Wiper & True Limited
Data Controller
Document Version 1.1
Data Audit: 1 July 2024
ICO REGISTRATION NO: ZB 566424
C O R P O R A T E
R E S P O N S I B I L I T Y:-
MICHAEL WIPER
Data Protection Manager
ONLINE PRIVACY NOTICE WIPER & TRUE LIMITED
_____________________________________________
Registered Member of the GDPR Check & Verify Register
<a href="http://www.gdprcheckandverify.com
www.gdprcheckandverify.com
<a href="http://www.gdprcheckandverify.com
dir="ltr">1 Company Contact Details
1.1 Wiper & True Limited 2-8 York Street, St. Werburghs, Bristol. BS2 9XT hereinafter referred to as ‘the Company’, We, Us and Our.
1.2 Our email address is: privacy@wiperandtrue.com
1.3 Our contact telephone number is: 0117 941 2501
1.4 We are a Data Controller under the provisions of the UK GDPR and the Data Protection Act 2018 and have registered with the UK Information Commissioners office:
ICO Registration Number: ZB 566424
2 Status of key personnel
2.1 We have designated Mr Michael Wiper as Data Protection Manager for the business.
2.2 We are not required to formally designate a Data Protection Officer (DPO) Because we are not engaged in any of the following activities:
2.2.1 We are not a public authority.
2.2.2 We are not an organisation that carries out the regular and systematic monitoring of individuals on a large scale.
2.2.3 We are not an organisation that carries out the large scale processing of special categories of data, such as health records, or information about criminal convictions.
3 Introduction and Overview
3.1 The Company is committed to the highest standards of information security and treats confidentiality and data security extremely seriously.
3.2 We have robust information security management systems in place to protect your personal data and have implemented appropriate technical and organisational security measures to protect it against any unauthorised or unlawful processing and against any accidental loss, destruction, or damage.
3.3 Pursuant to the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA) the Company must:
3.3.1 use technical or organisational measures to ensure personal data is kept secure, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage;
3.3.2 implement appropriate technical and organisational measures to demonstrate that it has considered and integrated data compliance measures into the Company’s data processing activities; and be able to demonstrate that it has used or implemented such measures and complied with the data protection principles.
3.3.3 The Company maintains records of its own actions and our interactions with other Data Controllers and our Data Processors to ensure we can suitably demonstrate adherence to the data protection principles. Specifically, we ensure data is processed:
(a) Fairly, Lawfully and Transparently.
(b) for limited purposes.
(c) in a manner which is adequate, relevant and not excessive.
(d) in a manner which is accurate and not kept for longer than necessary. (e) in accordance with the prescribed rights.
(f) for no longer than necessary.
(g) in a manner which is secure and not transferred to countries outside the UK, without appropriate safeguards.
(h) in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
3.4 This Online Privacy Notice is a precis of our written policies held at our business premises. 4 Scope of this Privacy Notice
4.1 This Privacy Notice applies to Personal Data we process when you visit or use our website. Further Privacy Policy statements and documents may apply offline and these are available, if relevant, on request.
4.2 We are committed to protecting your personal data privacy and, in accordance with relevant data protection laws, we uphold strict security procedures for the collection, storage, use and disclosure of your personal information.
4.3 We have described below the personal information we may gather about you, the purposes we will hold it for and the limited categories of people to whom we may disclose it.
5 What information do we collect and how do we use it?
5.1 During your visit to our site, we will only collect personal information that you choose to provide. If, for example, you contact us with an enquiry or request us to provide you with further information.
5.2 If you share other people’s data with us, for example if you refer business to us on behalf of another, you will need to check you have lawful authority to do so. E.G. The other party has consented to you providing us with their information. In such a case you are responsible for ensuring the transmission to us of the information is lawful and we may ask you for documentary evidence of this.
6 Consequences of failing to provide Personal Data
6.1 In general if you fail or refuse to provide us with your Personal Data we will not be able to deal with your enquiry or do business with you. The following explains the consequences for each Lawful Basis of processing.
(a) Consent: It is your decision to provide your information by consent. We protect your data as described in this document but we cannot proceed with an enquiry without, for example your contact details to receive a reply.
