Our legal status under UK data protection law is that of a data controller and in this capacity we will securely store and process your personal information which you have provided to us. Data controller is a legal term used in the General Data Protection Regulation (GDPR), to signify who decides how your personal data is processed and for what purposes.
1.1. What is personal data? Personal information is any information that allows someone to identify you, including, for example, your name, address, telephone and mobile numbers, email address, as well as any information about you that is associated with or linked to, or could be linked to, any of the foregoing data. It relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. The processing of personal data is governed by the General Data Protection Regulation 2016/679 (the “GDPR”).
1.2. Your personal data is collected when you register or fill in a form on our website, contact Fearlessly CIC, or complete a form or online survey which may relate, for example, to subscriptions, competitions, offers and promotions and personal information you provide in online surveys and forums on a voluntary basis. This includes information you provide when you register to use our website, subscribe to newsletters, place an order or participate in discussion boards on our website. The information you give us may include your name, address, email, phone number, picture and payment details.
1.3. Personal data that is provided by you will only be used for the purpose for which it is provided, unless you are informed otherwise at the time of giving the information.
1.4. We will, from time to time, collect information from you for the purpose of creating de-personalised data that does not reveal your identity. We use this information to improve our products and occasionally for other internal purposes. This information is only used in de-personalised form and is not connected to any name, address or other personal identifying information.
2.1. Your personal data will be processed in the UK. When you submit your details in whichever country you are situated you agree to the information being processed in the UK.
2.2. The websites and our servers, wherever they are based, have appropriate technical and organisational measures in place to protect against unauthorised or unlawful use of your personal data as well as the accidental loss, destruction or damage of your personal data whilst under our control.
2.3. However, no data transmission over the internet can be guaranteed to be 100% secure and whilst we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us and you do so at your own risk.
3.1. We complies with our obligations under the General Data Protection Regulation (GDPR) by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.
3.2. We process personal data for the following purposes:
- to enable us to provide a service for the benefit of the public, as specified in our social mission;
- to administer subscriptions records;
- to manage our employees, volunteers and interns;
- to maintain our accounts and records;
- providing you with goods and/or services that you have requested and communicating with you about those products and services;
- monitoring, developing and improving the website, our services and your experience;
- providing a personalised service;
- conducting research, through surveys, polls and quizzes;
- market research, community and forums management;
- running competitions;
- providing you with information about our products and services where you have provided your consent. You will always be able to opt-out or unsubscribe from these messages;
- send out email newsletter and alerts you have agreed to receive. You will always be able to unsubscribe from these messages;
- processing and dealing with any complaints or enquiries made by you or legally on your behalf;
- we may also be required to disclose your personal information to authorities who can request this information by law that is binding on us, for instance for the prevention and detection of crime, the capture or prosecution of offenders and the assessment or collection of taxes; and
- other purposes related to any of the above.
4.1. The legal basis for processing your personal data is included in Articles 6 and 9 of the General Data Protection Regulation (GDPR). These include the following:
4.2. Article 6: Lawfulness of processing – Processing shall be lawful only if and to the extent that at least one of the following applies:
- the data subject has given consent to the processing of their personal data for one or more specific purposes;
- processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
- processing is necessary for compliance with a legal obligation to which the controller is subject;
- processing is necessary in order to protect the vital interests of the data subject or of another natural person;
- processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
- processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
4.3. Article 9: Processing special categories of personal data – Processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation is not allowed, unless one of the following applies:
- the data subject has given explicit consent to the processing of those personal data for one or more specified purposes;
- processing is necessary for the purposes of carrying out the obligations and exercising specific rights of the controller or of the data subject in the field of employment and social security and social protection law in so far as it is authorised by Union or Member State law or a collective agreement pursuant to Member State law providing for appropriate safeguards for the fundamental rights and the interests of the data subject;
- processing is necessary to protect the vital interests of the data subject or of another natural person where the data subject is physically or legally incapable of giving consent;
- processing is carried out in the course of its legitimate activities with appropriate safeguards by a foundation, association or any other not-for-profit body with a political, philosophical, religious or trade union aim and on condition that the processing relates solely to the members or to former members of the body or to persons who have regular contact with it in connection with its purposes and that the personal data are not disclosed outside that body without the consent of the data subjects;
- processing relates to personal data which are manifestly made public by the data subject;
- processing is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity;
- processing is necessary for reasons of substantial public interest, on the basis of Union or Member State law which shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitable and specific measures to safeguard the fundamental rights and the interests of the data subject;
- processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services on the basis of Union or Member State law or pursuant to contract with a health professional and subject to the conditions and safeguards referred to in paragraph 3;
- processing is necessary for reasons of public interest in the area of public health, such as protecting against serious cross-border threats to health or ensuring high standards of quality and safety of health care and of medicinal products or medical devices, on the basis of Union or Member State law which provides for suitable and specific measures to safeguard the rights and freedoms of the data subject, in particular professional secrecy.
- processing is necessary for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) based on European Union or Member State law which shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitable and specific measures to safeguard the fundamental rights and the interests of the data subject.
- Personal data referred to in paragraph 1 may be processed for the purposes referred to in point (h) when those data are processed by or under the responsibility of a professional subject to the obligation of professional secrecy under European Union or Member State law or rules established by national competent bodies or by another person also subject to an obligation of secrecy under European Union or Member State law or rules established by national competent bodies.
