Data Privacy Notice – Effective Date - 25/05/18
In this Data Privacy Notice ("Privacy Notice") we explain how we collect and use your personal information that we obtain when you use our services, visit or use our websites or mobile applications or otherwise interact with us in the European Economic Area ("EEA"), how we share your information and the steps we take to protect your information.
1. Who we are and the application of this Privacy Notice
This Privacy Notice applies to Supersonicz Limited ("SFL", "we", "our"; or "us"). We are committed to the privacy and security of your Personal Data (as defined in section 2 below). This Privacy Notice describes how we collect and use Personal Data, in accordance with applicable law and our standards of ethical conduct.
Supersonicz Limited at Pall Mall Court 61-67 King Street Manchester Lancashire M2 4PD, will be the "data controller" in relation to any Personal Data provided to us directly in person, or via email, phone, and post or via the following website: http://www.supersonicz.co.uk (the "Website"). This means that SFL is responsible for deciding how it will hold and use Personal Data about you. Data Protection Officer can be contacted:
Piccadilly House
49 Piccadilly
Manchester
M1 2AP
United Kingdom
Attn.: Data Protection Officer
By using or navigating the Website or any product or service offered by us (collectively, the "Services"), you acknowledge that you have read, understand and agree to be bound by this Privacy Notice. You should not provide us with any of your information if you do not agree with the terms of this Privacy Notice.
We encourage you to review and check the Website regularly for any updates to this Privacy Notice. We will publish the updated version on the Website and by continuing to deal with us, you accept this Privacy Notice as it applies from time to time.
2. Data Protection principles
"Personal Data" means any information that enables us to identify you or the beneficiary of your transaction with us, directly or indirectly, such as name, email, address, telephone number, any form of identification number or one or more factors specific to you or your beneficiary's physical, physiological, mental, economic, cultural or social identity.
We are committed to complying with applicable data protection laws and will make sure that Personal Data is:
- Used lawfully, fairly and in a transparent way;
- Collected only for valid purposes that we have explained to you clearly and not used in any way that is incompatible with those purposes;
- Relevant to the purposes we have told you about and limited only to those purposes;
- Accurate and kept up to date;
- Kept only as long as necessary for the purposes we have told you about; and
- Kept securely.
3. What Personal Data do we collect and how do we collect it?
Personal Data you give us. We may collect Personal Data when you give it to us, including when you indicate that you would like to receive any of our Services, when you register with us, when you complete forms online, when you speak to us over the telephone, when you speak to us in person, when you write to us and when you visit the Website. We will also collect details of transactions you carry out through the Website and of the fulfillment of such transactions.
The types of Personal Data we collect will depend on the products or services you have requested from us. Any Personal Data collected is necessary for us to perform a contract and without such data we may not provide the desired Services.
We may collect and process the following Personal Data:
- Personal details, such as data which may identify you and/or the beneficiary of your transaction with us. This may include name, title, residential and/or business address, email, telephone and/or fax numbers and other contact data, date of birth, sex, images, signature, passport/visa details;
- Financial details, such as data relating to you and your beneficiary's payment data and bank account obtained for the purposes of money transfers; and/or
- Additional details requested by law enforcement or requested pursuant to our compliance procedures in connection with efforts to prevent money laundering, terrorist financing and criminal activity, such as relationship to the beneficiary of the transaction, the purpose of the transaction and proof of funds.
Cookies and similar technologies. When you use our Website or mobile apps we collect information via cookies and similar technologies, including the IP address of visitors, browser type and version, time zone setting, screen resolution settings, browser plug-in types and versions, operating system and platform. We may use this data for the following purposes:
- To measure the use of our Website and Services, including number of visits, average time spent on a Website, pages viewed, page interaction data (such as scrolling, clicks, and mouse-overs) etc., and to improve the content we offer;
- To administer the Website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes; and
- As part of our efforts to keep the Website safe and secure;
Due to their core role of enhancing or enabling usability or site processes, disabling cookies may prevent you from using certain parts of our Website. It will also mean that some features on our Website will not function if you do not allow cookies.
4. How we use your Personal Data?
We use Personal Data and other data you provide to us only for the following purposes permitted by applicable laws:
- • When necessary for the performance of a contract with you: we may use your data on the basis of our need to perform our obligations under a contract with you, to complete your transactions or other requests made by you, to respond to and process your queries or requests, or to contact you as necessary in connection with our performance of a contract with you. For example, if you enter into a contract for our remittance services, your data will necessarily be shared with the payment service provider that will pay out funds to your designated beneficiary in the remittance destination country, it may be shared with our agents and/or contractors to facilitate the refund of a qualifying payment order to you, and it may be used if we find it necessary to contact you in connection with our contract.
- We may use your data to comply with legal requirements and/or regulations specific to our business. For example, when you contract with us for remittance services, we are required to perform a certain level of due diligence prescribed by law and/or commensurate with any assessed risk which may result in the reporting of your data to legal and/or regulatory authorities and/or a request from us for additional information from you to assist in our risk assessment and/or to satisfy our compliance obligations.
