GDPR, Website Terms and other legal bits and pieces
We are the data controller which means we decide how your information is used and protected. We take your privacy and our responsibility to protect your information seriously.
Read our Privacy Notice to understand:
- Who we are
- What information we collect about you
- How we use your information
- Who can see your information
- When we share your information
- How we look after your information
- How long we keep your information
- International transfers of your information
- Your rights and choices
Who We are
Endzone.io Ltd t/a HappyPorch is a company registered in Scotland, Company Number 492581, at 272 Bath Street, Glasgow G2 4JR.
You can contact us via:
FAO: HappyPorch, Unit 5395, PO Box 26965, Glasgow, G1 9BW
Email: [email protected]
What information do we collect about you
The information you provide to us might include: your name, first name, postal address, email address, and phone number. Your information includes anything which identifies you so if you provide an email to us under a “Contact” section on our website www.happyporch.com (the “Website”) we will receive personal data information mentioned hereto.
We will not ask you to provide us with any sensitive information such as details about your racial or ethnic origin, political opinions, religious, philosophical or similar beliefs, trade union membership, health, sexual life or orientation.
We collect your information when you:
- interact or correspond with us by post, phone, SMS, email or via our Website;
- attend events we hold or interact with us in person;
- enter into a contract with us; and
- apply to a job vacancy
Information about how you use our Website:
We will also collect certain information about how you use our Website and the devices that you use to access them. This includes your IP address, geographical location, device information (such as your hardware model, mobile network information, unique device identifiers, etc.), browser type, referral source, length of visit to the Website, number of page views, the search queries you make on the Website and similar information. This information is collected by Google Analytics on our behalf using cookies.
Our Website may also include links to third party websites and plugins.
By clicking on those links or enabling these connections you may allow third parties to collect or share your information. We do not control these websites and therefore decline any responsibility for their content and in particular we are not responsible for their privacy policies. Please ensure that you read the privacy policies on any such external websites.
In certain circumstances, we will receive information about you from third parties. For example, if you are a job applicant we may contact your referees to provide information about you.
How we use your information
We use your information lawfully. We do not sell your information to third parties. However, we may share your information as set out in the section ‘When we share your information’.
The details of how we use your information and the legal bases for our use are set out below:
When we have your consent to contact you, we may use your information to:
- keep in contact with you and provide you with marketing communications
- about our news and events;
- tell you about new Website features or services; and
- share your information with affiliates so that they can contact you and offer
- you services that may be of interest to you (for more information, see section ‘When we share your information’).
We will sometimes use your information on the basis of our ‘legitimate business interests’ (our “legitimate interests”). This means, for example, our legitimate interests in conducting and managing our business and our relationship with you.
Where we use your information for our legitimate interests, we make sure that we take into account any potential impact that such use may have on you. Our legitimate interests do not automatically override yours and we will not use your information if we believe your interests should override ours unless we have other grounds to do so (such as your consent or a legal obligation). If you have any concerns about our processing you have rights and choices which include the right to object or rectify (please see the section headed ‘Your rights and choices’).
We may use your information for the purposes listed below on the basis of our legitimate interests:
- to respond to an email that you have sent to us directly or via the Website
- to process any job applications you submit to us;
- to work with our third-party recruitment agency to process any job applications
- you submit to us;
- to carry out aggregated and anonymized research about general engagement
- with our Website in providing the right kind of products and services to our Website users;
- to operate a safe and lawful business or where we have a legal obligation;
- to enable us to comply with our policies and procedures and enforce our legal
- rights, or to protect the rights, property or safety of our employees;
- to analyse your use of our Website and your responses to our communications;
- to personalise, enhance, modify or otherwise improve the services and/or communications that we provide to you;
- to detect and prevent fraud and unauthorised access or illegal activity; and
- to improve security and optimisation of our network sites and services including troubleshooting, testing and software development and support.
Who can see your information
Your information may be processed by our staff or by the staff of third parties we work with to deliver our business. Processing can mean any activity that involves the use of information about someone that can identify them. All uses, for example, obtaining, recording, storing, disclosing, organising, retrieving, deleting and destroying are types of data processing. We take measures to ensure that third parties processing your information on our behalf are acting lawfully in accordance with our instructions and are subject to appropriate confidentiality requirements. We also have adequate technical and organisational safeguards in place in our company and with third party processors to protect your information.
Third party processors of your information include:
- our Website hosts and operators, IT support providers, database operators, site analytics providers and software developers;
- our marketing or publicity services providers;
- our financial services and payment service provider; and
- our auditors, technical consultants and legal advisors.
When we share your information
We share your information within our company, which may include our international team. Where we share your information outside our company you will be asked to consent to a third party sharing your information and if you choose to give your permission any interaction you have with a third party is governed by their privacy terms. The third party becomes a joint data controller of your information with us. This means that the third party can make decisions about how to use your information. Before we share your information we require third parties to enter into a data sharing agreement which stipulates that they must maintain appropriate security to protect your information from unauthorised access, processing or use.
