5: When we will share your personal data
We will share your personal data with the following third parties for the reasons stated below:
Selected third party suppliers / contractors. A full list of our approved suppliers is available on the AF interactive website – www.afinteractive.co.uk. If you ask us to provide a quotation for goods / services or you ask us to order goods / services on your behalf we may pass your data to the supplier for the reasons stated below. We will only pass your address and contact data onto a third party supplier if you have asked us to provide goods / services and we have a data processing contract in place with the supplier to ensure they protect your data or we have reviewed the privacy policy of the supplier to ensure they are aware of their data protection obligations.
o Address and contact information may be passed to a third party supplier when obtaining a quotation on your behalf in order for the supplier to provide an accurate delivery charge quotation or to enable the supplier to contact you directly to discuss the quotation.
o Delivery address and contact information will be provided to a supplier when placing an order for goods / services so they can process the order, deliver the goods / provide the services and invoice us accordingly.
Redshelf Ltd T/A InTouch Systems, 36 Hurricane Way, Norwich, Norfolk, NR6 6HU for back up and disaster recovery purposes.
Campaign Monitor Pty Ltd, Level 38, 201 Elizabeth Street, Sydney NSW 2000, Australia for email marketing purposes.
Txtlocal Limited, IMImobile, 5 St. John’s Lane, Farringdon, London, England, EC1M 4BH for text marketing purposes.
We may pass customer information to credit reference agencies, for example Creditsafe, in order to verify your identity and assess your credit score to ensure you are able to meet your obligations to us under a contract.
Your personal data may be shared between the AF Group of companies and its’ employees in order to facilitate the management and administration of your account.
Where we pass your personal information to our selected third party suppliers, we will only provide the information that is necessary to deliver the goods / service or perform the obligations in a contract. Where possible, we have a data processing contract in place with our suppliers that requires them to keep your information secure and not to use it for their own direct marketing purposes. Where the supplier acts as a data controller and is unable to sign the contract, we will review the supplier’s privacy policy annually to ensure they are aware of their data protection obligations. AF will never sell your personal data or pass it to any other third parties without your consent.
We reserve the right to disclose or share your personal data in order to comply with any legal requirements, enforce the terms and conditions in our contract, or any other agreement we enter into with you, or to protect the rights, property, or safety of our business and other members, suppliers and contractors. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
6: Where we store your personal data
All of the personal data that you provide to us is stored on our secure servers located at our head office. We use our best endeavours to ensure that your data is held securely and in accordance with this privacy policy.
Offsite backups are securely held by InTouch Systems as part of our disaster recovery plan, to ensure that we can get back up and running quickly in the event of a disaster.
We upload a small amount of personal data, namely email addresses, to Campaign Monitor in order to provide email marketing services. This data may be stored or transferred outside of the European Economic Area (EEA). We have additional EU Standard Contractual Clauses in place with Campaign Monitor to protect this data.
Due to the global nature of some of our third party suppliers, the data that we provide to a third party supplier may be transferred to, and stored at, a destination outside of the EEA in order to process your order. By submitting your personal data to us, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy. Where we have a data processing contract in place with our suppliers, the contract ensures that if your data is transferred outside of the EEA, the supplier will take the steps below to ensure that;
There are appropriate safeguards in place in relation to the transfer of any personal data outside of the EEA.
You have enforceable rights and effective legal remedies.
There is an adequate level of protection to any personal data that is transferred outside of the EEA.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data when it is being transmitted to us. Any transmission is at your own risk. Once we have received your information, we will use strict safeguarding procedures and security features to try to prevent any unauthorised access to your personal data.
7: How long we retain your personal data for
Call recordings will be retained for a maximum of six months.
We will hold personal data and bank account details for the duration of your membership.
Transactional data including invoices will be held for at least the minimum amount of time that we are legally required to hold it for.