This policy applies to you and us EverBio a trading style of EverBio Ltd of 128 City Road, London, United Kingdom, EC1V 2NX, (hereinafter “EverBio”, "EverBio" or "we" or “us”) regardless of the country in which you reside or are located.
This policy describes our privacy practices in plain language, keeping legal and technical jargon to a minimum, to ensure that you understand what information we collect, why we collect it, how it is used and what choices you have about your information.
What is personal data?
Personal Data is
information by which you can be directly or indirectly identified
("Personal Data"). This generally includes information such as
your name, address, email address and telephone number; however, it may
also include other information such as your IP address or preferences
and interests.
What is processing?
"Processing" means
any operation or set of operations which is performed upon personal
data, whether or not by automatic means. The term is broad and covers
virtually any handling of data.
What is the applicable data protection law?
As a
UK based Company we are bound to follow the UK's Data Protection Act
(“DPA”). Since we are however a company that operates globally we have
also adopted the principles set out in the EU's General Data
Protection Regulation (“GDPR”). Given the similarity of both provisions
no conflict should arise, but if it does we will follow the most
stringent provision in order to ensure the highest data protection
standard available.
Who is the supervisory authority?
The Information
Commissioner's Office (ICO) provides advice and information for
individuals about protecting personal information. They also enforce
federal privacy laws and are the for us relevant data protection
authority. You can find the ICO's contact details on their website
at www.ico.org.uk.
What are the legal bases of processing personal data?
The legal bases for processing are listed below and at least one
of these must apply whenever we process personal data:
What are your rights?You have the following rights with respect to us processing your personal data:
Unless we have been provided with your personal data by you: Any available information about its origin if available: the existence of automated decision-making and information about the logic involved, the scope and the intended effects of the processing.
Right to restriction of processing
You have a
right to restriction of processing, provided that
Right to erasure
You have a right to erasure
if
Provision of the website and creation of log files
The legal basis for the processing of your personal data in the
context of the provision of the website and the creation of log files is
our legitimate interest. The temporary storage of your personal data by
us is necessary to enable delivery of the website to your computer or
device. For this purpose, your personal data must be stored for the
duration of the session. The storage of your personal data in log files
is done to ensure the functionality of the website. In addition, we use
your personal data to optimise the website and to ensure the security of
our information technology systems. Your personal data is not processed
in any other way.
Your personal data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. In the case of the collection of your personal data for the provision of the website, this is given as soon as you have left the website. In the case of storage of your personal data in log files, these are deleted after 7 days at the latest. If the data is stored beyond this period, your personal data will be anonymised so that it can no longer be assigned. The collection of your personal data for the provision of the website and the storage of your personal data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility for you to object.
Use of technically necessary cookies
The legal
basis for the processing of your personal data in the context of the use
of technically necessary cookies is our legitimate interest. The use of
technically necessary cookies serves to simplify the use of our website
for you. Some functions of our website cannot be offered without the use
of cookies. For these, it is necessary that your internet browser is
recognised even after a page change. Your personal data will not be
processed in any other way.
Your personal data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected; this is particularly the case when you leave the website. Cookies are stored on your computer or device in the case of permission and are transmitted from this to our website. Therefore, you have full control over the use of cookies. By changing the settings in your Internet browser, you can disable or restrict the transmission of cookies. You can delete cookies that have already been stored at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website in full.
To learn more about cookies please visit All About Cookies and to learn more about the cookies we use please refer to our Cookie Policy.
Influencer Account registration
The legal basis
for the processing of your personal data in the context of influencer
account registration is the performance of a contract. Your registration
enables in particular the conclusion of contracts as well as the
maintenance of our business relationship. We collect data when you
create or update your account and this may include your name, email,
phone number, login name and password, payment, marketing or banking
information. The processing of your personal data within the scope of
registration is therefore necessary for the fulfilment of a contract or
the implementation of pre-contractual measures as well as the successful
maintenance of our relationship.
If you sign up to join our influencer program, we collect some information to allow you to join our network such data may include email, personal information, payment details and social network information. The information helps us and our merchants to evaluate influencer background and potential, along with process specific activities and contact details if needed. This is done in our legitimate interests i.e. interest in the economic operation of our services, and was designed to provide a medium of financial support by means of which advertising fees can be earned through the placement of advertisements and links to our influencer network.
