POLICY

Privacy Policy - App and Website Users

Table of Contents

  1. About this document

    1. Your personal privacy is of great importance to us. We will only use your personal information in accordance with this privacy policy ("Policy").
    2. We are UK Warranty Limited, our registered office address is Pacifica House, Rainton Business Park, Houghton Le Spring, England, DH4 5RA. By downloading or using the Pluzs application (the "App"), using our services, entering a competition or prize draw, visiting or registering via our website or otherwise engaging with us, you're agreeing to be bound by this Policy. You should read this privacy policy carefully so that you understand how we will handle your personal information.
    3. During the course of our activities we will process personal information (which may be held electronically, or otherwise) about you, and we recognise the need to treat it in an appropriate and lawful manner, in accordance with the UK's General Data Protection Regulation ("UK GDPR"). The purpose of this privacy policy is to explain to you how we will handle your personal information.
    4. If you have any questions regarding this Policy you can contact our Data Protection Officer via email at SubjectAccess.Request@pacifica.co.uk or by telephone on 0191 3870774.
    5. We are registered with the Information Commissioner's Office under registration number Z2927480.
    6. This policy is provided in a layered format so you can click through to the specific areas you're interested in set out below.

      [What information do we collect about you?] [How we collect your personal information]

      [Why we collect personal information about you and how we use that information] [Ensuring your personal information is accurate]

      [Retaining your personal information]

      [What rights do you have in respect of your personal information?] [How we keep your personal information secure]

      [Providing information to us] [Providing information to third parties] [Breaches of data protection laws] [Right to lodge a complaint]

  2. What information do we collect about you?

    1. Personal data means any information about an individual from which that person can be identified. It does not include data which has been anonymised.
    2. We will collect personal data from you when you download our App, interact with our social media platforms, buy a service or product from us, [enter a competition], make enquiries or otherwise provide us with your personal data.
    3. The categories of personal information we may collect for the purpose of managing your engagement with us as an App user include:-
      1. Contact Data: Your name and title, address, telephone number(s), personal e-mail address and any other contact details you may provide. If you are a landlord this could include your work contact details;
      2. Identification Data: Your first name, last name and title, your login credentials, your internet protocol (IP) address and information regarding which website pages you accessed and when;
      3. Video and Image Data: You will be invited to upload videos and images of your appliances for warranty verification and appliance repair purposes. If you upload a video or photograph that captures your voice or image, the content will include your personal data;
      4. Attendance Data: If an engineer attends your property to service or repair an appliance, the engineer will keep a service log with visit details;
      5. Marketing and Communications Data: We may collect information about your marketing preferences if we are entitled to send you marketing materials, your communication preferences and your preferences in respect of third party marketing;
      6. Financial Data: Includes bank account and payment card details; and
      7. Transaction Data: Includes details about products and services you have purchased from us. If you choose to use our receipt 'wallet' feature, any personal details contained in your appliance receipts will also be held.

  3. How we collect your personal information

    1. We will collect your personal information in the following ways:

      1. Information you give us. This is information (including Contact Data and Identification Data) you provide to us by: visiting our website, downloading and using our App, entering a competition, uploading a video containing your image or voice, using our services or products or contacting us for any reason. We will also get some of this information by you corresponding with us (for example, by email or text, post or using social media messaging services).
      2. Information acquired through automated technologies or interactions. As you interact with our App and website, we will automatically collect personal data about you that distinguishes you from other users by using cookies. We may also receive information about you if you visit other websites employing our cookies. Please see our Cookie Policy on our website for more details.
      3. Information we observe. We will gather personal information about you through the monitoring of our systems including use of the App and our website.
      4. Information we create. We will create personal information about you during the course of your membership such as service logs which will contain information about services or repairs, including things you have told us about your appliance and comments you have made to our engineers.
      5. Special Category Data: We may collect certain special category data about your physical health and/or medical condition if you require special assistance when an engineer attends your property.

  4. Why we collect personal information about you and how we use that information

    1. We process your personal information for a variety of commercial purposes and will also process your personal information, including special category personal information where necessary to provide special assistance or to comply with any statutory duties, to which we are subject.
    2. In the table below, where we outline the lawful basis (processing condition) which we rely on to use your personal information, a number of bases are mentioned for processing personal information. All data needs one of the "General" processing conditions. However, where we are processing special category data we also need one of the legal bases set out in the special category processing conditions. The key to the lawful bases is set out below the table.
    3. The purposes for which we process your personal information and the lawful bases for such processing are as follows:

      Why we use your personal information including type of data and any Special Category data we record

      Type of data i (please see above list of data types)

      Lawful basis for processing (please see below for more information on legal bases)

      App user/customer correspondence and engagement including social media, complaints and feedback;

      Contact Data, Identification Data

      General processing:

      Legal obligation - the use of your personal information is necessary so that we are able to comply with regulations in responding to complaints.

