Our Website https://businesssupport.vodafone.co.uk (the "Service") is operated by The Legal Marketing Innovation Company (“Law-Match”), with mailing address of Third Floor, Lancaster Buildings, 77 Deansgate, Manchester, M3 2BW (hereinafter, “We”, “Us”, “Our” or “Company”).
Role of Vodafone: Law Match is contracted to provide the Service to you by Assurant Services Limited, on behalf of Vodafone. For the Personal Information you have provided to Vodafone when purchasing the service will be subject to the privacy information provided by Vodafone at that time and they will be the data controller. We have been engaged as a data processor by Vodafone and are subject to contractual requirements governing how we process Personal Information shared with us by Vodafone, for the purpose of providing the Service.
For the Personal Information you share with us through when receiving the Service and in relation to any addition services, products, surveys or otherwise, Law-Match is the data controller of your Personal Information .
This Privacy Notice (“Notice”) describes how We will process and protect personal information relating to an identified or identifiable individual (“Personal Information”) when you use the Service, which allows users to log in to their account, search for templates, access your business health check, request a call back from a member of our teams, contact our support lines, and applies to your use of the Service. We also use the Personal Information to provide services to you, to ask questions and conducts surveys of you and/or your business, to understand if your business would benefit from other services, to communicate with you, and to track usage of the Service and Our products and services. Your Personal Information shall be held and used in accordance with applicable legislation relating to the protection of Personal Information (the “Applicable Law”). Your Personal Information will be shared with Our service providers (e.g. Legal and Accountancy Firms) so they may contact you and discuss you and your business needs, some of which are located outside of the United Kingdom within the European economic Area (EEA).
This Notice applies to the Service only and does not necessarily reflect practices with respect to information gathered through other services We offer or websites We operate or the collection of information through off-line means. To review the privacy practices of those other services, please refer to the policies provided in association with each.
1. Personal Information We Collect
We may collect, use, store and transfer different kinds of Personal Information about you which we have grouped together as follows:
Identity Data includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender.
Contact Data includes billing address, email address and telephone numbers.
Financial Data includes bank account and payment card details for sole traders and partnerships.
Transaction Data includes if you are not working on behalf of a company, this includes details about payments to and from you and other details of products and services you have purchased from us.
Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.
Profile Data includes your username and password, use of Services made by you, your interests, preferences, feedback and survey responses.
Usage Data includes information about how you use our website/Service, products and other services.
Marketing and Communications Data includes your preferences, and/or your employer’s preference in receiving marketing from us and our third parties and your communication preferences.
Special Category/Sensitive data: We do not collect any Special Categories of Personal Information about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
Profiling: means "any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements". We currently only use profiling build behavioural or marketing profiles based on usage or navigation on the Service.
Automated Decision Making: is the making of a decision, about an individual, based solely on automated means without any human involvement. We do not currently make automated decisions about you.
We collect your Personal Information in the following situations:
1.1 Create a Profile
1.3 When you communicate with Us or contact Us for Customer Support
When you contact Our customer support teams ,We will collect information that you provide to Us in your communications (such as the query or issue that you have raised).
1.4 When you access the Service
1.5 Understanding your business and other services
As part of operating the Website we will request additional information about the business you work for, which may also involve the processing of your profile Personal Information at the same time. We may also propose additional services which may be relevant and offered by Assurant, Vodafone or our other service provider, with whom your business is already engaged as part of the Service. To be able to discuss these services we will need to process for profile Personal Information.
2. Purposes and Legal Basis for the Processing of your Personal Information
We process your Personal Information for the following purposes:
To fulfil a contract, or take steps linked to a contract:
A: This is relevant where your employer, or you if you are a sole trader or partnership, have entered into a service contract with Vodafone. However, as the contract has been entered with Vodafone we rely on Vodafone having ensured this legal basis is in place and as the basis of us processing the Personal Information. This includes:
1. providing the Service
2. verifying your identity
3. communicating with you
1. providing the Service
2. verifying your identity
3. communicating with you
As required by Us to conduct Our business and pursue Our legitimate interests, in particular:
1. We will use your Personal Information to provide the Service and other products and services that you have requested, and respond to any comments or complaints you may send Us
2. We monitor use of the Service, and use your Personal Information to help Us to track and analyse preferences and trends, evaluate possible new features, functionality and services, conduct surveys and request additional information, propose and discuss additional services, and improve Our Service
3. We use Personal Information to help Us recognise you on the Service, improve your experience, increase security of Our networks and systems, and measure use and effectiveness of Our Service
4. We use Personal Information you provide to investigate complaints received from you or from others, about the Service or our products and services. We also use this Personal Information to track potential issues (for example, issues with fulfilment of services) and trends to better serve you
5. We use Personal Information to make decisions about, and to effect, reorganisations or sales of all or part of Our business
6. We monitor customer accounts to prevent, investigate and/or report fraud, misrepresentation, or crime, in accordance with Applicable Law
7. We will use Personal Information in connection with legal claims, compliance, regulatory and investigative purposes (for example, theft and fraud investigations) as necessary (including disclosure of such information in connection with legal process or litigation)
8. We use Personal Information of some individuals to invite them to take part in market research and customer surveys
9. We use Personal Information to send you information about products and services, such as customer experience surveys (where your consent is not required)
Where you give Us consent:
1. We place cookies and use similar technologies in accordance with Our Cookie Notice and the information provided to you when those technologies are used
2. On other occasions where We ask you for consent, We will use the data for the purpose which We explain at that time
For purposes which are required by law:
1. In response to requests by government or law enforcement authorities conducting an investigation
2. Responding to complaints where We are under a legal or regulatory obligation to adhere to a complaints handling procedure
1. Wherever We rely on your consent, you will always be able to withdraw that consent, although We may have other legal grounds for processing your data for other purposes, such as those set out above. Where you have given Us your consent, you can withdraw it by using the mechanism described to you at the time that your consent was obtained, or by contacting Us
3. Disclosure of Personal Information
3.1 Disclosure to Our Service Providers and Partners
We employ third party companies and individuals to facilitate the Service (for example, customer support, customer communications, audit, application or database hosting, development, logistics, payment processing, and for fraud detection and prevention purposes). These third parties have limited access to your Personal Information to perform these tasks on Our behalf and are obligated to Us. The personnel of such third parties who use your Personal Information is limited to those individuals which are authorised to do so on a need-to-know basis and as necessary to provide these business services to Us. To provide the Service, we may share your name, contact details (including post code, email address and mobile number), and usage information.
