Your right to privacy is important to us. We take the security of your information seriously and have policies and processes in place to ensure it remains safe. This Privacy Policy is meant to help you understand what information we collect, why we collect it, and how you can update, manage, export, and delete your information. This document sets out the data processing practices carried out using the Internet and any other electronic communications networks by us as well as data collected on our behalf for 3rd party marketing. All data collected is in compliance with Data Protection Act 2018, the Privacy and Electronic Communications (EC Directive) Regulations 2002 and the General Data Protection Regulation (GDPR).
KNOW US
We, referred to ‘Grevitywings technologies’, a specialist in the provision of consumer data for marketing purposes operate under the brand name UK Lifestyle Direct and our modus operandi includes telephonic surveys on behalf of UK clients to help them target their products and services with efficiency and efficacy. No worries we always display our telephone number when we make calls to identify us. You are always able to call this number back to stop any future calls as per your wish.
OUR UK REPRESENTATIVE
As we are based outside the United Kingdom and European Union, our UK representative is Leadora Ltd. This company is incorporated in England and Wales under registration number 12598865 located at 27 Old Gloucester Street, London, UK WC1N 3AX. If you wish to talk with the concerned person of Leadora Limited, please contact to Mr. Imran Moghul at imran@uklifestyledirect.com
Grevitywings Technology Ltd is registered with the Information Commissioner’s Office “ICO” under registration number ZA788601 and as such your information will always be safeguarded through our adherence to the General Data Protection Regulation ((EU) 2016/679) (“GDPR”), the Data Protection Act 2018 and the Privacy and Electronic Communications Regulations (“PECR”) (2003) to ensure that the information that you provide to us is safe and is only used for the purposes that are stated in the opt-in statement provided at the time the information is collected and in accordance with this Privacy Policy.
Although not a member of the Direct Marketing Association (“DMA”), Grevitywings Technologies and its associates endeavor to abide by the DMA code of conduct in conjunction with other legal requirements.
INFORMATION WE HOLD ABOUT YOU
Personal data or personal information means any information about an individual from which that person can be identified, whether directly or indirectly. It does not include data where an individual cannot be identified (anonymous data). As per law, we only hold information of consumers from 18-75 age gaps. We generally retrieve information such as –
- First Name
- Last name
- Gender
- Age
- Residential Status
- Marital Status (unless required)
- Address (including postcode)
- Telephone number
- Email Address (Online/web sources only unless required)
- Information about products & services which you use frequently
- Recordings of Calls | SMS | Emails | etc in accordance with data protection legislation and other applicable relevant laws.
- Campaign specific data as discussed below.
Some questions on the consumer surveys are specific to named sponsor organisations, and by expressing a specific positive interest in their brand or products, you are also agreeing to be contacted from them.
INFORMATION WE DON’T HOLD ABOUT YOU
- Credit & Debit card details
- Bank account details
- Medical history
- Political and Religious beliefs.
- Bank balance
- Any other assets belonging to you
HOW LONG DO WE KEEP YOUR INFORMATION?
Your data is important to us. Whilst the law doesn’t put a time limit on the amount of time we should hold your personal data, we only retain your personal data for as long as reasonably necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, or reporting requirements; for as long as it remains accurate, up to date and according to your wishes. We may retain your personal data for a longer period in the event of a compliance request or if we reasonably believe there is a prospect of litigation in respect to our relationship with you. To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory or other requirements.
Details of our various retention periods are in our retention policy and are available upon request. Our data retention policy considers the purpose and the legal basis under which is processed –
Marketing: When we process your data based on consent, we can keep up to five years; when we rely on legitimate interests, we process your data for ten years
Profiling: We process data under this for ten years.
It is important that the personal data we hold and process is accurate and up to date. Therefore, we regularly process the database against suppression lists and remove those who no longer wish to be contacted.
WHY DO WE COLLECT YOUR INFORMATION?
