www.fanfinders.com is wholly owned and operated by FanFinders Ltd (UK company number 08344378), with a registered office address at 55 The Grove, Baildon, Shipley, West Yorkshire, BD17 5ND and for the entirety of this document will be referred to as We, Us, Our.
We respect and value the privacy of everyone who visits this Website and will only collect and use personal data in ways that are described here, and in a way that is consistent with our obligations and Your rights under the law.
- What information do We collect about You?
We may collect and process some or all of the following personal information about You:
- Identity and contact information, which may include but is not limited to: Your name (first and last name); Your company/brand; Your email address; Your telephone number; Your country, region, city and office location; and Your job title. This information may be collected when you fill out our contact form on our website or when we communicate with you by telephone.
- Payment, financial and transaction data, including bank account, payment card details, billing address and details about payments made from you to us. This information will be collected if you join up to our service and enter into a contractual relationship with us.
- Profile information, including Your preferences, feedback or survey responses and details of offers, competitions, products and services you run and make available from time to time.
- Website usage and technical information, including Your IP address, browser type and version, operating system and details of Your visits to our Website and the resources that you access. We collect this personal data by using cookies and other similar technologies. This information may be collected by a third-party website analytics service provider on our behalf and/or may be collected using cookies or similar technologies (as further described below). We may also receive technical data about you if you visit other websites employing our cookies and from analytics providers such as Google based outside the EU.
- Usage data, including information about how you use our website, products and services.
- Marketing and communications data, including your preferences in receiving marketing from us and our third parties and your communication preferences..
Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you. In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.
We do not collect any special categories of personal data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
We may monitor and/or record electronic and correspondence You have with Us, whether by writing, by phone, by email or by various other forms
Please note that if You choose not to provide Us with certain information, we may not be able to provide You with Your requested product/service.
Under GDPR we will ensure that Your personal data is processed lawfully, fairly, and transparently, without adversely affecting Your rights. We will only process your personal data if at least one of the following bases applies:
- a) You have given consent to the processing of your personal data for one or more specific purposes;
- b) processing is necessary for the performance of a contract to which you are a party or in order to take steps at the request of you prior to entering into a contract;
- c) processing is necessary for compliance with a legal obligation to which we are subject;
- f) processing is necessary to protect the vital interests of you or of another natural person;
- g) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; and/or
- h) processing is necessary for the purposes of the legitimate interests pursued by us or by a third party such as our financial payments, except where such interests are overridden by the fundamental rights and freedoms of the data subject.
- How will We Use Your Information?
Under the General Data Protection Regulation (EU Regulation 2016/679) (the “GDPR”) and the Data Protection Act 2018 (collectively, “the Data Protection Legislation”), We must always have a lawful basis for using personal data. Set out below are the ways in which We may use Your personal data, and our lawful bases for doing so:
- Providing and managing Your access to our website (on the basis of performance of a contract with you and our legitimate interest in providing our users with our services);
- To respond to any enquiry or complaint from You (on the basis of your consent, on the basis of our legitimate interest to respond to customer enquiries and to comply with our legal obligations);
- To investigate suspected unlawful, fraudulent or other improper or illegal activity connected with use of the Website and to report a crime or suspected crime, including money laundering or fraud (on the basis of our legitimate interest to defect and prevent fraud and to operate a lawful business, or where we have a legal obligation to do so);
- To comply with Our legal and regulatory duties, obligations and responsibilities (on the basis of operating a lawful business, or otherwise to comply with our legal obligations);
- To supply our services to you and personalise and tailor your experience with us (on the basis of performance of a contract with you, your consent and our legitimate interests to develop our products/services and grow our and your businesses);
- To keep you informed of news, future events, offers and promotions, new services and features from Us and our affiliate partners that we believe may interest you , provided that we have the requisite permission to do so as further described in section 6 (Marketing) below (either on the basis of consent where we have requested it, or our legitimate interests to provide you with marketing communications where we may lawfully do so);
- To use data analytics to optimise the use of our website, to improve our website, products and services and customer relationships (on the basis of our legitimate interests in personalising, enhancing, modifying or otherwise improving the services and/or communications that we provide to you); and
- Any other purpose which is necessary for the performance of our contractual obligations to You
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
- How long will you keep my Information?