(b) Contract: We cannot contract with you for goods or services in business unless you provide us with, at least some of your details. We adhere to the principle of Data Minimisation and only collect enough data to complete the task at hand.
(c) Legal Obligation: If we have a legal obligation to process your data, failure to provide the necessary information may have adverse consequences for you. If this is the case we will tell you.
(d) Public Task: If we are required to process your personal data in the public interest or the exercise of official authority we will inform you. Failure to provide data under these circumstances will mean we cannot include you in the processing activity.
(e) Vital Interests: If data processing is required to protect the vital interests of a natural person then it is likely we will be in possession of the data before the need arises. If you have not provided us with your data this situation cannot apply to you.
(f) Legitimate Interests: Where data processing occurs and has been deemed to be in our legitimate interests this will be based on a written assessment of need. There is usually no need for the data subject to provide their data for this purpose, although you do have the right to object to its use under certain circumstances but you usually must provide some identification data to make such an objection.
7 Using your data
7.1 We may use the information you provide us with in the following ways.
(a) To administer any account you have with us.
(b) To perform our contractual obligations to you.
(c) To respond to your queries and requests.
(d) To communicate with you.
(e) To ensure that the content of our site is presented in the most effective manner. (f) To provide you with any information, products and/or services requested from us.
(g) To provide you with helpful information about our products or services. (h) To make improvements to the service we provide you.
(i) We also reserve the right to disclose your personal information where we are required to do so by law, such as to assist in any disputes, claims or investigations relating to your account or contracts with us and to detect and prevent fraudulent transactions.
(j) E-mail correspondence with us via our website and email addresses accessible through or obtained from this site may be recorded and/or monitored.
8 How do we store and protect your data?
8.1 Data we receive and process is held by us in secure electronic devices and separate back up devices and servers.
8.2 Personal Data may also be held in encrypted 3rd party ‘Cloud’ Servers.
8.3 Further encrypted back ups of data may be held securely in offsite locations which are also subject to physical security at their location.
8.4 We will not sell, rent or otherwise disclose the personal information you provide to us through the site to third parties (other than as listed below) unless we are required to do so by law.
8.5 The Main Establishment for all of our Data Processing is the UK. We do not generally operate or transfer Personal Data outside of the United Kingdom.
8.6 Due to the operation of the Internet and other computer based applications Personal Data under our control may transit countries outside of the UK.
8.7 We will only transfer data outside the UK if adequate safeguards are in place in the destination country.
8.8 Where Personal Data is transferred to a third country or an international organisation we will ensure that an adequacy decision or similar authority exists between the UK and the relevant country or area.
8.9 Where no adequacy decision exists and we rely on the provisions of Standard Contractual Clauses or Binding Corporate Rules evidence of the safeguards provided thereby will be available upon request.
9 Types and Categories of Personal Data
9.1 Identity data: name, username, title, date of birth. Contact data: billing and delivery address, email address, phone number.
9.2 Financial data: payment card details (processed by a third-party payment services provider and not stored by us).
9.3 Transaction data: details of products purchased, amounts, dates etc.
9.4 Technical data: IP address, login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform based on your Cookie preference choices.
9.5 Profile data: username and password, purchases or orders made by users. 9.6 Usage data: information about how users use our website, products and services.
9.7 Marketing and communications data: record of Website users preferences in receiving marketing from us about the products we sell.
10 Personal Data under our control.
10.1 The following is a chart of the personal data under our control.
Personal Data
Lawful
Base(s)
Types of Data
Retention
Period
Data Sharing
Prospective and existing Customers providing their personal
information either Online or Offline including Social Media, telephone and by written means to ourselves or third parties to request information regarding our available products and services
Consent
Identity Data
Marketing Data
Communications Data
Maximum of 12 months.
Or
Until Consent is withdrawn
whichever comes first.
Data is only
shared with our authorised Data Processors.
Customers who provide their information for the purposes of contracting with us for goods and services. We process the data to manage and administer our business
relationships and communicate with clients, their employees and representatives, to manage billing and payments and to keep records.
Contract
Identity Data
Financial Data
Transaction Data Marketing Data
Communications Data
Duration of
Contract
Plus Seven
Years
Data is shared with our Data
Processors and our professional advisors
including IT,
Accounts and Legal where
necessary.
Personal data provided because the Data Subject may be interested in working with us or learn more about working with us.
