dig8ital Ltd is strongly committed to protecting users’ privacy. We want you to feel secure that when you deal with dig8ital, your personal data is in good hands. dig8ital complies with the General Data Protection Regulation (GDPR) and all other applicable privacy and data protection laws when dealing with personal data about an identified or identifiable individual (a natural person).
This policy sets out what personal data we will collect, and how we will collect, use, disclose and protect your personal data, in relation to your access and use of our website and our services.
Changes to this policy
We may change this policy by uploading a revised policy onto the website. The change will apply from the date that we upload the revised policy.
This policy was last updated on 22 June 2018.
2. For which purposes and on which legal basis do we use your personal data?
dig8ital uses your personal data only where required for specific purposes. Please see below for a list of the purposes for which dig8ital uses your personal data and the legal basis for each such purpose.
|Managing our contractual relationship with you.||Necessary for the performance of a contract to which you are a party.|
|Operating and managing our business operations.||Justified on the basis of our legitimate interests for ensuring the proper functioning of our business operations.|
|Complying with legal requirements.||Necessary for the compliance with a legal obligation to which we are subject.|
|Monitoring your use of our systems (including monitoring the use of our website and any apps and tools you use).||Justified on the basis of our legitimate interests of avoiding non-compliance and protecting our reputation.|
|Improving the security and functioning of our website, networks and information.||Justified on the basis of our legitimate interests for ensuring that you receive an excellent user experience and our networks and information are secure.|
|Undertaking data analytics, i.e. applying analytics to business operations and data to describe, predict and improve business performance within dig8ital and/or to provide a better user experience. (More details on how we run analytics on our website can be found in our Cookies Policy)||Justified on the basis of our legitimate interests for ensuring the proper functioning of our business operations.|
|Marketing our products and services to you (unless you objected against such processing).||Justified on the basis of our legitimate interests for ensuring that we can conduct and increase our business.|
We will process your personal data for the purposes mentioned above based on your prior consent, to the extent such consent is mandatory under applicable laws.
We will not use your personal data for purposes that are incompatible with the purposes of which you have been informed, unless it is required or authorised by law, or it is in your own vital interest (e.g. in case of a medical emergency) to do so.
3. What personal data do we collect
dig8ital collects personal data in two ways: (1) directly (for example, when you provide personal data to request information about dig8ital or our services, or sign up for a newsletter); and (2) indirectly (for example, through our website's technology).
We may collect and process the following personal data:
- Personal data that you provide by filling in our contact form on our website. This includes registering to use the website, subscribing to services, newsletters and alerts, registering for further information. Pages that collect this type of personal data may provide further information as to why your personal data are needed and how it will be used. It is completely up to you whether you want to provide it.
- If you contact us, we may keep a record of that correspondence.
- We may ask you to complete surveys that we use for research purposes, although you do not have to respond to them.
- Our website collects personal data about your computer, including (where available) your IP address, operating system and browser type, for system administration, to filter traffic, to look up user domains and to report on statistics.
- Details of your visits to our website, the pages you view and resources you access or download, including but not limited to, traffic data, location data, weblogs and other communication data. Please refer to our Cookies Policy for more information.
4. Who do we collect your personal data from
We collect personal data about you from:
- You, when you provide that personal data to us, including via our website and services through any registration process, through any contact with us (e.g. telephone call or email via our contact form).
- Third parties where you have authorised this or the data is publicly available. If possible, we will collect personal data from you directly.
The provision of some personal data is optional. However, if you do not provide us with certain types of personal information, you may be unable to enjoy the full functionality of our website or services.
5. How do we use your personal data
In general, we will only use personal data you provide to us for the purpose for which such information was provided.
We may use your personal data to:
- Verify your identity.
- Provide our website or our services to you.
- Improve our website, your browsing experience and/or the services we provide you.
- Send information or marketing communications to you which we think may be of interest to you.
- Deliver tailored content or advertisements to you.
- Respond to any communications you may send us.
You may opt-out of receiving communications from us by sending an email to: email@example.com. You may also opt out of promotional emails we send by clicking the unsubscribe link included at the bottom of the email.
We may also use your personal data:
- To protect and/or enforce our legal rights and interests, including defending any claim.
- For any other purpose authorised by you, the GDPR or other applicable law.
- To respond to lawful requests by public authorities, including to meet law enforcement requirements.
- To operate our systems properly or to protect either ourselves or our users.
- To transfer your data in the case of a sale, merger, consolidation, liquidation, reorganisation or acquisition.
We use personal data for the purposes described in Section 2, “For which purposes and on which legal basis do we use your personal data” above, as well as to provide you with information you request, and for other purposes which we would describe to you at the point where it is collected.
We analyze your IP and browser information to determine what is most effective about our website, to help us identify ways to improve it and make it more effective.
7. Will we share your personal data with third parties
We may disclose your personal data to:
- Any business that supports our services and products, including any person that hosts or maintains any underlying IT system or data centre that we use to provide the website or other services.
- Our professional advisers e.g. accountants, lawyers, auditors.
- Any other person authorised by the GDPR or other applicable law (e.g. a law enforcement agency, regulatory authority).
- Any other person authorised by you.
- Third parties in connection with a (potential) corporate or commercial transaction.