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
We generally keep personal data for a period of four years from the date of last use of our website and services. To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
- Will we share Your Information with third parties?
We may share your data with our customers who have expressly consented that you may contact them to enable them to partake in any prize draw, competition, offer or survey you run from time to time share so that you may provide these products and services and other marketing communications to them where they have given their opt-in consent (and ensuring they can opt-out at any time).
We may also share Your Information with third parties, namely with Cooper, Google and Xero to verify the accuracy of the information you provide to Us and to comply with Our legal and regulatory duties, obligations and responsibilities. This may include sharing Your Information with these third party companies and organisations for the purposes of fraud protection, credit risk reduction and verifying the information you provide to Us.
We may disclose any of Your Information if we are legally required or permitted to do so without prior notice to You if we are involved in legal proceedings or complying with legal obligations, a court order, or the instructions of a government authority, or in relation to suspected unlawful, fraudulent or other improper activity connected with use of the Website and to report a crime or suspected crime, including money laundering or fraud.
We may sometimes contract with third parties to supply products and services to you on our behalf. These may include Cooper, Google and Xero. In some cases, the third parties may require access to some or all of your data. We require all third parties to respect the security of your personal data and to treat it in accordance with the law and we only permit them to process your personal data for specified purposes and in accordance with our instructions.
With your permission and/or where permitted by law, We may also use your data for marketing purposes which may include contacting you by email with information, news and offers on Our products and services. We will not, however, send you any unsolicited marketing or spam and will take all reasonable steps to ensure that We fully protect your rights and comply with Our obligations under the Data Protection Legislation. We will get your express opt-in consent before we share your personal data with any third parties for marketing purposes. You have the right to ask us or third parties to stop receiving our marketing communications at any time by following the opt-out links on any marketing message sent to you. Please note that We do not control the activities of such third parties, nor the data they collect and use and advise you to check the privacy policies of any such third parties.
- Your rights
You have the following rights under the Data Protection Legislation:
- The right to be informed about our collection and use of your personal data.
- The right to access the personal data we hold about you.
- The right to have your personal data rectified if any of your personal data held by us is inaccurate or incomplete.
- The right to be forgotten, i.e. the right to ask us to delete or otherwise dispose of any of your personal data that we hold.
- The right to restrict (i.e. prevent) the processing of your personal data.
- The right to object to us using your personal data for a particular purpose or purposes.
- The right to withdraw consent at any time (if that is what we are relying on as the legal basis for using your personal data).
- The right to data portability. This means that, if you have provided personal data to us directly, we are using it with your consent or for the performance of a contract, and that data is processed using automated means, you can ask us for a copy of that personal data to re-use with another service or business in many case.
- Rights relating to automated decision-making and profiling. We do not use your personal data in this way.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response. We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
To find out more about Our use of Your personal data or exercising Your rights above, please contact Us using the details provided in section 14.
Fanfinders ltd is notified with the ICO under notification number ZA037607.
FanFinders may obtain information about Your general internet usage by using a cookie file. Cookies are small pieces of information stored by Your browser on Your computer’s hard drive.
Cookies enable us to determine the most popular areas of the Website and monitor general Website usage which in turn allows us to improve our site and deliver a better and more personalised service which allows us to estimate Our audience size, usage pattern, store information about Your preferences, and so allow Us to customise Our site according to Your individual interests.
‘Session cookies’ allow us to track your actions during a single browsing session, but they do not remain on your device afterwards. ‘Persistent cookies’ remain on your device between sessions. We use them to authenticate you and to remember your preferences. We can also use them to balance the load on our servers and improve your experience on our website. Except for essential cookies, all cookies will expire after 4 years.
