Draw Group Ltd, a company incorporated in England and Wales whose registered office is at 20-22 Wenlock Road, London, N1 7GU (registered number 12518947 (“we/us/our”). We hold personal data about individuals, our employees, clients and suppliers for a variety of business purposes. We are the data controller who determines the purpose and manner in which your personal data is used.
- Sets out the ways you interact with us, the types of personal data that we collect and how we collect it
- Explains why we use the personal data we collect
- Explains in what circumstances we will share your personal information within our organisation and with other organisations where relevant; and
- Explains the rights and choices you have when it comes to your personal data.
This Policy is effective from 16th March 2020 and all personal data passed to us will be treated in accordance with this Policy. The Policy which is applicable at any point in time will be displayed on our website and mobile app.
WHAT PERSONAL DATA DO WE COLLECT?
We collect your personal identification information such as
- email address
- phone number
- your interests and demographics
The type of personal data we may gather differs where you are an employee or prospective employee. The personal data we collect in these cases might include:
- contact details
- educational background,
- financial and pay details
- details of certificates and diplomas, education and skills, and CV
- marital status
- job title
This is personal data about an individual’s racial or ethnic origin, political opinions, religious or similar beliefs, trade union membership (or non-membership), physical or mental health or condition, criminal offences, or related proceedings. We do not collect this kind of information.
HOW DO WE COLLECT YOUR DATA?
You directly provide us with most of the personal data we collect either through this website, our mobile apps. We collect and process personal data when you
- Visit and view our website or mobile apps via your browser’s cookies
- Register online
- Make a purchase or order products/services on our website or mobile app
- Speak to us by telephone
- Correspond with us by email
- Communicate with us via social media
HOW WE USE YOUR DATA
We use the information we collect to provide services to you and to understand your needs. We collect your personal data for our business or operational purposes so that we can
- Process your orders
- Manage your account
- Communicate with you, telephonically, by email or via social media
- Administer payments you have made
- Administer promotions that you have entered
- Communicate with entrants or winners as the case may be
- Fulfil any prizes that may be won
- Email you with special offers on other products and services we think you may like
- Improve our services through knowledge of what is used by you and how you use it
Additionally, we may also use your information and share it if required, when
- Investigating complaints
- Complying with our legal, regulatory and corporate governance obligations
- Ensuring business policies are adhered to, such as policies covering email and internet use
- Checking references, ensuring safe working practices, monitoring and managing staff access to systems and facilities and staff absences, administration and assessments
- Monitoring staff conduct and dealing with disciplinary matters
- Marketing our business
WILL YOUR DATA BE SHARED?
If you agree, we will share your personal data with our partner companies. We do not sell your personal data to third parties. The organisation that will receive your data is PromoVeritas.
Information may also be shared with third parties or those in our supply chain so that we can honour our obligations to you or for delivery or shipping purposes.
HOW DO WE STORE YOUR PERSONAL DATA?
- encryption of independent 3rd party servers including mail servers
- regular third-party server backups and database backups
- third party audits
- access controls and
- security testing.
Whilst we take appropriate technical and organisational measures to safeguard your personal data, it is important that you keep your personal login details and devices protected from unauthorised access and you take care when providing it to third-parties such as payment providers.
HOW LONG WE STORE YOUR DATA FOR
We will retain your data for no longer than is necessary and in any event no longer than 5 years from the date of last use. What is necessary will depend on the circumstances of each case, considering the reasons that your personal data was obtained and if we are still providing goods or services to you. We will also need to take into consideration any regulations that we must fulfil, for example for auditing purposes or for legitimate business purposes. In these limited circumstances we may retain your information after your relationship with us has ended.
APPLICATION OF POLICY
This Policy applies to all our staff when they process your personal data and we will ensure that they are familiar with this Policy and comply with its terms.
We would like to send you information, from time to time about our promotions, products or services but we will only do so when we have your consent which you can revoke at any time.
We will abide by any request not to use your personal data for direct marketing purposes and if you have consented, you may always easily opt out at a later date.
We will not send direct marketing material to you electronically (e.g. via email) unless you have given us consent to receiving our marketing material and you have the right at any time to stop us from contacting you for marketing purposes or sharing your personal data.
WHAT ARE YOUR DATA RIGHTS?
We would like to make sure you are aware of all your data protection rights. Every user is entitled to the following
The right to access – You have the right to ask us for copies of your personal data
The right to rectification – You have the right to request that we correct any information you believe is inaccurate. You also have the right to ask us to complete information you believe is incomplete
The right to erasure – You have the right to request that we erase your personal data under certain conditions
The right to restrict processing – You have the right to request that we restrict the processing of personal data under certain conditions
The right to object to processing – You have the right to object to us processing of personal data under certain conditions
The right to data portability – You have the right to request that we transfer the data we have collected to other organisations, or directly to you, under certain conditions
If you make a request, we will have one month to respond to you. If you would like to exercise any of these rights, please contact us at our email address or call us on the details below.
Transferring Data Internationally
We will not transfer your data internationally. If this was to occur, we would uphold our commitments set out under current Data Protection Legislation during the transfer period when the UK leaves the EU until an Adequacy Decision has been reached. We would not transfer any personal data outside of the European Economic Area (EEA) unless such transfer is to a country or jurisdiction where the EU Commission has approved as having an adequate level of protection (including to the USA under a Privacy Shield agreement) or appropriate safeguards are in place as set out in Article 46 GDPR or equivalent provisions of subsequent Data Protection Legislation or the transfer is otherwise allowed by applicable Data Protection Legislation (such as in the form of a derogation under Article 49 GDPR).
WHAT ARE COOKIES?
Cookies are small text files containing a unique identifier, which are stored on your computer or mobile device so that your device can be recognised when you are using a particular website or mobile app. They can be used only for the duration of your visit or they can be used to measure how you interact with services and content over time. Cookies help to provide important features and functionality on our websites and mobile apps, and to improve your customer experience. Cookies can also be used help us to detect fraudulent activity or to prevent security breaches and so we may record information about your device within the cookie.
WHAT TYPE OF COOKIES DO WE USE?
OUR COOKIES POLICY
THIRD-PARTY PRIVACY POLICIES AND OTHER WEBSITES
We may supplement or amend this Policy from time to time. Any new or modified Policy will be circulated to staff before being adopted or appearing on our website.
HOW TO CONTACT US
Please contact us in relation to Data Security at:
Post: 20-22 Wenlock Road, London, N1 7GU
Telephone: 0330 133 2302
HOW TO CONTACT THE APPROPRIATE AUTHORITY
We’d like the chance to resolve any complaints you have; however you also have the right to complain to the UK data protection regulator (the “ICO”) about how we have used your personal data. Their website is https://ico.org.uk/your-data-matters/raising-concerns/.