Consent
Identity Data
Time to consider request.
Maximum of 12 months; or
Until Consent is withdrawn.
Data is only
shared with our authorised Data Processors.
Personal Data
Lawful
Base(s)
Types of Data
Retention
Period
Data Sharing
Online or Offline face to face meetings with people who provide their personal data to us for the purposes of later contact regarding products and services provided by us.
Consent
Identity data
Maximum of 12 months.
Or
Until Consent is withdrawn
whichever comes first.
Data is only
shared with our authorised Data Processors.
Suppliers of products and services to us who provide information of themselves or individuals who assist them to provide us with products and services on their behalf.
Contract
Identity data
Transaction Data
Duration of
Contract
Plus Ten Years
Data is shared with our Data
Processors and our professional advisors
including IT,
Accounts and Legal where
necessary.
Personal Data of prospective
customers provided by third parties for future contact by us regarding our products and services.
Consent
Identity data
Maximum of 12 months.
Or
Until Consent is withdrawn
whichever comes first.
Data is only
shared with our authorised Data Processors.
Corporate info, Company Registers Mem & Arts, Share dealings and updates.
Contract
Legal
Obligation
Identity Data
Transaction Data Technical Data
Life of the
Company
Data is only
shared with our authorised Data Processors.
Corporate accounts information. Tax
returns
Management
accounts and
financial planning data
Contract
Legal
Obligation
Identity Data
Transaction Data Technical Data
10 years after
end of relevant financial year.
Data is only
shared with our authorised Data Processors.
Personal Data
Lawful
Base(s)
Types of Data
Retention
Period
Data Sharing
Employees who provide their personal
information for the purposes of working with us.
Contract
Legal
Obligation
Special Category Data
Identity Data
Technical Data
Communications Data
Duration of
Employment
Contract
Plus Seven
Years
Any Other Legal Requirements
Data
Processors and our professional advisors:
HMRC, IT,
Accounts and Legal where
necessary.
Employee medical and occupational health data
Contract
Legal
Obligation
Special Category Data
Duration of
Employment
Contract
Plus 20 years
Data
Processors and our professional advisors:
Accounts,
medical and
Legal where
necessary.
Employees
grievances and disciplinary matters
Contract
Legal
Obligation
Special Category Data
Identity Data
Technical Data
Communications Data
7 years after
date of last
incident
Or 10 years after the end of any
legal action or
litigation.
Data
Processors and our professional advisors:
Accounts and Legal where
necessary.
Unsuccessful
Candidates
Consent
Legal
Obligation
Special Category Data
Identity Data
Technical Data
Communications Data
Maximum of
4 months or
earlier if
applicable
Data
Processors and our professional advisors:
Accounts and Legal where
necessary.
People identified via proprietary Video Conference
software
Legitimate
Interests
Identity Data
Until Legitimate Interest no
longer exists or
3 months if
recorded
Data is only
shared with our authorised Data Processors
People identified through our CCTV systems.
Legitimate
Interests
Identity Data
Until Legitimate Interest no
longer exists or 30 days Max.
Data is only
shared with our authorised Data Processors
Personal Data
Lawful
Base(s)
Types of Data
Retention
Period
Data Sharing
Personal data collected at the time of purchasing or negotiating a contract with us using the ‘Soft Opt in’ exemption under the PECR Regs.
Legitimate
Interests
Identity Data
Marketing Data
Communications Data
Until Legitimate Interest no
longer exists or
Data Subject
Unsubscribes
Data is only
shared with our authorised Data Processors
11 Sharing Your Data with others.
11.1 Below is a chart showing the organisations and individuals with whom we may share data.
Processor
Processor
Google AWS
Team Tailor; Purple Lime; Slack.
Microsoft Teams
Plan Day; Xero; Type-Form. Asana
Zoom
Markel Law, Latham Andrews.
Social Media: Linkedin/WhatsApp
FB/Tik Tok/Twitter/Snapchat/Instagram
Smart Pensions. Safesmart H&S
Mailchimp
NFU Mutual. Cyclescheme. XL Caitlin
AI – Otter/ChatGPT
XL Caitlin. FSB, Sante Group Ltd
I Team. Docusign. Shopify.
