companiions Privacy Notice
You are seeing this because you are either an Organiser, a Companion, or someone who otherwise uses our website, downloaded our companiions App, or contacted us by any means. We want to tell you about the type of data we use, the reasons why, and how we comply with the law and your rights. We want to get this right for you, so please read our privacy notice and do not hesitate to contact us at firstname.lastname@example.org if you have any questions.
- The main reasons for which we use your personal data is for you to register with companiions and use this platform, to analyse behaviours to improve our App or websites, and to send you information about services we think you will like.
- In order for you to register you will provide some information to complete your profile as an Organiser or a Companion. When you register as a Companion we will carry out proof of identity checks for security reasons (see more details here).
- All the information you include in your profile will be seen by the other users.
|Table of contents|
|WHAT INFORMATION DO WE COLLECT?|
|WHY AND HOW DO WE PROCESS YOUR PERSONAL DATA?|
|WHO WILL HAVE ACCESS TO YOUR PERSONAL DATA?|
|WHERE IS YOUR PERSONAL DATA?|
|WHEN WILL WE DELETE YOUR PERSONAL DATA?|
We are companiions Ltd ("companiions"). We are responsible for your personal data (what the law calls a "data controller") and we want to do the right thing because we respect your privacy.
We will use your data in compliance with the Data Protection Laws and will always take steps to be transparent and keep you informed of any changes.
Please read this Privacy Notice carefully as it contains important information, including:
- Your rights
- Why and how we use your personal data; and
- Who whom your information is shared.
If you have any questions, our contact details are:
Address: companiions ltd, Ketton Suite, The King Centre, Main Road, Barleythorpe, Rutland, LE15 7WD
If you need extra help
If you would like this notice in another format (for example: audio, large print, braille) please contact us.
What information do we collect?
Personal data provided by you
If you are one of our Companions:
We will collect:
- Your name,
- Phone number,
- Email address,
- Date of birth,
- ID details,
- Proof of ID: a copy of your passport or driving license, and a utility bill or bank statement as proof of address
- Any other data that you include in the introduction to your profile including your profile picture
- Emergency contact details
- Financial information such as sort code and account number
- Information that you provide about what you offer as a Companion
- Information that you provide so Organisers know that they can trust you and the services or activities that you offer, including copy of any DBS checks you may voluntarily upload onto the Platform in order to share it with Organisers, and
If you are one of our Organisers:
We will collect:
- Your name,
- Phone number,
- Email address,
- Date of birth,
- Debit or credit card,
- Loved one’s name, date of birth, address, home entry details and conditions.
- Any other data that you include in the introduction to your profile including your profile picture,
- Emergency contact details, and
If your are visiting our website or if you contact us by any means:
If you contact us by any means in order to deal with your query we will collect your name, contact details and any information that you may provide that is relevant to deal with your query.
Personal data about other individuals
If you give us information on behalf of someone else, you confirm that the other person has appointed you to act on his/her behalf. We may ask you to confirm it otherwise if necessary before we take that information.
Why and how do we process personal data?
In this table, you can see the reasons why we use your data, and how this is legal.
When our legal basis is “legitimate interest”, we have ensured that our legitimate interest is not overridden by your rights and freedoms. You have the right to object to the processing of your data of any of the legitimate interests identified.
If you have consented to receive marketing from us, you can opt out at any time. See 'Your Rights’ for further information.