      Legitimate interest - it is a legitimate interest of ours to keep various information about you which will allow us to respond to your correspondence and improve our service for you and others.

      Correspondence in regards to purchased warranties and

      Contact Data, Identification Data

      General processing:

      guarantees, warranty expiry and renewal notifications;

      Contract: the use of your personal information is necessary for the management and administration of your contract with us.

      Legitimate interest - it is a legitimate interest of ours to keep various information about you which will allow us to notify you about your purchases and improve our service for you and others.

      Booking an engineer to attend to your appliances;

      Contact Data, Identification Data, Special Category Data

      General processing:

      Contract: the use of your personal information is necessary for the management and administration of your contract with us.

      Explicit Consent: where you share special category data about your health, we will ask for your explicit consent to share this with an engineer before they attend your property so that they are in the best position to offer the right assistance to you.

      Managing our contractual relationship with you;

      Contact Data, Identification Data, Financial Data

      General processing:

      Contract: the use of your personal information is necessary for the management and administration of your contract with us.

      Legitimate interests: it is a legitimate interest of ours to keep various information about you which is in addition to that which we need to fulfil our contractual obligations to you.

      Marketing purposes; and

      Contact Data, Identification Data, Marketing Purposes Data

      General processing:

      Consent - If you have ticked the opt in box, we will send you electronic marketing information to your email address and via post, and via telephone, SMS and automated call based on the marketing preferences you've given to us. We will also send you push notifications. This would include information about how Pluzs is doing and activity on the App, reminders about upcoming services, renewals or maintenance, information about changes in our services or new services that we feel would be beneficial to you.

      Legitimate interest - it is a legitimate interest of ours to keep various information about you which will allow us to notify you about similar products or services that we offer to those that you have already purchased or entered into negotiations about. Where we have already obtained or have sought consent, we will not rely on a legitimate interest.

      Measure the effectiveness of the website and App (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data).

      Contact Data, Identification Data

      General Processing

      Legitimate interests: it is our legitimate interest to ensure the effective running of our business (including our website), provision of administration and IT services, network security and in the context of a business reorganisation or group restructuring exercise.
    4. All data

      We use the following processing conditions:

      1. Consent: your consent to one or more specific purposes. We will set out the basis for consent in a consent notice or in some other form of notice where it is clear we are asking for your consent. Where we do not get your consent, we will not use your data for that purpose;
      2. Contract: it is necessary to process your data for the performance of a contract to which you are party or to meet our obligations under the contract;
      3. Legitimate interests: we've identified this type of processing is a legitimate interest of ours or a third party to give you the best and most secure service and to provide you with the best service/product; we consider that use of your personal information is necessary to achieve that legitimate interest; and we've balanced all that against your interests, rights and freedoms. We set out more detail on our legitimate interest processing below at section 4.5;
    5. Our Legitimate Interests

      1. We sometimes process personal information on the basis that it is in our legitimate interests to do so. The occasions where we will rely on legitimate interests as our processing condition are set out above. The legitimate interests are as follows:

        1. To maintain up to date information about you - we sometimes gather data about you which is useful for building a complete view of your use of the App and our website. Although some of this data is not strictly required by law, it is nevertheless useful to us and we consider it in our legitimate interest of running a successful, profitable business.
        2. Network and information security - we will monitor our network and your use of it. It is a legitimate interest of ours to make sure that your use of our network and systems does not compromise our information security.
        3. To procure insurance policies and to respond to and defend legal claims - it is in our legitimate interests to use your personal information where necessary in the purchase of insurance policies and to respond to and defend legal claims.

  5. Disclosures of your personal data

    We may share your personal data with the parties set out below for the purposes set out in the table at 4.3 above.

    1. Internal Third Parties

      Namely other companies in the Pacifica group acting as processors.

      Pacifica Group Limited own all Pluzs software and intellectual property.

      Pacifica Appliance Services Limited provide support and assistance, including sub-contracting engineers for the service and repair of appliances covered by a membership.