Broadstone Consultants
Influence.io
https://www.influence.io/privacy-policy ;
PDH Fire & Security Systems
12 Lawful bases for processing data
12.1 We hold and process your data by lawfully allowed means, these include:
(a) Your Consent: Consent is usually given by yourself when you contact us via this Website or personally when we discuss products or advice with you.
(b) Contractual obligations: This occurs when you purchase products or services from us.
(c) Legal Obligation: When the processing is necessary for us to comply with the Law.
(d) Vital Interests: When the processing is necessary to protect someone's life. (e) Public Task: When the processing is necessary for us to perform a task in the public interest or for an official function and the task or function has a clear basis in Law.
(f) Legitimate Interests: When the processing is necessary for our legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests.
(i) N.B. Legitimate Interests can only be used following the application of the prescribed three part Legitimate Interests Assessment Test and
then only when a positive outcome is indicated by the conclusions of
the test. All Legitimate Interests Assessment Tests will be
documented, recorded and retained.
13 Types and Categories of Personal Data
(a) Identity data: name, username, title, date of birth. Contact data: billing and delivery address, email address, phone number.
(b) Financial data: payment card details (processed by a third-party payment services provider and not stored by us).
(c) Transaction data: details of products purchased, amounts, dates etc. (d) Technical data: IP address, login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform based on your Cookie preference choices.
(e) Profile data: username and password, purchases or orders made by users. (f) Usage data: information about how users use our website, products and services.
(g) Marketing and communications data: record of Website users preferences in receiving marketing from us about the products we sell.
14 Your Personal Data Rights
14.1 Under the UK General Data Protection Regulation (UK GDPR) and The Data Protection Act 2018 (DPA) you have a number of rights with regard to your personal data. To exercise any of your rights contact our Data Manager using the details given above.
14.2 We protect the individual’s rights provided by the UK GDPR and Data Protection Act 2018 as being the following:
(a) The right to be informed (Confirmation processing is taking place or not.) (b) The right of access
(c) The right to rectification
(d) The right to erasure
(e) The right to restrict processing
(f) The right to data portability
(g) The right to object
(h) The right not to be subject to automated decision making, including profiling.
14.3 You have the right to request from us access to and rectification or erasure of your personal data; the right to restrict processing; the right to object to processing as well as in certain circumstances the right to data portability as below.
14.4 In the event that you provide your data directly to us for the purpose of a contract, or in circumstances where you have provided your data by consent, you have the right to be provided with your data in a structured, machine-readable format. This is known as Data Portability.
14.5 Following a request relating to Data Portability we will transmit the relevant personal data to the data subject or their nominated data controller where it is possible and technically feasible for us to do so.
14.6 Where you have provided your data voluntarily by Consent you have the right to withdraw your Consent at any time. However, withdrawal of Consent does not affect the lawfulness of any processing of your data based on your Consent prior to its withdrawal.
14.7 Where we need to process data for the purposes of entering into a Contract with you, if you fail to provide such data it may mean that we cannot establish legal relations between us and the contract may not be able to go ahead. We will inform you if this happens.
14.8 Automated decision making and profiling means making decisions without human intervention, usually with the use of a computer program or software. We may use automated decision making about you if it is necessary for entering into or performing a Contract with you or where you Consent to the actions.
14.9 Please note we will retain and use your personal information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. If we need to use your data for a reason it was not collected and you are not aware of this, we will inform you and in appropriate cases obtain your further consent to such use.
14.10 If we process data about you but we have not obtained the data personally from you, we must provide you with the information described in this Privacy Notice and some additional information.
14.11 The additional information will be provided to you at least by the time we contact you and in any event within the space of one month after we obtain it.
14.12 If the processing is based on Legitimate Interests, you are entitled to know what and whose Legitimate Interests they are.
14.13 You are entitled to know the purpose of the processing, whether we or someone else is processing it and the categories of Personal Data involved.
14.14 You are entitled to know the source of the information and whether the source is publicly accessible.
14.15 There are some exceptions to this additional information rule. If we obtain your Personal Data from a source other than yourself, the additional information rules will apply unless:-
(a) You already have the information regarding our processing; or
(b) it would take a disproportionate effort or be impossible to provide you with it; or
(c) you are already legally protected under separate provisions; or
(d) we have a legal duty not to disclose it.