Your personal information may help us to improve our ability to cater your needs on a personalized basis by helping us to learn more about you and your purchasing habits and also allow us to let you know about offers you might be interested in. Your information may be used for data validation, enhancement, information verification, suppression, tracing and to the extent permitted by law, individual reference or lookup services. In short, it is used for following purposes to our clients –
Targeting: To make sure that you receive offers relevant to you. Our clients use your information and information on other individuals to decide how best to target you and by suitable communication channels, this means that you should receive offers which are more relevant to you.
Marketing: Our business is providing personal data to our clients for their marketing campaigns. For example, if a relevant organisation wanted to inform you about their product or service. We may provide details on the basis of your demographics, geography and legitimate interests.
We work with many of the UK’s leading brands to help them target their offers more precisely by collecting key purchasing information on their behalf. This survey process where we collect your data helps them understand the customer needs and sales program.
HOW DO WE PROTECT YOUR INFORMATION
We ensure to protect your data from breaches and leaks. The data that we collect from you is stored at a secure destination in our office and is processed by management only for one of our partner suppliers. All information that you provide to us is stored on secure servers and cloud storages. By submitting your personal data, you agree to the storing, processing and transfer of the data in accordance with this privacy policy. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy. We use different network security – physical, electronic, and procedural safeguards to prevent unauthorized access, theft, accidental loss of data, disclosure or deletion of data. The information is accessible to only a limited people who have been authorized inside our organization and we have protocols to cope with unfortunate events if it happens beyond our control and accessibility.
HOW DO WE TRANSFER YOUR INFORMATION?
Given that the Internet is a global environment, using it to collect and process personal data necessarily involves the transmission of data on an international basis. This means for instance that data you pass to us may be processed outside the European Economic Area, although the data will always be held securely and in line with the requirements of UK data protection legislation. By communicating electronically with us, you acknowledge and agree to our processing of personal data in this way. No data transmission over the internet can be entirely secure still we use our best and reasonable endeavors to protect the security of your personal information from unauthorized access.
TO WHOM WE TRANSFER YOUR INFORMATION?
Marketing Service Providers are companies who collect data from different Data Controllers, such as us, and they also help their clients tailor products and services which best suit your requirements. They may also use your data for fraud prevention. The Marketing Services Providers we work with are completely limited to only those organizations we have completed checks on and who will process your data in strict compliance with all laws, guidance and regulations of Data Protection. We share your data under the strict license terms and using the legal basis of legitimate interests with the Marketing Services Providers as listed below, who like us, will use it to create products and services to help organizations understand the likely characteristics of their own customers; and find others like them across a range of marketing channels.
This will mean that you receive advertising from organisations within the industry sectors listed below, that is more relevant to you via direct mail or when you visit website. These marketing services provide will not however advertise their own products and services to you.Our Marketing Service Providers include-
Axowa: https://axowa.com/uk/privacy-policy/
Interrog8: https://www.interrog8.com/privacy-policy/
The Lead People Limited: https://theleadpeopleltd.com/privacy-Policy
PMDSC Ltd: https://pmdsc.co.uk/PMDSC_Privacy_Policy.pdf
Lead Intelligence Ltd: www.leadintelligenceltd.com
Aura Media Group: https://www.auramediagroup.co.uk/privacy-policy
WhiteGoldMedia: http://www.whitegoldmedia.com/privacy-policy/
Chooseleads Limited: https://www.chooseleads.co.uk/wp-content/uploads/2019/09/Privacy-Policy.pdf
Perfect Ingenuity: https://perfectingenuity.com/privacypolicy/
Lead 365: http://www.lead365.co.uk/privacy-policy/
DBI:https://datablazersph.com/privacy-policy-page/
3dotz Limited:https://www.3dotz.co.uk/copy-of-home
OVO Energy :https://www.ovoenergy.com/privacy-policy
EC Outsourcing :https://ecoutsourcing.co.uk/privacy-policy/
Scottish Power :https://www.scottishpower.co.uk/legal/privacy-policy
Homeshield Direct :https://www.homeshielddirect.co.uk/privacy-notice
Under the Data Protection Act 2018, we are also permitted to share some information with third parties who use such data for marketing purposes (including credit and risk assessment and management, research & analysis, identification and fraud prevention, debt collection and returning assets to you) within the ambit of the law. This would include the data you provide to us today, at any time in the past and in the future.
