PRIVACY POLICY

The Company only holds personal data that is directly relevant to its dealings with a given data subject. That data will be collected, held, and processed in accordance with the data protection principles and with this Policy. The following data may be collected, held and processed by the Company:

1.1. Name, because we need to know who you are;

1.2. Telephone Numbers, incase we need to call you;

1.3. Your Home or Business address, in case we need to write to you;

1.4. Your email address, because we will from time to time send you information;

1.5. The method, but not the detail, of how you choose to make your payment to us.

We also collect information about how you use our services, such as:

1.6. The types of content you view or engage with and/or the frequency and/or duration of your activities.

1.7. In addition, our servers, logs, and other technologies automatically collect certain information (see below) to help us administer, protect, and improve our services; analyse usage; and improve users’ experience. We share personal information with others only as described in this policy, or when we believe that the law permits or requires it.

We may use cookies to collect information about your activity, browser and device. This data helps us to build a profile of our users. Some of this data will be aggregated or statistical, which means that we will not be able to identify you individually. If you prefer, you can remove or reject browser cookies through the settings on your browser or device. However, rejecting or removing cookies could affect the availability and functionality of our services. For further information on our use of cookies, please see our Cookie Policy

1.8 Device information: We may also collect information about your device each time you use this site. If you have an account with us, we may collect information from or about the computers, phones or other devices where you log into our services. We may associate the information we collect from your different devices, which helps us provide consistent services across your devices. Here are some examples of the device information that we collect:

1.8.1 Attributes such as the operating system and hardware version.

1.8.2 Browser type and IP address.

1.8.3 Log information: We also collect log information when you use our website. That information includes, among other things:

1.8.3.1. Details about how you’ve engaged with us.

1.8.3.2. Device information, such as web browser type and language.

1.8.3.3. Access times.

1.8.3.4. Pages viewed.

1.8.3.5. IP address.

1.8.3.6. Identifiers associated with cookies or other technologies that may uniquely identify your device or browser.

1.8.3.7. Pages you visit before or after navigating to our website.

2. We share your data with the following categories of companies as an essential part of being able to provide our services to you:

2.1 Companies and individuals that help us to provide our services to you, such as payment service providers, contractors, agents and consultants.

2.2 Professional service providers, such and website hosts who help us run our business.

2.3 Credit reference agencies, law enforcement and fraud prevention agencies, so we can help tackle fraud.

We will not share your personal information with any other third party.

3. We will hold on to your information for as long as you have your account, or as long as is needed to be able to provide the services to you, or (in the case of any contact you may have with our Customer Care team) for as long as is necessary to provide support-related reporting and trend analysis only.

3.1. If reasonably necessary or required to meet legal or regulatory requirements, resolve disputes, prevent fraud and abuse, or enforce our terms and conditions, we may also keep hold of some of your information as required, even after you have closed your account or it is no longer needed to provide the services to you.

The Company shall ensure that all of its employees, agents, contractors, or other parties working on behalf of the Company comply with the following when working with personal data:

4.1.All hardcopies of personal data, along with any electronic copies stored on physical, removable media should be stored securely in a locked box, drawer, cabinet or similar;

4.2. No personal data may be transferred to any employees, agents, contractors, or other parties, whether such parties are working on behalf of the Company or not, without the authorisation of Data Protection Officer;

4.3. Personal data must be handled with care at all times and should not be left unattended or on view to unauthorised employees, agents, sub-contractors or other parties at any time;

4.4. If personal data is being viewed on a computer screen and the computer in question is to be left unattended for any period of time, the user must lock the computer and screen before leaving it;

4.5.No personal data may be shared informally and if an employee, agent, sub- contractor, or other party working on behalf of the Company requires access to any personal data that they do not already have access to, such access should be formally requested from The Data Protection Officer.

4.6. We limit access to your personal information to those who have a genuine business need to know it.

4.7. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.

4.8. We also have procedures in place to deal with any suspected data security breach.

4.9. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

4.10.If you want detailed information from Get Safe Online on how to protect your information and your computers and devices against fraud, identity theft, viruses and many other online problems, please visit www.getsafeonline.org. Get Safe Online is supported by HM Government and leading businesses.

