This Privacy Policy applies to the information and data that Green Arrow Consultancy Ltd who's registered office is Sophia House, 28 Cathedral Road, Cardiff, CF11 9LJ, Wales, UK collects when you use our website or our products and services.
Summary
This policy applies to:
The purpose of this Privacy Policy is to let you know how we collect, use, store, share, retain, transfer, and process your Personal Information. This policy also describes your choices and rights with respect to your Personal Information and how to exercise those rights. “Personal Information” is any information relating to an identified or identifiable individual.
We may amend this policy from time to time. We encourage you to review this policy periodically, as changes will be posted on this page. If we make any material changes to this policy we will provide a prominent notice. If you do not agree with this policy, you should not use our website, products or services.
This Policy covers:
What Personal Information We Collect.
We collect various types of information depending on how you interact with us and what products or services you use.
Personal Information you provide to us
If you fill out a form on our website that requires contact information such as signing up for a newsletter, submitting a request for information or products and services we will collect and process that information to provide you with the communication, products or services. These types of Personal Information may include your name, email address, company name, job title, your physical address, payment and billing information.
Personal Information collected when you visit our website
When you use our website, we may automatically collect Personal Information such as IP address, user - agent information (which is automatically sent by your web browser and may include device type) and information collected by cookies and other similar technologies. Our Cookie policy can be found at https://greenarrowconsultancy.com/cookie-policy
Personal Information collected when you use our products or services
When you use our products and services, we collect other types of Personal Information. These types of Personal Information include:
We may also collect usage data regarding your use of our products and services and this data may contain Personal Information.
We also collect payment and billing information when you register for the use of our products and services. For example, we may ask you to provide a billing address for your account and payment information. We use this information solely to process payments and deliver our products and services.
Unless otherwise noted in this policy, we act as the “controller” of personal data that we collect and process.
How We Collect Information
We collect Personal Information from you when you visit our website or use our products and services. Some of this information is provided by you and some is collected automatically.
How We Use Your Information. We process your personal information for the following purposes:
The Legal Basis for Collecting and Processing Information. We use the following legal bases for collecting Personal Information:
How We Share Information
We share Personal Information with our affiliates and partners, as needed to provide our services. We share Personal Information with service providers such as accountants, payment processing companies, and other vendors we use to operate our website and provide our products and services.
Our vendors and service providers are not permitted to use your personal information for any other purpose than to provide contracted services. Vendors are not permitted to use your personal information for their own marketing, and are not allowed to share your information for marketing purposes.
We may share personal information in response to a legal summons or subpoena, or if required by law enforcement agencies.
How Long We Retain Your Information
How long we keep Personal Information that we have collected depends on the type of information and the purpose for which it was collected. After a reasonable period of time or the completion of the purpose for which it was collected, we will either delete or anonymize personal information.
We retain Personal Information where we have an ongoing legitimate business purpose to do so, for example to resolve disputes or to comply with ongoing legal obligations.
We retain your personal information for as long as it is needed to provide our services to you and to fulfill our legal obligations and for a reasonable period of time after such services are completed.
Cookies and Other Tracking Technologies
Cookies are small files stored on your web browser when you visit our website. Some cookies last only as long as you remain on the website; others, called “persistent cookies” may be stored for longer periods of time. These cookies can make browsing easier by storing your password or your preferences regarding how you use the website. Cookies collect information such as the IP address of your computer, your browser settings, and information about how you use the website. Your general location may be estimated from your IP address. Some cookies track users’ activity on our website, apps, and services in order to deliver personalized advertising to you on this and other websites.
If you would like to opt out of cookies, you may change the settings on your web browser to reject or delete cookies. You may also find more information about cookies, including how to opt out of interest-based advertising, at www.cookiesandyou.com.
Your Rights Regarding Access to and Control over Personal Information.
If you reside in the EU/EEA, you may have the following rights with regard to your personal information:
If you wish to exercise any of these rights please submit a request via privacy@greearrowconsulty.com
We may charge a reasonable fee if your request is not valid under applicable law, repetitive or excessive. We may also request additional information from you in order to verify your identity before processing your request.
