1. Introduction
1.1 We are committed to safeguarding the privacy of our website visitors and service users.
1.2 This policy applies where we are acting as a data controller with respect to the personal data of our website visitors.
1.3 In this policy, "we", "us", and "our" refer to Hitmarker LTD. For more information about us, see Section 12.
2. How we use your personal data
2.1 In this Section we have set out:
(a) the general categories of personal data that we may process;
(b) the source of any personal data that we did not obtain directly from you;
(c) the purposes for which we may process personal data, and
(d) the legal bases of the processing.
2.2 We may process data about your use of our website and services ("usage data"). The usage data may include your IP address, geographical location, and how you navigate our website. The source of the usage data is our analytics tracking system. The legal basis for this processing is our legitimate interests, namely monitoring and improving our website and services.
2.3 We may process your account data ("account data"). The account data may include your name and email address. The source of the account data is you. The account data may be processed for the purposes of operating our website, maintaining backups of our databases, and communicating with you. The legal basis for this processing is our legitimate interests, namely the administration of our website and business.
2.4 We may process your information included in your personal profile on our website ("profile data"). The profile data may include your name, email address, and employment details. The profile data may be processed for the purposes of enabling and monitoring your use of our website and services. The legal basis for this processing is our legitimate interests, namely the administration of our website and business.
2.5 We may process your personal data that is provided during the use of our services ("service data"). The service data may include any information, including personal data, which is transmitted via our services. The source of the service data is you. The service data may be processed for the purposes of operating our website, maintaining backups of our databases and communicating with you. The legal basis for this processing is our legitimate interests, namely the administration of our website and business.
2.6 We may process information that you submit for publication on our website ("publication data"). The publication data may be processed for the purposes of administering our website and services. The legal basis for this processing is our legitimate interests, namely the administration of our website and business.
2.7 We may process information contained in any enquiry you submit to us regarding services ("enquiry data"). The enquiry data may be processed for the purposes of marketing relevant services to you. The legal basis for this processing is consent.
2.8 We may process information relating to transactions that you enter into with us through our website ("transaction data"). The transaction data may include your contact details, your payment details, and the transaction details. The transaction data may be processed for the purpose of supplying the purchased services and keeping records of those transactions. The legal basis for this processing is the performance of a contract between you and us and our legitimate interests, namely our interest in the administration of our website and business.
2.9 We may process information that you provide to us for the purpose of subscribing to our email notifications or newsletters ("notification data"). The notification data may be processed for the purposes of sending you the relevant notifications and/or newsletters. The legal basis for this processing is consent.
2.10 We may process information contained in or relating to any communication that you send to us ("correspondence data"). The correspondence data may include the communication content and metadata associated with the communication. Our website will generate the metadata from communications made using the website contact forms. The correspondence data may be processed for the purposes of communicating with you and record-keeping. The legal basis for this processing is our legitimate interests, namely the administration of our website and business and communications with users.
2.11 We may process any of your personal data identified in this policy where necessary in legal claims, whether in court proceedings or in an administrative or out-of-court procedure. The legal basis for this processing is our legitimate interests, namely the protection of our legal rights, your legal rights, and the legal rights of others.
2.12 We may process any of your personal data identified in this policy where necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, or obtaining professional advice. The legal basis for this processing is our legitimate interests, namely the proper protection of our business against risk.
2.13 In addition to the specific purposes for which we may process your personal data set out in this Section 2, we may also process any of your personal data where such processing is necessary in order to protect your vital interests or the vital interests of another natural person.
2.14 Please do not supply any other person's personal data to us, unless we prompt you to do so.
3. Providing your personal data to others
3.1 We may disclose your personal data to any member of our group of companies (this means our subsidiaries, our ultimate holding company and all its subsidiaries) only as reasonably necessary for the purposes, and on the legal basis, set out in this policy.
