Last Edited on 2019-08-05
This Policy applies as between you, the User of this Web Site and Airbeam the owner and provider of this Web Site. This Policy applies to our use of any and all Data collected by us in relation to your use of the Web Site and any Services or Systems therein.
We collect personal data in the following ways:
you may provide personal data when you complete online forms, request products/services, subscribe to our services, create a user account, join our mailing list or otherwise or correspond with us (by post, phone or email)
we automatically collect personal data (technical and usage) when you browse or interact with our website, by using cookies and other similar technologies. We may also receive technical data about you if you visit other websites which use our cookies.
publicly available sources
we may collect personal data from publicly availably sources such as Companies House and the Electoral Register and credit reference agencies, based inside the EU.
we may receive personal data from: (a) analytics providers based outside the EU (such as Google); (b) advertising networks (such as Facebook based outside the EU]; and (c) search information providers (such as Google based outside the EU; (d) our suppliers such as payment providers, delivery services, website support and maintenance providers.
Schedule 1: Personal Data
Part 1: Types of personal data
billing address, delivery address, email address and telephone number
bank account and payment card details
first name, maiden name, last name, username or similar identifier
marketing and communication data
your preferences in receiving marketing from us and our third parties and your communication preferences
your username and password, purchase or orders made by you, preferences, feedback and survey responses
internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website
details about payments to and from you and other details of products and services you have purchased from us
Part 2: Lawful basis for processing and processing activities
The lawful basis upon which we may rely on to process your personal data are:
you have given your express consent for us to process your personal data for a specific purpose
the processing is necessary for us to perform our contractual obligations with you under our contract, or because you have asked us to take specific steps before entering into a contract with you
the processing is necessary for us to comply with legal or regulatory obligation.
the processing is necessary for our or a third party’s legitimate interest e.g. in order for us to provide the best service to you via our website. Before we process your personal data on this basis we make sure we consider and balance any potential impact on you, and we will not use your personal data on this basis where such impact outweighs our interest
Set out below are specific details of the processing activities we undertake with your personal data and the lawful basis for doing this.
Type of data
Lawful basis for processing
to register you as a new customer
identity & contact
to perform our contract with you
to process and deliver your order, manage payments, fees and charges and debt recovery
identity, contact, financial, transaction and marketing & communications
(i) to perform our contract with you;
(ii) as necessary for our legitimate interest in recovering debts due to us.
identity, contact, profile & marketing & communications
(i) to perform our contract with you
(ii) as necessary to comply with a legal obligation
(iii) as necessary for our legitimate interests in keeping our records updated and analysing how customers use our products/services.
to administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)
identity, contact & technical
(i) as necessary for our legitimate interests in running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise
(ii) as necessary to comply with any legal obligations
to deliver relevant website content/advertisements to you and measure or understand the effectiveness of our advertising
identity, contact, profile, usage, marketing & communications & technical
as necessary for our legitimate interests in studying how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy
to use data analytics to improve our website, products/services, marketing, customer relationships and experiences
technical & usage
as necessary for our legitimate interests to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy
to make suggestions and recommendations to you about goods or services that may be of interest to you, including promotional offers
identity, contact, technical, usage & profile
as necessary for our legitimate interests to develop our products/services and grow our business
Part 3: Your legal rights
You have the following legal rights in relation to your personal data:
access your data
you can ask for access to and a copy of your personal data and can check we are lawfully processing it
you can ask us to correct any incomplete or inaccurate personal data we hold about you
you can ask us to delete or remove your personal data where:
you can object to the processing of your personal data where:
you can ask us to us to suspend or restrict the processing of your personal data, if:
request a transfer
you can request a transfer of your personal data which is held in an automated manner and which you provided your consent for us to process such personal data or which we need to process to perform our contact with you, to you or a third party. We will provide your personal data in a structured, commonly used, machine-readable format
withdraw your consent
you can withdraw your consent at any time (where we are relying on consent to process your personal data). This does not affect the lawfulness of any processing carried out before you withdraw your consent
Part 4: Third Parties
acting as processors or controllers based in the EEA but also around the world who provide services and IT and system administration services.
acting as processors or joint controllers including lawyers, bankers, auditors and insurers based in the United Kingdom who provide consultancy, banking, legal, insurance and accounting services
HM Revenue & Customs, regulators and other authorities
acting as processors or joint controllers based in the EEA who require reporting of processing activities in certain circumstances
Part 5: Glossary
information such as statistical or demographic data which may be derived from personal data, but which cannot by itself identify a data subject
a body that determines the purposes and means of processing personal data
an individual living person identified by personal data (which will generally be you)
information identifying a data subject from that data alone or with other data we may hold but it does not include anonymised or aggregated data
a body that is responsible for processing personal data on behalf of a controller
special categories of personal data
information about race, ethnicity political opinions, religious or philosophical beliefs, trade union membership, health, genetic, biometric data, sex life, sexual orientation.