We will only share or exchange data with third parties with the protection of a written agreement and the ability to oversee their activities, unless information is required for regulatory reasons. We may share your information with organisations based outside the UK and European if required. Where this is the case, we will only do so provided that organisation complies with local data protection regulations and with a written agreement & due diligence.
Where we uphold relationships with other organisations that process your information on our behalf, we take care to ensure they have high data security standards. We will not allow these organisations to use your personal information for unauthorized purposes. In the event that a third party may deliver all or part of the service requested by you, whilst the information you provide will be disclosed to them, it will only be used for the administration of the service provided and to maintain management information for business analysis. Our third party sponsors may contact you for the purposes of direct marketing by Email marketing, Post, telephone, SMS or Social Media Advertising.
DIRECT CLIENTS OF MARKET SERVICE PROVIDERS DEALS IN-
Automotive | Property | General retail |Home improvement | Home services | Fashion and clothing | Pharmaceutical | IT and home computing | Telecoms and utilities |Broadband |Mobility |Pensions | Loans | Credit cards | Mortgages | Investment | Savings and Funds | Insurance of Homes and Cars | Personal and other insurances |Debt |Travel and Hotels |Leisure |Gaming | Health & Fitness | Media and publishing companies | Sky warranty | Pets |Charities | Legal Institution | Claims Management Service |Utilities | Prepaid funeral | Finance products and services | PPI | Lottery | Education | Market research, etc
Our Survey sponsor’s which also Include – HomeShield Direct Ltd | ME Expert Limited | Greyfairs | OneFamily | Healthier Intermediaries | Ready for Retirement | Sky UK Limited | Let’s Subscribe | BTG Home Solutions |I Quotes | E genetic | The Lead People |Dogs Trust Charity | GOSH ( Great Ormond Street Hospital Children’s Charity| Honey Group | Money Matters| Household Matters| Consumer Matters | Important Matters | O2 and Switch Experts
YOUR RIGHTS IN RELEVANCE TO GDPR
An individual has the right to know what information is held about them. The GDPR in the UK provides a framework to ensure that personal information is handled properly.
Data subject rights include:
Right to be informed – Data subjects have the right (subject to a few exceptions) to be provided with information on how their personal data will be handled by us. Articles 12 – 14 of GDPR set out the information that must be provided and typically this information is provided by way of a privacy notice. We have taken steps to meet its requirements in this regard by updating its privacy notice and will continue to monitor this issue to ensure the correct information is being given at the appropriate times.
Right of access to their personal data – The purpose of a subject access request is to allow individuals to confirm the accuracy of personal data and check the legality of processing to allow them to exercise rights of correction or objection if necessary. However, individuals can request to see any personal data that we hold about them which includes copies of email correspondence referring to them or opinions expressed about them. We may also summarize information rather than provide a copy of the whole document. The GDPR requires us to provide information, not documents.
Right to Rectification – The right of individuals to require us to rectify inaccuracies in personal data held about them. In some circumstances, if personal data is not complete, an individual can require the controller to complete the data, or to record a supplementary statement.
Right to be forgotten (erasure) – Individuals have the right to have their data erased in certain situations such as where the data is no longer required for the purpose for which it was collected, the individual withdraws consent, the individual has objected to processing based on legitimate interests, public task or official authority or the information is being processed unlawfully. There are certain exemptions to this right and there is no absolute obligation on us to erase the relevant data. It is important to identify whether any exemptions apply.
Right to Restriction – Individuals can ask us to ‘restrict’ processing of the personal data whilst complaints (for example, about accuracy) are resolved. Individuals can also ask us to restrict processing where the processing is unlawful, we no longer needs the personal data but the individual does not want it erased and/or the individual has objected to the processing and while the objection is being considered, the individual wishes their data restricted.