|Purpose||More information||Legal basis|
|To confirm your ID||As part of your registration process, our systems will carry out checks using 3rd company Jumio, to confirm your identity when you are a Companion. The systems will tell us whether the ID is correct. If the ID is not correct you will see a cross next to the ID verification stage in your account area.||We have a legitimate interest in providing a secure marketplace and a safe environment.|
|To provide you with the services you have requested if you are an Organiser or a Companion||Contract|
|To keep records of any sensitive information (for example about your health) provided by you that you would like to keep in your profile/communications with your Companions.||We will keep this data for your records until you decide to delete it. If you include information in your profile this will be available to all users (Companions and Organisers), so you are making this information publicly available. If we otherwise need to use sensitive data about you we will ask for your consent first unless we have a legal reason to use this data.||Information manifestly made available. Consent|
|To respond to your enquiries||We have a legitimate interest in providing a quality service and responding to your enquiries|
|To send marketing communications||We will use your contact details to send you information by email or SMS about similar services that we think are of your interest. Also, to check whether you need anything from us. We will also send you information via email or SMS to ask about your marketing preferences. We will send you reminders and notifications to ask you if you need anything from us. If appropriate, we will ask for your consent first to send you other offers and information that might be tailored to your interests.||We have a legitimate interest in carrying out marketing actions. When required by law, we will however seek your consent.|
|For compliance and fraud prevention||We will use your personal data to carry out customer due diligence measures (“Know Your Client, or “KYC” checks) as required by law.||To comply with the law|
|Monitoring and recording communications||We monitor and record communications with you for the purpose of quality assurance, training, fraud prevention and compliance.|
Who will access to your personal data?
We will disclose your personal data to:
|Who information is shared with||What personal data can they see|
|Our IT related service providers who host and maintain our systems and operate our App.||Any information that you provide when using the App.|
|The services provider Jumio to carry out checks to confirm your identity when you are a Companion.||The proof of ID information and copies of the documents that you have provided.|
|Third parties that provide us with services concerning the cookies we use.||See our cookies policy for more information.|
If you want to know the names of our service providers, please contact us using the details at the start of this Privacy Notice.
Where is your personal data?
Transfers of your information to international organisations or out of the UK/ EEA
We may need to transfer your personal data to international organisations or countries that are located outside the UK or the European Economic Area. This will usually happen when we contract services with international providers. We have taken steps to ensure that when your data is transferred elsewhere your data will be kept secure and in compliance with this policy and the data protection laws. For example, we will put in place clauses that are specifically approved to allow these transfers. Also, where we relied on companies that were Privacy Shield certified, as this is now an invalid mechanism as a result of the Court of Justice for the European Union ruling on the 16th July 2020, we are only transferring data to companies who set out appropriate Standard Contractual Clauses (SCCs) to adequately safeguard your data. If you want to know more details please contact us at email@example.com
How we keep your data secure
We strive to implement appropriate technical and organisational measures in order to protect your personal data against accidental or unlawful destruction, accidental loss or alteration, unauthorised disclosure or access and any other unlawful forms of processing. We aim to ensure that the level of security and the measures adopted to protect your personal data are appropriate for the risks presented by the nature and use of your personal data. For example, we request that our services providers, where relevant, are granted with certifications such as ISO 27001. We also follow recognised industry practices for protecting our IT environment and physical facilities.
If you have any particular concerns about your information, please contact us.
When will we delete your personal data?
We will retain your data until the appropriate period detailed below expires.
|Data we process||How long this will be held for|
|Profile information||As long as your account is active, and then we will keep it for as long as we need it to comply with legal requirements or in relation to claims.|
|Visit history, payment information||As long as your account is active, and then we will keep it for as long as we need it to comply with legal requirements or in relation to claims.|
|Contact details and that of loved ones||As long as your account is active, and then we will keep it for as long as we need it to comply with legal requirements or in relation to claims.|
You have the following rights:
- The right of access to personal data relating to you;
- The right to correct any mistakes in your information;
- The right to ask us to stop contacting you with direct marketing;
- rights in relation to automated decision making;
- The right to restrict or prevent your personal data being processed;
- The right to have your personal data ported to another data controller (e.g. if you decide to contract with a different service provider); and
- The right to erasure.
These rights are explained in more detail below, but if you have any comments, concerns or complaints about the use of your personal data by us, please contact us (please refer to section "How to contact us").
We will respond to any rights that you exercise within a month of receiving your request, unless the request is particularly complex, in which case we will respond within three months.
Some of these rights are limited depending on the circumstances. If this happens and we cannot exercise your right as you request, we will inform you of the reasons why.
