Who we are
This website is operated by Symprove Ltd, a company incorporated in England with company number 05395143 and whose registered office is at Sandy Farm, The Sands, Farnham, Surrey GU10 1PX.
We collect, use and are responsible for certain personal information about you. When we do so we are regulated under the General Data Protection Regulation which applies across the European Union and the United Kingdom and we are responsible as ‘controller’ of that personal information for the purposes of those laws.
Throughout our website we may link to other websites owned and operated by certain trusted third parties. These other third-party websites may also gather information about you in accordance with their own separate privacy policies. For privacy information relating to these other third-party websites, please consult their privacy policies as appropriate.
Our collection and use of your personal information
We collect personal information about you when you access our website, register with us, contact us, send us feedback, purchase products via our website and complete customer surveys or participate in competitions via our website.
We collect this personal information from you either directly, such as when you register with us, contact us, enter competitions or purchase products via our website or indirectly, such as your browsing activity while on our website (see ‘Cookies’ below).
The personal information we collect about you depends on the particular activities carried out through our website. This information includes:
- your name, address, email address and contact details including your telephone number
- date of birth
- bank account and payment details
- details of any feedback you give us by phone, email, post or via social media e.g. your reasons for using our products
- information about the products we provide to you
- your account details, such as username, login details
We use this personal information to:
- create and manage your account with us
- verify your identity
- provide goods to you
- customise our website and its content to your particular preferences
- notify you of any changes to our website or to our services that may affect you
- improve our services
Special categories of personal information
We may also collect, store and use special categories of personal information. Special categories of personal information mean personal information about your race, health, any medical condition, health and sickness records, medical records and health professional information.
We will only process special categories of personal information if:
- we have a lawful basis for doing so e.g. it is necessary for the performance of a contract, to comply with our legal obligations or for the purposes of our legitimate interests; and
- one of the special conditions for processing special categories of personal information applies e.g:
- you have given your explicit consent;
- the processing is necessary for exercising yours or our legal rights or obligations;
- the processing is necessary to protect your vital interests and you are physically incapable of giving consent;
- processing relates to personal information which is manifestly made public by you;
- the processing is necessary for the establishment, exercise or defence of legal claims; or
- the processing is necessary for reasons of substantial public interest.
Our legal basis for processing your personal information
When we use your personal information, we are required to have a legal basis for doing so. There are various legal bases on which we may rely, depending on what personal information we process and why.
The legal bases we may rely on include:
- consent: where you have given us clear consent for us to process your personal information for a specific purpose
- contract: where our use of your personal information is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract for example, to fulfil an order you have made through our website
- legal obligation: where our use of your personal information is necessary for us to comply with the law (not including contractual obligations) e.g. for business accounting and tax purposes
- legitimate interests: where our use of your personal information is necessary for our legitimate interests or the legitimate interests of a third party (unless there is a good reason to protect your personal information which overrides our legitimate interests)
Who we share your personal information with
We routinely share your personal information with third-parties. These third parties include companies who deal with our accounting services and software, marketing, payment services, courier and delivery services, emails and website hosting.
We may share your personal information with any member of our group which means our subsidiaries, our holding company and its subsidiaries, as further defined in section 1159 of the Companies Act 2006.
We may disclose your personal information to third parties in the event that we sell or buy any business or assets, in which case we may disclose your personal information to the prospective seller or buyer of such business or assets.
We will share personal information with law enforcement or other authorities if required by applicable law.
We will not share your personal information with any other third party unless we have your consent to do so.
Transfer of your information out of the UK
The EEA, UK and other countries outside the EEA and the UK have differing data protection laws, some of which may provide lower levels of protection of privacy.
It is sometimes necessary for us to share your personal data to countries outside the UK and EEA. In those cases we will comply with applicable UK and EEA laws designed to ensure the privacy of your personal data.
For example, we will transfer your personal data to our service providers located outside the UK in the United States of America.
Under data protection laws, we can only transfer your personal data to a country outside the UK/EEA where:
- in the case of transfers subject to UK data protection law, the UK government has decided the particular country ensures an adequate level of protection of personal data (known as an ‘adequacy regulation’) further to Article 45 of the UK GDPR.