Right to Portability – The data subject has the right to request that personal data concerning them and held us is provided to the individual (or a third party) in a structured, commonly used and machine-readable form. This right only applies to personal data that is processed by automated means (not paper records) and the processing is based either on consent or contract.
Right to Object – Data subjects have the right to object to specific types of processing based on (i) public interest/official authority; or (ii) legitimate interests; or where it involves processing for direct marketing. The data subject needs to demonstrate grounds for objecting to the processing relating to their particular situation except in the case of direct marketing where it is an absolute right. If we receive an objection to direct marketing, it must stop processing the personal data for this purpose immediately. Otherwise, we are entitled to consider whether there is legitimate ground for the processing which overrides the interests, rights and freedoms of the data subject or whether it needs to process the personal data for the establishment, exercise or defense of legal claims; in both cases we can override the objection.
Rights in relation to automated decision making and profiling – The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her. “Profiling” is the processing of data to evaluate, analyse or predict behaviour or any feature of their behaviour, preferences or identity. The foregoing right does not apply if: (a) it is necessary to enter into a contract with the data subject and us; (b) it is authorized by applicable law (and such law lays down suitable measures to safeguard the data subjects’ rights and freedoms and legitimate interest) or (c) is based on the data subject’s explicit consent. However, even if (a) or (c) is relevant, please note that we must put in place suitable measures to safe guard the rights of the data subject including the right to ask for a human to review the decision on behalf of company and to contest the decision. Further, automated decision-taking based on special category of data can only be done with explicit consent.
This policy will be updated as necessary to reflect best practice in data management, security and control and to ensure compliance with any changes or amendments made to the Data Protection Act, 2018 or similar law.
Data controller’s duties and exceptions to the rectification, erasure, restrict processing and data portability is maximum one month according to GDPR. There may be some circumstances where our Organization can take longer than one month to fulfill the request or duties, however these are limited. If we extend the time to respond, we make sure to communicate to customer and explain why the extension is necessary.
DATA SUBJECT ACCESS REQUEST
Our organisation has provision of Data Subject Access Requesttoo for customers under article 15 of GDPR. You can request to know what personal information we have held, for how long or anything relevant as per above customer’s rights.
To allow us to respond promptly to any data subject access request, we ask you to download the Access Request Form currently available on website. Please complete, sign the form and be specific as possible about the Information you wish to access. Attach a photocopy of your proof of identity and address to the Access Request Form. Send the completed request form, along with the proof of identity and address in mail to compliance@uklifestylesdirect.com Use of the Data Subject Access Request Form is not mandatory. However, completing the form should enable us to process your request more efficiently. There are some exceptions to the rights vested in data subjects according to Section 15 of the GDPR 2018 Act. The detailed explanation of exemptions is outside the scope of this policy. The responsible Person should consider the detail of exemptions carefully at www.ico.org.uk
We will try to revert back to SAR form within one month of receiving the request. There may be some circumstances where our Organization can take longer than one month to fulfill the request, however these are limited and we always strive to meet the Subject Access Requests within one month time frame. If we extend the time to respond, we make sure to communicate to customer within one month and explain why the extension is necessary.
CONSENT AND LEGITIMATE INTERESTS
We ensure safeguarding your personal information and obliged to process your information in line with all laws concerning the regulation and protection of Data Protection Act 2018. Your data can be processed either with Consent or with Legitimate Interest based on certain situations and aspects.
There are six lawful bases for processing data under GDPR – Consent, Contract, Legal Obligation, Vital Interests, Public task and Legitimate Interests. For post and telephone marketing (not automated), GDPR allows to choose legitimate interests or consent as your basis for processing information.
GDPR defines Consent as, “any freely given, specific, informed and unambiguous indication of his or her wishes by which the data subject, either by a statement or by a clear affirmative action, signifies agreement to personal data relating to them being processed.” Contacts must make a conscious decision to allow you to process their information. Under GDPR, consent, typically established through user acceptance of data privacy policies, is not open-ended, must be explicit and can only be applied to specific reasonable and known uses. Consent cannot be unilaterally extended to unspecified or unanticipated uses. And data controllers like us should provide users with both an opt-in and opt-out choices, along with the choice to delete previously collected data (data erasure process).