Your personal data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. This is the case at the latest in the event of the termination of your customer account. You have the option to cancel your customer account registration at any time. In this case, your personal data will be deleted unless legal retention periods prevent deletion.
Processing of data
We collect, process and use
personal data only to the extent that it is necessary for the
establishment, content or amendment of the legal relationship. This is
done on the basis of a contract or pre-contractual measures. We collect,
process and use personal data about the use of our Internet pages only
insofar as this is necessary to enable the user to use the service or to
bill the user.
The collected customer data is deleted after completion of the order or termination of the business relationship. Legal retention periods remain unaffected.
Commercial and business services
We process data
of our contractual and business partners, e.g. influencers and
interested parties in the context of contractual and comparable legal
relationships as well as related measures and in the context of
communication. We process this data to fulfil our contractual
obligations, to secure our rights and for the purposes of the
administrative tasks associated with this information as well as for
business organisation.
We only disclose the data of the contractual partners to third parties within the scope of the applicable law to the extent that this is necessary for the aforementioned purposes or for the fulfilment of legal obligations or with the consent of the contractual partners (e.g. to participating telecommunications, transport and other auxiliary services as well as subcontractors, banks, tax and legal advisors, payment service providers or tax authorities).
We inform the contractual partners which data is required for the aforementioned purposes before or in the course of data collection, e.g. in online forms, by means of special labelling (e.g. colours) or symbols (e.g. asterisks or similar), or in person.
Unless otherwise specified the purposes of processing are Contractual performance and service, contact requests and communication, office and organisational procedures, administration and response to requests, visit action evaluation, interest-based and behavioural marketing, profiling (creating profiles of users). And, the
Legal bases are Contractual performance and pre-contractual enquiries, Legal obligation, and our Legitimate interests.
Agency services
We process the data of our
customers within the scope of our contractual services, which include
conceptual and strategic marketing, campaign planning, software and
design development/consulting or maintenance, implementation of
marketing campaigns and processes/handling, administration, data
analysis/consulting services and training services. In doing so, we
process inventory data, contact data, content data, contract data,
payment data, usage data and metadata (e.g., in the context of
evaluating and measuring the success of marketing measures). As a matter
of principle, we do not process special categories of personal data,
unless these are components of commissioned processing. Data subjects
include our customers, prospective customers as well as their customers,
users, website visitors or employees as well as third parties. The
purpose of the processing is the provision of contractual services,
billing and our customer service. The legal basis for the processing
results from contractual services, analysis, statistics, optimisation,
security measures. We process data that is necessary for the
justification and fulfilment of contractual services and point out the
necessity of their disclosure. We delete the data after the expiry of
statutory warranty and comparable obligations.
Administration, financial accounting, office organisation, contact
management
We process data within the scope of administrative tasks as well
as organisation of our business, financial accounting and compliance
with legal obligations, such as archiving. In doing so, we process the
same data that we process in the course of providing our contractual
services. The processing bases are a legal obligation and our legitimate
interest. Customers, interested parties, business partners and website
visitors are affected by the processing. The purpose and our interest in
the processing lies in the administration, financial accounting, office
organisation, archiving of data, i.e. tasks that serve the maintenance
of our business activities, performance of our tasks and provision of
our services. The deletion of data with regard to contractual services
and contractual communication corresponds to the information mentioned
in these processing activities.
In this context, we disclose or transmit data to the tax authorities, consultants such as tax advisors or auditors as well as other fee offices and payment service providers.
Furthermore, we store information on suppliers, organisers and other business partners on the basis of our business interests, e.g. for the purpose of contacting them at a later date. This data, most of which is company-related, is stored permanently.
Contact
When contacting us (e.g. via contact form,
e-mail, telephone or social media), the user's details are processed
for the purpose of handling the contact request and its processing. The
user's details may be stored in a customer relationship management
system ("CRM system") or comparable enquiry organisation.
We delete the enquiries if they are no longer necessary. We review the necessity every two years; furthermore, the legal archiving obligations apply.
Cooperation with processors and third parties
If,
in the course of our processing, we disclose data to other persons and
companies transmit it to them or otherwise grant them access to the
data, this will only be done on the basis of a legal permission, you
have consented, a legal obligation provides for this or on the basis of
our legitimate interests (e.g. when using agents, web hosts, etc.).