Such third parties may be located in other countries. Before we do so, we shall take the necessary steps to ensure that your personal data will be given adequate protection as required by relevant data privacy laws and dig8ital’s internal policies.
- Unless you are otherwise notified, any transfers of your personal data from within the European Economic Area (EEA) to third parties outside the EEA will be based on an adequacy decision or are governed by the standard contractual clauses (a copy of which can be obtained through the contact information below). Any other non-EEA related transfers of your personal data, will take place in accordance with the appropriate international data transfer mechanisms and standards.
8. Processing your personal data
For the purposes of the GDPR:
- dig8ital is the data controller (as defined in the GDPR) when processing your personal data.
- A third-party processor is responsible for processing your personal data (as defined in the GDPR) on our behalf. We require our third-party processor to comply with applicable privacy and data protection laws. If we receive any data subject requests relating to your personal data, such as requests to access personal data, we will forward this request to the relevant third party where applicable.
The personal data we may process is described in Section 2 of this policy. The legal basis for our processing of your personal data is your consent and, for certain types of personal data, processing is necessary for the performance of a contract to which you are a party.
Despite the above, we may process any of your personal data where such processing is necessary for compliance with applicable laws. You do not have to provide us with your name or contact information to access and use certain parts of the website. However, you must provide us with your name and contact information to access some of our other services such as downloading resources. The consequence of not providing your name and contact information is that we will not be able to provide all of our services to you.
9. How do we protect your personal data
We will take reasonable steps to keep your personal data safe from loss, unauthorised activity, or other misuse. We implement appropriate technical and organisational measures to ensure a level of security appropriate to risks inherent in processing personal data.
While we take reasonable steps to maintain secure internet connections, if you provide us with personal data over the internet, the provision of that information is at your own risk.
10. Accessing, correcting and removing your personal data
You are entitled (in the circumstances and under the conditions, and subject to the exceptions, set out in applicable law) to:
- Right of access - if you ask us, we will confirm whether we are processing your personal data and provide you with a copy of that personal data.
- Right to rectification - if the personal data we hold about you is inaccurate or incomplete, you have the right to have it rectified or completed. We will take every reasonable step to ensure personal data which is inaccurate is rectified. If we have shared your personal data with any third parties, we will tell them about the rectification where possible.
- Right to erasure - we delete your personal data when it is no longer needed for the purposes for which you provided it. You may request that we delete your personal data and we will do so if deletion does not contravene any applicable laws. If we have shared your personal data with any third parties, we will take reasonable steps to inform those third parties to delete such personal data.
- Right to withdraw consent - if the basis of our processing of your personal data is consent, you can withdraw that consent at any time. You can also opt out of promotional emails we send by clicking the unsubscribe link included at the bottom of the email.
- Right to restrict processing - you may request that we restrict or block the processing of your personal data in certain circumstances. If we have shared your personal data with third parties, we will tell them about this request where possible.
- Right to object to processing - you may request that we stop processing your personal data at any time and we will do so to the extent required by the GDPR.
- Right to data portability - you may obtain your personal data from us that you have consented to give us or that is necessary to perform a contract with you. We will provide this personal data in a commonly used, machine-readable and interoperable format to enable data portability to another data controller. Where technically feasible, and at your request, we will transmit your personal data directly to another data controller.
- The right to complain to a supervisory authority - you can report any concerns you have about our privacy practices to the relevant data protection supervisory authority
If you would like to exercise any of your above rights, please contact us by email. Your email should provide evidence to confirm that you are the individual to whom the personal data relates and set out the details of your request (e.g. the personal data, or the correction, that you are requesting).
If, despite our commitment and efforts to protect your personal data, you believe that your data privacy rights have been violated, we encourage and welcome individuals to come to dig8ital first to seek resolution of any complaint. You have the right at all times to register a complaint directly with the relevant local data protection supervisory authority. You can contact the UK’s Information Commissioner's Office here, or you can contact the European Data Protection Supervisor here.
11. How long will your personal data be retained by us
We will retain your personal data only for as long as is necessary. Personal data is deleted after a reasonable time according to the following retention criteria:
- We retain your data as long as we have an ongoing relationship with you (in particular, if you have an account with us).
- We will only keep the data while your account is active or for as long as needed to provide services to you.
- We retain your data for as long as needed in order to comply with our global legal and contractual obligations.
We will delete your personal data from the servers at an earlier date if you so request, as described in Section 10 “Accessing, correcting and removing your personal data”.
12. International transfer of your personal data
Your personal data may be transferred to, and stored in, a country operating outside the European Economic Area (EEA). Under the GDPR, the transfer of personal data to a country outside the EEA may take place where the European Commission has decided that the country ensures an adequate level of protection. In the absence of an adequacy decision, we may transfer personal information provided appropriate safeguards are in place.
The personal data we collect is processed by the third-party processors set out the table below. Some of the customer account and marketing information we collect is processed by us and/or third party data processors in other countries, including the United States. These countries are not subject to an adequacy decision by the European Commission and instead, in transferring your personal data to these countries, we take other appropriate safeguards as prescribed by the GDPR. We have verified that our data processors in the United States have self-certified under the EU-US Privacy Shield framework.
List of third party processors as at 22 June 2018:
Third party processor: Google, LLC
Purpose: Analytics, Advertising
Location of processor: USA
13. Contact us