DATA PROTECTION POLICY
1. POLICY STATEMENT
1.1 Contemporary Services Limited, trading as The Intro (“we”/“us”/“our” etc) is an introductory service and dating concierge app. We are based at C/O Cobia Ltd, 724 Capability Green, Luton, Bedfordshire, England, LU1 3LU and can be contacted on email@example.com
1.2 Our Data Protection Administrator can be contacted at firstname.lastname@example.org
1.3 We will always comply (and be able to demonstrate our compliance) with relevant data protection legislation, including the Data Protection Act 2018 (“DPA”), General Data Protection Regulation (“GDPR”), Privacy and Electronic Communications (EC Directive) Regulations 2003 (“PECR”) including any amendments and any replacement legislation as applicable, when processing your personal data. Further details on the DPA and GDPR can be found at the Information Commissioner’s Office website (www.ico.gov.uk).
1.4 For the purposes of data protection legislation, we will be the “controller” or “data controller” of all personal data held in respect of this Policy. Where we use a third-party to store or process your data on our behalf, they will do so as “processors" or “data processors” acting solely under our direct instruction.
1.5 The Data Protection Act 2018 and the General Data Protection Regulation (GDPR) provide that all data relating to living individuals must be handled (“processed”) in accordance with 6 principles intended to protect individual privacy. These principles are set out below in this Policy.
1.6 In the course of our business we collect, store and process personal data about our customers, suppliers and other individuals, and ensuring that we do so in a legally compliant manner is a priority for us as a responsible business. Please note that data protection rights do not specifically apply to companies and other corporate entities, but do apply to their employees etc.
1.7 All our staff are required to comply with this Policy at all times when processing personal data on our behalf. Breaches of this Policy may result in disciplinary action.
2. ABOUT THIS POLICY
2.1 This Policy (and any other documents referred to in it) sets out the basis on which we will process your personal data we collect from you or other sources. It has been approved by our Data Protection Administrator who is responsible for ensuring our compliance with data protection legislation and to whom all questions, comments or concerns should be referred.
2.2 In this policy:
personal data means any information relating to a living individual who can be identified, directly or indirectly, from that information, whether or not in association with other information;
data subject means any living individual who can be identified from personal data;
controller means any person or organisation which directs how and why personal data is processed;
processor means any person or organisation which processes personal data on behalf of a controller;
processing means any operation performed on personal data, including: collecting, organising, storing, altering, retrieving, consulting, using, sharing, updating and deleting.
3. DATA PROTECTION PRINCIPLES
3.1 Anyone processing personal data must comply with the following principles which state that personal data must be:
(a) processed lawfully, fairly and transparently - lawfulness, fairness and transparency
(b) collected for specified, explicit and legitimate purposes and not processed in a manner incompatible with those purposes - purpose limitation
(c) adequate, relevant and limited in relation to those purposes – data minimisation
(d) accurate and, where necessary, up to date - accuracy
(e) not kept for longer than necessary for those purposes - storage limitation
(f) processed with appropriate security, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage - integrity and confidentiality.
3.2 We must also be able to demonstrate that we comply with these principles - accountability
4. LAWFULNESS, FAIRNESS AND TRANSPARENCY
4.1 Whenever we process your personal data, the relevant basis for processing (selected from the following list) will be identified and recorded alongside the data, e.g.:
(a) processing is necessary for the performance of a contract made with you;
(b) processing is necessary for compliance with a legal obligation to which we are subject;
(c) processing is necessary in our legitimate interests (or those of a third party), subject to your interests or fundamental rights and freedoms;
(d) you have given consent.
4.2 Each of these bases is subject to further detailed provisions which will be considered carefully before being used as the reason to process the personal data. Please contact the Data Protection Administrator for further details.
4.3 In particular, your consent must be genuinely, freely and specifically given and must not be treated as a default option, nor as a carte blanche for unrestricted processing. We will clearly inform you of the purposes for which your personal data will be used and that it is up to you whether you give, withhold or withdraw your consent.
4.4 Further restrictions apply to special categories of personal data including your race, ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, health, sex life and sexual orientation, and criminal convictions. We will not process these kinds of personal data unless we can meet the necessary requirements for doing so, e.g.:
(a) you have given consent;
(b) you have made the personal data in question manifestly public.
Please contact the Data Protection Administrator for further details.
4.5 We will ensure that all information given to you is clear, concise, transparent, intelligible and easily accessible.
4.6 We will never sell your personal data or make it available to any third parties without prior consent except where:
(a) we use a processor, in which case we will ensure that the processor complies with this Policy and all relevant data protection legislation;
(b) we are required to do so by law;
(c) we seek an investment or sale in respect of any part of our business or assets (in which case we may confidentially disclose your personal data to the prospective investor/buyer as necessary in accordance with our legitimate interests).
5. PURPOSE LIMITATION
5.1 We will collect and process your personal data only to the extent that it is required in order to provide our services to you or for another specific purpose notified to you or unless we are authorised by law to use the data for limited other purposes.
6. DATA MINIMISATION / STORAGE LIMITATION
6.1 We will not keep more of your personal data than necessary or for longer than necessary to achieve the purpose or purposes for which it was obtained. We will take all reasonable steps to erase from our systems all data which is no longer required.
7.1 We will ensure that your personal data we hold is accurate and up to date. We will take all reasonable steps to amend inaccurate or out-of-date data. Where we collect personal data directly from you, you confirm that all such data is accurate and up to date.
