1.1 We are committed to safeguarding the privacy of individuals (“you”, “your”) whose personal data we collect and use. In this Privacy Policy, we explain how we handle your personal data. For example, what personal data we collect and how, what we do with it and who we share it with. It also describes your privacy rights and controls such as your choices regarding use, access and correction of your personal data.
1.2 Our Privacy Policy is part of, and is subject to, our Terms [insert link] and our Cookies Policy [insert link]. By accessing or using Site, and/or App, you confirm that you accept the terms of our Privacy Policy.
2.1 The Site and App are operated and provided by World Kite Limited (“World Kite”, “we”, “us” or “our”). We are a company registered in England and Wales under company number 11198028 and currently have our registered office at Dairy House Moneyrow Green, Holyport, Maidenhead, Berkshire, England, SL6 2ND. To contact us for general enquiries, please email us at support@worldkite.co.uk.
3.1 Our Data Protection Manager is Maria Ulyanova. You can contact our Data Protection Manager in writing using the following contact details: [support@worldkite.co.uk]. The tasks of our Data Protection Manager include (for example) monitoring our compliance with applicable data protection laws and acting as contact for individuals whose data is collected and/or processed by us.
3.2 If you have any questions about anything to do with this Privacy Policy, our data processes and practices or simply to exercise your privacy rights, please contact our Data Protection Manager using the contact details above.
4.1 We have summarised below your privacy rights. Some of these rights are complex, and not all of the details have been included in our summaries below. For this reason, you should read the applicable data protection laws and guidance from the UK Information Commissioner for a fuller explanation of these rights. You can do so by using this link: https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/.
4.2 You may exercise any of your rights below in relation to your personal data by contacting our Data Protection Manager in writing using the following contact details: [support@worldkite.co.uk].
4.3 Your principal rights under the applicable data protection laws are:
➢ the right to access;
➢ the right to rectification;
➢ the right to erasure;
➢ the right to restrict processing;
➢ the right to object to processing;
➢ the right to data portability;
➢ the right to complain to the UK Information Commissioner; and
➢ the right to withdraw consent.
4.4 Right to access: You have the right to confirmation as to whether or not we process your personal data and, where we do, access to the personal data, together with certain additional information. That additional information includes details of the purposes of the processing, the categories of personal data concerned and the recipients of the personal data. Providing the rights and freedoms of others are not affected, we will supply to you a copy of your personal data. The first copy will be provided free of charge, but additional copies may be subject to a reasonable fee.
4.5 Right to rectification: You have the right to have any inaccurate personal data about you rectified and, taking into account the purposes of the processing, to have any incomplete personal data about you completed. You can ask us to make any necessary changes to ensure that your personal data is accurate and kept up to date.
4.6 Right to erasure: In some circumstances you have the right to the erasure of your personal data without undue delay. Those circumstances include: the personal data is no longer necessary in relation to the purposes for which they were collected or otherwise processed; you withdraw consent to consent-based processing; the processing is for direct marketing purposes; and the personal data has been unlawfully processed. However, there are certain general exclusions of the right to erasure. Those general exclusions include where processing is necessary for: exercising the right of freedom of expression and information; compliance with a legal obligation; for the establishment, exercise or defence of legal claims.
4.7 Right to restrict processing: In some circumstances you have the right to restrict the processing of your personal data. Those circumstances are: you contest the accuracy of the personal data; processing is unlawful, but you oppose erasure; we no longer need the personal data for the purposes of our processing, but you require personal data for the establishment, exercise or defence of legal claims; and you have objected to processing, pending the verification of that objection. Where processing has been restricted on this basis, we may continue to store your personal data. However, we will only otherwise process it: with your consent; for the establishment, exercise or defence of legal claims; for the protection of the rights of another individual or legal person; or for reasons of important public interest.
4.8 Right to object to processing: You have the right to object to our processing of your personal data on grounds relating to your particular situation, but only to the extent that the legal basis for the processing is that the processing is necessary for: the performance of a task carried out in the public interest or in the exercise of any official authority vested in us; or the purposes of the legitimate interests pursued by us or by a third party. If you make such an objection, we will cease to process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defence of legal claims.
4.9 Right to object to processing (direct marketing): You have the right to object to the processing of your personal data for direct marketing purposes (including, for example, profiling for direct marketing purposes). If you would like to make such an objection, please contact in writing our Data Protection Manager to notify us of this request by email ([support@worldkite.co.uk]). Please remember that at any time you can unsubscribe by following the unsubscribe instructions included in our newsletters and other promotional communications.