5.1. We may disclose your personal information to our partners who supply services to you on our behalf and who need to process personal information in the provision of such services. When you request goods and services from us, you are consenting to the disclosure of your personal information to our partners who may provide such goods and services under contract and guarantee to our satisfaction that they have sufficiently robust processes in place to ensure the security of your personal information whilst it is in their care.
5.2. We may disclose your personal information to third parties:
- In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
- If all or substantially all of our assets are acquired by a third party, in which case personal data held by us about our customers will be one of the transferred assets.
5.3. We may disclose depersonalised data (such as aggregated statistics) about the users of our website in order to describe our sales, customers, traffic patterns and other site information to prospective partners, advertisers, investors and other reputable third parties and for other lawful purposes, but these statistics will include no personally identifying information.
5.4. Under certain circumstances we may occasionally be required by law, court order or governmental authority to disclose certain types of personal information and we reserve the right to comply with any such legally binding request. Examples of the type of situation where this would occur would be:
- in the administration of justice;
- where we have to defend ourselves legally;
- in complying with the mandatory requirements of a government department collecting information; and
- to protect or defend our rights or property or those of users of our services.
5.5. Other than this, we will not disclose any of your personal information to any other third parties without your consent.
6.1. If you are aged sixteen  or under, please get your parent/guardian’s permission beforehand whenever you provide personal information to the website. Users without this consent are not allowed to provide us with personal information. If we become aware that you are under sixteen  and are attempting to or have submitted personal information via the website without your parent/guardian’s permission, we will not accept such information and we will take steps to remove such information from our records. This may involve us having to access and verify your age and other relevant details.
7.1. We will hold your personal information on our systems only for as long as is necessary. We do not delete the data we hold from you in your account as a subscriber to our community, or on our records if you are a contributor to our magazine, unless you request this. You are responsible for and control the time periods for which you retain this data. Your data will be deleted as soon as you make a request to us, and we will regularly ask for your consent to keep your data.
9.1. “Cookies” are pieces of information that a website transfers to your hard drive to store and sometimes track information about you. Cookies are common and won’t do anything to harm your system – they simply store or gather information. They help you to get the most out of your visit to our website.
9.2. We may collect information about your computer including, where available, your IP address, operating system and browser type for system administration as part of our audit trail process. Most web browsers automatically accept cookies, but if you prefer, you can change your browser to prevent that. You are not obliged to accept cookies and you can adjust your browser’s setting to prevent it from accepting cookies on your computer – go to www.allaboutcookies.org for instructions on how to disable cookies. However, you may not be able to take full advantage of our website if you do so.
9.3. Cookies are specific to the server that created them and cannot be accessed by other servers, which means they cannot be used to track your movements around the web. Although they can be used to store information which may identify a user’s computer, cookies do not personally identify users and passwords and credit card information are not stored in cookies.
9.4. Our website uses two main types of cookies:
- Per-session cookies. We only use these whilst you are visiting our website and they are deleted when you leave. They remember you as you move between pages, for example recording the items you add to an online shopping basket. They also help maintain security.
- Persistent cookies. These cookies stay on your computer until they expire or are deleted. We set automatic deletion dates so that we don’t keep your information for longer than we need to.
- Gather customer journey information across our sites and fulfil any of your requests;
- Gain insight into the nature of our audience so we can tailor our content accordingly;
- Ensure your privacy when you visit our secure sites;
- Store login details for our secure sites;
- Store details of your marketing preferences to improve and enhance your visit to our sites;
- Evaluate our sites’ advertising and promotional effectiveness – all information is anonymised and we don’t share it with anyone;
- Provide advertising on our sites and on other sites which are tailored to your interests and preferences;
- Remember settings you have applied to a Website such as layout, font size, preferences, colours etc;
- Detect if a service has already been offered to you so that we don’t ask you again.
10.1. Social networking sites, such as Facebook, among others, work with us as trusted third party partners. We also work with application developers who specialise in social media, so that we can connect with your social networks. We provide access to our websites for third parties and business partners so that we can generate interest in our products and services among members of your social networks and to allow you to share product and service interests with friends in your network.
10.2. We do not control how your personal information is collected, stored or used by such third party sites or to whom it is disclosed. You should review the privacy policies and settings on any social networking site that you subscribe to so that you understand the information they may be sharing. If you do not want your networking sites to share information about you, you must contact that site and determine whether it gives you the opportunity to opt-out of sharing such information. We are not responsible for how these third party sites may use information collected from or about you.
11.2. We accept no responsibility or liability for any third party practices on third party websites. We advise you to carefully read third party privacy statements prior to the use of any third party website.
Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data:
12.1. You are entitled to see the information we hold about you. If you wish to access the personal information held by us, you should contact us in writing using the information provided below.
12.2. If we are legally able, we will provide you with copies of all the personal information we hold about you. We are also obliged to request that you provide us with identification so that we can be certain that you are entitled to receive the requested data.
12.3. Please help us to keep our records of your personal information up-to-date by notifying us of any changes or corrections to the personal information we hold about you.
12.4. If you are a member of one of our online communities and forums you will be able to directly log in and review some your personal information and amend/delete accordingly.
12.5. The right to request your personal data is erased where it is no longer necessary for Fearlessly to retain such data.
- The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing.
- The right to object to the processing of your personal data.
- The right to lodge a complaint with the Information Commissioners Office (ICO), Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.
12.6. Further processing
- If we wish to use your personal data for a new purpose, not covered by this Data Protection Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions.
- Where and whenever necessary, we will seek your prior consent to the new processing.
Data Control Officer
46A Constitution Street
Edinburgh, EH6 6RS