Information Commissioner’s Office, the UK’s supervisory authority for data protection issues
Airbeam collects, processes and stores the information and personal data you submit to our website in order for our Websites and/or App and/or platform to operate. All processing activities shall be carried out in accordance with your individual rights as defined by the European Union’s General Data Protection Regulation.
Please note that by submitting information about yourself through our website, you are agreeing for Airbeam to process and store that data. This data shall be stored only for the duration of the previously outlined purpose for collection. We never store or process your data longer than we need to, and we do not use your data for any purpose other than those you have agreed to.
The data you submit to our website will never be shared with or transferred to a third-party organisation. The following partners are exempt from this policy as they assist Airbeam in processing your personal data and delivering its services: Segment.io, Inc, Google LLC, Intercom, Inc., Amazon Web Services, Inc.
You reserve the right to request Airbeam update your personal data at any time. You can also request information about your personal data, withdraw your consent for us to process your information or request a transfer or deletion of your data.
Airbeam takes your privacy seriously. That is why we will only use your personal information to provide you with the products and services you have requested, as well as to administer your account. We will not sell or share your information with third-parties you grant us explicit permission to do so, and we will never use your personal data for any reason other than the reasons described within this policy.
Airbeam is the trading name of UIDL LTD, which is registered in UNITED KINGDOM and registered with the UK’s Information Commissioner’s Office under the Data Protection Act 2018.
Changing your preferences
If you’d like to change your web, contact or marketing preferences, you can do so at any time. Simply contact us at email@example.com to request the necessary amendments.
How we do business
Airbeam is committed to upholding and maintaining your personal rights. We operate our business in-line with the European Union’s General Data Protection Regulation and observe your rights to change or withdraw your opt-in options at any time. As part of our ongoing commitment to uphold your rights, Airbeam will also extend advice on how you can issue formal complaints to relevant authorities, such as the Information Commissioner’s Office.
Airbeam does not collect any sensitive data about you. Sensitive data refers to (but is not limited to) information about your race or ethnic background, religious or political affiliations, trade union affiliations, sexual orientation, criminal background or health background.
What information this policy applies to
The information this policy applies to includes information that you:
This policy also applies to information that we:
After giving Airbeam your consent, you are free to amend your consent or withdraw your consent at any time. You have the right to object to the processing of your data. To opt-out, change your preferences or revoke your consent, simply contact us by emailing firstname.lastname@example.org.
Data processing and storage
Airbeam collects and stores data in the UK. We will store your data for a period of 2 years after your last recorded login attempt unless otherwise noted and explicitly stated.
Airbeam stores data relating to transactions, payments and orders for a period of up to seven years. This period may be extended under certain circumstances as part of our ongoing commitment to comply with UK and international law.
We use carefully selected and recognised third-parties to help us take payments, provide commerce services and manage company accounts. Some of these third-parties may operate outside the European Union.
Airbeam may process your data based on more than one legal ground.
Circumstances under which we may be required to process your data under more than one legal ground may include:
Identity and contact information
To carry out a contract we’ve made with you
Processing and/or delivering your order
Identity, contact information, financial information, financial and transactional data
To carry out a contract we’ve made with you and to exercise our legitimate interests to recover debts owed
To manage our customer relationship with you
Identity, contact information, marketing and communications preferences
To carry out a contract we’ve made with you, to comply with legal obligations and to exercise our legitimate interests to keep our records updated
Marketing and communications
Airbeam may send you marketing communications if you have given us your contact details and opted-in to marketing communications.
You can opt-out of these marketing communications and manage your preferences at any time.
Our company obligations
As a data controller, Airbeam is legally responsible for the data you provide us with. In honouring that responsibility, we pledge to uphold our commitments under GDPR and the Data Protection Act 2018.
We will only ever use your data:
In addition, Airbeam processes the personal data you submit to us or we collect as a data processor. As part of this role, Airbeam takes all necessary precautions to secure the personal data we collect, process and store.
We may occasionally use the data you provide us with for marketing, relationship management or account management activities. These activities are designed to ensure you have adequate information about other products and/or services we offer, that we have reason to believe you may be interested in. You have the right to opt-out of these activities at any time.
Airbeam never shares your personal data with third-parties unless those parties have been explicitly mentioned within our privacy statement.
As part of our ongoing commitment to GDPR, Airbeam will report any security breaches or attempted breaches to the relevant authorities within 24 hours. We will subsequently contact all those affected by the breach within 72 hours of its occurrence.
As part of the Data Protection Act 2018, Airbeam observes the right to share selected information with third-parties that use data for non-marketing purposes. This could include (but is not limited to) organisations that provide credit assessments, identification services and fraud prevention activities.
We will process any request within 20 days. Subject Access Requests are normally performed free of charge, but we may need to charge individuals for excessive or unreasonable data requests.