4.10 Right to object to processing (scientific, historical research or statistics): You have the right to object to the processing of your personal data for scientific or historical research purposes or statistical purposes on grounds relating to your particular situation, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
4.11 Right to data portability: To the extent that the legal basis for our processing of your personal data is consent, and such processing is carried out by automated means, you have the right to receive your personal data from us in a structured, commonly used and machine-readable format. However, this right does not apply where it would adversely affect the rights and freedoms of others.
4.12 Right to complain to the UK Information Commissioner: If you consider that our processing of your personal data infringes the applicable data protection laws, you have a legal right to lodge a complaint with the UK Information Commissioner (www.ico.org.uk) which is the UK data protection regulatory body. You can find out how to do so by clicking on this link: https://ico.org.uk/make-a-complaint/.
4.13 Right to withdraw consent: To the extent that the legal basis for our processing of your personal data is consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.
5.1 We may update the World Kite Privacy Policy from time to time by publishing a new version on our Site and App. If we make changes to this Privacy Policy, we will post the revised Privacy Policy on our Site and App and update the “Effective Date” date at the top of this Privacy Policy.
5.2 If we make changes that materially alter your privacy rights, we will provide additional notice, such as via email. If you disagree with the changes to the Privacy Policy, you should contact our Data Protection Manager in writing requesting the erasure of your personal and you can also direct marketing, then unsubscribe from our direct marketing communications such as newsletters etc.
5.3 If you continue accessing and/or using of our Site, App, receiving our communications, contacting us etc. this will constitute acceptance of the revised Privacy Policy.
6.1 We use many different kinds of personal data. They are grouped together as in the table below. The groups are all listed here so that you can see what we may know about you. We don’t use all this personal data in the same way.
6.1.1 Site and/or App data
This is data on how you use our Site and/or App and may include your email address, phone number, resident permit information, photos of yourself, travel documents, IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views, Site and/or App navigation paths, as well as information about the timing, frequency and pattern of your use of our Site and/or App.
6.1.2 Correspondence data
This may include personal data contained in or relating to any communication that you send to us or that we use to communicate with you. Such communications can include communications through via our social media channels, Site, App, phone, email and can be on any subject matter.
6.1.3 Marketing data
This may include personal data that we obtain about you through social media or you provide to us if you sign up to receive our newsletters and choose whether you wish to receive promotional communications (e.g. offers) from us by email etc.
6.1.4 Cookies
This includes personal data that we obtain about you through cookies. For more information, see our Cookies Policy.
6.1.5 Profile data
This may include your name and contact details and some of the other personal data set out in this table e.g. Site and/or App data, Marketing data, Third-Party data etc.
6.1.6 Job Applicant data
This may include your name and contact details and any other additional personal information you provide to us as part of your application as well as a CV.
6.1.7 Third-Party data
This may include your name and contact details we obtain from third parties such as social media (we currently use Facebook, Instagram, Twitter and LinkedIn), and third-party cookie providers we use etc.
6.1.8 Other data
This is personal data other than the ones set out in the table above and this may include personal data (such as your name and contact details) that we get from you when you provide us with your business card at an event.
We collect your personal data from various sources. These are as follows:
7.1 Personal data you provide us about you: We collect your personal data that you provide us when you do things such as the following:
fill a contact webform on our Site;
get in touch with us by email, telephone, letter, and/or some other means; and/or
subscribe to receive marketing communications from us such as newsletters informing you of our news, events etc.;
provide us with your name and contact details (e.g. on a business card) at (a) an event we have organised and/or attended, and/or (b) pitching events;
apply for a job through our Site; and/or
participate in a survey, market research etc.
7.2 Data we collect about you automatically: We collect your personal data when you contact us or automatically when you access and/or use our Site and/or App and through the use of cookies (see our Cookies Policy [insert link]). The types of personal data we will collect include, for example:
➢ name and address;
➢ demographic data;
➢ the originating IP address;
➢ the site that you visited immediately prior to visiting our Site;
➢ the type of browser and operating system used (if provided by the browser);
➢ the type of device model and version, device identifier;
➢ URL of the referring page (if provided by the browser);
➢ the specific actions that you take on our Site, including, for example, the pages that you visit; and/or
➢ the time, frequency and duration of your visits to our Site.