14.16 We use the lawful basis of Legitimate Interests for processing data in the following circumstances:
(a) When processing data using Video Conferencing software.
(b) When processing data from our CCTV equipment.
(c) When processing data under the PECR Regulations for the ‘Soft opt in’.
14.17 Our Specific Legitimate Interests are:
14.17.1 Video Conferencing
(a) To facilitate efficient business video and telecommunications.
(b) To protect the safety of our employees and participants on the call from unnecessary real world travelling.
(c) To support our primary business objectives.
14.17.2 CCTV
(a) To protect our business premises.
(b) To protect the safety of our employees and visitors to the premises.
(c) To assist lawful authorities in the prevention and detection of crime.
14.17.3 Soft Opt in
(a) To promote efficient business marketing.
(b) To increase sales of our products and services and support our primary business objectives.
(c) To protect the personal data and the rights of our customers by using the correct procedures.
(d) To support our primary business objectives.
</p<>
<a href="http://www.gdprcheckandverify.com
14.18 You have the right to complain to the Data Regulator at the Information Commissioners Office on 0303 123 1113 or through their website <a href="http://www.ico.org.uk.
www.ico.org.uk.
<a href="http://www.ico.org.uk.
dir="ltr">15 Children’s data
15.1 Our site is not directed at children and should not be accessed by them.
15.2 We will not knowingly collect information from persons under 13 years of age without their parent's or guardian's consent.
15.3 If a Parent or Guardian of a person under 13 years of age discovers their child has engaged with our Website without their consent, please inform us immediately using the contact email provided above.
15.4 We have considered the elements of the AADC (Children’s code) in relation to our Online activity and concluded that we are not a relevant Information Society Service which is likely to be accessed by children.
15.5 There is nothing on our Website which could be damaging to children who view the pages or the pictures.
15.6 The products on our Website are only available and relevant to adults over the age of 18 years.
15.7 We protect the rights of the child in accordance with the UNCRC and the AADC by trading only with adults and using self-certifying Age Gate Technology on our Website.
16 Third Party Websites
16.1 From time to time our site may contain links to and from the websites of our suppliers or other third party sites.
16.2 If you visit any of these sites you should confirm they have their own privacy policies and you should check these before submitting any personal data on their site. We cannot accept any responsibility or liability for the policies on any other Websites.
17 Data Access
17.1 You have rights of access to the data we hold about you. Should you wish to exercise these rights please contact our Data Manager whose details are given above.
17.2 There is usually no charge for the Data Access service. As soon as we are satisfied as to your identity, we will send you, without delay and in any case within one Month, the Personal Data we hold relating to you, which we are legally obliged to provide.
17.3 We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that your Personal Data is not disclosed to anyone who has no right to receive it.
17.4 In the event we need more time to gather the requested information we will let you know without delay and in any event within one month.
17.5 A fee may be payable for Data Access services if the request(s) are manifestly unfounded or excessive or repetitive in nature. Alternatively, we may choose to ignore this type of request. In these cases we will inform you of our decision and if applicable any fee that may be required.
17.6 Please contact us if you believe that any personal data or information which we hold about you is incorrect or incomplete. Any information or data which is found to be incorrect will be corrected as soon as practicable.
17.7 Please contact us if you wish to have your personal data removed entirely from our systems. As soon as we are satisfied as to your identity and the data is not required to be kept for any other lawful reason or purpose it will be removed from our systems forthwith.
17.8 If you so wish, your Data will be provided to you electronically in a commonly used format such as email.
</p<>
<a href="http://www.ico.org.uk.
17.9 If you are unhappy with any of the responses given to you by us you may complain about us to the regulator at the Information Commissioners Office on 0303 123 1113 or through their website <a href="http://www.ico.org.uk.
www.ico.org.uk.
<a href="http://www.ico.org.uk.
dir="ltr">18 Wiper & True Ltd Human Resources and Payroll information
18.1 As a core activity within our business We process data for the purposes of our Human Resources function and Payroll function.
18.1.1 The lawful authority we rely on for processing this personal data is article 6(1)(b) of the UK GDPR, which relates to processing necessary to perform a contract or to take steps as requested, before entering a contract.
