This privacy notice provides you with details of how we collect and process your personal data through your use of our website (https://theautumnrabbit.com
) and any information you may provide when you purchase a product or service, sign up to our newsletter or take part in a prize draw or competition. Our shop website (https://shop.theautumnrabbit.com
The Autumn Rabbit Ltd is the data controller and we are responsible for your personal data (referred to as “we”, “us” or “our” in this privacy notice).CONTACT DETAILS
Our full details are:
Full name of legal entity: The Autumn Rabbit Ltd
Email address: email@example.com
Postal address: 75 Redbreast Road, Bournemouth, Dorset, BH9 3AN
If you are not happy with any aspect of how we collect and use your data, you have the right to complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk
). We should be grateful if you would contact us first if you do have a complaint so that we can try to resolve it for you. It is very important that the information we hold about you is accurate and up to date. Please let us know if at any time your personal information changes by emailing us at firstname.lastname@example.org
.2. WHAT TYPES OF DATA DO WE COLLECT ABOUT YOU
Personal data means any information capable of identifying an individual. It does not include anonymised data. We may process certain types of personal data about you as follows:
- Identity Data may include your first and last name
- Contact Data may include your billing address, location, email address and telephone numbers.
- Transaction Data may include details about payments between us and other details of purchases made by you.
- Usage Data may include information about how you use our website, products and services.
Marketing and Communications
Data may include your preferences in receiving marketing communications from us and our third parties and your communication preferences.
We may also process Aggregated Data from your personal data, but this data does not reveal your identity and as such in itself is not personal data. An example of this is where we review your Usage Data to work out the percentage of website users using a specific feature of our site. If we link the Aggregated Data with your personal data so that you can be identified from it, then it is treated as personal data.Special Category Data
We do not collect any Special Category Data about you. Special category data is more sensitive data refers to data that includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. We do not collect any information about criminal convictions and offences.
In some cases, it may not be possible for us to provide our services without you providing the data we need. For example, if you fail to provide us with your email address we will not be able to respond to an enquiry.3. HOW WE COLLECT AND USE YOUR PERSONAL DATA
We will collect and process data about you depending on how you interact with us. We will always be upfront about the data we collect and how we will be using it and will only ever use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to find out more about how the processing for the new purpose is compatible with the original purpose, please email us at email@example.com
. If we need to use your personal data for a purpose unrelated to the purpose for which we collected the data, we will notify you and we will explain the legal ground of processing. We may process your personal data without your knowledge or consent where this is required or permitted by law.Visitors to our website
If you fill out our contact form (https://theautumnrabbit.com/contact
) we use a third-party application to collect the data from the form. The information you provide (your name, email address, location (town or state), country, business name, website address, how you heard about us and what you’re contacting us about) is stored via this third-party system. It allows us to easily respond to your enquiry as well as provide you with a quote, and if you become a customer, a contract and invoice. We also receive an email to let us know you have filled out the form.
We will process this information for the purposes of dealing with your enquiry, or to manage you as a customer if you decide to purchase one of our services.
As we use SSL (https) the data you submit using the contact form will be encrypted once you press the “submit” button.If you email us directly
If you send us an email directly, your email will be stored via our email provider. We may also download your email into an email application running on our computers.If you book a call with us
If you choose to book a call with us (e.g. booking a free consultation with us via our contact page (https://theautumnrabbit.com/contact))
we will collect basic information (name, email and details of what you’d like to talk about) for the purposes of facilitating the call. We use a third-party service to provide the booking form (and calendar) and so your details will be added to this system and we will receive an email alerting us to your booking.If you use the Facebook Messenger function to contact us
We allow website visitors to contact us via Facebook Messenger (the icon appears in the bottom left of our website)
. If you opt to contact us this way, any information you provide will be managed via Facebook in accordance with Facebook’s terms. It also means we will see the conversation within our Facebook account and therefore also have access to your Facebook profile and any information, photos, etc. you make public via Facebook.If you interact with us via social media
We don’t actively target people on social media, but if you do reach out to us via a social media channel then we will usually engage with your via the same channel, unless we arrange a call or we provide you with our email address, so you can email us directly.If you sign up to our email newsletter
We use a third-party service to manage our newsletter subscriptions. So, if you sign up for our newsletter (e.g. via the pop-up or by following the link to our Flodesk form from our website)
we will store your name and email address for the purposes of signing you up to our newsletter and for sending you our newsletter.