7.3 Data we collect about you from others: We also collect personal data about you from others such as (for example):
➢ online through social media we use and the internet in general;
➢ if we organise events, event organisation software if you signed up and attended one of our events e.g. meetups; and/or
➢ employers (if you apply for a job and we may contact your current or previous employer).
| Processing Type | Processing Purpose | Legal Reason |
|---|---|---|
| Site and/or App | to analyse your use of our Site and/or App, to develop, operate, improve, protect, personalise, customise and optimise our Site and/or App as well as to present them to you in the most effective manner for you and your device. | The legal reasons for this processing are our legitimate interest of the proper administration and operation of our business and/or to comply with a legal obligation. |
| Communications (Non-Marketing) | to communicate with you (e.g. by email, by phone etc.) as well as to process the communications you send to us. | The legal reason for this processing is our legitimate interest of the proper administration and operation of our business. |
| Operations | to perform general administrative and operational activities. | The legal reason for this processing is our legitimate interest of the proper administration and operation of our business. |
| Marketing | to conduct and analyse the effectiveness of our marketing campaigns e.g. marketing campaigns on social media. | The legal reason for this processing is our legitimate interest of the promotion, monitoring, and operation of our business. |
| Profiling | to create a profile of you by combining data you provided to us by you or we got from other sources such as social media, the internet in order to update, expand and analyse our data records. | The legal reason for this is our legitimate interestof the proper administration and/or operation of our business, and/or the promotion of our business. |
| Security, Risk & Crime | to protect our Site and/or App and business, prevent fraud, spam, abuse, security incidents, harmful and/or illegal activity, conduct security investigations and risk assessments, and/or to verify or authenticate information. | The legal reasons for this processing are our legitimate interest of protecting our Site, App and business, to comply with a legal obligation, and/or the protection and assertion of our legal rights, your legal rights and the legal rights of others. |
| Research and Analysis | to carry out research (e.g. market research), business and statistical analysis (e.g. develop statistical models, analyse the performance of our marketing e.g. social media marketing campaigns. | The legal reason for this processing is our legitimate interest of the proper administration, monitoring and/or operation of our business. |
| Business improvement | to develop or improve our business. | The legal reason for this processing is our legitimate interest of the proper administration and operation of our business as well as to monitor our business. |
| Data Retention | to retain, store, archive and/or destroy the data. | The legal reasons for this processing are our legitimate interest of the proper administration and operation of our business, to comply with a legal obligation, and/or the protection and assertion of our legal rights, your legal rights and the legal rights of others. |
| Audits | to carry out audits. | The legal reason for this processing is our legitimate interest of the proper administration and operation of our business as well as to monitor and improve our business. |
| Sharing (Service Providers) | to disclose your personal data such as your name and contact details to third party service providers we use. | The legal reasons for this processing are our legitimate interest of administering, operating and/or managing our business. |
| Sharing (Consent) | to share your data (including personal information) where you have provided consent, for the purpose(s) described at the time we ask you for your consent. | The legal reason for this processing is consent. |
| Sharing (Aggregated Data) | to share aggregated information (information about our individuals that we combine together so that it no longer identifies or references an individual) and non-personally identifiable information in order to conduct marketing and other business purposes. | The legal reason for this processing is our legitimate interests of the proper administration and operation of our business. |
| Sharing (Sale/Investment) | If there is (a) a sale or an asset transfer to a third party of, and/or (b) an investment in World Kite Limited, part of that sale, asset transfer and/or investment may include your personal data. Purchasers, investors and/or their advisers may have access to your personal data as part of the corporate due diligence they perform as part of the (a) sale or asset transfer, and/or (b) the investment. | The legal reason for this processing is our legitimate interest of the proper administration and operation of our business. |
| Sharing (Internal re-organisation & Insolvency) | to pass on to a successor in interest as part of a corporate re-organisation or in the unlikely event of an insolvency event such as a liquidation, insolvency, bankruptcy or administration. | The legal reason for this processing is our legitimate interest of the proper administration and operation of our business. |
| Sharing (Insurers & Professional Advisers) | to disclose your personal data to our insurers and/or professional advisers insofar as reasonably necessary for the purposes of obtaining and maintaining insurance coverage, managing risks, obtaining professional advice and/or managing legal disputes. | The legal reasons for this processing are our legitimate interest of the proper administration and operation of our business, to comply with a legal obligation and/or the protection and assertion of our legal rights, your legal rights and the legal rights of others. |
| Sharing (Legal Disclosures) | to disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject and/or the protection and assertion of our legal rights, your legal rights and the legal rights of others. | The legal reasons for this processing are to comply with a legal obligation, and/or the protection and assertion of our legal rights, your legal rights and the legal rights of others. |
9.1 Third-party service providers: We may disclose your personal data such as your name and contact details to our third-party service providers to help us administer, operate and manage our business provide services related to us, our Site and/or App. Service providers may be located inside or outside of the EEA. For example, service providers may host our Site and/or App, provide our business software such as email hosting providers. These service providers have limited access to your personal data to perform these tasks on our behalf.
