We understand that your privacy is important to you and that you care about how your Personal Data is used. We will only collect and use Personal Data in ways that are described here, and in a way that is consistent with our obligations and your rights under the law.
2. Who we are
Onebite Limited is a company registered in England under company number 08460946. Our registered office is: Georgian House, Lower Ground Floor, 67-71 London Road, Newbury, Berkshire, RG14 1JN
3. What this notice covers
This Privacy Notice explains how we use your Personal Data, how it is collected, how it is held and how it is processed. It also explains your rights relating to your Personal Data.
4. What is Personal Data
Personal data is defined by the General Data Protection Regulation (EU Regulation 2016/679) (the “GDPR”) as ‘any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier’. In simpler terms, any information about you that enables you to be identified.
Personal data covers obvious information such as your name and contact details, but it also covers less obvious information such as identification numbers, electronic location data, and other online identifiers.
5. Your rights
Under the Data Protection Act 1998, you have rights as an individual which you can exercise in relation to the information we hold about you. Further information can be found in our Data Protection Policy which is available on request.
6. What we collect and process
We collect some or all of the following Personal Data (this may vary according to your relationship with us)
- Name and job title
- Date of birth
- Business name
- Payment information
- Contact information including email address
- Demographic information such as postcode, preferences and interests
- IP address
- Cookies and usage data
7. How we use your Personal Data
Under the GDPR, we must always have a lawful basis for using Personal Data. This may be because the data is necessary for our performance of a contract with you, because you have consented to our use of your Personal Data, or because it is in our legitimate business interests to use it. Your Personal Data may be used for one of the following purposes:
- Providing and managing your account.
- Supplying our services to you.
- Personalising and tailoring our services for you.
- Communicating with you. This may include responding to emails or calls from you.
- Supplying you with information by email AND/OR post that you have opted-in to (you may unsubscribe or opt-out at any time by emailing us at GDPR@onebite.co.uk.
- For operation and maintenance purposes our Website and any third-party services may collect files that record interaction with our Website (System Logs) or use for this purpose other Personal Data (such as an IP Address).
- Internal record keeping
- With your permission and/or where permitted by law, we may also use your Personal Data for marketing purposes, which may include contacting you by email AND/OR telephone AND/OR text message AND/OR post with information, news, special offers or other information which we think you may find interesting. You will not be sent any unlawful marketing or spam. We will always work to fully protect your rights and comply with our obligations under the GDPR and the Privacy and Electronic Communications (EC Directive) Regulations 2003, and you will always have the opportunity to opt-out.
- With your permission and/or where permitted by law, we may also use your Personal Data to contact you for market research purposes contacting you by email AND/OR phone AND/OR mail. We may use the information to customise the website according to your interests.
- Website User's Personal Data may be used for legal purposes by the Data Controller, in Court or in the stages leading to possible legal action arising from improper use of our Website or related services.
We are committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified when using our website, then you can be assured that it will only be used in accordance with this privacy statement.
Links to other websites
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
Personal Data is collected through the contact form on our website which is made available for the purposes of contacting us. Personal Data gathered from this form will only be used for the purposes of contacting you and answering your questions, unless you have, or later form, a contractual or service relationship with us.
Job applicants, current and former employees
All of the information you provide during a recruitment process will only be used for the purpose of progressing your application or to fulfil legal or regulatory requirements if necessary.
We will use the contact details you provide to us to contact you to progress your application. We will use the other information you provide to assess your suitability for the role you have applied for.
If we make a conditional offer of employment, we will ask you for information so that we can carry out pre-employment checks. You must successfully complete pre-employment checks to progress to a final offer. We are required to confirm the identity of our staff, their right to work in the United Kingdom and seek assurance as to their trustworthiness, integrity and reliability. If we make a final offer, we will also ask you for the following:
- Bank details – to process salary payments
- Emergency contact details – so we know who to contact in case you have an emergency at work
8. How long we keep your Personal Data
We will not keep your Personal Data for any longer than is necessary in light of the purpose or purposes for which that Personal Data was originally collected, held and processed. When Personal Data is no longer required, all reasonable steps will be taken to erase or otherwise dispose of it without delay. For further information please refer to our Data Retention Policy which is available on request.
9. How and where we store or transfer your Personal Data
All Personal Data we collect is processed by our UK staff. We use storage and processing systems that are hosted in other countries and have verified that our third-party suppliers are GDPR compliant.
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect. For more detail please refer to our Information Security Policy.
Third Party Data Processors
In some circumstances we store personal data in third party applications.
|Hubspot||We use Hubspot as a CRM to record prospective customers, this includes an individual’s name, email and company information. We occasionally use Hubspot to track emails sent to a prospect.
|Campaign Monitor||Campaign Monitor is an email marketing tool we use to deliver emails for onebite marketing campaigns and for our regular newsletter sends. Personal data is stored in Campaign Monitor in the form of email addresses and names and occasionally other campaign specific data if required. Data is stored on servers located in the United States of America but is compliant with GDPR. Campaign Monitor also continues to regularly monitor and audit for compliance.
10. Sharing of your Personal Data
We share your personal information with:
- Business partners, suppliers and sub-contractors for the performance of any contract we enter with you;
- Analytics and search engine providers that assist us in the improvement and optimisation of our site
- If required to do so by law
We will not sell, distribute or lease your personal information to third parties unless we have your permission.
11. Accessing your Personal Data
If you want to know what Personal Data we have about you, you can ask us for details of that Personal Data and for a copy of it (where any such Personal Data is held). This is known as a “subject access request”.
All subject access requests should be made in writing and sent to the email or postal addresses shown below. To make this as easy as possible for you, a Subject Access Request Form is available for you to use. You do not have to use this form, but it is the easiest way to tell us everything we need to know to respond to your request as quickly as possible.
There is not normally any charge for a subject access request. If your request is ‘manifestly unfounded or excessive’ (for example, if you make repetitive requests) a fee may be charged to cover our administrative costs in responding.
12. Contact details
To contact us about anything to do with your Personal Data and data protection, including to make a subject access request, please use the following details:
13. Changes to this Privacy Notice