      External Third Parties

      Service providers who provide us with services such as (without limitation) assisting us with postal printing and/or delivery, customer and technology support, payment services, [hosting services, fraud prevention and marketing, data enhancement,] advertising and market research services.

      For example, we use:

      Other service providers we may instruct include:

      1. Sage Group (Opayo) (based in the UK) as a provider of accounting software.

      2. Bottomline Technologies Inc (based in the USA) as a provider of direct debit mandates.

      3. SendGrid (based in UK) a communication platform for transactional and marketing emails.

      Other service providers we may instruct include:

      1. Professional advisers including lawyers, bankers, auditors and insurers based in the UK who provide consultancy, banking, legal, insurance and accounting services.

      2. Administrative providers including the printing and postage of hard copy documents or correspondence, and call centres able to support customer services and marketing functions.

      3. HM Revenue & Customs, regulators and other authorities based in the UK who require reporting of processing activities in certain circumstances.

  6. Ensuring your personal information is accurate

    We will keep the personal information we store about you accurate and up to date. We will take every reasonable step to erase or rectify inaccurate data without delay. Please tell us if your personal details change or if you become aware of any inaccuracies in the personal information we hold about you. We will contact you annually to check your details are still up-to-date. We will also contact you if we become aware of any event which is likely to result in a change to your personal information.

  7. Retaining your personal information

    We will not keep your personal information for longer than is necessary for the purpose(s) for which we process it. This means that information will be destroyed or erased from our systems when it is no longer required. For guidance on how long certain information is likely to be kept before being destroyed, contact the Data Protection Officer on 01913870774 or by email at SubjectAccess.Request@pacifica.co.uk. For further information on the retention of your personal information, please contact the Data Protection Officer.

  8. What rights do you have in respect of your personal information?

    1. You have the right to:

      1. Request access to any personal information we hold about you:

        1. You have a right to access a copy of your own personal information. We try to respond to all requests within one (1) calendar month. Occasionally, it may take us longer than a month if your request is particularly complex or if you have made a number of requests. In this case, we will notify you and keep you updated on the progress of your request.

        2. We will request information from you in order to help us confirm your identity and ensure you have a right to access the personal information you have requested to see. This is a security measure to ensure that we do not disclose personal information to any person who has no right to receive it. We may also contact you to ask for further information in relation to your request.

        3. You will normally not have to pay a fee to access your personal information. However, we may charge a reasonable fee if your request is clearly unfounded or excessive (particularly where requests are repetitive). Alternatively, if your request is clearly unfounded or excessive, we may refuse to comply with your request.

      2. Require us to rectify any personal information which we hold about you which is inaccurate.

        1. Rectification enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.

      3. Have personal information erased, in certain circumstances.

        1. This right enables you to have your data erased (the so- called "right to be forgotten"). The right relates only to personal information we hold at the time you make the request. There are also some important restrictions on this right.

        2. The right to have personal information erased applies where:-

          1. our use of your personal information is no longer necessary for the purpose for which we gathered it. Most of the personal information we hold about you in the course of your engagement with us and the App is needed by us to manage you as a customer, website or App user or social media visitor. However, we will review the information we hold about you if you ask us to erase it, to check we need all of the information we hold;

          2. we have relied on consent as the basis for processing and you withdraw your consent;

          3. we are processing your personal information on the basis of legitimate interests unless we have an overriding interest to continue the processing;

          4. we are processing your personal information unlawfully;

          5. we have to do it to comply with a legal obligation.

        3. The right to erasure does not apply in certain circumstances including where:

          1. we have to process the personal information to comply with a legal obligation; or

          2. where we use the personal information to carry a task in the public interest such as where we are investigating fraud or preventing or detecting other unlawful acts.

      4. Have the processing of your personal information restricted, in certain circumstances.

        1. This enables you to ask us to suspend the processing of your personal information in the following scenarios:

          1. if you want us to establish the information's accuracy;

          2. where our use of the information is unlawful but you do not want us to erase it;

          3. where you need us to hold the information, even if we no longer require it as you need it to establish, exercise or defend legal claims; or

          4. you have objected to our use of your information but we need to verify whether we have overriding legitimate grounds to use it.

      5. In certain circumstances, be provided with the personal information that you have supplied to us, in a portable format that can be transmitted to another controller without hindrance.

