We Are Ghost Limited (we) are committed to protecting and respecting your privacy.
For the purpose of the Data Protection Act 1998, the General Data Protection Regulation, and any replacement or amending legislation of that legislation (altogether referred to as the “Legislation”), the data controller We Are Ghost Limited, a company registered in England and Wales under company number 07591303, with its registered office at 25 Bridge Street, Burton on Trent, Staffordshire DE14 1SY
If you have any questions or comments on the information contained in this document, please contact the Director, Kirsty Clarke using the address details given in section 8 below.
1. Personal data we collect from you
Over the course of your interaction with us via our website (www.weareghost.com) we will collect and process the following categories of data about you:
(a) Personal data you give us. This is data about you that you give us by filling in forms on the Site. It includes:
- your name, address and telephone and email contact details;
- your marketing preferences (if any).
You can access and alter the personal data that you give us in this way at any time via the links given on any emails that we may send or on the functionalities available on the Site.
We do not require, and you should not send to us, special categories of (sensitive) personal data, such data being that which reveals sensitive information about you, such as your racial or ethnic origin, your political or religious beliefs, your health or other special categories of personal data. Any such sensitive personal data that we receive will be disposed of as soon as it is discovered.
(b) Personal data we collect about you. This is data that we collect automatically about your visit during your time on the Site, or otherwise through your interaction with the Site. This data helps us to provide you with a good experience when you browse the Site, including more targeted advertising on the Site, and also to indicate where the Site might require improvement. It typically involves technical information, such as:
- IP address;
- browser preferences and settings;
- details of how you navigate to and around the Site; and
We collect this personal data using small data files called “cookies”.
(c) Personal data we receive from other sources. This is data that we receive about you from third parties, such as business partners, providers of technical services (e.g. analytics) or sub‑contractors.
Our business partners that may send us personal data about you include the following:
- email marketing services are provided by Campaign Monitor Pty Limited; and
- tracking and analytics services are provided by Facebook, twitter, instagram and Google.
2. Uses made of the personal data
All personal data about you that we collect or receive, whether of a personal or technical nature, may be used by us in the following ways:
- To carry out our obligations arising under any contracts entered into between you and us and to provide you with the information and services that you request from us;
- To contact you, based on the preferences you have selected, regarding information, promotions. Such contact will only be made by email from which you can opt out at any time;
- To notify you about changes to our services;
- To administer the Site and the delivery of our products and services, and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
- To improve the Site to ensure that content is presented in the most effective manner for you and for your computer;
- To allow you to participate in interactive features of our service, when you choose to do so;
- As part of our efforts to keep the Site safe and secure;
- To disclose to our business partners, sub-contractors and other third parties who have a legitimate interest to use your personal data (see section 4 below);
- To measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you;
- To comply with any legal obligations to which we may be subject (e.g. disclosure of suspected fraudulent or other criminal activity); and
- To comply with our record keeping and information storage obligations and policy (please see section 5 below for more details).
Your data will most often be accessed and used by our staff, who are appropriately trained in how to handle personal data correctly and securely. Only those staff whose job require access to your data will be granted such access, which shall be limited to that which is strictly necessary for the purposes of that role.
Occasionally, as stated above, selected third parties may also have access to some of your data in order to provide specific services to us as also identified above. These third parties will only have access to such data that is strictly necessary for the purposes of the service in question and are bound by legal and contractual data protection obligations.
3. Lawful basis for use
Under the Legislation, we can only process personal data where there is a lawful basis for doing so. These bases are set out in the Legislation. Of relevance to us are the following:
- Where it is necessary to use the personal data in order to perform a contract with you. This covers our use and disclosure of your payment and contact details in order to deliver a product to you that you have ordered.
- Where it is necessary to use the personal data in order to comply with a legal obligation (e.g. the detection and prevention of crime or for reporting to HMRC).
- Where the use of the personal data is necessary for our legitimate interests or the legitimate interests of a third party, provided that there is not a good reason for that particular data to remain protected that overrides such interest. This covers our use of certain of your personal data in relation to the delivery, monitoring and administering of the Site and the monitoring of the effectiveness of our advertising; and
- Where you have consented to such use. This covers our use of your personal data to deliver advertising and other promotional or marketing material to you. Please note that you may withdraw your consent at any time.
4. Disclosure of your personal data
Pursuant to one of the lawful bases set out in section 3 above, we may share your personal data with the following third parties:
- Analytics and search engine providers that assist us in the improvement and optimisation of the Site (e.g. Google – see section 1(c) above).
In such circumstances, we will only share the minimum personal data necessary to achieve the purpose and only on terms that ensure the security and confidentiality of that data, and which comply with the Legislation generally.
Save for as set out above, we will not disclose any of your personal data to third parties without your consent, except that we may:
- In the event that we sell or buy any business or assets, disclose your anonymised personal data to the prospective seller or buyer of such business or assets;
- In the event that we, or substantially all of our assets, are acquired by a third party, transfer the personal data held by us about our customers to the buyer as one of the transferred assets;
- Disclose or share your personal data in order to protect our rights, property or safety, or those of our customers or others.
All third parties to whom we may disclose personal data are legally and contractually obliged to comply with the Legislation, to keep that personal data confidential and only to use such it as we may direct.
No disclosure or transfer of your personal data will be to persons or entities outside of the European Economic Area (EEA), or to countries that are not recognised by the European Commission (or similar body) as providing as adequate a level of protection of personal data in line with the Legislation as those countries within the EEA, without your prior consent.
5. Where we store your personal data
We take appropriate technical and organisational measures in accordance with standard practice within the industry to protect your personal data, including (without limitation):
- Installing a secure firewall;
- Using anti-virus protection software;
- Encrypting data; and
- Carrying out regular back-ups.
Unfortunately, the transmission of information via the internet can never be completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to the Site at all times, and any transmission is at your own risk. Once we have received your data, we will use strict procedures and security features to try to prevent unauthorised access.
Should we suffer a data breach (i.e. unauthorised access to, or loss or corruption of, personal data), and that data breach is likely to result in a high risk of harm to your rights and freedoms, we will inform you and/or the Information Commissioner’s Office without delay, and in any event within 72 hours of becoming aware of it.
6. Your rights
You have the following rights under the Legislation in respect of your personal data – please contact us or see the website of the Information Commissioner’s Office (https://ico.org.uk) for more information on any of these rights and how they apply to your personal data:
- The right to be informed about the collection and use of your personal data;
- The right of access to your personal data to verify the legality of our use of it;
- The right to request that inaccurate or incomplete personal data about you is rectified;
- The right to request the deletion or removal of your personal data where there is no further reason for us to use it (such as you have withdrawn your consent or have not bought anything from us for over 3 years
- The right to restrict our use of your personal data in certain circumstances;.
- The right to obtain and reuse the personal data that we have about you for your own purposes;
- The right to object to certain uses (such as for marketing purposes); and
- The right not to be subject to a decision that has a legal effect on you that has been based on an automated decision.
Should you wish to exercise any of these rights, you may do so at any time by writing to us at the address given in section 8 below. We will endeavour to respond to you as quickly as possible, and in any event within one month.
If you feel that your rights have been breached in any way, you should contact the Director at the address given below, or lodge an official complaint with the Information Commissioner’s Office.
The Site may contain links to and from the websites of third parties, which may or may not be affiliated with us. If you follow a link to any of these websites, please note that these websites will have their own privacy policies and that we do not accept any responsibility or liability for personal data collected and processed by these third parties. You should check the privacy policies of these websites before you submit any personal data via them.