The type of personal information we collect:
The type and amount of information we collect depends on why you are providing it. We may collect, use, store and transfer different types of personal data which we have grouped together as follows:
How we get the personal information and why we have it:
We may collect information from you whenever you contact us or have any involvement with us for example when you:
We use the information that you have given us in order to:
We have set out below, a description of a number of ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.
Please note that the following list is not exhaustive.
|Purpose/Activity||Type of Data||Lawful Basis|
|To register you as a new customer||
||Performance of a contract with you|
|To provide you with requested services and/or products||
||Neccessary for performance of a contract
Necessary for legitimate interests
|To process and deliver the products you have ordered||
To manage our relationship with
you which will include:
|To evidence our compliance with legal requirements||
||Compliance with legal obligations|
|To administer and protect business and websites (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)||
|To deliver relevant website content and advertisements to you and measure or understand their effectiveness||
||Necessary for legitimate interest|
|To use data analytics to improve our website, products/services, marketing, customer relationships and experiences||
||Necessary for legitimate interests|
|To make suggestions and recommendations to you about goods and services that may be of interest to you and send details about future offers and events||
|To monitor your use of our services to provide staff training and improve your experience||
Access to your information:
Your personal data will be processed by the individual at Summit Creative Ltd that initially receives it, and may also be transferred to and processed by other departments within the company.
Where it is necessary to enable us to provide you with the services you have requested, we will transfer your personal data to third parties (for example; we may transfer your data to our bank, payment card system operators, shippers, warehouses, insurers, product partners, and analytics and search engine providers). These organisations will only use the information to carry out the instructed services and on the basis, that the information is confidential and secure. Some of these organisations may be located outside the EEA (please see below).
We do not transfer your personal data to third parties who wish to use it for their own marketing or other purposes.
We may need to carry out anti-money laundering and trade sanction checks and for us to do so we may need to retain and disclose certain information about you to appropriate agencies. This is also to assist with fraud, crime prevention and detection.
We will only disclose your personal data when we receive a request from a government or law enforcement authority to provide your data in two situations: when we are ordered to do so by a court; or after we have undertaken an internal review and conclude that the institution making the request has both complied with the correct procedure and has the right to seek disclosure.
Owing to matters such as financial or technical considerations, the information you provide to us may be transferred to countries outside the European Economic Area (EEA), which are not subject to the same data protection regulations as apply in the UK. We meet our obligations under GDPR by ensuring that the information has equivalent protection as if it were being held within the EEA. We do this by ensuring that any third parties processing your data outside the EEA either benefit from an adequacy determination for GDPR purposes and/or, where appropriate, we have entered into a data processing agreement which contains model EU clauses.
We may also disclose your personal information if we are required to do so under any legal obligation and may use external data for the purposes of fraud prevention and credit risk reduction, or where doing so would not infringe your rights, but is necessary and in the public interest.
Other than this, we will not share your information with other organisations without your consent.
Under the UK General Data Protection Regulation (UK GDPR), the lawful bases we rely on for processing information are:
How we store your personal information:
Your information is securely stored. We recognise and take seriously our responsibility to protect the personal data you entrust to Summit Creative Ltd from loss or misuse. We take appropriate technical and physical steps to safeguard all information. We ensure only authorised persons (employees and contractors) have access to the information and that everyone who has access is appropriately trained to manage the data..
Summit Creative Ltd uses a variety of security technologies and organisational procedures to help protect your personal data. For example, we implement access controls, use firewalls and secure servers, and we encrypt data, such as financial information and other important data.
No data transmission over the internet can be guaranteed to be completely secure. So, whilst we strive to safeguard your information, we cannot guarantee the security of any information you provide online and you do this at your own risk.
We keep personal information on file for 12 months after a contract/relationship has terminated. We will then dispose of information by way of a regular system data cleanse.
Your data protection rights:
Under data protection law, you have rights including:
Your right of access - You have the right to ask us for copies of your personal information.
Your right to rectification - You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.
Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal information in certain circumstances.
Your right to object to processing - You have the right to object to the processing of your personal information in certain circumstances.
Your right to data portability - You have the right to request that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances. Such requests must be made in writing. To make a request, please contact us at firstname.lastname@example.org. Your response will be provided within 30 days from the date the request is submitted.
You have the right to request details of the processing activities that we carry out with your personal information by making a subject access request. Such requests must be made in writing. To make a request, please contact us at email@example.com. Your response will be provided within 30 days from the date the request is submitted.
You are not required to pay any charge for exercising your rights.
If you are not happy with the way in which we have processed or dealt with your information, you can provide feedback to the Information Commissioner's Office:
Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk
Last Updated: 1 Nov, 2022
Amari West London
West Midlands Safari Park
FREE advice, insights and good vibes only - it's a no spam zone over here!
T: 01623 625222