Privacy Policy

At Uniquely Local we recognise that privacy and security is a key priority for individuals, and we are committed to adhering to our obligations under UK data protection laws to protect your personal data.

This Privacy Notice sets out how Uniquely Local collects and uses your personal data.  Please read it carefully and check back periodically as it may be updated from time to time.  This Privacy Notice was last updated July 2022.

Any references in this Privacy Notice to:

  • “we”, “us”, “our” mean Uniquely Local;
  • UK GDPR mean the UK General Data Protection Regulation;
  • DPA18 mean the Data Protection Act 2018; and
  • PECR mean the Privacy & Electronic Communications Regulation 2003

Our Privacy Notice is structured in a way for you to easily find the specific details of what we do with your personal data.

Contents

Who we are and our contact details. 1

How we get your personal data. 2

Why we need your personal data and what we do with it. 3

Lawful grounds to use your personal data. 5

Using other businesses to provide products and services to you. 6

Transferring personal data outside of the UK. 6

Your rights. 7

How to make a complaint about us to the Information Commissioner’s Office. 8

Links to other websites. 8

 

Who we are and our contact details

The uniquelylocal.co.uk website is owned and operated by Uniquely Local Experiences Limited.  We are the data controller and are responsible for your personal data.

You can contact us to discuss the use of your personal data via one of the following ways:

 

How we get your personal data

We usually obtain your personal data directly from you when you register with us, make enquiries, or place an order for products or services.

We also collect personal data about you automatically.  This is done when you visit our website, and we collect your IP address and other information from the cookies that are deposited on the device you are using.  You can control which cookies are deposited to your device and you can change your cookie settings at any time you wish.  To find out more about the cookies we use, please read our Cookie Policy.

Why we need your personal data and what we do with it

 

Personal data collected

Why we need your personal data

UK GDPR Lawful grounds relied on

Who will receive your data1

How long data is kept

When you make an enquiry

Name

Contact details, such as email or telephone

1. To respond to your enquiry.

Contractual Obligation (1)

Cloud storage provider – Google Workspace (data processor)

Website host – SiteGround (data processor)

3 years

When you purchase any of our products or services

Name

Address

Email

Telephone

Payment details (credit/debit card or Paypal)

1. To enter into a contract with you so we can provide the products or services you have chosen.

2. To process payment for the goods or services2

3. To pass on your order to your chosen supplier so they can supply the goods or services to you.

4. To deal with any queries or problems you have.

5. To deal with any disputes or complaints.

6. To send you news, special offers, discounts and new experience details.

Contractual Obligation (1,2,3,4,5)

Consent (6)

Your chosen supplier of the goods or services you have bought (data controllers)

Cloud storage provider – Google Workspace (data processor)

Website host – SiteGround (data processor)

Stripe – credit card processing (data controller)

Paypal – payment processing (data controller)

Abandoned checkout reminder service – (data processor)

Marketing platform – Mailchimp (data processor)

Accounting Software – Quickbooks (data controller)

Contract, invoicing and payment details – 6 years

Marketing – until you opt out/unsubscribe

When you sign up for offers and news

Name

Email

1. To add you to our mailing database

2. To send you news, special offers, discounts and new experience details.

Consent (1,2)

Marketing platform – Mailchimp (data processor)

Marketing – until you opt out/unsubscribe

 

 

  1. We will never share, sell or rent your personal data to another business for them to use for their own marketing purposes.
  1. We do not store or process your card details ourselves, they are processed and stored by our payment processors, Paypal and Stripe. We recommend you read their privacy notices and contact them directly if you have any questions. Secure Socket Layer (“SSL”) encryption technology is used to protect information in transit for sensitive transactions such as payments.

 

 

Lawful grounds to use your personal data

When collecting and using your personal data we must have a lawful ground to do so – this is a key requirement of UK GDPR.

We have provided more information about the lawful grounds we rely on here.

Contractual obligation (GDPR Article 6(1)(b))

This lawful ground allows us to use your personal data to respond to your enquiries about our products and services, and to allow us to process your order when you purchase a product or service.

We require certain information from you to enable us to fulfil our contractual obligation with you.  If you are not able to provide all the necessary information we need it may mean that we are not be able to deal with your enquiry or process your order.