        1. We will provide to you, or a third party you have chosen, your personal information in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you

      6. Object to certain types of processing, including legitimate interests based processing and automated processing (which includes profiling)

        1. where we are processing your personal data on the basis of legitimate interests and there is something about your particular situation which makes you want to object to

          processing on this ground as you feel it impacts on your interests, fundamental rights and freedoms. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your interests, rights and freedoms or that the processing is required for the establishment, exercise or defence of legal claims.

      7. The right to withdraw consent

        1. If we are processing any of your personal information based on you having given us consent to do so, you have the right to withdraw that consent at any time. However, this will not affect the lawfulness of any processing we may have undertaken based on your consent before it is withdrawn.

    2. If you wish to exercise any of the rights set out above, you must make the request in writing to the Data Protection Officer, email address SubjectAccess.Request@pacifica.co.uk.
    3. If you provided your consent to any of the processing of your personal information, you have the right to withdraw your consent to that processing at any time, where relevant. Please contact the Data Protection Officer if you wish to do so.

  9. How we keep your data secure

    1. Keeping your data secure is important to us. We use reasonable and up to date security methods to keep your personal information secure and to prevent unauthorised or unlawful access to your personal information, and against the accidental loss of, or damage to, personal information.
    2. Maintaining data security means guaranteeing the confidentiality, integrity and availability (for authorised purposes) of the personal information.
    3. We have in place procedures and technologies to maintain the security of all personal information from the point of collection to the point of destruction. These include adhering to various security standards, including physical and technological protection, data encryption, patching and software update management, management of access rights, vulnerability scanning and penetration testing, network configuration and monitoring. We will ensure your personal information is only accessible by those who need to see your information for their specific role. We will only transfer personal information to a third party if that third party agrees to comply with those procedures and policies, or if they put in place adequate measures themselves.

  10. Providing information to third parties

    1. Our employees who need to access your data will view it in order that we can manage your engagement with us and comply with our legal and statutory duties. All of our employees have been trained in data protection and understand the need to keep your information confidential.
    2. In addition to our employees, we also use third-party providers who may process personal information on our behalf to fulfil our promise to you. These providers are carefully selected professional contractors (such as your appliance engineer) who help us provide you with our services and will only collect, use and disclose your information to the extent necessary to allow them to perform these services. We have legally binding contractual agreements in place with any providers we may use to ensure that your data is secure at all times and cannot be accessed for any other purpose.
    3. Apart from our employees and third-party providers, we will not disclose your personal information to a third party without your consent unless we are satisfied that they are legally entitled to the data. Where we do disclose your personal information to a third party, we will put in place arrangements to make sure your information is well protected and processed strictly in accordance with data protection laws.
    4. We may disclose your personal information to third parties:
      1. in the event that we sell or buy any business or assets, in which case we may disclose your personal information to the prospective seller or buyer of such business or assets;
      2. if we or substantially all of our assets are acquired by a third party, in which case personal information held by us will be one of the transferred assets; and
      3. if we are under a duty to disclose or share your personal information in order to comply with legal obligations or to protect our rights, property, or safety of our customers, suppliers or other employees. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
    5. If your personal information is provided to any third parties, you are entitled to request details of the recipients of your personal information or the categories of recipients of your personal information.

  11. Transferring your personal information outside the United Kingdom

    1. We will not transfer your personal information outside the UK unless such transfer is compliant with the UK GDPR. This means that we cannot transfer any of your personal information outside the UK unless:
      1. the UK government has decided that another country or international organisation ensures an adequate level of protection for your personal information or the data is being transferred to a company in the US which has signed up to the UK-US data bridge; or
      2. the transfer of your personal information is subject to appropriate safeguards, which may include:
        1. binding corporate rules; or
        2. the International Data Transfer Agreement or the UK Addendum.
      3. one of the derogations in the UK GDPR applies (including if you explicitly consent to the proposed transfer).
    2. We currently transfer personal information outside the UK:
      1. United States of America.

  12. Breaches of data protection laws

    If you consider that we have not complied with data protection laws in respect of personal information about yourself or others, you should raise the matter with our Data Protection Officer, email address: SubjectAccess.Request@pacifica.co.uk Any breach of the UK GDPR will be taken seriously.

  13. Right to lodge a complaint

    If you have any issues with our processing of your personal information and would like to make a complaint, you may contact the Information Commissioner's Office on 0303 123 1113 or at Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.

    i Data protection laws require you to have a processing condition (such as consent, or processing required by law) for processing all data. However, if the data is special category data (such as data relating to health data) we need an additional processing condition which reflects the increased privacy requirement of such data. In this column we list both the general processing condition and the special category processing condition which we rely on