Our website may place and access certain first party cookies on your computer or device. First party cookies are those placed directly by us and are used only by us. By using our website you may also receive certain third party cookies on your computer or device. Third party cookies are those placed by websites, services, and/or parties other than us (including by Live Ramp, as explained further below). Third party cookies are used on our website for tracking, advertising and web services. These cookies are not integral to the functioning of our website and your use and experience of our site will not be impaired by refusing consent to them.
For more information on cookies and how to disable them, You can consult the information provided by the Interactive Advertising Bureau at www.allaboutcookies.org.
Our website uses analytics services provided by Google Analytics. Website analytics refers to a set of tools used to collect and analyse anonymous usage information, enabling us to better understand how our website is used. This, in turn, enables us to improve our website and the products and services offered through it. You do not have to allow us to use these cookies, however whilst our use of them does not pose any risk to your privacy or your safe use of our website, it does enable us to continually improve it, making it a better and more useful experience for you.
The purpose of LiveRamp’s service is to help brands use their data to improve customer interactions on any channel and device. LiveRamp may place a cookie and use a de-identified, non-human readable version of your email address for matching to other data about you to improve the relevance of online advertising and personalisation. They may also collect information such as your IP address, browser or operating system type. To learn more or opt out of LiveRamp click here.
- Storing Your Information
We will only store your personal data within the European Economic Area (the “EEA”). This means that your personal data will be fully protected under the Data Protection Legislation and/or to equivalent standards by law.
We do not transfer your personal data outside the European Economic Area (EEA) unless you instruct us to transfer your personal data to third parties located outside the EEA; such transfer is necessary to provide the services you have requested from us; or it is otherwise required or permitted by law.
Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following transfer solutions is implemented:
- Your personal data is transferred to a country that has been deemed to provide an adequate level of protection for personal data by the European Commission. For further details, see European Commission: Adequacy of the protection of personal data in non-EU countries;
Your personal data is transferred to recipients on the basis of specific contracts approved by the European Commission which give personal data the same protection it has in Europe. For further details, European Commission: Model contracts for the transfer of personal data to third countries; and
Your personal data is transferred to recipients based in the US that are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US. For further details, see European Commission: EU-US Privacy Shield.
Please contact us using the contact details in section 14 if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.
- Protecting Your Information
The security of personal data is important to Us. We maintain appropriate administrative, technical and physical safeguards and security measures to protect personal data against accidental or unlawful destruction, accidental loss, alternation, unauthorised disclosure or access, use and all other unlawful forms of processing of the personal data in our possession. Unfortunately, the transmission of information via the internet is not completely secure. Although We will do Our best to protect Your personal data, We cannot guarantee the security of Your data transmitted to Our site; any transmission is at Your own risk. Once We have received Your information, We will use strict procedures and security features to try to prevent unauthorised access. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
- Links to third party websites
- Access and Complaints
We hope that You will be happy with the way we handle Your information but if You would like to make a complaint, please contact Us at the following email address: firstname.lastname@example.org. You have the right to complain to the Information Commissioner’s Office if you have any cause for complaint about our use of your personal data but we would welcome the opportunity to resolve your concerns first. For more information visit www.ico.gov.uk.
- Contact Details
This policy was last updated on 28 September 2018
Whilst GDPR applies to personal data and sensitive personal data but not to business data (i.e. business names and contact details such as info@ email), certain information you capture from FanFinders partners will be classed as “personal data” e.g. names and identity numbers, location and online identifiers (e.g. emails containing an individual’s name or usernames) and must therefore be processed in compliance with the GDPR. ‘Legitimate interest’ essentially allows you to process personal data on the grounds that your organisation is working towards the legitimate interest of the individual (including their commercial interests). So providing the data processing doesn’t infringe on their rights and freedoms and you can prove the individual in question could be likely to have a legitimate interest in what you’re marketing, you can potentially collect and process their data without their express consent.