3.2 We may disclose your personal data to our insurers and/or professional advisers only as reasonably necessary for the purposes of managing risks, obtaining professional advice, or in relation to legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
3.3 We may disclose profile data, publication data and service data to our partners, suppliers, or subcontractors only as reasonably necessary for our legitimate interests, namely the administration of our website and business.
3.4 Financial transactions relating to our website and services may be handled by our payment services provider, Stripe. We will share transaction data with our payment services providers only to the extent necessary to process your payments, refund such payments, and deal with complaints and queries relating to such payments and refunds. You can find information about Stripe's privacy policy at https://stripe.com/gb/privacy.
In addition to the specific disclosures of personal data set out in this Section 3, we may disclose your personal data where it is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another person. We may also disclose your personal data where such disclosure is necessary in relation to legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
4. International transfers of your personal data
4.1 Your personal data may be transferred to countries outside the European Economic Area (EEA).
4.2 You acknowledge that personal data that you submit for publication through our website or services may be available, via the internet, around the world. We cannot prevent the use (or misuse) of such personal data by others.
5. Retaining and deleting personal data
5.1 This Section 5 sets out our data retention policies, which are designed to help ensure that we comply with our legal obligations in relation to the retention and deletion of personal data.
5.2 Personal data that we process for any purpose shall not be kept for longer than is necessary.
5.3 We will retain your personal data as follows:
(a) All personal data will be retained for a minimum period of six months following the date of your last visit to the website, and for a maximum period of one year following the date of your last visit to the website.
5.4 In some cases it is not possible for us to specify the periods for which your personal data will be retained. In such cases, we will determine the period of retention based on the following criteria:
(a) the period of retention of all personal data will be determined based on our legitimate business needs.
5.5 Notwithstanding the other provisions of this Section 5, we may retain your personal data where it is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another person.
6. Security of personal data
6.1 We will take appropriate technical and organisational precautions to secure your personal data.
6.2 We will store all your personal data on secure servers and in secure manual record-keeping systems.
6.3 Your password(s) and payment data will be stored in encrypted form.
6.4 Your financial transaction data will be protected using encryption technology as it’s being transmitted.
6.5 You acknowledge that no transmissions sent over the internet, or method of electronic storage, are 100% secure, however. Therefore, we cannot guarantee its absolute security.
6.6 You are responsible for keeping the password you use for accessing our website confidential and we will not ask you for your password (except when you log in to our website).
7. Amendments
7.1 We may update this policy from time to time by publishing a new version on our website.
7.2 It is your responsibility to check this page regularly to ensure you are happy with any changes to this policy.
8. Your rights
You have rights under data protection laws in relation to your personal data (though these may be limited under certain circumstances). For instance, you may have the right to:
Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us to continue to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
9. Third party websites
9.1 Our website includes hyperlinks to, and details of, third party websites.
9.2 We have no control over, and are not responsible for, the privacy policies and practices of third parties.
10. Personal data of children
10.1 Our website and services are targeted at persons over the age of 16.
10.2 If we have reason to believe that we hold personal data of a person under that age in our databases, we will delete that personal data.
11. Updating information
11.1 Please let us know if the personal information that we hold about you needs to be corrected or updated.
12. Our details
12.1 This website is owned and operated by Hitmarker LTD.
12.2 We are registered in England and Wales under company number 11196693, and our registered office is at i6 Charlotte Square, Newcastle upon Tyne, NE1 4XF, United Kingdom.
12.3 You can contact us:
(a) by post, to the address given above;
(b) using our website's contact form, and/or
(c) by email, to [email protected].
13. Data protection registration
13.1 We are registered as a data controller with the UK Information Commissioner's Office.
13.2 Our data protection registration number is ZA324237.
14. Representative within the European Union
14.1 Our representative within the European Union with respect to our obligations under data protection law is Richard Huggan and you can contact him by email, to [email protected].
15. Data protection officer
15.1 Our data protection officer's name is Richard Huggan, and he can be contacted by email, to [email protected].