Right to access personal data relating to you
You may ask to see what personal data we hold about you and be provided with:
- A copy;
- Details of the purpose for which it is being or is to be processed;
- Details of the recipients or classes of recipients to whom it is or may be disclosed, including if they are overseas and what protections are used for those oversea transfers;
- The period for which it is held (or the criteria we use to determine how long it is held);
- Any information available about the source of that data; and
- Whether we carry out any automated decision-making, or profiling, and where we do information about the logic involved and the envisaged outcome or consequences of that decision or profiling.
To help us find the information easily, please provide us as much information as possible about the type of information you would like to see.
Right to correct any mistakes in your information
You can require us to correct any mistakes in your information which we hold free of charge. If you would like to do this, please:
- Contact us
- Let us have enough information to identify you (eg account number, Organiser name, registration details), and
- Let us know the information that is incorrect and what it should be replaced with.
Right to ask us to stop contacting you with direct marketing
You can ask us to stop contacting you by email with marketing materials. If you would like to do this, please:
- Contact us.
- Or you can also click on the ‘unsubscribe’ button at the bottom of any email.
- Provide us with details of your preferred method of contact for us to respond to this request.
Rights in relation to automated decision making
You may ask us to ensure that, if we are evaluating you we don’t base any decisions solely on an automated process and to have any decision reviewed by a member of our staff.
This right will not apply in all circumstances, for example where the decision is authorised or required by law and steps have been taken to safeguard your interests.
Right to prevent processing of personal data
You may request that we stop processing your personal data temporarily if:
- You do not think that your data is accurate. We will start processing again once we have checked whether or not it is accurate;
- The processing is unlawful but you do not want us to erase your data;
- We no longer need the personal data for our processing, but you need the data to establish, exercise or defend legal claims; or
- You have objected to processing because you believe that your interests should override our legitimate interests.
Copies of your personal data (data portability)
You may ask for an electronic copy of your personal data which we hold electronically and which we process when we have entered into a contract with you. You can also ask us to provide this directly to another party.
Right to erasure
You can ask us to erase your personal data where:
- You do not believe that we need your data in order to process it for the purposes set out in this Privacy Notice;
- If you had given us consent to process your data, you withdraw that consent and we cannot otherwise legally process your data;
- You object to our processing and we do not have any legitimate interests that mean we can continue to process your data; or
- Your data has been processed unlawfully or have not been erased when it should have been.
Complaints to the regulator
It is important that you ensure you have read this Privacy Notice - and if you do not think that we have processed your data in accordance with this notice or the data protection laws we would like to hear from you as soon as possible. Otherwise, you have the right to complain at any time to the Information Commissioner's Office. Information about how to do this is available on his website at www.ico.org.uk.
|personal data, or data||This means any information from which a living individual can be identified. This will include information such as names, e-mail addresses and telephone numbers. It will also cover information which on its own does not identify someone but which would identify them if put together with other information which we have or are likely to have in the future.|
|sensitive personal data, sensitive data, or special categories of data||This means any information relating to: racial or ethnic origin; political opinions; religious beliefs or beliefs of a similar nature; trade union membership; physical or mental health or condition; sexual life; genetic data or biometric data for the purpose of uniquely identifying you; or offences or alleged offences or information relating to any offences committed or allegedly committed.|
|processing||This covers virtually anything anyone can do with personal data, including: obtaining, recording, retrieving, consulting or holding it; organising, adapting or altering it; disclosing, disseminating or otherwise making it available; and aligning, blocking, erasing or destroying it.|
|data subject||The person to whom the Personal Data relates.|
|Information Commissioner||The UK Information Commissioner is responsible for implementing, overseeing and enforcing the Data Protection Laws.|
|data controller||This means any person who determines the purposes for which, and the manner in which, any Personal Data are processed.|
|data processor||This means any person who processes the Personal Data on behalf of the data controller.|
|data protection laws||This means the laws which govern the handling of data. This includes the General Data Protection Regulation (EU) 2016/679 (known as GDPR) and any other national laws implementing that Regulation or related to data protection.|