- in the case of transfers subject to EEA data protection laws, the European Commission has decided that the particular country ensures an adequate level of protection of personal data (known as an ‘adequacy decision’) further to Article 45 of the EU GDPR. In addition, EEA data protection laws provide that transfers of personal data to the UK are lawful under an interim arrangement (UK interim bridge) while the European Commission seeks to determine if the UK can be granted a longer-term adequacy decision;
- there are appropriate safeguards in place, together with enforceable rights and effective legal remedies for you, or
- a specific exception applies under relevant data protection law
Where we transfer your personal data outside the UK, we do so on the basis of an adequacy regulation or (where such is not available) legally-approved standard data protection clauses recognised or issued further to Article 46(2) of the UK GDPR. In the event we cannot or choose not to continue to rely on either of those mechanisms at any time we will not transfer your personal data outside the UK unless we can do so on the basis of an alternative mechanism or exception provided by UK data protection law.
Where we transfer your personal data outside the EEA we do so on the basis of the UK interim bridge or an adequacy decision or (where such is not available) legally-approved standard data protection clauses issued further to Article 46(2) of the EU GDPR. In the event we cannot or choose not to continue to rely on either of those mechanisms at any time we will not transfer your personal data outside the EEA unless we can do so on the basis of an alternative mechanism or exception provided by applicable data protection law.
For further information about such transfers and the safeguards we employ, please contact us (see ‘How to contact us’ below).
Consequences of not providing your personal information
You are not obligated to provide your personal information to us. However, as this information is required for us to provide our services, we will not be able to offer some, or all, of our services without it.
Cookies and other tracking technologies
We would like to send you information about our products, competitions and special offers, which may be of interest to you. Where we have your consent or it is in our legitimate interests to do so, we may do this by post, email, telephone, text message (SMS) or automated call. If you are an existing customer, we will only contact you by electronic means (e-mail or SMS) with information about goods and services similar to those which were the subject of a previous sale to you.
We will only ask whether you would like us to send you marketing messages when you tick the relevant boxes when you complete our online order form for the first time.
If you have previously agreed to being contacted in this way, you can unsubscribe at any time by:
—contacting us at using the contact details set out below
—using the ‘unsubscribe’ link in emails or ‘STOP’ number in texts
It may take up to 30 days for this to take place.
For Service support or assistance, text HELP to Symprove or email email@example.com.
We may change any short code or telephone number we use to operate the Service at any time and will notify you of these changes. You acknowledge that any messages, including any STOP or HELP requests, you send to a short code or telephone number we have changed may not be received and we will not be responsible for honouring requests made in such messages.
For more information on your rights in relation to marketing, see ‘Your rights’ below.
Under the General Data Protection Regulation you have a number of important rights free of charge. In summary, those include rights to:
- fair processing of information and transparency over how we use your use personal information
- require us to correct any mistakes in your information which we hold
- require the erasure of personal information concerning you in certain situations
- receive the personal information concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations
- object at any time to processing of personal information concerning you for direct marketing
- object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you
- object in certain other situations to our continued processing of your personal information
- otherwise restrict our processing of your personal information in certain circumstances
For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals’ rights under the General Data Protection Regulation.
If you would like to exercise any of those rights, please:
- email, call or write to us
- let us have enough information to identify you (g. account number, username, registration details),
- let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill), and
- let us know the information to which your request relates including any account or reference numbers, if you have them
Keeping your personal information secure
We have appropriate security measures in place to prevent personal information from being accidentally lost or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
Retention of personal information
We only retain your personal information for as long as is necessary. We are required under applicable tax laws to keep your basis information (name, address, contact details) for a minimum of seven years after which time it will be destroyed.
Where you have consented to us using your details for direct marketing, we will keep such personal information until you notify us otherwise and/or withdraw your consent.
How to complain
We hope that we can resolve any query or concern you raise about our use of your information.
The General Data Protection Regulation also gives you the right to lodge a complaint with a supervisory authority, in particular in a European Economic Area state or in the United Kingdom if you work, normally live or if any alleged infringement of data protection laws occurred in the relevant state. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/make-a-complaint/ or telephone: 0303 123 1113.
How to contact us
If you wish to contact us, please send an email to firstname.lastname@example.org , write to Sands Road, The Sands, Farnham, Surrey GU10 1PX or call 01252 413600.
Policies and Procedures
We have the following policies available for public access:
- Subject Access Request Form
- Subject Access Request Procedure
- Data Retention Erasure Policy
If you would like a copy of any of the above policies, please contact us at email@example.com.
Last updated 6th March 2023