Consent (GDPR Article 6(1)(a)

We will rely on your consent when you sign up to receive our news, special offers, discounts and new experience details. 

You always have the right to withdraw your consent to receive marketing.  You can do this by clicking the “unsubscribe” link in the email we send you, or contact us via one of the ways shown in the “Our contact details” section and ask us to remove you from our mailing list.

If you choose to unsubscribe, we will stop sending you marketing emails.  We will aim to stop sending you our marketing emails as soon as we possibly can after we have received your unsubscribe request.

Legal obligation (GDPR Article 6(1)(c))

There are times when we must process your personal data to comply with a legal or regulatory requirement.  In these cases we will usually rely on the lawful ground known as “legal obligation” as the processing is necessary for us to fulfil our legal obligation to which we are subject to.  For example:

  • We have a legal obligation under finance and tax laws to keep certain data relating to payments and tax.
  • We have a legal obligation to provide the police, regulatory or government authority, or any other law enforcement body with information if they are investigating illegal activities, such as fraud.

 

Using other businesses to provide products and services to you

There are times when we need to use other businesses to help us fulfil the delivery of our services to you.  These other businesses will either be:

  • data processors as they are acting under our strict instruction on what they can and cannot do with your personal data; or
  • data controllers as they have their own purposes to process your personal data.

In the table above we have identified who the data processors and data controllers are.

When we do use other businesses to process personal data on our behalf (data processors) we always ensure we have an appropriate UK GDPR compliant data processor contract in place with each one. 

A data processor is not allowed to do anything with your personal data other than what we have instructed them to do with it. They will not share your personal data with any other business apart from us, unless they are required to do so by law. They will hold it securely and retain it for the period we instruct.

 

Transferring personal data outside of the UK

Sometimes it is not possible for us to store or process your personal data wholly in the UK.  When your personal data does need to be transferred or stored outside of the UK we make sure we comply with our UK GDPR obligations. 

We will usually rely on one of the following UK GDPR safeguards to be in place to make the transfer:

  • An Adequacy Regulation is in place with the country where the personal data is being transferred to.  This means the UK has deemed the receiving country to have strong data protection laws in place.
  • We will use EU approved Standard Contractual Clauses or the UK’s International Data Transfer Agreement.

If we are unable to rely on one of the above safeguards it might be that we need to obtain your explicit consent to make the transfer of personal data to a country outside of the UK.

 

Your rights

Depending on the reasons why we need your personal data and the legal basis relied on, there are various rights available to you.  You can:

  • access the personal data we keep about you and be given specific information about the processing.  This right always applies regardless of the reason we need your personal data.  
  • ask us to rectify personal data I hold about you that you think is inaccurate.  This right always applies regardless of the reason I need your personal data. 
  • ask me to delete your personal data.  This right only applies in specific circumstances depending on the reason we need to use your personal data. 
  • ask me to restrict the processing of your personal data.  This right only applies when specific circumstances apply. 
  • object to us processing your personal data for direct marketing purposes. 
  • transfer your personal data from us to another service provider or to you directly.  This right only applies to personal data you have given directly to us and when the lawful ground for the processing is consent or contractual basis and the processing is automated. 

We do not undertake any solely automated decision making, including profiling, about you.

To find out more about how to exercise your rights please refer to the guidance on the Information Commissioner’s Office website.  https://ico.org.uk/your-data-matters/

You do not need to pay a fee to exercise any of your rights.  However, if your request is manifestly unfounded or excessive, we do have the right to either charge a reasonable fee or refuse the request.

We shall respond to a valid request within one month of receiving it.

If you wish to exercise one of your rights, please contact us via one of the methods shown in the “Our contact details” section.

How to make a complaint about us to the Information Commissioner’s Office

If you are not happy with the way we process your personal data or you believe we have not dealt with one of your rights correctly you are entitled to make a complaint to the Information Commissioners Office (ICO).  The ICO has several ways in which you can get in touch with them, including post, email, and online forms.  For full details how to make a complaint please refer to their website.  https://ico.org.uk/make-a-complaint/

Links to other websites

Our website may provide links to websites of other organisations.   Our Privacy Notice does not cover how those organisations process your personal data when you visit their website.  We recommend you read their Privacy Notices.