- When you have provided your consent for the processing: if you have consented and you have not withdrawn your consent, we may contact you with marketing communications in relation to our Services or the services and products of SFL Companies (see Section 10 Direct Marketing, below).
- When necessary in the pursuit of a legitimate interest of SFL: if you provide information to us online or transact with us online, we may use your data to improve the content of our Website and Services in order to enhance your experience. We may use data, such as IP addresses and anonymous demographic data, to tailor your experiences with our Services by showing content in which we think you will be interested and displaying content according to your preferences. We may use aggregate data for a variety of purposes, including analysing user behaviour and characteristics in order to measure interest in (and use of) the various portions and areas of our Services. We also may use the data collected to evaluate and improve our Services and analyse traffic to our Services.
If in the future we use your Personal Data in the pursuit of our legitimate interest, we will strive to align our interests with yours such that under no circumstances will your data be used except as consented to by you or as otherwise permitted by applicable laws.
In some circumstances we may anonymise your Personal Data so that it can no longer be associated with you, in which case we may use such data without further notice to you.
5. Is data collected shared with third parties?
SFL Companies
We may share your personal data with other SFL Companies in order to enable or facilitate us to provide you with any of the Services you have requested, where you have asked us to do so, to provide the Services to you outside of normal UK business hours and, where you have consented and not withdrawn your consent, for the SFL Companies' direct marketing purposes.
Third-party service providers
We may share your Personal Data with the following third-party service providers to manage, enable or facilitate certain aspects of the Services (including the maintenance of our servers and processing or fulfilling orders for transactions):
- Compliance verification service providers
- Financial services providers, such as banks (Some of which are based outside the EEA)
- Credit control or debt collection agencies
We have safeguards in place with such third-party service providers requiring them to protect your personal data. To obtain a copy of the relevant safeguard measures please contact the Supersonicz Limited Data Protection Officer as indicated in Section 1 above.
Corporate process
We may transfer your Personal Data to a third party as a result of a sale, acquisition, merger or reorganization involving SFL, a company within the SFL Group, or any of their respective assets. In these circumstances, we will take reasonably appropriate steps to make sure that your information is properly protected.
Legal and regulatory
We may also disclose your Personal Data in special cases if required to do so by law enforcement agencies, law, court order, or other governmental authority, or when we believe in good faith that disclosing this data is otherwise necessary or advisable, such as to identify, contact, or bring legal action against someone who may be causing injury to–or interfering with–; the rights or property of SFL, the Services, another user, or anyone else that could be harmed by such activities (for example, identify theft or fraud).
Sharing Personal Data outside the United Kingdom
The nature of our products and Services means that we may need to share your Personal Data with recipients based in countries outside of the United Kingdom, including in the EEA and outside the EEA. The countries to which we may need to send your information would normally be obvious to you based on your requested transaction. As explained above, we may share your personal data within the SFL Group, which may involve transferring your data outside the EEA. Where we do so, we will ensure a similar level of protection to that afforded in the EEA; for example, on the basis the relevant recipient country has been deemed by the European Commission to provide an "adequate" level of protection for Personal Data or by contractual provisions that seek to ensure a level of protection and safeguarding of Personal Data.
If our use of third-party service providers involves sharing your Personal Data outside the EEA, we will make sure the service provider provides safeguards and assurances regarding the protection of your Personal Data.
6. How long is Personal Data retained?
Personal Data is used for different purposes and is subject to different standards and regulations. In general, Personal Data is retained for as long as necessary to provide you with the Services you request, to comply with applicable legal, accounting or reporting requirements and to make sure that you have a reasonable opportunity to access the Personal Data.
To determine the appropriate retention period for Personal Data, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorised use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements. For example:
- Legal and Regulatory Requirements. SFL shall retain Personal Data and transactional data for those periods required to comply with all retention and reporting obligations under applicable laws, including without limitation commercial, tax and anti-money laundering laws and regulations. Generally, this retention period will be a minimum of five years from the date of your transaction or the date our business relationship with you is terminated.
- Customer Service (administration of customer relationship, complaint handling, etc.). SFL may process and retain your Personal Data for as long as we have an on-going relationship with you. Once our relationship has ended (for example because the Services have been delivered and paid for in full, or you have exercised your right to withdraw from the contract), we will, subject to any retention requirements under applicable laws, erase or anonymise your Personal Data.
- Personal Data provided to us for marketing purposes may be retained until you opt out or until SFL becomes aware that any such data is inaccurate.
You may obtain a copy of our Retention Policy by contacting our Data Protection Officer.
7. Is correspondence that you send to us saved?
Yes. If you send us correspondence, including emails and faxes, we may retain such data along with any records of your account. We may also retain customer service correspondence and other correspondence involving you, us and any SFL Group company, our partners, and our suppliers. We will retain these records in line with our Retention Policy.
8. Data Security
We are committed to maintaining the security of your Personal Data and have measures in place to protect against the loss, misuse, and alteration of the data under our control.