Direct marketing
The legal basis for the
processing of your personal data in the context of direct marketing
measures is either your consent or our legitimate interest in marketing
and promoting our courses and services. The purpose of processing your
personal data in the context of direct marketing measures is to send
information, offers and, if applicable, to promote sales.
Your personal data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected; this is the case in particular upon receipt of the revocation or objection. You can revoke your consent at any time for the future or object to the processing of your personal data in the context of direct marketing measures at any time for the future.
Our partners may also include influencers on social media. We have no influence or control over the data collected and processed by the relevant influencer when you are being redirected and you can learn more about data processing at the relevant influencers privacy policy and or the relevant social media platform.\ \
When you send a data subject access request
The
legal basis for the processing of your personal data in the context of
handling your data subject access request is our legal obligation and
the legal basis for the subsequent documentation of the data subject
access request is both our legitimate interest and our legal obligation.
The purpose of processing your personal data in the context of
processing data when you send a data subject access request is to
respond to your request. The subsequent documentation of the data
subject access request serves to fulfil the legally required
accountability.
Your personal data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. In the case of the processing of a data subject access request, this is three years after the end of the respective process. You have the possibility at any time to object to the processing of your personal data in the context of the processing of a data subject access request for the future. In this case, however, we will not be able to further process your request. The documentation of the legally compliant processing of the respective data subject access request is mandatory. Consequently, there is no possibility for you to object.
Legal defence and enforcement of our rights
The
legal basis for the processing of your personal data in the context of
legal defence and enforcement of our rights is our legitimate interest.
The purpose of processing your personal data in the context of legal
defence and enforcement of our rights is the defence against unjustified
claims and the legal enforcement and assertion of claims and rights.
Your personal data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. The processing of your personal data in the context of legal defence and enforcement is mandatory for legal defence and enforcement of our rights. Consequently, there is no possibility for you to object.
SSL or TLS encryption
For security reasons and to
protect the transmission of confidential content, such as orders or
enquiries that you send to us as the site operator, this site uses SSL
or TLS encryption. You can recognise an encrypted connection by the fact
that the address line of the browser changes from "http\://"
to "https\://" and by the lock symbol in your browser line. If
SSL or TLS encryption is activated, the data you transmit to us cannot
be read by third parties.
Children Data
Our website is not intended for
children and we do not knowingly collect data relating to children. If
you become aware that your Child has provided us with Personal Data,
without parental consent, please contact us and we take the necessary
steps to remove that information from our server.
Accuracy
It is important that the data we hold
about you is accurate and current, therefore please keep us informed of
any changes to your personal data.
Security measures
For security reasons and to
protect the transmission of content, that you send to us, this site uses
SSL or TLS encryption. You can recognise an encrypted connection by the
fact that the address line of the browser changes from
"http\://" to "https\://" and by the lock symbol in
your browser line. If SSL or TLS encryption is activated, the data you
transmit to us cannot be read by third parties.
Obligation to provide personal data
You are not
obliged to provide us with personal data. However, depending on the
individual case, the provision of certain personal data may be necessary
for the provision of the above services. If you do not provide us with
this personal data, we may not be able to provide the service.
Do Not Sell My Personal Information
We do not sell
information that directly identifies you, like your name, address or
phone records.
Hosting
The services for hosting and displaying
the website are partly provided by our service provider as part of
processing on our behalf. Unless otherwise explained in this privacy
policy, all access data and all data collected in forms provided for
this purpose on this website are processed on their servers. If you have
any questions about our service providers and the basis of our
relationship with them, please contact us.
Content Delivery Network
For the purpose of a
shorter loading time, we use a so-called Content Delivery Network
("CDN") for some offers. With this service, content, e.g.
large media files, are delivered via regionally distributed servers of
external CDN service providers. Therefore, access data is processed on
the servers of the service providers. Our service providers work for us
within the framework of order processing. If you have any questions
about our service providers and the basis of our cooperation with them,
please contact us.
Changes and Questions
We reserve the right to
change the privacy policy in order to adapt it to changed legal
situations or in the event of changes to the service and data
processing. However, this only applies with regard to Data Subject
Access Requests. Insofar as user consent is required or components of
the privacy policy contain provisions of the contractual relationship
with the users, the changes will only be made with the consent of the
users. Users are requested to inform themselves regularly about the
content of the privacy policy. If you have any questions about how we
handle your personal data, please get in touch.