4.11.Where any agent, contractor or other party working on behalf of the Company handling personal data fails in their obligations under this Policy that party shall indemnify and hold harmless the Company against any costs, liability, damages, loss, claims or proceedings which may arise out of that failure. below:

5.1.Under the General Data Protection Regulation, you have several important rights available to you for free. In summary, those include rights:

5.1.1. To be informed about how your personal information is being used (hopefully this privacy policy explains it all).

5.1.2. Access the personal information we hold about you. (see section 6)

5.1.3. Request us to correct any mistakes in your information which we hold.

5.1.4. Request the erasure of personal information concerning you in certain situations.

5.1.5. Receive the personal information concerning you which you have provided to us, in a structured format. (see section 6)

5.1.6. Stop any direct marketing.

5.1.7. Object to processing of your personal data.

5.2.For further information on each of these rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals rights under the General Data Protection Regulation.

5.3.If you would like to exercise any of these rights, please see section 6 below:

5.4.We try to respond to all legitimate requests within 40 calendar days.

A data subject may make a subject access request (“SAR”) at any time to find out more about the information which the Company holds about them.

6.1. SARs should be made in writing, addressed to John Allen Bluewire Hub Ltd Data Protection Officer at the company address: Bluewire Hub Ltd, Suite 112, 548 – 550 Elder House, Elder Gate, Milton Keynes. MK9 1LR

6.2. A SAR may be made using the Company’s Subject Access Request Form, but does not have to be, and if it is not, it should be clearly identifiable as a SAR.

6.3. SARs must make it clear whether it is the data subject themselves that is making the request or whether it is a person acting on his or her behalf.

6.4. In either case let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill); and

6.5. If the SAR is made on another’s behalf, the individual making the request must provide clear evidence of their authorised capacity to act on behalf of the data subject.

6.6. Let us know the information to which your request relates.

6.7. The Company currently requires a fee of £10 (the legal maximum) for each SAR, by cheque made out to Bluewire Hub Ltd. An additional fee of £2 shall be required for access to a credit file (if applicable).

6.8. Upon receipt of a SAR the Company shall have a maximum period of 40 calendar days within which to respond fully, but shall always aim to acknowledge receipt of SARs within 5 working days. Occasionally it may take us longer than 40 calendar days if your request is particularly complex or you have made many requests. In this case, we will notify you and keep you updated.

6.9. The following information will be provided to the data subject:

6.9.1. Whether or not the Company holds any personal data on the data subject;

6.9.2. A description of any personal data held on the data subject;

6.9.3. Details of what that personal data is used for;

6.9.4. Details of how to access that personal data and how to keep it up to date;

6.9.5. Details of any third-party organisations that personal data is passed to; and

6.9.6. Details of any technical terminology or codes.

7.1. As a data controller, the Company is required to notify the Information Commissioner’s Office that it is processing personal data.

7.2. The Company is registered in the register of data controllers, registration number: ZA203599.

7.3. Data controllers must renew their notification with the Information Commissioner’s Office on an annual basis.

7.4. Failure to notify constitutes a criminal offence.

7.5. Any changes to the register must be notified to the Information Commissioner’s Office within 28 days of taking place.

7.6. The Data Protection Officer shall be responsible for notifying and updating the Information Commissioner’s Office.

8.1. Any complaints should be made in writing, addressed to John Allen Bluewire Hub Ltd Data Protection Officer at the company address: Bluewire Hub Ltd, Suite 112, 548 – 550 Elder House, Elder Gate, Milton Keynes. MK9 1LR

8.2.We hope that we can resolve any query or concern you raise about our use of your information. If you are not happy with how Bluewire Hub Ltd manages your personal data, you have the right to lodge a complaint with a supervisory authority. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns/

9.1.This Policy shall be deemed effective as of 24/05/2018. No part of this Policy shall have retroactive effect and shall thus apply only to matters occurring on or after this date.

9.2.This Policy has been approved & authorised by:

Name: John Allen

Position: Director

Signature:

Changes to this privacy notice

This privacy notice was published on 24/05/2018 and last updated on 24/05/2018. Any changes we make to this notice will be posted on this page.