9.2 Aggregated Data: We may also share aggregated information (information about our individuals that we combine together so that it no longer identifies or references an individual) and non-personally identifiable information for marketing and other business purposes.
9.3 Sale/Investment: If there is (a) a sale or an asset transfer to a third party of, and/or (b) an investment in World Kite Limited, part of that sale, asset transfer and/or investment may include your personal data. Purchasers, investors and/or their advisers may have access to your personal data as part of the corporate due diligence they perform as part of the (a) sale or asset transfer, and/or (b) the investment. However, use of your personal data will remain subject to this Privacy Policy.
9.4 Insolvency: Your personal data may be passed on to a successor in interest as part of a corporate re-organisation or in the unlikely event of an insolvency event such as a liquidation, insolvency, bankruptcy or administration. In the case of an insolvency event, our customer database may be sold separately from the rest of the business, in whole or in a number of parts. It could be that the purchaser’s business is different from ours too.
9.5 Our insurers & professional advisers: We may disclose your personal data to our insurers and/or professional advisers insofar as reasonably necessary for the purposes of obtaining and maintaining insurance coverage, managing risks, obtaining professional advice and/or managing legal disputes.
9.6 Legal compliance: In addition to the specific disclosures of personal data set out in this Section 9, we may also disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another individual.
10.1 You can sign up to receive our newsletters and choose whether you wish to receive promotional communications (e.g. offers etc.) from us that may be of interest to you based on your preferences.
10.2 You can opt-out of receiving our newsletters and promotional communications by following the unsubscribe instructions included in our newsletters and promotional communications or by emailing us at [support@worldkite.co.uk].
11.1 We use social media accounts and pages in different ways. For example:
➢ to promote, market, and communicate. We use social media to promote, market our brand, Site and/or App. We may also use social media to communicate with you.
➢ We have also integrated social media features and plugins on our Site and/or App. These features and plugins may collect your IP address, which page you are visiting on our Site and/or App and may set a cookie to enable the feature to function properly. Also, when you click on one of the social buttons, you will be re-directed to our social media account page on the relevant social media. If at our account page, you are logged in, and you click on one of the buttons (such as Facebook’s ‘Like’ button) certain information is shared with these social media providers. Your social media provider may relate this information to your social media account and possibly present your actions on your social media profile to be shared with others in your network. These social media features and plugins are governed by the privacy policies of the social media providers and not our Privacy Policy.
12.1 We may transfer your personal data to countries outside the EEA. This may happen as follows:
➢ The business software we use may be hosted outside the EEA e.g. the US. If that is the case, we rely on the adequate safeguards they have put in place to keep this personal data safe and secure.
These legal safeguards vary depending on which country the data is transferred to. For example, if the personal data is transferred outside the EEA, then they could, for example, be (a) part of the E.U.-U.S. Privacy Shield (www.privacyshield.gov) for data transfers to the US, or (b) using what is called ‘Standard Contractual Clauses’ put in place by the EU, or (c) the EU has decided that a particular non-EEA country provides the same/equivalent level of data protection as in the EU.
12.2 You acknowledge and agree that if you submit personal data for publication through our Site, App and/or social media accounts, this data may be available, via the internet, around the world. We cannot prevent the use (or misuse) of such personal data by others.
13.1 We maintain administrative, technical and physical safeguards designed to protect your personal data provided to us. For example, we use (among other things) encryption, 2factor authentication and firewalls. We also conduct penetration testing to test our Site and/or App for security vulnerabilities.
13.2 While no system or process is full-proof (e.g. hacking), we believe the measures implemented reduce our vulnerability to security problems to a level appropriate to the type of personal data involved and the current state of technology.
14.1 Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes and subject to clauses 14.2 and 14.3, in the case of:
➢ Your App account personal data is retained for as long as you have such an account. If you delete your App account, then the App account personal data will be kept for up to a period of 6 months for our own internal purposes including auditing and compliance purposes and then this personal data will be removed from our systems. However, we will keep your travel information to help with data analytics in the future but this information will be anonymized.
➢ If you apply through our Site for a job with us and we reject your application, we will retain your personal data for a period of up to 6 months after we reject your application.
14.2 In some cases, it is not possible for us to specify in advance the periods for which your personal data will be retained. In such cases, we will determine the period of retention based on the following criteria: the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements e.g. whether (and for how long) we are required by law to retain your personal data.
14.3 However, we may retain your personal data where such retention is necessary for compliance with a legal obligation or duty to which we are subject, or in order to protect your vital interests or the vital interests of another individual.
15.1 Our Site and/or App may contain links to third party websites. Please note that if you follow a link to any such website, we do not accept any liability and/or responsibility, because these websites have their own terms & conditions and Privacy Policies.