We employ modern and secure techniques to protect our systems from intrusion by unauthorised individuals, and we upgrade our security regularly as better methods become available.
Our data centers and those of our partners utilise state-of-the-art physical security measures to prevent unauthorised access to the facility. In addition, all Personal Data is stored in a secure location behind firewalls and other sophisticated security systems with limited (need-to-know) administrative access.
All SFL employees who have access to, or are associated with, the processing of Personal Data, are contractually obliged to respect the confidentiality of your data and abide by the privacy standards we have established.
Please be aware that no security measures are perfect or impenetrable. Therefore, although we use industry standard practices to protect your privacy, we cannot (and do not) guarantee the absolute security of Personal Data.
9. Does this Privacy Notice apply to other websites?
No. Our Website may contain links to other internet websites. By clicking on a third-party advertising banner or certain other links, you will be redirected to such third-party websites.
We are not responsible for the privacy policies of other websites or services. You should make sure that you read and understand any applicable third-party privacy policies, and you should direct any questions or concerns to the relevant third-party administrators or webmasters before providing any Personal Data.
10. Direct marketing
With your consent, SFL or a SFL Company may sometimes contact you (by email, SMS text, letter or phone) in order to provide targeted marketing about our Services. Such marketing communications will only be sent to you if you gave your consent (when you registered for our Services or at another point) and you have not withdrawn such consent or if there is another legitimate basis to send such communications to you.
All marketing emails you receive from us will include specific instructions on how to unsubscribe and you may unsubscribe at any time.
Additionally, you can unsubscribe from marketing by contacting us by a method described in Section 13 of this Privacy Notice.
You should note that we are opposed to third-party spam mail activities and do not participate in such mailings, nor do we release or authorise the use of customer data to third parties for such purposes.
11. What are my data protection rights?
Subject to verification of your identity, you may request access to and have the opportunity to update and amend your Personal Data. You may also exercise any other rights you enjoy under applicable data protection laws. Please use the contact details in Section 13 of this Privacy Notice.
"Data Subjects" have the right to:
- Request access to any Personal Data we hold about them as well as related data, including the purposes for processing the Personal Data, the recipients or categories of recipients with whom the Personal Data has been shared, where possible, the period for which the Personal Data will be stored, the source of the Personal Data, and the existence of any automated decision making;
- Obtain without undue delay the rectification of any inaccurate Personal Data we hold about them;
- Request that Personal Data held about them is deleted provided the Personal Data is not required by us, a SFL Company for compliance with a legal obligation under applicable law or for the establishment, exercise or defence of a legal claim;
- Under certain circumstances, prevent or restrict processing of your Personal Data, except to the extent processing is required for the establishment, exercise or defence of legal claims; and
- Under certain circumstances, request transfer of Personal Data directly to a third party where this is technically feasible.
Also, where you believe that SFL has not complied with its obligations under this Privacy Notice or the applicable law, you have the right to make a complaint to a relevant Data Protection Authority or through the courts. Although not required, we would encourage you to let us know about any complaint you might have, and we will respond in line with our Complaints Procedure
(see Section 12 of this Privacy Notice).
12. Privacy-related complaints procedure
Where you believe that we have not complied with our obligations under this Privacy Notice, or the applicable law, you have the right to make a complaint to a Data Protection Authority or through the courts.
Although not required, we would encourage you to let us know about any privacy-related complaint you might have, and we will respond in line with our complaint’s procedure–our contact details are set out below.
Privacy-related complaints or concerns can be lodged with our privacy team:
49 Piccadilly
Manchester
M1 2AP
United Kingdom
Attn.: Data Protection Officer
SFL employees are required to direct any privacy-related complaints or concerns to our privacy team.
SFL will aim to send an acknowledgement within 10 days of receipt of the complaint/concern.
SFL will conduct an investigation in accordance with relevant laws and will aim to respond substantively within 28 days of receipt of the complaint/concern.
If further time is required to investigate your complaint/concern, SFL will write to you within 28 days of receiving the complaint/concern, informing you of the investigation timeline which will be no longer than an additional two months for the complaints procedure to be concluded.
In the case of a rejection of the complaint, SFL will provide you with a written explanation for the rejection.
If the complaint/concern is considered justified, SFL will take reasonable steps to try to address the complaint/concern to your reasonable satisfaction.
If you are not satisfied with the reply/outcome, or otherwise with the handling of the complaint, you have the right to lodge a claim before a relevant Data Protection Authority or the courts. In the United Kingdom the Data Protection Authority is the Information Commissioner's Office (website: https://ico.org.uk/for-the-public/ and telephone: 0303 123 1113).
For all other complaints or concerns about our Services that are unrelated to privacy, please contact our Customer Service Team on
13. Contact us
If you have any questions or concerns about this Privacy Notice or SFL's data practices, please contact our privacy team:
49 Piccadilly
Manchester
M1 2AP
United Kingdom
Attn.: Data Protection Officer
Any complaints will be handled in line with our complaints procedure as set out in Section 12 of this Privacy Notice.