Rocketseed (United Kingdom) Limited – Privacy Notice
This Privacy Notice provides details of the personal data we collect from you, what we do with it, how you might access it and who it might be shared with.
We are committed to protecting your privacy. In general, we will ask you when we need information that personally identifies you or allows us to contact you. The amount of personal information you are required to supply will normally be limited to that which is necessary to supply the service or carry out the transaction that you have requested. If other information is requested, it will be labelled as optional.
Our contact information (Data Controller)
Rocketseed (United Kingdom) Limited
11 Southwick Mews
Company Email: email@example.com
What we do with your personal data
We process personal data only for the purpose for which they are collected. The purpose is dependent on whether you use only our website, or additionally, our services. If you use our services, you are required to register, and we collect your personal data. We use this personal data for the provision of the service or the performance of the contract. We may use your personal data for other similar purposes, including marketing and communications, but that will only occur in the case we have your consent or another legal justification for doing so.
From our Customers / Clients we process and retain personal data for the following purposes and periods, with the applicable legal basis.
- The processing of subject data is done for the purpose of contact management, sales and distribution of products and services, as well as for communication and marketing. These steps required prior to a contract with the data subject, and retention of such data for a maximum of six years, or what is required for tax and legal purposes.
From our Contractors we process and retain personal data for the following purposes and periods, with the applicable legal basis.
- Organisation’s administration and management, and these steps are required prior to a contract with the data subject. The data is retained for a maximum of six years, or what is required for tax and legal purposes.
What personal data do we collect?
The personal data we collect depends on whether you just visit our website or use our services. If you visit our website, you do not need to provide us with any personal data. However, your browser transmits some data automatically, such as the date and time of retrieval of one of our web pages, your browser type and settings, your operating system, the last web page you visited, the data transmitted and the access status, and your IP address.
If you use our services, personal data is required to fulfil the requirements of a contractual or service relationship, which may exist between you and our organisation.
- Financial Details
- Identification Number
- Location Information
- Banking Details
- Confidential Correspondence
- Email, Social Networks
- Telephone contact details
Who might we share your personal data with?
To maintain and improve our services, your personal data may need to be shared with or disclosed to service providers, other Controllers or, in some cases, public authorities. We may be mandated to disclose your personal data in response to requests from a court, police services or other regulatory bodies. Where feasible, we will consult with you prior to making such disclosure and, in order to protect your privacy, we will ensure that we will disclose only the minimum amount of your information necessary for the required purpose.
We transfer personal data to the following organisations and countries:
|Data Subject Type||Organisation Name||Type||Country|
|Customers/Clients||Salesforce EMEA Limited||Processor||United Kingdom|
Data storage, unless specifically requested by a client to be on a dedicated server, may be hosted by sub-processors (data centres), which have been assessed having rigorous safety environment, ISO certifications and stringent breach management and prevention procedures.
How do we look after personal data?
We limit the amount of personal data collected only to what is fit for the purpose, as described above. We restrict, secure and control all of our information assets against unauthorised access, damage, loss or destruction; whether physical or electronic. We retain personal data only for as long as is described above, to respond to your requests, or longer if required by law. If we retain your personal data for historical or statistical purposes, we ensure that the personal data cannot be used further. While in our possession, together with your assistance, we try to maintain the accuracy of your personal data.
How can you access your personal data?
You have the right to request access to any of your personal data we may hold. If any of that information is incorrect, you may request that we correct it. If we are improperly using your information, you may request that we stop using it or even delete it completely.
If you would like to make a request to see what personal data of yours we might hold, you may make a request from our company website or complete this data rights request form.
Where you have previously given your consent to process your personal data, you also have the right to request that we port or transfer your personal data to a different service provider or to yourself, if you so wish.
Where it may have been necessary to get your consent to use your personal data, at any moment, you have the right to withdraw that consent. If you withdraw your consent, we will cease using your personal data without affecting the lawfulness of processing based on consent before your withdrawal.
Rocketseed does not make use of “cookies” except to compile aggregated statistics about web site usage. A cookie is a text file that is placed on your hard disk by a web page server. Cookies cannot be used to run programs or deliver viruses to your computer. Cookies are uniquely assigned to you or your computer and can only be read by a web server in the domain that issued the cookie to you.
While they are only used for internal tracking purposes, you have the ability to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer.
In our regular mailings, we use technology to help track interest in our features, to help us improve our service and the content we share with our subscribers.
Recipients of our newsletters have had to express a legitimate interest and has either;
- Opted in to receive newsletters, or;
- Established a clear business relationship or interest by being a customer
Our newsletter servers, which are hosted in USA, are covered by Standard Contractual Clauses (SCCs), to ensure appropriate safeguards for the purposes of transfers of personal data. SCCs apply to UK controllers and processors as recommended by the ICO. They are no longer covered by the Privacy Shield framework (see below).
UK and EU
The transition of the UK out of the EU added another dimension to the questions regarding safe data transfer. The new UK-GDPR and amended Data Protection Act 2018 took effect on January 31, 2020, which greatly overlaps with the European GDPR, but changed to accommodate domestic areas of law.
Certain areas expanded upon by the UK-GDPR are National Security, Intelligence Services and Immigration, but overall, it automatically recognises all EU countries as adequate, along with all existing EU adequacy decisions. For instance, on July 16, 2020, the European Court of Justice invalidated the Privacy Shield on the grounds that the framework did not guarantee an adequate level of data protection as defined under the GDPR, and consequently, this was adopted and applies within the UK-GDPR also.
However, after December 31, 2020, the only governing body and authority regarding data privacy in the UK, will be the Information Commissioner’s Office (ICO) and the Secretary of State with power to determine or revoke adequacy decisions on behalf of the UK-GDPR (even bypassing the consultation of the ICO if need be).
Similar to the European GDPR, the UK-GDPR has extraterritorial reach necessitating any website or company anywhere in the world, collecting or processing personal data of individuals inside the UK, to comply with the UK-GDPR.
Our supervisory authority
You have the right to lodge a complaint with any Supervisory Authority. See our Supervisory Authority contact details below.
Information Commissioner’s Office
Water Lane, Wycliffe House
Wilmslow – Cheshire SK9 5AF
+44 1625 545 745