You can unsubscribe from the newsletter at any time by contacting us or using the unsubscribe link in the emails.If you’re a customer
If you take one of our services we will collect a certain amount of information (usually contact details and billing related information)
for the purposes of delivering the service.
We provide our customers with a customer portal using one of our service providers, which will include information about your account with us, such as your contract and other correspondence. This will be explained to you when you first sign up and we only use the information in this portal for the purposes of providing our services to you.If you purchase something via our shop
If you purchase something via our online shop, via our main website (https://theautumnrabbit.com/shop
). This is because the shop part of our main site is actually a link through to our separate shop site.If you fill out a survey or provide us with a review
From time to time, if you’re a customer, we may ask you to leave a review for us (e.g. https://theautumnrabbit.com/leave-a-review
). We use a third-party to run the review which means that as well as emailing us the details you provide, the information you submit will be stored on the third-parties servers. However, we will only ever use the information you provide for promotional purposes.Marketing communications
Typically, you will receive marketing communications from us if you have:
- You are a customer who has not objected to us sending marketing materials;
- Requested information from us or purchased goods or services from us;
- If you provided us with your details and ticked the box at the point of entry of your details for us to send you marketing communications; and
- In each case, you have not opted out of receiving that marketing.
However, it is also lawful for us to contact business contacts within a business to market our services to the business. It will be obvious from the communication that this is why we are contacting you and how you can request us to stop sending any further communication with you.
We will get your express opt-in consent before we share your personal data with any third party for marketing purposes. You can ask us or third parties to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or by emailing us at firstname.lastname@example.org
at any time.
Other reasons for processing your personal data
In addition to the reasons set out above we may also process your data for the following purposes:
4. DISCLOSURES OF YOUR PERSONAL DATA
- To collect and recover money owed to us. This may include sharing your data with a third-party debt recovery service
- To enable you to partake in a prize draw or competition
Generally, we will not share your personal data, except with:
- Service providers who provide IT and system administration services, including cloud-based services and software providers.
- Professional advisers including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services.
- HM Revenue & Customs, regulators and other authorities based in the United Kingdom and other relevant jurisdictions who require reporting of processing activities in certain circumstances.
- Third parties to whom we sell, transfer, or merge parts of our business or our assets. We require all third parties to whom we transfer your data to respect the security of your personal data and to treat it in accordance with the law. We only allow such third parties to process your personal data for specified purposes and in accordance with our instructions.
In all cases where we are using a third-party service or company, we will only provide the minimal amount of information for the purposes of delivering the service to us and to meet our requirements.
We always carry out due diligence against all our third-party suppliers, who are considered Data Processors, for the purposes of ensuring their compliance with data protection, maintaining adequate security of your data and ensuring they apply adequate data protection principles to the processing of the data we supply. We also make sure a legally binding contract (sometimes called a Data Processing Agreement or DPA)
is also in place to protect your data.5. INTERNATIONAL TRANSFERS
As a business we operate in the UK, however, we may make use of third-party services (as set out above)
that may involve transferring your data outside the UK.
Whenever we transfer your personal data outside of the UK, we will always make sure appropriate safeguards are implemented. This means we will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data or where there is a data processing contract in place (the “standard contractual clauses”)
If none of the above safeguards are available, we may request your explicit consent to the specific transfer. You will have the right to withdraw this consent at any time. Please email us at email@example.com
if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.6. DATA SECURITY
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know such data. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.7. DATA RETENTION
Unless stated elsewhere in this document, we will only retain your personal data for as long as it is lawful for us to do so, such as it being necessary to fulfil the purposes we collected it for, or for satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. By law we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they cease being customers for tax purposes. In some circumstances you can ask us to delete your data: see below for further information. In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
8. YOUR LEGAL RIGHTS
Under certain circumstances, you have rights under data protection laws in relation to your personal data. These include the right to:
- Request access to your personal data (the “subject access” right).
- Request correction of your personal data (e.g. if it is incorrect or needs updating).
- Request erasure of your personal data that we no longer need.
- Object to processing of your personal data.
- Request restriction of processing your personal data.
- Request transfer or a machine readable export of your personal data.
- Right to withdraw consent. You can see more about these rights at: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/
If you wish to exercise any of the rights set out above, please email us at firstname.lastname@example.org You will not have to pay a fee to access your personal data (or to exercise any of the other rights)
. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances. We may need to request specific information from
you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights)
. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response. We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.9. THIRD-PARTY LINKS
This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.10. COOKIES
We may change or update elements of this privacy notice from time to time or as required by law. The most current version of our privacy notice is available on our website at https://theautumnrabbit.com/privacy-policy