disclosed either before, on or after the execution of our agreement, which at the time of disclosure is not already part of the public domain shall remain confidential unless overwritten by legal requirements or permission is granted to share said information.

2.4. Confidential information may include personal information as well as any business, concept, invention or idea or the execution thereof or to any related manner, including, but not limited to, the following classes of information:

a. Financial information, accounts, or records

b. Commercial and marketing information, plans or strategies, or market research data

c. Business development ideas, plans, designs or specifications

d. Electronic or technical information, data, designs, or specifications

e. Information concerning internal procedures and processes

f. Projections or forecasts

3. How We Collect Your Data

3.1. We may collect data in the following ways:

a. Data is given to us by you or through communications with you;

 when you contact us through the Website, by telephone, post, e-mail, social media platforms or through any other means;

 when you register with us and set up an account to receive our products/services;

 when you complete surveys that we use for research purposes (although you are not obliged to respond to them);

 when you enter a competition or promotion through a social media channel;

 when you make payments to us, through this Website or otherwise;

 when you elect to receive resources and /or marketing communications from us;

 when you use our services;

b. Data is collected automatically;

 we automatically collect some information about your visit to the Website. This information helps us to make improvements to Website content and navigation, and includes your IP address, the date, times and frequency with which you access the Website and the way you use and interact with its content.

 we will collect your Data automatically via cookies, in line with the cookie settings on your browser. For more information about cookies, and how we use them on the Website, please see our Cookie Notice for further information

c. Data is collected through third-party interactions;

 Google, based outside the EU – analytical, usage, technical (collected automatically) You can find Google’s privacy policy here

 PayPal, based outside the EU – identity, contact, transaction, financial (provided by you when you make a purchase / subscribe to a service) You can find PayPal’s privacy policy here

 Stripe, based in EU & US – identity, contact, transaction, financial (provided by you when you make a purchase / subscribe to a service) You can find Stripe’s privacy policy here

 GoCardless, based in the EU – identity, contact, transaction, financial (provided by you when you make a purchase / subscribe to a service) You can find GoCardless privacy policy here

 MailerLite, based in the EU and remote offices outside the EU – identity, contact, marketing, usage (provided by you then automatically through your continued engagement) You can find MailerLite’s GDPR policies here

4. Use of Your Data

4.1. The lawful bases for processing are set out in Article 6 of the GDPR. At least one of these must apply whenever we process personal data:

a. Consent: the individual has given clear consent for you to process their personal data for a specific purpose.

b. Contract: the processing is necessary for a contract you have with the individual, or because they have asked you to take specific steps before entering into a contract.

c. Legal obligation: the processing is necessary for you to comply with the law (not including contractual obligations).

d. Vital interests: the processing is necessary to protect someone’s life.

e. Public task: the processing is necessary for you to perform a task in the public interest or for your official functions, and the task or function has a clear basis in law.

f. Legitimate interests: the processing is necessary for your legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests. (This cannot apply if you are a public authority processing data to perform your official tasks.)

4.2. We will only use your personal data when legally permitted as set out below:

a. Improvement of our Products / Services – We may use your Data if we deem it necessary to do so for our legitimate interests (and your interests and fundamental rights do not override those interests). Ultimately this is to develop our products/services, to grow our business and provide you with the best possible service and experience when using our Website. If you are not satisfied with this, you have the right to object in certain circumstances (see the section headed “Your rights” below)

b. Internal & Legal Record Keeping – When you register with us and set up an account and enter in to an agreement to receive our services, the legal basis for this processing is the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract.

c. Marketing – For the delivery of direct marketing to you via e-mail, we’ll need your consent, whether via an opt-in or through your request to receive information / resources. We are required to obtain your explicit consent; that is, you need to take positive and affirmative action when consenting by, for example, filling in your contact details and checking a tick box that we’ll provide. You will always have the ability to unsubscribe at any time. Where you opt out of receiving our marketing communications, this will not apply to personal data provided to us as a result of a product/service purchase, product/service experience or other transactions.

d. Communication, Requests for Information – When you contact us, whether by telephone, through our website or by e-mail, we collect the data you have given to us in order to reply with the information you need.

e. Where we need to comply with a legal or regulatory obligation not covered by Internal & Legal Record Keeping processes.

4.3. Where we are required to collect personal data by law, or under the terms of the contract between us and you do not provide us with that data when requested, we may not be able to perform the contract (for example, to deliver goods or services to you). If you don’t provide us with the requested data, we may have to cancel a product or service you have ordered but if we do, we will notify you at the time.

4.4. We will only use your data for the purpose in which it was provided. If your data needs to be processed for any other purpose, we will notify you of the legal grounds for processing.