18.1.2 The lawful authority we rely on to process any information provided as part of an employment application which is special category data, such as health, religious or ethnic information is Article 9(2)(b) of the UK GDPR, which also relates to our obligations in employment and the safeguarding of the employee’s fundamental rights and article 9(2)(h) for assessing an individual’s work capacity as an employee.
18.1.3 Also, Schedule 1 part 1(1) and (2)(a) and (b) of the Data Protection Act 2018 which relate to processing for employment, the assessment of working capacity and preventative or occupational medicine.
18.1.4 We recognise that staff are entitled to the same data access rights listed above and should follow the procedure laid out in the Subject Access Requests section of this policy document.
Recruitment
18.1.5 We use the information provided during the recruitment process to progress employment applications with a view to offering an employment contract.
18.1.6 We use contact details provided to contact applicants to progress their application and the other information provided to assess suitability for the role.
18.1.7 We do not collect more information than we need to fulfil our stated purposes and will not keep it longer than necessary.
18.1.8 If an individual is invited for interview we may ask for additional information such as personal referees and health information to establish fitness to work.
18.1.9 If we make a conditional offer of employment, we will ask for information so that we can carry out pre-employment checks. An individual must successfully complete pre employment checks to progress to a final offer.
18.1.10 We must confirm the identity of our staff and their right to work in the United Kingdom and seek assurance as to their trustworthiness, integrity and reliability.
18.1.11 During the recruitment process we will collect personal data from recruits. This data may include any of the following non exhaustive list of information in the chart below.
Recruitment Data
Recruitment Data
Name, Address, Date of Birth, Gender, Telephone Numbers, Email address(es)
Telephone Numbers, email address(es), Social Media contacts.
Criminal Convictions, unspent offences disclosures, DBF responses as appropriate
Special category data as appropriate: Race, Sexual orientation, Religious beliefs, Trades Union affiliation, genetic, biometric and medical.
Emergency Contact information:
Next of Kin/family details as applicable.
Government/HMRC Information:
Driving Licence, National Insurance Number, Right to work documents.
Employment references.
Equal opportunities monitoring
Payroll Matters
18.1.12 To manage our Payroll function we use information provided by employees to ensure accurate and timely payment of wages and emoluments.
18.1.13 The lawful authority for this function is our contractual relationship with employees and the legal obligation we have under HMRC and other legislation.
18.1.14 We collect no more information than is necessary to perform the function.
18.1.15 We may complete the Payroll function ourselves or contract with a Data Processor to perform the function on our behalf, in which case the information transmission between ourselves and the Data Processor will be subject to strict security measures, contractual terms and encrypted where necessary and appropriate.
19 Business Transfer or Sale
19.1 In the event our business, or part of it, is taken over, bought or merged with another business we may need to disclose any personal data we are holding about you to the other Company so they can continue to provide services to you in accordance with this Privacy Policy.
19.2 It may be necessary to transfer your data to a Company that is negotiating with us for the purchase of our business but only where it is necessary to evaluate the business purchase transaction.
19.3 In the case of a pre-sale transfer of personal data, the data would be kept safe during the negotiations and destroyed by the third party if the sale or merger did not go ahead.
20 Website Cookies
20.1 What are cookies and do we use them?
20.2 'Necessary' Cookies are small computer tags, which allow our Website to operate properly.
20.3 Before you can use our site you will be asked to select which other Cookies you are prepared to allow.
20.4 A Cookie Banner will Pop Up on the screen so you can make your selection.
</p<>
<a href="http://www.ico.org.uk.
20.5 You can also adjust your internet browser settings regarding accepting cookies. Your web browser’s help function should tell you how to do this. Alternatively, you can find information about how to do this for all the commonly used internet browsers on the website: http://www.aboutcookies.org/default.aspx. This website will also explain how you can delete cookies which are already stored on your device.
21 Changes to this policy.
21.1 There may be developments in how we use your data according to changes in the Law.
21.2 We reserve the right to make changes to this Data Protection and Privacy Policy at any time without notice and it is your responsibility to revisit this page from time to time to re-read this policy including any and each time you visit our website.
21.3 Any revised terms shall take effect as at the date of posting.
21.4 If you don’t find your concern addressed here, feel free to contact us by e-mailing our Data Manager at the contact details given above.