3.2 Disclosure to Public Authorities
We may disclose your Personal Information if required for the purposes above, if mandated by law or if required for the legal protection of Our legitimate interests in compliance with Applicable Law.
3.3 Other Categories of Recipients
We may also disclose your Personal Information, usage information, and other information about you to parties acquiring part or all of Our assets, as well as to attorneys and consultants. Also, if any bankruptcy or reorganisation proceeding is brought by or against Us, your Personal Information may be considered a company asset that may be sold or transferred to third parties.
4. Where your Data is Processed
In providing the Service, your Personal Information will usually be processed inside the European Economic Area (“EEA”) by Our service providers (such as Legal and Accountancy Firms), subject to contractual restrictions regarding confidentiality and security in accordance with applicable data protection laws and regulations.
A few of our external third parties and suppliers are based outside the EEA so their processing of your personal data will involve a transfer of data outside the EEA.
Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
- Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe.
- Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between Europe and the US. For example, our email service provider Autopilot.
Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.
5. Your Choices and Rights
You have the right to:
- Request access to your personal data (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
- Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
- Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
- Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
- Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:
- If you want us to establish the data's accuracy.
- Where our use of the data is unlawful but you do not want us to erase it.
- Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims.
- You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
- Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
- Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
You can exercise any of your rights by contacting Us. In order to safeguard your Personal Information from unauthorized access, We may ask that you provide sufficient information to identify yourself prior to providing access to your Personal Information.
In certain situations, and subject to Applicable Law, We may not be able or obliged to comply with part or all of your individual requests. For example, We may not comply with an access request if doing so would reveal Personal Information about another person, or comply with a deletion request relating to information which We are required by law to keep or have compelling legitimate interests in keeping. Please note that we have the right to refuse requests which are manifestly unfounded or excessive (for example, due to their repetitive character).
If you have unresolved concerns, you have the right to complain to an EU data protection authority ('supervisory authority') where you live, work or where you believe a breach may have occurred. In the United Kingdom this is the Information Commissioner’s Office who you may find at www.ico.org
To provide certain parts of the Service (for example – Logging in to the profile and the Service account the provision of Personal Information is mandatory: If relevant data is not provided, then We may not be able to provide certain parts of the Service. All other provision of your information is optional. If you do not wish to provide optional information, then your experience on our website may be less personalised.
6. Communications from Us
We communicate with you through email, phone and SMS. We will send you service-related communications ,for example – information about your usage of the service, customer satisfaction, information regarding the Service, Our and Vodafone’s other services and market research surveys.
You will receive marketing communications from us if you have requested information from us or purchased services from us or the Service and you have not opted out of receiving that marketing.
We will get your express opt-in consent before we share your personal data with any third party for marketing purposes.
You can change your email and contact preferences through this website or by contacting Us. Please be aware that you cannot opt-out of receiving service-related messages from Us.
7. Data Retention
We may retain Personal Information for a limited period of time if requested by law enforcement or meet a legal obligation. Our customer support may retain information for as long as is necessary to provide support-related reporting. We also anonymise and retain data for statistics and trends analysis.
Where we process Personal Information in connection with performing a contract, we keep the data for 6 years from your last interaction with us.
8. Information Security
We have implemented safeguards designed to protect your Personal Information in accordance with industry standards.
We have measures in place to restrict access to Personal Information to those individuals whom We know have a valid business purpose to have access to such data. We maintain physical, electronic and procedural safeguards. We follow generally accepted standards designed to protect the Personal Information submitted to Us, both during transmission and once We receive it. We require those who provide services for Us and to whom We provide Personal Information collected through the Service to keep such information secure and confidential. However, no method of transmission over the Internet or method of electronic storage is totally secure. Therefore, We cannot guarantee it's absolute security.
9. Important Information
9.1 Minimum age
We do not knowingly collect Personal Information from anyone under the age of 18. You must be at least 18 years of age to use the Service.
9.2 Changes to this Notice
We may update this Notice from time to time. If We make any material changes to Our Notice, We will notify you by SMS, email or by means of a notice through the Service, or by other means prior to the change becoming effective, so that you may review the changes before you continue to use the Service. Please review changes carefully.
9.3 Contact Us
For customer enquiries, please contact us at: Law-Match, Third Floor, Lancaster Buildings, 77 Deansgate, Manchester, M3 2BW.
We welcome your questions or comments regarding this Notice. Please write to Law-Match, Data Protection Officer, Third Floor, Lancaster Buildings, 77 Deansgate, Manchester, M3 2BW, or send Us an email at firstname.lastname@example.org
Effective date: 02/03/2020