· visitors to our website
· people who do business with us and purchase our services
Who We Are
www.intuitivehorse.com/.co.uk is owned and operated by Intuitive Horse (‘we’ or ‘us’ or ‘our’); a partnership with our principal place of business at New Coghurst Farm, Ivyhouse lane, Hastings TN35 4NP.
We are registered with the Information Commissioner’s Office under registration number ZA374438. We are the data controller for the purpose of the EU General Data Protection Regulation (“GDPR”). Our designated Data Protection Officer is Emma Ross, who can be contacted at firstname.lastname@example.org
Information That We Collect
The personal data that we collect from you and process is:
· Age (for individuals under the age of 16 yrs)
· Business/Home Address
· Email Address
· Telephone Number
· Mobile Number
· Special Category Data (i.e. health/medical information)
· Order Number
We will collect personal data from you if you:
How We Use Your Personal Data (Legal Basis for Processing)
The purposes and reasons for processing your personal data are:
Information We Collect When You Contact Us
You may give us information about you by filling in forms on our website or by corresponding with us by phone, e-mail or post. This includes information you provide when you place an order or sign up to our mailing list to receive information, news and offers about our services, and when you report a problem with our website.
We collect and process this personal data about you for the purposes of responding to enquiries and messages we receive and keeping records of correspondence. The legal basis for this processing is our legitimate interests under Article 6(1)(f) of the General Data Protection Regulation.
When you sign up to our mailing list we collect your email address and you give your consent to us under Article 6(1)(a) of the General Data Protection Regulation to send you by email information, news and offers about our services. We will send you these communications only if you signed up to receive them.
Please note -We use a third party service provider, MailChimp, to send out our newsletters and administer our mailing list.We gather statistics around email opening and clicks using industry standard technologies to help us monitor and improve our e-newsletter.Information you submit to subscribe for our mailing list will be stored outside the European Economic Area on MailChimp’s servers in the United States of America.
Information We Collect When You Visit or Browse Our Website
With regard to each of your visits to our website we may automatically collect the following information:
· We use a third party server to host our website. Our server is located in Germany. When someone visits our websitewe use a third-party service, Google Analytics, to collect standard internet log information, details of visitor behaviour patterns, technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, browser type and version, geographical location, time zone setting, browser plug-in types and versions, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use. Please note that this is statistical data about our users’ browsing activities and patterns, and individuals cannot be identified from it.
· Information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our website (including date and time); products you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page.
We collect and process the above personal data about youfor the purposes of analysing the use of the website and services. The legal basis for this processing is our legitimate interests, namely monitoring and improving our website and services.
Information We Collect When You Place an Order
You give us information about you when you place an order for services. When you place an order for services we collect the following information: name, email address, phone number, address, company name (if applicable), VAT number (if applicable) and transaction details. We process this personal data for the purpose of supplying the purchased services and keeping proper records of those transactions. The legal basis for this processing is the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract and our legitimate interests, namely the proper administration of our business.
Information from Third Parties
We generally do not receive information about you from third parties. However, as we work closely with third parties we may receive information about you from them. The third parties from which we receive information about you will generally include other businesses and clients we work with from time to time.
We may combine this information with information you give to us and information we collect about you. We may use this information and the combined information for the purposes set out above (depending on the types of information we receive). For example,where a third party has passed on information about you to us because you have asked that third party to share information about you with us, we will process your information on the basis of your consent.
Where a third party has passed on information about you to us in order for us to provide services to you, we will process your information in order to take steps to enter into a contract with you and perform a contract with you (as the case may be). The legal basis for this processing is the performance of a contract between you and us and/or taking steps to enter into such a contract and our legitimate interests, namely the proper administration of our business.
However, where a third party has passed on information about you to us, and you have not consented to the sharing of that information, we will process your information on the basis of our legitimate interest, namely the performance of our obligations under a contract with the third party.
Special Categories Data
Owing to the services that we offer, Intuitive Horseneeds to collect, store and process sensitive personal information (known as special category data) about you. Special category datais information about an individual that reveals their racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, and information concerning health.
We collect and process information concerning your health (health data) for the purpose of assessing the suitability of our services. Where we collect such information, we will only request and process the minimum necessary for the specified purpose. The legal basis for this processing is the compliance with our legal obligations, to protect your vital interestsand consent.
Children’s Privacy & Parental Rights
You may only purchase our services if you are at least 16 years old. Our website is not intended to be used from persons under the age of 16.
If you are below the age of 16, before you can purchase our services we need to obtain parental consent. We will not knowingly collect or process information from persons under the age of 16 without parental consent.
Without consent, persons under the age of 16 shall not use our website and/or purchase our services. If a parent/guardian does not provide consent, we will delete the information provided during the booking process immediately.
It is possible that we could receive information pertaining to persons under the age of 16 by deception. If we are notified of this, as soon as we verify the information, we will immediately obtain parental consent to use that information or, if we are unable to obtain such parental consent, we will delete the information. Parents/guardians can review the personal information we collect, store and process; request that we delete that information and refuse to allow us to collect further information from their kids by contacting us by email at email@example.com. We may ask additional questions or take other steps to verify the identity of parents/guardians before responding to a request to review or delete their kid's information, or a request to refuse further collection from kids.
