Privacy Policy
1 Introduction
1.1 Me & You Productions Limited (the “Company”, “we”, “us” or “our”) respects your privacy and is committed to treating any information that we obtain about you with as much care as possible and in a manner that is compliant with all applicable data protection legislation. This includes the UK UK GDPR, (being the EU General Data Protection Regulation 2016/679 retained in UK law under the European Union (Withdrawal) Act 2018 ) (the “UK UK GDPR”), the Data Protection Act 2018, and any other applicable laws relating to the protection of personal data (collectively, “Data Protection Legislation”).
1.2 This document (the “policy”) is our Data Promise to you. Please read it carefully. Among other things, it explains:
1.2.1 what personal data we may collect about you in connection with: (i) providing you with our services; (ii) your online interaction with us (including via our website(s), email or social media channels); (iii) our in-person interactions with you and (iv) any other channels related or ancillary to the foregoing (collectively, the “Channels”);
1.2.2 how we collect, store, disclose, transfer, protect and otherwise process that information and for what purposes; and
1.2.3 other important information, such as the lawful bases by which we process your personal data, how long we might retain your personal data, and the rights you may have in relation to personal data we hold about you.
1.3 In this policy, terms defined in the UK GDPR, including “data subject”, “personal data”, and “processing”, have the same meaning when used in this policy. The words “include”, “including”, “such as” and similar words and phrases shall be construed to mean “including without limitation”.
1.5 This policy is intended to be communicated to you in a concise, transparent, intelligible and easily accessible manner, but we appreciate that you may have queries or want to seek clarification as to its terms. If so, please email [email protected] and we will endeavour to respond as soon as possible.
1.6 The Company reserves the right to make changes to this policy in order to reflect any changes in Data Protection Legislation and best practice from time to time. The Company will endeavour to notify you of such changes but you are advised to check for an updated version of this policy at www.meandyouproductions.co.uk each time you interact with us through the Channels.
2 The personal data we process
2.1 We collect personal data about you through the Channels when you:
2.1.1 access and use our websites (including by way of cookies – please refer to paragraph 11 below for more information);
2.1.2 contact us (whether in writing, by email, by telephone or otherwise); or
2.1.3 otherwise interact with us through the Channels.
2.2 We do not process:
2.2.1 any special categories of personal data (including details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data);
2.2.2 any information about criminal convictions and offences; or
2.2.3 any information about children under the age of 13,
and you should not provide us with any such information through any of the Channels.
3 The purposes for which we process your personal data
3.1 We use the personal data referred to in paragraph 2 above for the purposes of (if and as applicable):
3.1.1 personalising content on the Channels;
3.1.2 sending you promotional and marketing materials, notifications, updates and exclusive news;
3.1.3 providing you with access to our products and fulfilling orders and requests;
3.1.4 internal training and other internal uses to improve our services and customer experience (including improving our marketing and promotional efforts, analysing Channel usage statistics, improving content and product offerings and customising the content and layout of our stores and online websites); and
3.1.5 responding to any correspondence from you including enquiries, comments, complaints and technical problems.
3.2 We may process your personal data for the purposes set out in paragraph 3.1 ourselves or in
conjunction with our third party service providers in accordance with paragraph 6.
4 The lawful bases by which we process your personal data
4.1 Your consent
By accepting the terms of this policy, you give the Company your express, freely given consent to process any of your personal data in accordance with the terms of this policy. You may withdraw your consent given under this paragraph (in whole or in part) at any time by
contacting [email protected] can also unsubscribe from different types of emails by following the unsubscribe link displayed at the bottom of each email. The withdrawal of your consent shall not affect the lawfulness of processing based on consent before withdrawal or the lawfulness of processing based on other lawful grounds as set out below.
4.2 Other lawful grounds
Without prejudice to the consent given by you under paragraph 4.1 above, the Company may process your personal data in any circumstances where such processing is necessary:
4.2.1 in order to perform any agreement between us (including pursuant to our Terms of Use or for us to fulfil an order placed by you);
4.2.2 to comply with any applicable law or regulation; or
4.2.3 for the purposes of the legitimate interests pursued by us or third parties. These legitimate interests include the purposes identified above in paragraph 3.1 but also include other general commercial interests and our internal administrative purposes.
5 What if you refuse to provide us with any personal data?
5.1 Where we need to collect personal data by law, or under the terms of an agreement we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with products or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.
5.2 Whilst we may be able to provide you with certain products and services notwithstanding your refusal to submit personal data, this may limit your ability to participate in some activities or features or your use of certain online services.
5.3 We may lawfully obtain information from third parties or public sources and we may process that information where it is an essential component of the products and services we offer you.
6 Sharing information with affiliates and third parties
6.1 We will not share any of your personal data with third parties except as set out in this paragraph 6 or otherwise notified to you or agreed between you and us from time to time.
6.2 We may share personal data with our group companies and partnered companies (together, “Affiliates”) in order to provide our goods and services to you and for the other purposes outlined in this policy.
6.3 From time to time, we will also need to share personal data with the following types of third party service providers who we engage to provide services which facilitate our business and who may need to process your personal data to the extent necessary to provide those
services: 1
6.3.1 email service providers;
6.3.2 web analytics services such as Google analytics;
6.3.3 integration platform providers;
1
6.3.4 other third parties approved by you, such as social media sites which you link to your account (if and when we offer that feature) or share content via or third parties who administer any competitions or surveys on our behalf which you voluntarily partake in; and
6.3.5 any similar or replacement third parties from time to time.
6.4 We seek to ensure that any third party engaged by us who processes your personal data has policies and procedures in place to ensure compliance with the Data Protection Legislation.