5. Who We Share Data With

5.1. We may share your Data with the following groups of people for the following reasons:

a. Third party service providers who provide services to us which require the processing of personal data – to enable us to enlist help in ensuring the services and website runs smoothly e.g IT and system administration services;

b. Third party payment providers who process payments made over the Website – to enable payments to be collected and processed; we use Bank Transfer, Stripe and GoCardless as our payment collection methods;

c. Relevant Authorities – to fulfil requirements set out in legislation e.g. HMRC;

in each case, in accordance with this privacy notice.

5.2. We will never share your personal data with any third party for their own marketing purposes.

6. Transfers Outside the European Economic Area

6.1. We will only transfer Data outside the EEA where it is compliant with data protection legislation and the means of transfer provides adequate safeguards in relation to your data, e.g. by way of data transfer agreement, incorporating the current standard contractual clauses adopted by the European Commission, or by signing up to the EU-US Privacy Shield Framework, in the event that the organisation in receipt of the Data is based in the United States of America.

6.2. As we use service providers (PayPal, Stripe) based outside the EEA, data which we collect from you may be transferred, stored and processed in countries outside of the European Economic Area (EEA).

 You can find PayPal’s privacy policy here

 You can find Stripe’s privacy policy here

7. Keeping Data Secure

7.1. We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.

a. We use technical and organisational measures to safeguard your Data, for example:

 All relevant appliances, systems and applications are password protected.

 We store any relevant website data on secure servers.

 We use *SSL technology on our website

 Payment details are encrypted using *SSL technology (typically you will see a lock icon or green address bar (or both) in your browser when we use this technology.

 All information stored on paper documents are secured under lock and key and securely disposed of at the end of the contractual agreement.

* SSL (Secure Sockets Layer) is the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private and integral.

b. We encourage you to practice safe and secure practices. If you want detailed information from Get Safe Online on how to protect your information and your computers and devices against fraud, identity theft, viruses and many other online problems, please visit www.getsafeonline.org. Get Safe Online is supported by HM Government and leading businesses.

c. Technical and organisational measures include measures to deal with any suspected data breach. If you suspect any misuse or loss or unauthorised access to your Data, please let us know immediately by contacting us via this e-mail address: kerry @ positivetwists.com

8. Data Retention

8.1. Unless a longer retention period is required or permitted by law (for the purposes of satisfying any legal, accounting, or reporting requirements), we will only hold your Data on our systems for the period necessary to fulfil the purposes outlined in this privacy notice or until you request that the Data be deleted.

a. A longer period of data retention may be required at your request should an agreement be entered in to for continual service provision. This may also include but is not limited to:

 Graphics, Branding Information

 Templates, Forms, Marketing Materials

 Login details

b. If a longer retention period has been requested but no further work agreement has been entered in to, all files will be removed after 13 months of no provision / engagement.

8.2. Where login details have been provided and /or created it is your responsibility to ensure that these are changed following the termination and /or completion of our contract. It remains your responsibility to ensure your own records, passwords, login information etc. are secure and kept up to date.

8.3. Even if we delete your Data, it may persist on backup or archival media for legal, tax or regulatory purposes.

9. Your rights

9.1. You have the following rights in relation to your Data:

a. Right to access – the right to request (i) copies of the information we hold about you at any time, or (ii) that we modify, update or delete such information. If we provide you with access to the information we hold about you, we will not charge you for this, unless your request is “manifestly unfounded or excessive.” Where we are legally permitted to do so, we may refuse your request. If we refuse your request, we will tell you the reasons why.

b. Right to correct – the right to have your Data rectified if it is inaccurate or incomplete.

c. Right to erase – the right to request that we delete or remove your Data from our systems.

d. Right to restrict our use of your Data – the right to “block” us from using your Data or limit the way in which we can use it.

e. Right to data portability – the right to request that we move, copy or transfer your Data.

f. Right to object – the right to object to our use of your Data including where we use it for our legitimate interests.

9.2. To ensure that we are protecting your information, as a security measure, we may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). We may also contact you to ask you for further information in relation to your request.

9.3. We will aim to respond to all legitimate requests within one month. This may occasionally take longer depending on the details and volume of the request. In this case, we will notify you and keep you updated.

9.4. To make enquiries, exercise any of your rights set out above, or withdraw your consent to the processing of your Data (where consent is our legal basis for processing your Data), please contact us via this e-mail address: kerry @ positivetwists.com

9.5. If you are not satisfied with the way a complaint you make in relation to your Data is handled by us, you may be able to refer your complaint to the relevant data protection authority. For the UK, this is the Information Commissioner’s Office (ICO). The ICO’s contact details can be found on their website at https://ico.org.uk/

9.6. It is important that the Data we hold about you is accurate and current. Please keep us informed if your Data changes during the period for which we hold it.