Subject to few limitations on certain rights, your principal rights in relation to your personal information under data protection laws are set out below. You can exercise any of your rights in relation to your personal data by writing to us to: Intuitive Horse, New Coghurst Farm, Ivyhouse lane, Hastings TN35 4NP or by sending an email to: firstname.lastname@example.org
· Right to access- You have the right to access any personal information that we collect, store and process about you and to request information about: what personal data we hold about you; the purposes of the processing; the categories of personal data concerned; the recipients to whom the personal data has/will be disclosed; how long we intend to store your personal data for; if we did not collect the data directly from you, information about the source. Providing the rights and freedoms of others are not affected, we will supply to you a copy of your personal data. The first copy will be provided free of charge, but additional copies may be subject to a reasonable fee.
· Right to rectification -If you believe that we hold any incomplete or inaccurate data about you, you have the right to ask us to correct and/or complete the information and we will strive to do so as quickly as possible; unless there is a valid reason for not doing so, at which point you will be notified.
· Right to erasure - In some circumstances you have the right to the erasure of your personal data without undue delay. Those circumstances include: the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; you withdraw consent to consent-based processing; you object to the processing under certain rules of applicable data protection law; the processing is for direct marketing purposes; and the personal data have been unlawfully processed. However, there are exclusions of the right to erasure. The general exclusions include where processing is necessary: for exercising the right of freedom of expression and information; for compliance with a legal obligation; or for the establishment, exercise or defence of legal claims.
· Right to restrict processing -In some circumstances you have the right to restrict the processing of your personal data. Those circumstances are: you contest the accuracy of the personal data; processing is unlawful but you oppose erasure; we no longer need the personal data for the purposes of our processing, but you require personal data for the establishment, exercise or defence of legal claims; and you have objected to processing, pending the verification of that objection. Where processing has been restricted on this basis, we may continue to store your personal data. However, we will only otherwise process it: with your consent; for the establishment, exercise or defence of legal claims; for the protection of the rights of another natural or legal person; or for reasons of important public interest.
· Right to object to processing -You have the right to object to our processing of your personal data for direct marketing purposes (including profiling for direct marketing purposes). If you make such an objection, we will cease to process your personal data for this purpose.
· Right to data portability -Where applicable, you have the right to data portability of your information which means you have the right to receive your personal data from us in a structured, commonly used and machine-readable format.
· Right to complain to a supervisory authority - If you consider that our processing of your personal information infringes data protection lawsor are unsatisfied with how we have handled your personal information, you have the right to lodge a complaint with the supervisory authority. You may do so in the EU member state of your habitual residence, your place of work or the place of the alleged infringement. The supervisory authority in the UK is the Information Commissioner’s Office (ICO), the contact details of which are:
Information Commissioner’s Office
0303 123 1113
· Right to withdraw consent - To the extent that the legal basis for our processing of your personal information is consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal. You can withdraw your consent to our processing of your personal information by emailing us at email@example.com, or you can withdraw your consent to email marketing by using the unsubscribe link in such communications.
If we receive a request from you to exercise any of the above rights, we may ask you to verify your identity before acting on the request; this is to ensure that your data is protected and kept secure.
Disclosure of Your Information
The third-party service providers that we work with are:
· We may disclose your personal data to our accountants, insurers and professional advisers insofar as reasonably necessary for the purposes of completing tax returns, obtaining or maintaining insurance coverage, managing risks, obtaining professional advice, or the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
Our accountants, insurers and professional advisers are located in the United Kingdom.
Our business partners, suppliers and sub-contractors are located in the United Kingdom.
PayPal may transfer information they process about your order outside the EEA. Where they do so there will be appropriate safeguards in place.
In addition to the specific disclosures of personal data set out above, we may disclose your personal information to third parties:
Weutilise someproducts or services that may be hosted/stored in countries outside the EEA. Therefore, when you use our website, send us an email, sign up to our mailing list etc. the personal information you submit may be stored on servers which are hosted outside the EEA.Where this is the case, we will take steps to ensure that those providers use the necessary level of protection for your information and abide by strict agreements and measures set out by Intuitive Horseto protect your data and comply with the relevant data protection laws.
The European Commission has adopted standard contractual clauses (also known as Model Clauses), which provide safeguards for personal information that is transferred outside of Europe. We often use these Model Clauses when transferring personal information outside the EEA.
Your information will be transferred and stored outside the EEA in the following circumstances:
Our website is hosted by Jimdo, which is situated in Germany.
Our email provider is Jimdo which is situated in Germany.
Our mailing list provider is MailChimp, which is situated in United States of America.
Our payment services provider is PayPal, PayPal, may process your order and transfer information about your order outside the European Economic Area.
How Long We Keep Your Data
Where you have consented to us using your details for direct marketing, we will keep such data until you notify us otherwise and/or withdraw your consent.
We take your privacy seriously and take every reasonable measure and precaution to protect and secure your personal data. We follow generally accepted standards to protect the personal information submitted to us, both during transmission and after it is received. We work hard to protect you and your information from unauthorised access, alteration, disclosure or destruction and have several layers of security measures in place, including: secure hosting of our website, virus and malware protections, using an SSL certificate, verifying the identity of anyone who requests access to information prior to granting them access to the information, only sharing and providing access to your information to the minimum extent necessary, subject to confidentiality restrictions.
Unfortunately, no method of transmission over the internet or method of electronic storage is 100% secure. Therefore, while we strive to protect your personal information, we can't guarantee its absolute security. If you have any questions about the security of your personal information, you can contact us at firstname.lastname@example.org.
Links to Other Websites
How to Contact Intuitive Horse