We respect your privacy and are committed to protecting your personal data.
It is important that you read this policy carefully so that you understand how we look after and process your personal data, and so that you are aware of your privacy rights and how the law protects you.
What's included in this policy?
- Important information and who we are
- The personal data we collect and how we use it
- How we collect your personal data
- Who we share your personal data with
- International transfers
- Keeping your personal data secure
- Data retention
- Being in control of your own information
1. Important information and who we are.
We are registered with the Information Commissioner's Office in the UK with reference number Z3212973.
If you have any questions about this policy, including any requests to exercise your legal rights, please contact us:
- By telephone - 01225 489829
- By post - FAO: Data Protection Officer, The Chocolate Factory, Keynsham, Bristol, BS31 2AU
- By email - firstname.lastname@example.org
This website may include links to third-party websites, plug-ins and applications.
In some instances, we may be “joint controllers” with this third party. This means that we might be jointly responsible with that third party for determining the collection and/or use of your personal information with this organisation.
Clicking on those links or enabling those connections may allow third parties to collect or share data about you.
2. The personal data we collect and how we use it
- Identity Data (including your first name, last name, title and date of birth)
- Contact Data (including your postal address, billing address, email address and telephone number)
- Financial Data (including your bank details, payment card details and insurance information)
- Location Data (including your geographical location when you search for a practice and enter your town, postcode or click on the "use my location" button)
- Transaction Data (including details about payments to and from you and other details of the services you have purchased from us)
- Technical Data (including internet protocol (IP) address, your log in data, browser type and version, time zone setting and location, browser plug-in types, versions and screen sizes, operation system and platform, the full Uniform Resource Locations (URL) clickstream to, through and from our website (including date and time) and download errors)
- Profile Data (including your purchase and your feedback and survey responses).
- Usage Data (including information about how you interact with our website, services and emails (we use a product called Hotjar which tracks this information but you can ask it to stop by clicking here).
- Social Media Data (including your posts and comments where you have mentioned and tagged one of our group companies)
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
- Where we need to perform the contract (your pet’s health plan) we are about to enter into or have entered into with you
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests
- Where we need to comply with a legal obligation
- Where you have provided us with your consent to send marketing materials
We have set out below, in a table format, a description of all the ways we use your personal data and our lawful basis that we are relying upon for doing so.
|Type of data||What we do||Why we do it||Our lawful basis|
|Identity, Contact and Financial Data||We sign your pet up to a Pet Health Club plan||We need some details from you to set up the plan and direct debit and check that you are over 18 years old||To start a contract with you and administer the health care plan that you have chosen for your pet|
|Identity, Contact, Financial and Transaction Data||We send you service communications about your plan||We want to manage our relationship with you and ensure you get the most out of your plan||It is in our legitimate interest to continue to deliver the best care for your pet by providing you with information about your plan. We also do this to satisfy any legal requirement in terms of payments and debt recovery.|
|Identity, Contact, Technical, Profile, Usage and Marketing Data||Where you provide your consent, we will send you marketing communications||If you have told us you want to hear more about our products and services, we will send you updates.||We will only do this with your consent. You can withdraw your consent at any time by clicking “unsubscribe” in the email you have received or contacting your practice to update your preferences|
|Identity, Contact, Technical and Usage Data||We use data carry out troubleshooting, data analysis, testing, system maintenance, support and reporting and hosting of data||We protect our business and our website and we want to keep your data secure||It is in our legitimate interest to look after your personal data and maintaining our website is a crucial part of this - we need to have a secure network and be able to prevent fraud. We also do this to comply with our legal obligations|
|Identity, Contact, Financial, Transaction, Technical, Profile, Usage, and Marketing Data||For classifying our audience into user profiles, groups or segments, we analyse what you have bought and searched for and how you have interacted with us across our group companies. We use data in an anonymous format to track usage statistics on our website.||To ensure we are providing you with the best service and to measure the effectiveness of our content and how visitors use our websites and services. This allows us to learn what pages to target our adverts to so that they are move relevant to you.||It is in our legitimate interest to know your preferences and to develop our products and services to what our customers want.|
|Social Media Data||We may want to respond or react to a post where you have tagged one of our group companies.||We want to know what you think about us and the products and services we provide||It is in our legitimate interest to interact with our customers on these forums to make sure they are happy with our products and services|
|Location Data||If you enter your location or allow us to use your location, we will search for a practice nearby to the location you have entered||We want to let you know which of our practices are near to you so that you can access our services||It is in our legitimate interest to help you find a practice that is near to your location, so that your pet can be treated|
If you fail to provide your information
If you fail to provide certain information when requested (such as your payment card details), we will not be able to sign your pet up to a health plan and you will not receive any associated benefits.