We may share your information with the following third parties:
- selected marketing partners;
- any prospective seller or buyer of businesses or assets, only in the event that we decide to acquire, transfer or sell any business or assets; and
- any other third parties (including legal or other advisors, regulatory authorities, courts and government agencies) where necessary to enable us to enforce our legal rights, or to protect the rights, property or safety of our employees or where such disclosure may be permitted or required by law or where we have a legal obligation to do so.
How we look after your information
We look for opportunities to minimise the amount of personal information we hold about you. Where appropriate we anonymise and pseudonymise your information. We use appropriate technological and operational security measures to protect your information against any unauthorised access or unlawful use, such as:
- ensuring the hosting services we provide meet relevant international standards
- ensuring the physical and digital security of our equipment and devices by
- using appropriate password protection and encryption;
- maintaining a data protection policy for, and delivering data protection training to, our team; and
- limiting access to your personal information to those in our company who need to use it in the course of their work.
How long will we keep your information
We will retain your information for as long as it is necessary to provide you with the services that you have requested from us or for as long as we reasonably require to retain the information for our legitimate interests, such as for the purposes of processing your job application, responding to correspondence, exercising our legal rights, etc.
We operate a data retention policy and look to find ways to reduce the amount of information we hold about you and the length of time that we need to keep it. For example,
- we operate a best practice email retention policy requiring password-protected folders and departmental shared drives to provide restricted access to information;
- deleted emails are auto-deleted periodically;
- we conduct regular access reviews to keep access profiles and policies up to date;
- we maintain a suppression list of email addresses of individuals who no longer wish to be contacted by us. So that we can comply with their wishes we must store this information permanently; and
- we retain CVs and related information from job applicants who have not been successful for a maximum duration of twenty-four (24) months starting from the last contact with the candidates. Once that period is over, we proceed to the deletion of this data.
International Transfers of your information
Our company is registered in the United Kingdom but some of our team are located elsewhere in the European Union and the World. Whenever we transfer your personal information out of the European Economic Area (“EEA”) we will take all steps necessary to ensure that it is adequately protected and processed in accordance with this Privacy Notice by using all appropriate cross-border transfer safeguards such as:
- by entering into the European Commission’s Standard Contractual Clauses with the provider which give personal data the same protection it has in the EEA; and
- where the provider is in the United States, the EU-US Privacy Shield if the provider is part of the EU-US Privacy Shield Framework, or Binding Corporate Rules when applicable.
Please contact us if you would like additional information on the specific means used by us when transferring your personal data outside of the EEA.
Your Rights & Choices
You have different rights, and in particular a right of access, rectification, erasure, restriction and objection to the processing of your information as well as the right to portability.
Your right to object
You have the right to object to our using your information for direct marketing and on the basis of our legitimate interests (refer to section ‘How we use your information’ above to see when we are relying on our legitimate interests). If you want to do this you can contact us using the details in the section ‘Who we are’.
Your right to withdraw consent
The right to withdraw your consent for our use of your information in reliance of your consent (refer to section ‘How we use your information’ to see when we are relying on your consent), which you can do by contacting us using any of the details in the section ‘Who we are’.
Your other rights and choices
You also have other choices and rights in respect of the information that we hold about you, including:
- the right to request access to the information that we hold about you to check that we are acting lawfully;
- the right to receive a copy of any information we hold about you in a structured, commonly used, machine readable format or in another format of your choice;
- the right to request that we transfer your information to another service provider in a structured, commonly used, machine-readable format;
the right to ask us to correct information we hold about you if it is inaccurate or incomplete;
- the right to ask us, in certain circumstances, to delete information we hold about you; and
- the right to ask us, in certain circumstances, to restrict processing of your information.
You may exercise your rights and choices by contacting us using the details above in the ‘Who we are’ section.
Your right to complain
Please contact us if you have any questions or are unhappy about the way your information is used. We hope we will be able to resolve any problems or issues you may have.
You also have the right to lodge a complaint about us and our use of your information to the Information Commissioner’s Office in the United Kingdom (https://ico.org.uk/).
We may make changes to this Privacy Notice from time to time to stay abreast of technological developments, industry practices and regulatory requirements, or for any other reason. Any changes will be directly updated on our Website.
We may monitor your visit to our site
IP addresses and cookies
We may obtain information about your general site usage by using a cookie file which is stored on the hard drive of your computer. Cookies contain information that is transferred to your computer’s hard drive. They help us to improve our site and to deliver a better and more personalised service.
We use Google Tag Manager, Google Analytics and Google Re-captcha on this site, each of these use a number of cookies. These cookies are used to collect information about how visitors use the site. The web development team use the information to compile reports and on occasion to help improve the site. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited. No personally indefinable data is collected.
Our responsibility for loss or damage suffered by you
If you are a business user:
We exclude all implied conditions, warranties, representations or other terms that may apply to our site or any content on it.
We will not be liable to you for any loss or damage, whether in contract, tort (including negligence), breach of statutory duty, or otherwise, even if foreseeable, arising under or in connection with:
- use of, or inability to use, our site; or
- use of or reliance on any content displayed on our site.
In particular, we will not be liable for:
- loss of profits, sales, business, or revenue;
- business interruption;
- loss of anticipated savings;
- loss of business opportunity, goodwill or reputation; or
- any indirect or consequential loss or damage.
Which country’s laws apply to any disputes?
This page was updated on 8 September 2020.