These rights may be available only to EEA residents, or to all users
Information for California Residents
The California Consumer Privacy Act (CCPA) applies to information collected from California residents. Residents of California have the following rights with regard to their personal information:
The Right to Know and Access Information
The categories of personal information we collect is described above in the section
entitled “ The Information We Collect”. California residents may submit a verifiable
request regarding the information collected, the types of sources from which personal
Information is collected, the purposes for which information is collected, and the specific
personal information collected about them.
The Right to Have Personal Information Deleted
The Right To Portability
California residents may request a copy of their personal information in a format that can be transferred to another person or entity.
The Right to Non-Discrimination
We may not discriminate against you if you exercise your privacy rights.
You may be asked for more information in order for us to verify your identity when you make a request. You may exercise your rights by contact us at privacy@greenarrowconsultancy.com.
We do not sell Personal Information to third parties (pursuant to California Civil Code Sections 1798.100-1798.99, also known as the California Consumer Privacy Act of 2018
The sections above “What Personal Information We Collect” lists the categories of Personal Information we have collected in the preceding 12 months.
International Data Transfers
Personal Information may be transferred from users residing in the European Union to our servers, partners, or vendors located in the United States and other non-EU countries where there may not be an adequacy opinion issued with respect to that country. We have taken appropriate safeguards to ensure that Personal Information remains protected wherever it is transferred. When we transfer Personal Information of individuals in the European Economic Area (“EEA”), Switzerland or the United Kingdom (“UK”) to the US, we make use of the Standard Contractual Clauses and the UK Addendum as well as additional safeguards where appropriate.
Security
We take all reasonable steps to protect the information we receive from you from accidental or unlawful destruction, loss, alteration, and unauthorized disclosure or access. We have put in place appropriate physical, technical, and administrative measures to safeguard and secure your information, but no security measures are perfect; the risk of a data breach is possible.
Personal data is encrypted during transmission.
Personal information is encrypted at rest at our data centers.
Employees are given access to users’ personal information only on a “need to know” basis.
All employees are required to receive training on information security.
All employees with access to personal information are subject to background checks.
All employees with access to personal information are required to sign a binding confidentiality agreement.
Before sharing personal information with our vendors, we make sure they have implemented security procedures to protect your data. Our vendors and partners are not permitted to use or share your information for any purpose other than to provide the services for which they have been contracted.
Children’s Privacy
We do not knowingly collect or solicit personal information from children under age 13 without parental consent, unless permitted by law. If we become aware that we have collected personal information from children under the age of 13 without parental consent (or as permitted by law), we will delete it. If you believe that a child may have provided us with personal information without such parental consent, please contact us.
California consumers: We will not sell the information of California consumers who are 16 years old or younger unless we have prior parental authorization. If a California consumer is under the age of 13,a parent or guardian must consent to the sale of such minor’s personal information. If the California consumer is between the ages of 13 and 16 years old, the minor may consent on an opt-in basis to the sale of their personal information. Our sites directed toward children will ask for age verification and will require appropriate consent.
EU residents: We do not collect or process personal information of data subjects in the EU under the age of 16 without explicit consent from a parent or guardian. Our sites directed toward children will ask for age verification and will require appropriate consent.
Sensitive Information
Unless specifically requested, we ask that you not send us, and you not disclose on or through our websites or otherwise to us sensitive personal Information unless specifically requested by us or required by law.
If you would like to correct or update your personal information, or request access to or deletion of your personal information, you may contact us at the email below. Please note that we are obligated to verify your identity before we provide personal information. If you request a change to or deletion of your personal information, please note that we may still need to retain certain information for recordkeeping purposes and/or to complete any transactions that you began prior to requesting such change or deletion. Some of your information may also remain in our systems and other records where necessary for compliance with applicable law.
Contact Us
If you have any questions about this privacy policy, or if you want to exercise your privacy rights as outlined above, please contact us at:
info@greenarrowconsultancy.com
Green Arrow Consultancy Ltd
Sophia House,
28 Cathedral Road,
Cardiff, CF11 9LJ
Wales, UK
Designated Data Protection Officer: Darren Tyler (Director of Green Arrow Consultancy Ltd