Whereas the Legitimate interest provision allows organizations to use personal data without specific consent (or other legal basis), provided they can demonstrate a legitimate purpose and the criticality of personal data processing in achieving that purpose. They must also provide a risk-based assessment of potential data owner impacts, and risk mitigation strategies. In other words, the organization must consider whether it can use a different approach to achieve its goals, without the processing of personal data. If it can, then that processing would be unlawful without another valid legal basis. Legitimate interests is basically a balancing act between what your mission is as an organisation, and the privacy interests of the person whose data you are processing.
Under article 6(1) (f) of GDPR, legitimate interest gives you lawful basis for processing legitimate interest is where: “Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data in particular where the data subject is a child”.
As for Direct marketing via Mail, SMS, Telephone (where your number is registered with the Telephone preference service TPS), Post (if you are registered with the Mailing Preference Service-MPS) , we prefer “Consent” as the basis of data processing while Legitimate interest serves as our legal basis to process data appropriately for Post ( if not registered with the MPS), Telephone (Non-TPS numbers), customer analysis & non-automated profiling, Tracing and ID verification. Legitimate interests also allow us to call you where we have obtained your details via third party who name us in their privacy policy as one of parties to whom they share your information with us; it is also used to protect customer against fraud and insecurity.
In considering the most appropriate legal basis, we have conducted Legitimate Interest Assessment and balancing test to ensure minimal privacy impact and serve as an alternative choice of processing data. The documentation is available by writing us to: info@uklifestylesdirect.com
Since the process of your information is based on consent and legitimate interest, you have right to object and withdraw your consent at any time. We may also monitor and keep records of email | telephonic communications which you send to us or any other communications with you in accordance with this policy and other business interests.
We may also use your data to communicate with you, keep our records up to date, for the investigation of or prevention of crime, for research and statistical purposes, to disclose to regulatory bodies for the purposes of monitoring and/or enforcing our compliance with their requirements, to process job applications, to gain feedback from you, to prevent crime and meet our legal obligations, prudentially manage our business using models and forecasts, keep you informed of other relevant products or services that may be of interest to you where you have provided consent.
“You always have the right to refuse to answer any question.”
UNSUBSCRIBE
You can unsubscribe from our brand – UK Lifestyle Direct at any time by submitting details on our website or request to opt out even on calls during survey. We would add your telephone number in our global Do Not Call (DNC) file. Your details will be suppressed as per your request and neither any further emails/sms will be sent to you nor any details be passed onto any 3rd parties for the usage described in this Privacy Policy. To request suppression from UK Lifestyle Direct completely, please write to us at info@uklifestyledirect.com
In order to talk with our Data Protection Officer regarding your data information, please contact to Mr. Imran on mail: imran@uklifestyledirect.com
REMINDER
You are not required to pay any fees for exercising your rights nor will any charges be incurred on you while undergoing survey program. Please do not include confidential information in e-mails or letters while contacting with us.
Where possible, we will attempt to resolve your request at the first point of contact. If we are unable to resolve your request at the first point of contact, we will undertake an investigation of your request and provide you with our findings. If you are not satisfied with how your request has been managed or the resolution provided by us, you can escalate your complaint to the Information Commissioner’s Office (ICO), for independent external review.
Their contact details are as follows:
The Information Commissioner’s Office
Water Lane, Wycliffe House
Wilmslow, Cheshire
SK9 5AF
https://ico.org.uk/
0303 123 113
The ICO’s normal opening hours are Monday to Friday between 9am and 5pm (excluding bank holidays).
Useful Links-
- The Direct Marketing Association- www.dma.org.uk
- Telephone Preference Service (TPS)- www.tpsonline.org.uk
AMENDMENTS
We reserve the right to change this Privacy Policy from time to time. Any changes we may make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to our privacy policy.
Version of Privacy Policy: 31-May-2023
All contents in this privacy policy are copyrights reserve