8. INTEGRITY AND CONFIDENTIALITY
8.1 We will take all appropriate technical and organisational measures to prevent unlawful or unauthorised processing of, and accidental loss of or damage to, your personal data.
8.2 We will ensure we put in place adequate procedures and technologies to maintain the security of all personal data from the point of collection to the point of destruction. Personal data will only be transferred to a third-party processor in accordance with equivalent procedures and policies.
8.3 We will maintain data security as follows:
(a) confidentiality - only people who are authorised to use your personal data will have access to it;
(b) integrity - personal data must be accurate and suitable for the purpose for which it is processed;
(c) availability - authorised users will be able to access personal data for authorised purposes; data subjects will be able to access their personal data in accordance with their rights under data protection legislation.
8.4 We will implement appropriate security procedures including suitable password protection for files and equipment, digital security such as firewalls and malware filters, entry controls to premises, lockable cabinets, secure document disposal etc.
9. WHAT PERSONAL DATA DO WE COLLECT AND WHY?
9.1 We will collect personal data from you as required for enabling you to subscribe to and receive our services from time to time. Much of this personal data will be collected directly from you as part of our service provision, e.g.:
- name, age, neighbourhood, hometown (always visible to other users on your profile);
- photos (always visible to other users on your profile);
- Q&A responses (always visible to other users on your profile);
- contact details (optionally shared with matches after your first date);
- gender (always visible to other users on your profile);
- occupation (always visible to other users on your profile);
- education level and institutions (always visible to other users on your profile);
- physical features such as height (always visible to other users on your profile);
- ethnicity, religion (optionally shared with other users on your profile, but always available for filtering of profiles);
- parental status and wishes, political preferences, pet ownership, dietary choices, fitness level (optionally shared with other users on your profile, but always available for filtering of profiles);
- attitudes to alcohol use, smoking, vaping, marijuana and other drug use (optional to answer. When answered, optionally shared with other users on your profile, but always available for filtering of profiles);
- filtering preferences of other users’ profiles and reasons for rejecting other users’ profiles (not visible to other users);
- availability and venue preferences for dates (shared with matches);
- feedback on date venues (may be shared with venues);
- interest in additional dates with matches (shared with your match);
- reporting of other users (reasons for reporting may be shared with other users where appropriate);
Where we collect any additional personal data from a third party e.g. importing photos and personal details with your permission from social media accounts, we will make that clear at the time.
9.2 If you contact us, we will keep a record of that contact including your contact details and any relevant account information.
9.3 In addition to your access details, we will log details of your interactions with us including transactions you carry out through our website or app.
9.4 Our server logs requests for website and app content. By anonymising and analysing this information, we can identify which parts of our services are popular and which are not, helping us to improve the website and app. We analyse non-personal statistical information about matters such as length of interaction, pages/sections visited and other general information. This information is entirely anonymous: we want to know how people in general are using our services, not what anyone in particular is doing.
9.5 We may also analyse anonymised or pseudonymised information in order to investigate and research patterns and trends e.g. in order to improve the accuracy and effectiveness of our services.
9.6 We will hold your personal data on our systems for as long as:
(a) your account remains valid; and/or
(b) we are providing services to you; and/or
(c) is necessary to comply with our legitimate business interests; and/or
(d) is necessary to comply with our legal obligations; and/or
(e) you have indicated you are happy for us to do so
9.7 We may use your personal data:
(a) to carry out our obligations arising from any enquiries or contracts between you and us;
(b) to provide you with information, products or services that you request from us or which we feel may interest you, including changes and updates;
(c) to ensure our services are presented in the most effective manner for you and for your devices;
(d) in accordance with our legitimate business interests and legal obligations.
10 DATA SUBJECTS’ RIGHTS
10.1 We will process your personal data in line with your rights as a data subject, in particular your right to:
(a) access any personal data held about you;
(b) be given certain information concerning how your personal data is obtained and processed (this information is as set out in this Policy);
(c) have your personal data rectified where necessary;
(d) have your personal data erased in certain circumstances (the “right to be forgotten”);
(e) restrict processing of your personal data in certain circumstances;
(f) have your personal data transferred to yourself or another data controller (“data portability”);
(g) object to automated processing of your personal data.
10.2 You may make a formal request for access to any of your personal data which we hold or otherwise process. All such requests will be forwarded to the Data Protection Administrator for a response within the applicable time period.
10.3 We will only disclose personal data we hold once we have verified your identity to ensure personal data is only given to a person who is entitled to it.
10.4 Any complaints about non-compliance with this Policy or data protection legislation should be addressed to our Data Protection Administrator or the Information Commissioner:
Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow Cheshire SK9 5AF
https://ico.org.uk/concerns/ 0303 123 1113.
11. TRANSFERRING PERSONAL DATA TO A COUNTRY OUTSIDE THE EU
11.1 We may transfer personal data we hold to a country outside the UK or EEA (e.g. for storage in a secure cloud storage centre) where one of the following conditions applies:
(a) specific contractual clauses or binding rules are in place;
(b) the data subject has given explicit consent;
(c) the transfer is necessary for certain specified reasons such as: the performance of a contract, for reasons of public interest, for the purpose of a legal claim, to protect the data subject’s vital interests or for the our legitimate interests.
12. CHANGES TO THIS POLICY
12.1 We may change this Policy at any time and you should check for updates from time to time. Any changes will be deemed accepted by your continued use of our services (including our website or app).
13.2 Our website may from time to time contain links to other unrelated sites. This Policy does not apply to those sites nor are we responsible for their content.