For any third parties that are based, or process data, overseas, we only engage such third parties in accordance with paragraph 7. Unless otherwise disclosed to you from time to time, we will remain the data controller in respect of your personal data notwithstanding that third parties may be engaged as data processors.
6.5 We may share your personal information with third parties where we are required to do so by law or regulation (such as in connection with an investigation of fraud or other legal enquiry) or in connection with other legal proceedings (including where we believe that your actions
violate applicable laws, our Terms of Use, or any usage guidelines for specific products or services, or threaten the rights, property, or safety of our Company, our users, or others.
7 International transfers of personal data
7.1 As we operate globally, it may be necessary to transfer your information internationally. In particular your information may be transferred to and/or stored on the servers of our Affiliates or other third parties identified in paragraph 6 which are based outside of the UK.
7.2 However, we will not transfer your personal data outside of the UK unless:
7.2.1 such transfer is to a country or jurisdiction which the UK Secretary of State has approved as having an adequate level of protection;
7.2.2 appropriate safeguards are in place as set out in Article 46 UK GDPR or equivalent provisions of subsequent Data Protection Legislation; or
7.2.3 the transfer is otherwise allowed by applicable Data Protection Legislation (such asin the form of a derogation under Article 49 UK GDPR).
8 Your rights as a data subject
Subject to any conditions or requirements set out in the relevant Data Protection Legislation, you
may have some or all of the following rights in relation to the personal data we hold about you:
8.1 the right to request a copy of your personal data held by us;
8.2 the right to correct any inaccurate or incomplete personal data held by us. You can amend any personal data which cannot be modified online, by emailing us at
[email protected];
8.3 the right to request that we erase the personal data we hold about you;
8.4 the right to request that we restrict the processing of your data;
8.5 the right to have your personal data transferred to another organisation;
8.6 the right to object to certain types of processing of your personal data by us; and
8.7 the right to complain (please see paragraph 12 of this policy).
If you would like to exercise or see if you can exercise any such right please email us at
[email protected]
9 Storage and retention of your personal data
9.1 As a minimum, we will store your data for as long as is reasonably necessary to provide you
with the goods and services that you have requested from us, but in most cases we will retain certain of your personal data for as long as is reasonably necessary taking into consideration factors such as:
9.1.1 our need to perform any agreements between you and us (including order fulfilment);
9.1.2 our need to answer any queries or resolve any problems you may have;
9.1.3 your continued consent to receive marketing and other emails and communications from us;
9.1.4 our continued provision of our services to you; and
9.1.5 our need to comply with legal requirements (e.g. relating to record keeping).
9.2 If you tell us that you would like to delete your account, we will take steps to delete all the personal data we hold about you once it is no longer necessary for us to hold it (e.g. to fulfil any outstanding orders, resolve disputes, or as is permitted by applicable law or regulation).
9.3 For as long as we do store your data, the Company follows generally accepted industry standards and maintains reasonable safeguards to attempt to ensure the security, integrity, and privacy of the information you have provided. The Company has security measures in place designed to protect against the loss, misuse, and alteration of the information under our control. Personal data collected by the Company is stored in secure operating environments that are not available to the public. The Company maintains information behind a firewall-protected server.
9.4 Notwithstanding our efforts to keep your personal data secure, no system can be 100% reliable. To the fullest extent permitted by law, we cannot be held liable for any loss you may suffer if a third party procures unauthorised access to any data you provide through the Channels. In addition, you are responsible for maintaining the strength and confidentiality of your login credentials.
9.5 We will notify you as soon as reasonably practicable if we have reason to believe that there has been a personal data breach by us (or your personal data held by us) which could adversely affect your rights and freedoms.
10 Links to Third Parties
10.1 Our website may link or redirect to other websites that are beyond our control. Such links or redirections are not endorsements of such websites or representation of our affiliation with them in any way and such third party websites are outside the scope of this policy.
10.2 If you access such third party websites, please ensure that you are satisfied with their respective privacy policies before you provide them with any personal data. We cannot be held responsible for the activities, privacy policies or levels of privacy compliance of any website operated by any third party.
11 Cookies
11.1 A cookie is a small file of letters and numbers stored on your browser or the hard drive of your computer. Cookies contain information that is transferred to your computer’s hard drive.
1.1 Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a better experience when you browse our website and also allows us to improve our website.
1.2 Some data collected by cookies is collected on an anonymous and/or aggregated basis. We do not currently use any cookies that collect personal data. If we start to use cookies that contain personal data, we will only process that personal data as set out in this policy.
1.3 Our websites may use some or all of the following cookies:
1.3.1 Strictly necessary cookies. These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website, use a shopping cart or make use of e-billing services.
1.3.2 Analytical/performance cookies. These allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.
1.3.3 Functionality cookies. These are used to recognise you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
1.3.4 Targeting cookies. These cookies record your visit to our website, the pages you have visited and the links you have followed. We will use this information to make our website and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose.
1.4 Please note third parties (including, for example, advertising networks and providers of external services like web traffic analysis services) may also use cookies, over which we have no control. These cookies are likely to be analytical/performance cookies or targeting cookies.
1.5 Your browser may give you the ability to block all or some cookies by activating a setting in your browser’s options. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our website.
1.6 Except for essential cookies, all cookies will remain unless the cookie cache is cleared (unless
otherwise indicated in the table above).
2 Questions and complaints
2.1 For all questions or complaints about this policy, we would appreciate the chance to deal with your concerns before you approach the relevant data protection authority. Please contact us in the first instance via email at [email protected] or write to Data Protection Officer, Me & You Productions Ltd., 39 Long Acre, London, WC2E 9LG.If you are not located in the European Union, please indicate that in your email or letter.
2.2 You have the right to make a complaint at any time to the relevant supervisory authority for data protection issues, which in the UK is the Information Commissioner’s Office (ICO)
(www.ico.org.uk).