3. How we collect your personal data
We use different methods to collect data including through:
a) Direct interactions - you may give us your Identity, Contact and Financial Data by filling in forms on our website, subscribing to one of our health plans or corresponding with us via telephone, post, email or face-face in one of our practices.
c) Third parties - we may receive information about you from third parties such as:
- Contact, financial and transaction data from providers of technical, payment and delivery services
- Advertising networks (based on your cookie consent);
- Analytics providers
- Credit reference agencies
- Where your pet is referred to us from another practice, information that practice holds about you
- Other IVC Evidensia companies
- Debt recovery agencies
Where we have received information from other sources, we will have informed you when we collected that data that it may be shared internally and combined with the data that we collect about you from your use of this website.
4. Who we share your personal data with
We share your personal data with the following categories of companies so that we can administer your pet’s health plan.
- Companies that help us administer your pet’s health plan such as:
- Payment service providers
- Easy Direct Debits Ltd
- Fulfilment and delivery companies
- Communications partners that enable us to send email marketing and reminders to you
- Technology service providers that support our IT, host our websites and help us analyse the data we hold
- IVC Evidensia companies where they assist us in providing our services to you
- Payment service providers
- Other professional and legal advisors
- Debt recovery agencies
- Law enforcement and fraud prevention agencies
- Companies approved by you (such as social media sites)
- Advertisers and advertising networks that require the data to select and serve relevant adverts to you and others (we will only send marketing communications to you where you have consented to receiving them from us), including Facebook Ad Manager; and
- Where any part of our business is outsourced, sold, or merged, and where permitted by law, we will share your data with the new provider so that we may continue to provide services to you. They may use your personal data in the same way as set out in this policy. We will of course inform you of any such change and give you an opportunity to opt out of your data being shared with a new provider.
Before we share your data with any third party, we will check:
- They can provide sufficient guarantees regarding the confidentiality and security of your personal data;
- We have a written contract with them which defines how they can use your data, how they can protect it and what to do with it when our relationship with them is terminated; and
- We only share the data that they need in order to fulfil their services to us.
Change of purpose
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us at email@example.com.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note, we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
5. International Transfers
We do not transfer your personal data outside the EEA. For any personal data transfers within the EEA, we will continue to follow all regulatory and legal requirements as set out in the EU-UK Trade and Co-operation Agreement and any subsequent arrangements that are agreed. This privacy notice will be updated to reflect any relevant changes.
If there is ever a requirement for us to transfer your data outside the EEA, we will ensure at least one of the following safeguards are implemented:
- We will only transfer your personal data to countries, territories or sections within a country that have been deemed to provide an adequate level of protection for personal data by the European Commission;
- The transfer is subject to a legally binding and enforceable commitment on the recipient to protect the personal data (for example, through the use of European Commission approved standard contractual clauses);
- The transfer is made subject to binding corporate rules;
- The transfer is based on a derogation from restrictions on transferring personal data outside of the EEA (such as where you give your consent, the transfer is necessary for the performance of a contract with you, or the transfer is necessary for the establishment, exercise or defence of legal claims).
6. Keeping your personal data secure
We have put in place appropriate security measures to prevent your information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
We also limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have also put in place procedures to deal with any suspected personal data breach and we will notify you and any applicable regulator of a breach where we are legally required to do so.
If you would like to know more about how to protect your information and your computer and devices against fraud, identity theft, viruses and other online problems, please visit Get Safe Online. Get Safe Online is supported by HM Government and leading businesses.
7. Data retention
We will only retain your data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax or reporting requirements.
By law we have to keep basic information about you (including Identity, Contact, Financial and Transaction Data) for up to 6 years after you have ceased being a customer.
8. Being in control of your own information
Under the UK GDPR and Data Protection Act 2018 you have some important rights available to you. In summary, these include:
- Access to the personal information that we hold about you
- Request that we transfer elements of your data to another service provider
- Require us to correct any mistakes in the information which we hold about you
- Ask us to erase your personal data in certain situations
- Withdraw your consent at any time where the processing of your personal data is based on consent (for example, unsubscribing to our direct marketing communications)
- Object to or restrict or suspend us from processing your personal data in certain circumstances (for example, if you want to restrict processing whilst we are establishing the accuracy of your personal data)
- Request not to be subjected to automated decision-making that significantly affects you
- The right to complain to the Information Commissioner’s Office (this is the UK’s data protection regulator, and you can do this via the ICO’s website)
If you want to exercise your rights, please contact us at firstname.lastname@example.org.
This version was last updated on 21 July 2021.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us by contacting email@example.com or by visiting/contacting your practice directly.